From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id 9tD0EwJCT2DZOwAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 Mar 2021 11:16:18 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id mHpCDwJCT2CUSQAAB5/wlQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 Mar 2021 11:16:18 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 43F4624F48
	for <larch@yhetil.org>; Mon, 15 Mar 2021 12:16:17 +0100 (CET)
Received: from localhost ([::1]:35686 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1lLlCp-0004Jz-Rs
	for larch@yhetil.org; Mon, 15 Mar 2021 07:16:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34398)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lLlCd-0004Iy-3Y
 for guix-patches@gnu.org; Mon, 15 Mar 2021 07:16:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:51645)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lLlCc-00052H-Rg
 for guix-patches@gnu.org; Mon, 15 Mar 2021 07:16:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lLlCc-0001E2-Nj
 for guix-patches@gnu.org; Mon, 15 Mar 2021 07:16:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of
 tor.
Resent-From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 15 Mar 2021 11:16:02 +0000
Resent-Message-ID: <handler.47155.B.16158069534691@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 47155
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 47155@debbugs.gnu.org
X-Debbugs-Original-To: Guix Patches <guix-patches@gnu.org>
Received: via spool by submit@debbugs.gnu.org id=B.16158069534691
 (code B ref -1); Mon, 15 Mar 2021 11:16:02 +0000
Received: (at submit) by debbugs.gnu.org; 15 Mar 2021 11:15:53 +0000
Received: from localhost ([127.0.0.1]:34958 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lLlCT-0001Da-1O
 for submit@debbugs.gnu.org; Mon, 15 Mar 2021 07:15:53 -0400
Received: from lists.gnu.org ([209.51.188.17]:36822)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <raid5atemyhomework@protonmail.com>)
 id 1lLlCQ-0001DR-W6
 for submit@debbugs.gnu.org; Mon, 15 Mar 2021 07:15:51 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34350)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <raid5atemyhomework@protonmail.com>)
 id 1lLlCQ-00046s-OX
 for guix-patches@gnu.org; Mon, 15 Mar 2021 07:15:50 -0400
Received: from mail-40138.protonmail.ch ([185.70.40.138]:26729)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <raid5atemyhomework@protonmail.com>)
 id 1lLlCO-0004r6-In
 for guix-patches@gnu.org; Mon, 15 Mar 2021 07:15:50 -0400
Date: Mon, 15 Mar 2021 11:15:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1615806944;
 bh=O7QFE32VxVWAhPys/8DlwmSwWUZ7QJD1DdoFdoAJ/vU=;
 h=Date:To:From:Reply-To:Subject:From;
 b=oa+UWsBaBrn4zGjmRJ63o1z7EK47llWugOl8YB2r1x1cByz/xolXJwKuEeAe5jwgt
 Wp2OGuAlgqxZoPbZjAdFeme6cAouBYmo9n/XttLFZw3CeBYLdlWBsXmtUtp52JRok3
 P9c7tEPbWmv5ZynjVyWy0yngGNOM/A8CI38myqBA=
Message-ID: <z7bo5cNBBIFwYrhxbJfvgpqSV8WXpQlpP9NKuZkyGvuXUP7iVJ86yHGgPuVlYgAmxas9QM_VF6XBy5AiktHlNubv_a6RMMwqIisIFzMHW7A=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=185.70.40.138;
 envelope-from=raid5atemyhomework@protonmail.com; helo=mail-40138.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, 
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, 
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
Reply-to:  raid5atemyhomework <raid5atemyhomework@protonmail.com>
X-ACL-Warn: ,  raid5atemyhomework via Guix-patches <guix-patches@gnu.org>
From:  raid5atemyhomework via Guix-patches via <guix-patches@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1615806978;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=O7QFE32VxVWAhPys/8DlwmSwWUZ7QJD1DdoFdoAJ/vU=;
	b=Ml/8ykj69UPS9qq0+N2IhCj1tqNYG0NGoziBh/+DV3bKSZYx1k6c6QXEe6YD1ISUpbLQjC
	aq07U9jgmtOCpgMErNHdm9dYYxkC9f77d2gRVlhGP9bJh1NhliICXTJ0q85sgJW8/vqWEK
	OUsWR/Pm4soRrjKbWdOP2Wc0YFKVuAxlusXVUYUC1OdshDREg3et/NFYwfqJfvGpVoGHaM
	jeFvn5TBNgALFu+/y6EWVpKvlFvGRODLPzkcdagRRlqvCLZ6YtGN2wK3gF2pyxVy3v2rTS
	hm/fOupTxwYAw7MzvupqpGjBMytSHvfgs4IfZn8nH09uP/nZlp8cTQX65ykLjw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615806978; a=rsa-sha256; cv=none;
	b=JZkP87y0QAo3oNeeI56boYo1V7ybjoLVdtHJpbjgCHg/pqEtBfobQESTZWYel357QZqVQk
	X0iZzVWe2nKF3GsUEapnkErIAE5vVXvREX/PY//6oO8aUZh9AD2PzTBTREwB/r6uDAocKt
	mNn1f4ReuFi9435s1b5g9FFak9lTGwd6TItTEGwS94Q9kLorrPmEN2y8pKJpQi2LsL/ZrF
	wRZyHSf4xMUjOxMgLe3yk//upTcm6xxO87kitd3+aJH+rFtqG7RdhD5oZxUNW39XtDtWJw
	mTUqzAQeKYz8Wz0w+TbvEgDsoVDpJaIC6DfSF3pbvdYfP4BvpO2MUGe7Ao8geg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b=oa+UWsBa;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Spam-Score: -2.90
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b=oa+UWsBa;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 43F4624F48
X-Spam-Score: -2.90
X-Migadu-Scanner: scn0.migadu.com
X-TUID: fChP4ZyZCJmc

Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will b=
e respected only if tor is started up.  If you reconfigure your OS without =
restarting the tor service, the directory permissions are reset due to the =
activation code being re-run and resetting the directory permissions.

This change simply does not chmod if the directory already exists.


Thanks
raid5atemyhomework


>From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Mon, 15 Mar 2021 19:10:01 +0800
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.

* gnu/services/networking.scm (tor-activation): Do not change permissions
of tor data directory if it already exists.
---
 gnu/services/networking.scm | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..65d2d39f0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%"
       ;; of the "tor" group will be able to use the SOCKS socket.
       (chmod "/var/run/tor" #o750)

-      ;; Allow Tor to access the hidden services' directories.
-      (mkdir-p "/var/lib/tor")
+      ;; If the directory already exists, do not chmod it again; the user
+      ;; might have set "DataDirectoryGroupReadable 1" in the torrc.
+      ;; Without this check, a `guix system reconfigure` will cause the
+      ;; directory to lose group permissions until Tor is restarted, even
+      ;; if changes to the operating-system were unrelated to Tor.
+      (unless (file-exists? "/var/lib/tor")
+        (mkdir-p "/var/lib/tor")
+        ;; Allow only Tor and root to access the hidden services' director=
ies.
+        (chmod "/var/lib/tor" #o700))
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.30.2