Package: guix-patches;
Reported by: Chris Marusich <cmmarusich <at> gmail.com>
Date: Thu, 2 Aug 2018 06:47:01 UTC
Severity: normal
Tags: patch
Done: Chris Marusich <cmmarusich <at> gmail.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Chris Marusich <cmmarusich <at> gmail.com> To: 32346 <at> debbugs.gnu.org Cc: Christopher Lemmer Webber <cwebber <at> dustycloud.org>, Chris Marusich <cmmarusich <at> gmail.com> Subject: [bug#32346] [PATCH 1/6] services: tor: Add a system test. Date: Wed, 1 Aug 2018 23:51:54 -0700
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
---
gnu/services/networking.scm | 20 +++++++++++--
gnu/tests/networking.scm | 56 ++++++++++++++++++++++++++++++++++++-
2 files changed, 73 insertions(+), 3 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d5d0cf9d1..bd79e6589 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <post <at> thomasdanckaert.be>
;;; Copyright © 2017 Marius Bakke <mbakke <at> fastmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me <at> tobias.gr>
+;;; Copyright © 2018 Chris Marusich <cmmarusich <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(for-each (match-lambda
@@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
- (target source)))))
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t)))
+ #:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
- "Return the activation gexp for SERVICES, a list of hidden services."
+ "Set up directories for TOR and its hidden services, if any."
#~(begin
(use-modules (guix build utils))
@@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
+ ;; Allow TOR to write its PID file.
+ (mkdir-p "/var/run/tor")
+ (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+ ;; Set the group permissions to rw so that if the system administrator
+ ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+ ;; of the "tor" group will be able to use the SOCKS socket.
+ (chmod "/var/run/tor" #o750)
+
+ ;; Allow TOR to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index 323679e7f..c9a4f5463 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -30,7 +30,7 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages networking)
#:use-module (gnu services shepherd)
- #:export (%test-inetd %test-openvswitch %test-dhcpd))
+ #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
(define %inetd-os
;; Operating system with 2 inetd services.
@@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
(name "dhcpd")
(description "Test a running DHCP daemon configuration.")
(value (run-dhcpd-test))))
+
+
+;;;
+;;; Services related to TOR
+;;;
+
+(define %tor-os
+ (simple-operating-system
+ (tor-service)))
+
+(define (run-tor-test)
+ (define os
+ (marionette-operating-system %tor-os
+ #:imported-modules '((gnu services herd))
+ #:requirements '(tor)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (ice-9 popen)
+ (ice-9 rdelim)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$(virtual-machine os))))
+
+ (mkdir #$output)
+ (chdir #$output)
+
+ (test-begin "tor")
+
+ (test-assert "tor is alive"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd)
+ (srfi srfi-1))
+ (live-service-running
+ (find (lambda (live)
+ (memq 'tor
+ (live-service-provision live)))
+ (current-services))))
+ marionette))
+
+ (test-end)
+ (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+ (gexp->derivation "tor-test" test))
+
+(define %test-tor
+ (system-test
+ (name "tor")
+ (description "Test a running TOR daemon configuration.")
+ (value (run-tor-test))))
--
2.18.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.