From unknown Sun Jun 22 17:14:21 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#41694 <41694@debbugs.gnu.org> To: bug#41694 <41694@debbugs.gnu.org> Subject: Status: [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. Reply-To: bug#41694 <41694@debbugs.gnu.org> Date: Mon, 23 Jun 2025 00:14:21 +0000 retitle 41694 [PATCH] doc: cookbook: Add entry about getting substitutes th= rough Tor. reassign 41694 guix-patches submitter 41694 Brice Waegeneire severity 41694 normal tag 41694 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 03 15:13:02 2020 Received: (at submit) by debbugs.gnu.org; 3 Jun 2020 19:13:02 +0000 Received: from localhost ([127.0.0.1]:44569 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgYow-00086A-GP for submit@debbugs.gnu.org; Wed, 03 Jun 2020 15:13:02 -0400 Received: from lists.gnu.org ([209.51.188.17]:51052) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgYov-00085l-1r for submit@debbugs.gnu.org; Wed, 03 Jun 2020 15:13:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34450) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jgYou-0003Sq-PE; Wed, 03 Jun 2020 15:13:00 -0400 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:59571) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jgYot-000472-1y; Wed, 03 Jun 2020 15:13:00 -0400 X-Originating-IP: 78.237.113.178 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 076C71C0002; Wed, 3 Jun 2020 19:12:54 +0000 (UTC) From: Brice Waegeneire To: guix-patches@gnu.org Subject: [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. Date: Wed, 3 Jun 2020 21:12:49 +0200 Message-Id: <20200603191249.29382-1-brice@waegenei.re> X-Mailer: git-send-email 2.26.2 In-Reply-To: <87blmmkx87.fsf@gnu.org> References: <87blmmkx87.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=217.70.183.197; envelope-from=brice@waegenei.re; helo=relay5-d.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/03 15:12:55 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: guix-devel@gnu.org, ludo@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * doc/guix-cookbook.texi (Getting substitutes from Tor): New section. --- doc/guix-cookbook.texi | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 5574a60857..83abc704ca 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -14,6 +14,7 @@ Copyright @copyright{} 2019 Pierre Neidhardt@* Copyright @copyright{} 2020 Oleg Pykhalov@* Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* +Copyright @copyright{} 2020 Brice Waegeneire@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1326,6 +1327,7 @@ reference. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. +* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @node Customizing the Kernel @@ -1785,6 +1787,59 @@ mount itself. )) @end lisp +@node Getting substitutes from Tor +@section Getting substitutes from Tor + +@quotation Warning +@emph{Not all} Guix daemon's traffic will go through Tor! Only +HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections +will still go through the clearnet. Again, this configuration isn't +foolproof some of your traffic won't get routed by Tor at all. Use it +at your own risk. +@end quotation + +Guix's substitute server is available as a hidden service, if you want +to use it to get your substitutes from Tor configure your system as +follow: + +@lisp +(use-modules (gnu)) +(use-service-module base networking) + +(operating-system + … + (services + (cons + (service tor-service-type + (tor-configuration + (config-file (plain-file "tor-config" + "HTTPTunnelPort 127.0.0.1:9250")))) + (modify-services %base-services + (guix-service-type + config => (guix-configuration + (inherit config) + ;; ci.guix.gnu.org's hidden service + (substitute-urls "https://bp7o7ckwlewr4slm.onion") + (http-proxy "http://localhost:9250"))))))) +@end lisp + +This will keep a tor process running that provides a HTTP CONNECT tunnel +which will be used by @command{guix-daemon}. The daemon can use other +protocols than HTTP(S) to get remote resources, request using those +protocols won't go through Tor since we are only setting a HTTP tunnel +here. Note that @code{substitutes-urls} is using HTTPS and not HTTP or +it won't work, that's a limitation of Tor's tunnel; you may want to use +@command{privoxy} instead to avoid such limitations. + +If you don't want to always get substitutes through Tor but using it just +some of the times, then skip the @code{guix-configuration}. When you +want to get a substitute from the Tor tunnel run: + +@example +# herd set-http-proxy guix-daemon http://localhost:9250 +$ guix build --substitute-urls=https://bp7o7ckwlewr4slm.onion hello +@end example + @c ********************************************************************* @node Advanced package management @chapter Advanced package management -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 04 08:29:46 2020 Received: (at 41694) by debbugs.gnu.org; 4 Jun 2020 12:29:46 +0000 Received: from localhost ([127.0.0.1]:45301 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgp0E-0001jy-G1 for submit@debbugs.gnu.org; Thu, 04 Jun 2020 08:29:46 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38462) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgp0D-0001jl-1M for 41694@debbugs.gnu.org; Thu, 04 Jun 2020 08:29:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59805) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jgp07-0007CT-67; Thu, 04 Jun 2020 08:29:39 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45546 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jgp06-000754-15; Thu, 04 Jun 2020 08:29:38 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Brice Waegeneire Subject: Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. References: <87blmmkx87.fsf@gnu.org> <20200603191249.29382-1-brice@waegenei.re> Date: Thu, 04 Jun 2020 14:29:36 +0200 In-Reply-To: <20200603191249.29382-1-brice@waegenei.re> (Brice Waegeneire's message of "Wed, 3 Jun 2020 21:12:49 +0200") Message-ID: <87367baua7.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41694 Cc: guix-devel@gnu.org, 41694@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Brice Waegeneire skribis: > * doc/guix-cookbook.texi (Getting substitutes from Tor): New section. Yay! > +@node Getting substitutes from Tor > +@section Getting substitutes from Tor > + > +@quotation Warning > +@emph{Not all} Guix daemon's traffic will go through Tor! Only > +HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections > +will still go through the clearnet. Again, this configuration isn't > +foolproof some of your traffic won't get routed by Tor at all. Use it > +at your own risk. > +@end quotation I would suggest adding a line of intro before the warning, otherwise we see the warning before even knowing what the section is about. :-) > +Guix's substitute server is available as a hidden service, if you want I think official terminology these days is =E2=80=9COnion service=E2=80=9D. > +to use it to get your substitutes from Tor configure your system as > +follow: > + > +@lisp > +(use-modules (gnu)) > +(use-service-module base networking) > + > +(operating-system > + =E2=80=A6 > + (services > + (cons > + (service tor-service-type > + (tor-configuration > + (config-file (plain-file "tor-config" > + "HTTPTunnelPort 127.0.0.1:9250"= )))) > + (modify-services %base-services > + (guix-service-type ^^^^^^^^^^^^^ Too many spaces here. > +@example > +# herd set-http-proxy guix-daemon http://localhost:9250 > +$ guix build --substitute-urls=3Dhttps://bp7o7ckwlewr4slm.onion hello > +@end example To make it copy/pastable, you can remove the prompt and write it as: sudo herd set-http-proxy =E2=80=A6 guix build =E2=80=A6 Something along these lines LGTM. Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 04 08:54:08 2020 Received: (at 41694-done) by debbugs.gnu.org; 4 Jun 2020 12:54:08 +0000 Received: from localhost ([127.0.0.1]:45406 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgpNn-0002Nu-S4 for submit@debbugs.gnu.org; Thu, 04 Jun 2020 08:54:08 -0400 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:60921) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jgpNm-0002NP-Iu for 41694-done@debbugs.gnu.org; Thu, 04 Jun 2020 08:54:06 -0400 Received: from webmail.gandi.net (webmail18.sd4.0x35.net [10.200.201.18]) (Authenticated sender: brice@waegenei.re) by relay5-d.mail.gandi.net (Postfix) with ESMTPA id 5CCEA1C0002; Thu, 4 Jun 2020 12:54:00 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 04 Jun 2020 12:54:00 +0000 From: Brice Waegeneire To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. In-Reply-To: <87367baua7.fsf@gnu.org> References: <87blmmkx87.fsf@gnu.org> <20200603191249.29382-1-brice@waegenei.re> <87367baua7.fsf@gnu.org> Message-ID: <5b7e576318d73e89ba5a9cafb6861061@waegenei.re> X-Sender: brice@waegenei.re User-Agent: Roundcube Webmail/1.3.8 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41694-done Cc: guix-devel@gnu.org, 41694-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello, On 2020-06-04 12:29, Ludovic Courtès wrote: > Hi, > > Brice Waegeneire skribis: > >> * doc/guix-cookbook.texi (Getting substitutes from Tor): New section. > > Yay! > >> +@node Getting substitutes from Tor >> +@section Getting substitutes from Tor >> + >> +@quotation Warning >> +@emph{Not all} Guix daemon's traffic will go through Tor! Only >> +HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections >> +will still go through the clearnet. Again, this configuration isn't >> +foolproof some of your traffic won't get routed by Tor at all. Use >> it >> +at your own risk. >> +@end quotation > > I would suggest adding a line of intro before the warning, otherwise we > see the warning before even knowing what the section is about. :-) > >> +Guix's substitute server is available as a hidden service, if you >> want > > I think official terminology these days is “Onion service”. > >> +to use it to get your substitutes from Tor configure your system as >> +follow: >> + >> +@lisp >> +(use-modules (gnu)) >> +(use-service-module base networking) >> + >> +(operating-system >> + … >> + (services >> + (cons >> + (service tor-service-type >> + (tor-configuration >> + (config-file (plain-file "tor-config" >> + "HTTPTunnelPort >> 127.0.0.1:9250")))) >> + (modify-services %base-services >> + (guix-service-type > ^^^^^^^^^^^^^ > Too many spaces here. > >> +@example >> +# herd set-http-proxy guix-daemon http://localhost:9250 >> +$ guix build --substitute-urls=https://bp7o7ckwlewr4slm.onion hello >> +@end example > > To make it copy/pastable, you can remove the prompt and write it as: > > sudo herd set-http-proxy … > guix build … > > Something along these lines LGTM. > > Thank you! > > Ludo’. Thank you for the review Ludovic. Pushed as c987b72382e739bf887849b02c533eda317ea52b with the 3 modifications you were requesting. - Brice From unknown Sun Jun 22 17:14:21 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 03 Jul 2020 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator