GNU bug report logs - #46549
services: tor: Add control-socket? option.

Previous Next

Package: guix-patches;

Reported by: Christopher Lemmer Webber <cwebber <at> dustycloud.org>

Date: Mon, 15 Feb 2021 23:05:01 UTC

Severity: normal

Done: Christopher Lemmer Webber <cwebber <at> dustycloud.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Christopher Lemmer Webber <cwebber <at> dustycloud.org>
To: 46549 <at> debbugs.gnu.org
Subject: [bug#46549] services: tor: Add control-socket? option.
Date: Mon, 15 Feb 2021 18:04:04 -0500

[Message part 1 (text/plain, inline)]
This allows users to have an easy way to enable control sockets for Tor.
Turning it on does so via a unix domain socket.  Intentionally I did not
add the localhost+port path because I feel unsure about the safety of
that, and nobodey has yet demonstrated a need.

I suppose another nice option might be to let the user specify a
specific path, but we didn't allow that for the socks-sock, so I was too
lazy to allow it here either.


[0001-services-tor-Add-control-socket-option.patch (text/x-patch, inline)]
From b85d5d49678ae11fd5a855acddbc78be123d863c Mon Sep 17 00:00:00 2001
From: Christopher Lemmer Webber <cwebber <at> dustycloud.org>
Date: Mon, 15 Feb 2021 17:57:04 -0500
Subject: [PATCH] services: tor: Add control-socket? option.

* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
---
 doc/guix.texi               |  9 ++++++++-
 gnu/services/networking.scm | 13 +++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 535c98a453..81cc24e0e3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45,7 +45,7 @@ Copyright @copyright{} 2017 Federico Beffa@*
 Copyright @copyright{} 2017, 2018 Carlo Zancanaro@*
 Copyright @copyright{} 2017 Thomas Danckaert@*
 Copyright @copyright{} 2017 humanitiesNerd@*
-Copyright @copyright{} 2017 Christopher Allan Webber@*
+Copyright @copyright{} 2017, 2021 Christopher Lemmer Webber@*
 Copyright @copyright{} 2017, 2018, 2019, 2020 Marius Bakke@*
 Copyright @copyright{} 2017, 2019, 2020 Hartmut Goebel@*
 Copyright @copyright{} 2017, 2019, 2020, 2021 Maxim Cournoyer@*
@@ -16578,6 +16578,13 @@ If you want to customize the SOCKS socket in more detail, leave
 @end table
 @end deftp
 
+@item @code{control-socket?} (default: @code{#f})
+Whether or not to provide a ``control socket'' by which Tor can be
+controlled to, for instance, dynamically instantiate tor onion services.
+If @code{#t}, Tor will listen for control commands on the UNIX domain socket
+@file{/var/run/tor/control-sock}, which will be made writable by members of the
+@code{tor} group.
+
 @cindex hidden service
 @deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
 Define a new Tor @dfn{hidden service} called @var{name} and implementing
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index a4d4ac0646..231a9f66c7 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2019 Alex Griffin <a <at> ajgrf.com>
 ;;; Copyright © 2020 Brice Waegeneire <brice <at> waegenei.re>
 ;;; Copyright © 2021 Oleg Pykhalov <go.wigust <at> gmail.com>
+;;; Copyright © 2021 Christopher Lemmer Webber <cwebber <at> dustycloud.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -744,7 +745,9 @@ demand.")))
   (hidden-services  tor-configuration-hidden-services
                     (default '()))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
-                     (default 'tcp)))
+                     (default 'tcp))
+  (control-socket?  tor-control-socket-path
+                    (default #f)))
 
 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -766,7 +769,8 @@ demand.")))
 (define (tor-configuration->torrc config)
   "Return a 'torrc' file for CONFIG."
   (match config
-    (($ <tor-configuration> tor config-file services socks-socket-type)
+    (($ <tor-configuration> tor config-file services
+                            socks-socket-type control-socket?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -786,6 +790,11 @@ Log notice syslog\n" port)
                   (display "\
 SocksPort unix:/var/run/tor/socks-sock
 UnixSocksGroupWritable 1\n" port))
+                (when #$control-socket?
+                  (display "\
+ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
+ControlSocketsGroupWritable 1\n"
+                           port))
 
                 (for-each (match-lambda
                             ((service (ports hosts) ...)
-- 
2.30.0
This bug report was last modified 4 years and 185 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.