From unknown Fri Jun 20 07:16:45 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#70341 <70341@debbugs.gnu.org> To: bug#70341 <70341@debbugs.gnu.org> Subject: Status: [PATCH] gnu: Add support for pluggable transports to tor-service-type Reply-To: bug#70341 <70341@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:16:45 +0000 retitle 70341 [PATCH] gnu: Add support for pluggable transports to tor-serv= ice-type reassign 70341 guix-patches submitter 70341 Nigko Yerden severity 70341 normal tag 70341 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 11 10:53:08 2024 Received: (at submit) by debbugs.gnu.org; 11 Apr 2024 14:53:08 +0000 Received: from localhost ([127.0.0.1]:57120 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ruvnS-00084Z-MK for submit@debbugs.gnu.org; Thu, 11 Apr 2024 10:53:08 -0400 Received: from lists.gnu.org ([2001:470:142::17]:37974) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ruvnH-00082i-Cr for submit@debbugs.gnu.org; Thu, 11 Apr 2024 10:53:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruvn2-0008Ki-Fd for guix-patches@gnu.org; Thu, 11 Apr 2024 10:52:36 -0400 Received: from mail-lf1-x142.google.com ([2a00:1450:4864:20::142]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruvn0-0005h0-EM for guix-patches@gnu.org; Thu, 11 Apr 2024 10:52:36 -0400 Received: by mail-lf1-x142.google.com with SMTP id 2adb3069b0e04-516d2b9cd69so7757974e87.2 for ; Thu, 11 Apr 2024 07:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712847152; x=1713451952; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YYY7kjDfOZ5Ajf8MkugofC5vefxa6E7lNmwb/V78s84=; b=Vdqyxod+hNwAx+t/vJ5eVg1vXEW992dWrUb+VvnDQ+xA9mz5SC4ZtqXbKwuDsWAv4E VCTbKFQRU5y8OKZAXZJAy+IPmmKZrLh2MSEATxVYx91iizNnUZzg5GGogROL3MAw/O7b 3JE9v+Fydy/oqbIojc+tFzyvW0W2c01Kw1CShd13tMBx0JACAsJwmH8zCS3y1qs05UMp FJMbw9AHmB8N7lIGMo4k7GalkJveWT7+ok8juEJAQLFMgV7fKyqwmpNR8QaTcG21RUER /7iocGEdlS4BLNkyALxvXCIMwILnR09w7yDmOplfoqx4Bodzgu9g9OB3FSmd4NwfR5AI CLhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712847152; x=1713451952; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YYY7kjDfOZ5Ajf8MkugofC5vefxa6E7lNmwb/V78s84=; b=shqpLhp9rXIjtBBxZnvHmdFVkybpyl2Zb+tIvMEkvmez9w+YKNfYi+9F769rhakUQJ GyO21dN5DPAHT6biywR02ikc1eXGqkEX2P2NU2VN+N4rN6GxeNBUkse72wg0M0ZhXjr7 7S6HZ3L6xSY/b2AEZ7ld9eyf3emTNUkg3Jzt/zPqcojSS0Jd8NvlMW0QBtTbs9Zhj5pB IcL3ixE8tpVmZHT6WNt2LitA0d4GP4Q7oleyuOuh3UWvuPcFMH0QqFHDJcf6XO9QucIh a1aHO899Pvtayzn1bZ0eAPHAFP5XgP6/EFOxytcVkCC0ULkIYGiX9ZSH1ZXw7SzuadJQ Tk/g== X-Gm-Message-State: AOJu0YwEU+VuU38oVuY17ZPUYoTqNe18602mz3ggHUHELn5bxJl5YwzO Xm4XhgjJNW0vXMWtw9BQhdX1LsrqK7+teaYdHzXGmVWiCRa0Sfg0e22QypEr X-Google-Smtp-Source: AGHT+IH7VTrST6KEhsFjxu+ZypLWKsTHHYtpEzswykqTXre3xW7GPbKpAxf7giHBMM0QXdutkBzkbQ== X-Received: by 2002:a05:6512:159e:b0:516:bea8:f46e with SMTP id bp30-20020a056512159e00b00516bea8f46emr4529157lfb.61.1712847151939; Thu, 11 Apr 2024 07:52:31 -0700 (PDT) Received: from localhost.localdomain ([188.168.230.169]) by smtp.gmail.com with ESMTPSA id y5-20020ac24465000000b00516d2184388sm226563lfl.177.2024.04.11.07.52.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 07:52:31 -0700 (PDT) From: Nigko Yerden To: guix-patches@gnu.org Subject: [PATCH] gnu: Add support for pluggable transports to tor-service-type Date: Thu, 11 Apr 2024 19:48:17 +0500 Message-ID: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::142; envelope-from=nigko.yerden@gmail.com; helo=mail-lf1-x142.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) In Tor parlance pluggable transports are programs that disguise Tor traffic, which is useful, e.g., for censorship circumvention. There are several types of pluggable transports, e.g., obfs4 (lyrebird), meek, Snowflake etc. There are pluggable transport plugins in guix repo: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird go-github-com-operatorfoundation-obfs4 This commit adds the following #:-fields to tor-configuration record type: transport-plugin? - /path/to/transport/plugin/binary (string) (default #f) pluggable-transport - type of pluggable transport (string) (default "obfs4") Since tor process is run by shepherd service inside Linux namespaces, we need to add path to transport plugin to the list of file system mappings in the argument of list-authority-wrapper function. Pluggable transports do not work without bridges, which can be obtained from the official site https://bridges.torproject.org/. The user should specify bridges in #:config-file field of the tor-configuration record. For expample obfs4 bridges are specified as follows Bridge obfs4 ... Bridge obfs4 ... Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 --- Hello Guix! This is a bug-fix for https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html, see also https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html. Best Regards, Nigko Yerden gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..b7d9a878e9 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -955,7 +956,11 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugin? tor-configuration-transport-plugin-path + (default #f)) + (pluggable-transport tor-configuration-pluggable-transport + (default "obfs4"))) (define %tor-accounts ;; User account and groups for Tor. @@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugin? pluggable-transport) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (when #$transport-plugin? + (format port "\ +UseBridges 1 +ClientTransportPlugin ~a exec ~a~%" + #$pluggable-transport + #$transport-plugin?)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugin-path (tor-configuration-transport-plugin-path config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (if transport-plugin-path + (list (file-system-mapping + (source transport-plugin-path) + (target source))) + '())) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 20 10:45:13 2024 Received: (at 70341) by debbugs.gnu.org; 20 Apr 2024 14:45:13 +0000 Received: from localhost ([127.0.0.1]:36649 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryBxo-00076q-Vn for submit@debbugs.gnu.org; Sat, 20 Apr 2024 10:45:13 -0400 Received: from mail-lf1-x144.google.com ([2a00:1450:4864:20::144]:56431) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryBxl-00076g-Cb for 70341@debbugs.gnu.org; Sat, 20 Apr 2024 10:45:10 -0400 Received: by mail-lf1-x144.google.com with SMTP id 2adb3069b0e04-516d4d80d00so3809759e87.0 for <70341@debbugs.gnu.org>; Sat, 20 Apr 2024 07:44:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713624288; x=1714229088; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=hzMggZRHPhx9LlQJHpLbUh6ZYrpKzlOeJlfRlaBIXjU=; b=Nz3/pywO933DMoQXL0H7FNK6E8SH6KBj7DZxfMbeExIw2B3/Eoe4DmXIqGJRSuprBu DttOKsg+CBWcdUjJBOatv8HdfPTerp4VqLT6MV6OzWNKE5T8UkfTlPyXG/zkhE2sZvBK eqFiY9Kt9NLBkzD1jSUW7afKNSrkDT9MUHwjx/YoE3OfWG9V5iWqwVoNhOs0MKVq0B2/ y+aF1ZXIaGyPlgS0FffaLyWjj67EAJ79FFvbcN0TGh7H8be4OcuLu89Jw9FJm04ichvN U+a/BgMsOFDKtEjUAvd4lvskZzZZ5ptV5zrAKTieQkuTjho8NEgA56bf+Ll7pBlgtUZd aaNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713624288; x=1714229088; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hzMggZRHPhx9LlQJHpLbUh6ZYrpKzlOeJlfRlaBIXjU=; b=obGuMo8o5+uHh1xV5gBXwROui7oALvEI0FRAzgt+9ZcpXVMJhhlsCkbz/Oq/9HhCOD bpYlrOpaDhp4+BDyxXfb/SWXvaWci86bKbdzR/qGYhsOvxnLBn92V+26GHgHMdIyzcnH c5Oi9cP1YgI46WWO1uivxLxpK9TI0P1JzzqO+8A0Vfz5KC+8qxTPFfiKvRTu3P71+gVM YFRfIFbJWpK0+Z0oujpmRtkLhzO6OP1x9vxv11DIjRg0SHICvyztnX9o3Ej3t+Ur+SDd W94nTDsm90O9/HZFx1Rns+87wj0wyFynwlAI1nZrjXNinrgesxMuxu9VbkMDbtxbmxHt U/9w== X-Gm-Message-State: AOJu0Yx4eayndDMEkpBMHudjle8nH5wlF3CBV1qzg8Ma8au/pdzlgxZS wcBADkLZt1lMUT20QWYoOF0X0mjnoFvdR/MpZYvINTri9koywQQ5J0IGKbDd X-Google-Smtp-Source: AGHT+IE5FVaIBqgD4IatsdJ2kvzqhyWxUOA9alkB0PvDlcdQwE03YxRh1rQSLJ+CjJtNspY9nnvpFA== X-Received: by 2002:a05:6512:3b96:b0:51a:c9a2:58e with SMTP id g22-20020a0565123b9600b0051ac9a2058emr3481491lfv.29.1713624287770; Sat, 20 Apr 2024 07:44:47 -0700 (PDT) Received: from localhost.localdomain ([188.68.139.217]) by smtp.gmail.com with ESMTPSA id h7-20020a056512220700b0051ac9a1cbdbsm625736lfu.50.2024.04.20.07.44.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Apr 2024 07:44:47 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v2] services: tor: Add support for pluggable transports. Date: Sat, 20 Apr 2024 19:43:03 +0500 Message-ID: <714e3316b5a14168c495253ae585c9e73361b11a.1713624182.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in cases when Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug:#70302, Bug:#70332). * doc/guix.texi (Networking Services): Document 'transport-plugin' and 'pluggable-transport' options for 'tor-configuration'. * gnu/services/networking.scm (): Add 'transport-plugin' and 'pluggable-transport' fields. (tor-configuration->torrc)[transport-plugin]: Add content to 'torrc' computed-file. (tor-shepherd-service)[transport-plugin-path]: Add file-system-mapping. Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 --- doc/guix.texi | 11 ++++++++ gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------ 2 files changed, 47 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 65af136e61..9fbe928484 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -127,6 +127,7 @@ Copyright @copyright{} 2024 Herman Rimm@* Copyright @copyright{} 2024 Matthew Trzcinski@* Copyright @copyright{} 2024 Richard Sent@* +Copyright @copyright{} 2024 Nigko Yerden@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -21849,6 +21850,16 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugin} (default: @code{#f}) +This must be either @code{#f}, in which case the pluggable transports are +not used by Tor, or a ``file-like'' object pointing to the pluggable transport +plugin executable. In the latter case the @code{#:config-file} file +should contain line(s) configuring one or more bridges. + +@item @code{pluggable-transport} (default: @code{"obfs4"}) +A string that specifies the type of the pluggable transport in +case @code{#:transport-plugin} is not @code{#f}. + @end table @end deftp diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..e47f7ca61a 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -955,7 +956,11 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugin tor-configuration-transport-plugin-path + (default #f)) + (pluggable-transport tor-configuration-pluggable-transport + (default "obfs4"))) (define %tor-accounts ;; User account and groups for Tor. @@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugin pluggable-transport) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (when #$transport-plugin + (format port "\ +UseBridges 1 +ClientTransportPlugin ~a exec ~a~%" + #$pluggable-transport + #$transport-plugin)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugin-path (tor-configuration-transport-plugin-path config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (if transport-plugin-path + (list (file-system-mapping + (source transport-plugin-path) + (target source))) + '())) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 0f68306268773f0eaa4327e1f6fdcb39442e4a34 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 22 00:00:27 2024 Received: (at 70341) by debbugs.gnu.org; 22 Apr 2024 04:00:27 +0000 Received: from localhost ([127.0.0.1]:45335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rykqw-0003Fj-HH for submit@debbugs.gnu.org; Mon, 22 Apr 2024 00:00:27 -0400 Received: from mail-lj1-x244.google.com ([2a00:1450:4864:20::244]:43185) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rykqq-0003Ef-R0 for 70341@debbugs.gnu.org; Mon, 22 Apr 2024 00:00:25 -0400 Received: by mail-lj1-x244.google.com with SMTP id 38308e7fff4ca-2d872102372so37336601fa.0 for <70341@debbugs.gnu.org>; Sun, 21 Apr 2024 21:00:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713758398; x=1714363198; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=g4LsYtQrFF9cYf4DGGX2LknC+LGEH/Rg9sHLzc/IhkI=; b=nKdqpJWXx75CE78qWDwubMPJPrEcGdFZrAaqFmb1T66yHg8jPW3mmjxjtXEZMn5rgO t+WJF6tEUO7q/IXHaRFIkxhjSQXV7g+UF7RMQ2vaAxXu5IISOF4sl3W/UFUjA5GLVqIX Cr6onqoEj0/97zxaiki9ta9waBlFZOS5Z92uXnMOX51ODQxzU4OK/27tcNlxmpVGhJjt T9ePS3yeqkIcsbvmZRomg4lit77PQI8iSSWfonqlvAbROVezSWJj20BR0RdYdIN9tGrl oZFL9+SEK3/lXpk69ELKYzCVHbmlQl04vIi28NbtzoaLRryU2oIGBkrrRJorCfew8fE/ y1vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713758398; x=1714363198; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g4LsYtQrFF9cYf4DGGX2LknC+LGEH/Rg9sHLzc/IhkI=; b=RdzhtCZOA1BkwqExhdYM6OFXrP9pnSh/H4Ig4+UQ2EzJDmahNu0t9zi4Bo9C8/siaL 6QArmGzyGGO0S67A+yPulDO7RweM1MuEVYBx6opNFqaEJGCZE5Rz/Iz+9YvFnxngueJ8 fD37+9YR4Fhw5wwGgTNg6ejHGgfsuatjQ6NyQDIkUh6Iqh7p92FFPsG6gIpxr5EhHaCX iuz/FgO4oFGLVTA+NWWYUewDM22Ev5YBGE1KqssFt0ABUs6Dxm9V/SNILJ5P9Iz+Gr6L OAmuiC02kccrUj2ik0wd7/BCPP/BKLm+8bcCtCyUoJ/7dUFlQNn1y4LCSplIrWvyUoxw sK/w== X-Gm-Message-State: AOJu0YzhpGkkXkXWoQY8cGaAttYKQxV3jdx3UvjInC3I2RMm72IcG4Hk tbB7V6t5KKuDvEEk6aGBiA3tr9JHs4MDCOBZl2DdRtYzMGUOxHQctAWhAunV X-Google-Smtp-Source: AGHT+IFVgKx8qcyYxcyWXlqNk83W9Qaz/5nIvAAfeSmzufp3w71n+2C5mB1nDX2OC1os8Z5QklRaFg== X-Received: by 2002:a05:651c:33a:b0:2d9:36af:d224 with SMTP id b26-20020a05651c033a00b002d936afd224mr3004587ljp.1.1713758397476; Sun, 21 Apr 2024 20:59:57 -0700 (PDT) Received: from localhost.localdomain ([188.244.176.248]) by smtp.gmail.com with ESMTPSA id z19-20020a2e8e93000000b002d8a12e3d90sm1339702ljk.122.2024.04.21.20.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Apr 2024 20:59:57 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v3] services: tor: Add support for pluggable transports. Date: Mon, 22 Apr 2024 08:58:39 +0500 Message-ID: <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). * doc/guix.texi (Networking Services): Document 'transport-plugin' and 'pluggable-transport' options for 'tor-configuration'. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugin-path', 'tor-configuration-pluggable-transport'. (): Add 'transport-plugin' and 'pluggable-transport' fields. (tor-configuration->torrc)[transport-plugin]: Add content to 'torrc' computed-file. (tor-shepherd-service)[transport-plugin]: Add file-system-mapping. Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 --- doc/guix.texi | 11 ++++++++ gnu/services/networking.scm | 54 ++++++++++++++++++++++++++----------- 2 files changed, 49 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 65af136e61..eb0837860e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -127,6 +127,7 @@ Copyright @copyright{} 2024 Herman Rimm@* Copyright @copyright{} 2024 Matthew Trzcinski@* Copyright @copyright{} 2024 Richard Sent@* +Copyright @copyright{} 2024 Nigko Yerden@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -21849,6 +21850,16 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugin} (default: @code{#f}) +This must be either @code{#f} or a ``file-like'' object pointing to the +pluggable transport plugin executable. In the latter case the +@code{#:config-file} file should contain line(s) configuring +one or more bridges. + +@item @code{pluggable-transport} (default: @code{"obfs4"}) +A string that specifies the type of the pluggable transport in +case @code{#:transport-plugin} is not @code{#f}. + @end table @end deftp diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..6e535ea8ef 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -159,6 +160,8 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugin-path + tor-configuration-pluggable-transport tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name @@ -955,7 +958,11 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugin tor-configuration-transport-plugin-path + (default #f)) + (pluggable-transport tor-configuration-pluggable-transport + (default "obfs4"))) (define %tor-accounts ;; User account and groups for Tor. @@ -988,7 +995,8 @@ (define-configuration/no-serialization tor-onion-service-configuration (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugin pluggable-transport) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1035,13 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (when #$transport-plugin + (format port "\ +UseBridges 1 +ClientTransportPlugin ~a exec ~a~%" + #$pluggable-transport + #$transport-plugin)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1054,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugin-path (tor-configuration-transport-plugin-path config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (if transport-plugin-path + (list (file-system-mapping + (source transport-plugin-path) + (target source))) + '())) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 9fa34ad616b94ad881b5ca48ef88bd84f877a0e9 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 24 17:12:25 2024 Received: (at 70341) by debbugs.gnu.org; 24 Apr 2024 21:12:26 +0000 Received: from localhost ([127.0.0.1]:60172 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzjuX-0004wg-Go for submit@debbugs.gnu.org; Wed, 24 Apr 2024 17:12:25 -0400 Received: from mx1.riseup.net ([198.252.153.129]:55338) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzju4-0004q1-OI; Wed, 24 Apr 2024 17:11:49 -0400 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4VPs9P376wzDqpl; Wed, 24 Apr 2024 21:11:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1713993081; bh=4Mpfp/UFd1b9VZIflQ5T6LjKjPh5d8WA8EMdBh6YfH0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Pb8KdNMT7ryyji+r11s1Mtvee6wQ+1AfkYSU/darlfyOjyRmu5GZ2L3vnNZ86HXhi Iae4P2U8iansouUDDKx4tD+6alwdwgWZX8+Eu5Jk8CQaXQgRBrHWqdV6eb71dd5QmF wyHaIXhouHDTr9Od742uwAvKpQPXGqygSZUirg0I= X-Riseup-User-ID: EC4B713CDDE1793CA0C25A09CE44E283C48F208BDCC843F933F0AD857702E801 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4VPs9M6XyTzFvfd; Wed, 24 Apr 2024 21:11:19 +0000 (UTC) Date: Wed, 24 Apr 2024 18:11:10 -0300 From: =?iso-8859-1?Q?Andr=E9?= Batista To: Nigko Yerden Subject: Re: [bug#70341] [PATCH v3] services: tor: Add support for pluggable transports. Message-ID: References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 70341 Cc: 70332@debbugs.gnu.org, 70302@debbugs.gnu.org, 70341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Nigko, seg 22 abr 2024 às 08:58:39 (1713787119), nigko.yerden@gmail.com enviou: > Pluggable transports are programs that disguise Tor traffic, which > can be useful in case Tor is censored. Pluggable transports > cannot be configured by #:config-file file exclusively because Tor > process is run via 'least-authority-wrapper' and cannot have access > to transport plugin, which is a separate executable (Bug#70302, > Bug#70332). I can confirm that the tor service is unable to fork-exec a pluggable-transport and the bootstrap process is halted at its start when trying to use a system wide bridge + PT. However, this patch does not seem to address the issue at hand, since it just creates new tor-service-type configuration options that accomplish the same as configuring on config-file directly. Have you had success with this? I had no luck. More comments bellow. > * doc/guix.texi (Networking Services): Document 'transport-plugin' and > 'pluggable-transport' options for 'tor-configuration'. > * gnu/services/networking.scm: Export 'tor-configuration-transport-plugin-path', > 'tor-configuration-pluggable-transport'. > (): Add 'transport-plugin' and 'pluggable-transport' > fields. > (tor-configuration->torrc)[transport-plugin]: Add content to 'torrc' > computed-file. > (tor-shepherd-service)[transport-plugin]: Add file-system-mapping. > > Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 > --- > doc/guix.texi | 11 ++++++++ > gnu/services/networking.scm | 54 ++++++++++++++++++++++++++----------- > 2 files changed, 49 insertions(+), 16 deletions(-) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 65af136e61..eb0837860e 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -127,6 +127,7 @@ > Copyright @copyright{} 2024 Herman Rimm@* > Copyright @copyright{} 2024 Matthew Trzcinski@* > Copyright @copyright{} 2024 Richard Sent@* > +Copyright @copyright{} 2024 Nigko Yerden@* > > Permission is granted to copy, distribute and/or modify this document > under the terms of the GNU Free Documentation License, Version 1.3 or > @@ -21849,6 +21850,16 @@ Networking Services > @file{/var/run/tor/control-sock}, which will be made writable by members of the > @code{tor} group. > > +@item @code{transport-plugin} (default: @code{#f}) > +This must be either @code{#f} or a ``file-like'' object pointing to the > +pluggable transport plugin executable. In the latter case the > +@code{#:config-file} file should contain line(s) configuring > +one or more bridges. > + > +@item @code{pluggable-transport} (default: @code{"obfs4"}) > +A string that specifies the type of the pluggable transport in > +case @code{#:transport-plugin} is not @code{#f}. > + > @end table > @end deftp > > diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm > index 8e64e529ab..6e535ea8ef 100644 > --- a/gnu/services/networking.scm > +++ b/gnu/services/networking.scm > @@ -22,6 +22,7 @@ > ;;; Copyright © 2023 Declan Tsien > ;;; Copyright © 2023 Bruno Victal > ;;; Copyright © 2023 muradm > +;;; Copyright © 2024 Nigko Yerden > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -159,6 +160,8 @@ (define-module (gnu services networking) > tor-configuration-hidden-services > tor-configuration-socks-socket-type > tor-configuration-control-socket-path > + tor-configuration-transport-plugin-path > + tor-configuration-pluggable-transport > tor-onion-service-configuration > tor-onion-service-configuration? > tor-onion-service-configuration-name > @@ -955,7 +958,11 @@ (define-record-type* > (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix > (default 'tcp)) > (control-socket? tor-configuration-control-socket-path > - (default #f))) > + (default #f)) > + (transport-plugin tor-configuration-transport-plugin-path > + (default #f)) > + (pluggable-transport tor-configuration-pluggable-transport > + (default "obfs4"))) > > (define %tor-accounts > ;; User account and groups for Tor. > @@ -988,7 +995,8 @@ (define-configuration/no-serialization tor-onion-service-configuration > (define (tor-configuration->torrc config) > "Return a 'torrc' file for CONFIG." > (match-record config > - (tor config-file hidden-services socks-socket-type control-socket?) > + (tor config-file hidden-services socks-socket-type control-socket? > + transport-plugin pluggable-transport) > (computed-file > "torrc" > (with-imported-modules '((guix build utils)) > @@ -1027,6 +1035,13 @@ (define (tor-configuration->torrc config) > (cons name mapping))) > hidden-services)) > > + (when #$transport-plugin > + (format port "\ > +UseBridges 1 > +ClientTransportPlugin ~a exec ~a~%" > + #$pluggable-transport > + #$transport-plugin)) > + > (display "\ > ### End of automatically generated lines.\n\n" port) Even if it had succeded though, I'm not sure if this is the best approach to it, since it would break guix system configuration, right? How would one know beforehand which binary to point to? One would first need to install the PT and look to its path on store and then link to it in a new configuration. And then this link would have to be manualy updated. Am I missing something here? Finally, next time, try to keep the issue to a single thread. I'm replying to #70332 and #70302 just for reference, but let's keep to #70341 going forward. Cheers! From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 25 02:09:25 2024 Received: (at 70341) by debbugs.gnu.org; 25 Apr 2024 06:09:25 +0000 Received: from localhost ([127.0.0.1]:60394 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzsIO-0004CW-7B for submit@debbugs.gnu.org; Thu, 25 Apr 2024 02:09:25 -0400 Received: from mail-lj1-x234.google.com ([2a00:1450:4864:20::234]:53556) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzsII-0004AD-5Q for 70341@debbugs.gnu.org; Thu, 25 Apr 2024 02:09:22 -0400 Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2db13ca0363so7909341fa.3 for <70341@debbugs.gnu.org>; Wed, 24 Apr 2024 23:09:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714025334; x=1714630134; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:content-language:from :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=xLoy07RoOG9L3ZoODsULAyMnq+UKYHAcZoW9IoD8TMM=; b=Uow+LPIMzdyVbhe6ggmzsEP/xpRZyWT9nOlVFSb4V957aUl8sxlg3borukUc17f2S4 dkv8x2GJDeXBb8TjtHnEwQPsSte+Bbv1BPSa6Bek/g+G2OI3SLrBZcUxGz/x96Usifd8 Ejcv79Fxi9EO3DoLZoi6frl6aANckYshEObO3lndDHsxf5om2+i3X8IbLIly9Ajtu2Qf CSN7c59oKpGkF+Ey49NyEpDAbTu/dZCxlCsXB0vbtU4zj3ky6ImPvHVK8KhAbIFZcxba KW4TnRFWunBnuflcbXv0Grly5hNV0r3YNzvT3HU9GjANwlfcMfWFLW6CGZs+8Cc7nimK rwUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714025334; x=1714630134; h=content-transfer-encoding:in-reply-to:content-language:from :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xLoy07RoOG9L3ZoODsULAyMnq+UKYHAcZoW9IoD8TMM=; b=Nne9aA9cfoHqSveuZqFfnhIDhpWWQV6dP1UO6pWuFn2i47WhI3U/u4dyWH4/TEZ/Wc gppZEwtLwJXXQ6vsBnLkD+Qz4CsbX83ab/bKhVdajDcxoCndr/JZzG1HLaX+DxfHUry/ hmNl74KXx/yXahj4z4uz752v8pfA9feqU5V2db5dYCeTs1m4ISGjk9cLP/sFogHZboVV zSBFqDsMd2VxDgpRBzM3v8eRoc1XCBQ9Q5fgzhDOaTL/0hAncHqKPIzYyGw6pQR2pwmK v2OMu+LwMThxpTt4GaGlyngZZHhWmPDU9wnF5Z/dw40BpnTAy0kckNU/hanXtJoXhCcn Lfzw== X-Gm-Message-State: AOJu0Yww4FNvfeRWPPgbaXHLaVA79lSXIAIgR7LF0dZCYII2Zrx05koQ 84h06eEBVyi1uIQX2d+dlO/+lNc8OpAJyCUd7s7Pmi23W4V2Y11g X-Google-Smtp-Source: AGHT+IG8ZGLJivVr4/VglHSciaE+B/Pb/x6/wQB0TlqlftvBm7S4/qziZ1AzOxqc0LMFKm8H2z6Igw== X-Received: by 2002:a2e:a587:0:b0:2dd:7938:ed2f with SMTP id m7-20020a2ea587000000b002dd7938ed2fmr4521791ljp.19.1714025333996; Wed, 24 Apr 2024 23:08:53 -0700 (PDT) Received: from [127.0.0.1] ([212.75.155.102]) by smtp.gmail.com with ESMTPSA id j25-20020a2e6e19000000b002dd7615e1f7sm1189832ljc.95.2024.04.24.23.08.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Apr 2024 23:08:53 -0700 (PDT) Message-ID: Date: Thu, 25 Apr 2024 11:08:52 +0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug#70341] [PATCH v3] services: tor: Add support for pluggable transports. To: =?UTF-8?Q?Andr=C3=A9_Batista?= References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> From: Nigko Yerden Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: 70341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi André, Thank you for the feedback! > I can confirm that the tor service is unable to fork-exec a > pluggable-transport and the bootstrap process is halted at its start > when trying to use a system wide bridge + PT. However, this patch > does not seem to address the issue at hand, since it just creates new > tor-service-type configuration options that accomplish the same as > configuring on config-file directly. Have you had success with this? > I had no luck. Yes, I have! This patch not only creates new tor-service-type configuration options but, which is crucial, adds pluggable transport (PT) executable, if provided, to #:mappings argument of the least-authority-wrapper, see 'tor-shepherd-service' chunk. With this patch Tor process gets access to PT plugin and, if bridges are configured via config-file field, Tor starts using obfuscated traffic. > Even if it had succeeded though, I'm not sure if this is the best > approach to it, since it would break guix system configuration, > right? No, the patch does not break any existing tor-service-type configuration. If PT is not used, 'transport-plugin' defaults to '#f', and the Tor works exactly as if there wasn't any patch at all. > How would one know beforehand which binary to point to? One would > first need to install the PT and look to its path on store and then > link to it in a new configuration. And then this link would have to > be manualy updated. Am I missing something here? There is much simpler and convenient way of doing this. If users want to bring PT into action, they may simply write (service tor-service-type (config-file ".... Bridge obfs4 ...") (transport-plugin (file-append PT-PACKAGE "/bin/name-of-executable")) The PT-PACKAGE does not even have to be present in the list of 'operating-system 'packages field, since Guix will find the reference to PT-package and install it automatically. The only thing which should be known beforehand is the "name-of-executable". For 'go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird package it is "lyrebird", while for 'go-github-com-operatorfoundation-obfs4 it is "obfs4proxy". It is unlikely that these names will change with upgrades. > Finally, next time, try to keep the issue to a single thread. I'm > replying to #70332 and #70302 just for reference, but let's keep to > #70341 going forward. Sorry about that! I have tried not to create new bug issue but was unsuccessful. Perhaps I shouldn't have touched the email heading. Regards, Nigko André Batista wrote: > Hi Nigko, > > seg 22 abr 2024 às 08:58:39 (1713787119), nigko.yerden@gmail.com > enviou: >> Pluggable transports are programs that disguise Tor traffic, which >> can be useful in case Tor is censored. Pluggable transports cannot >> be configured by #:config-file file exclusively because Tor process >> is run via 'least-authority-wrapper' and cannot have access to >> transport plugin, which is a separate executable (Bug#70302, >> Bug#70332). > > I can confirm that the tor service is unable to fork-exec a > pluggable-transport and the bootstrap process is halted at its start > when trying to use a system wide bridge + PT. However, this patch > does not seem to address the issue at hand, since it just creates new > tor-service-type configuration options that accomplish the same as > configuring on config-file directly. Have you had success with this? > I had no luck. > > More comments bellow. > >> * doc/guix.texi (Networking Services): Document 'transport-plugin' >> and 'pluggable-transport' options for 'tor-configuration'. * >> gnu/services/networking.scm: Export >> 'tor-configuration-transport-plugin-path', >> 'tor-configuration-pluggable-transport'. (): Add >> 'transport-plugin' and 'pluggable-transport' fields. >> (tor-configuration->torrc)[transport-plugin]: Add content to >> 'torrc' computed-file. (tor-shepherd-service)[transport-plugin]: >> Add file-system-mapping. >> >> Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 --- >> doc/guix.texi | 11 ++++++++ >> gnu/services/networking.scm | 54 >> ++++++++++++++++++++++++++----------- 2 files changed, 49 >> insertions(+), 16 deletions(-) >> >> diff --git a/doc/guix.texi b/doc/guix.texi index >> 65af136e61..eb0837860e 100644 --- a/doc/guix.texi +++ >> b/doc/guix.texi @@ -127,6 +127,7 @@ Copyright @copyright{} 2024 >> Herman Rimm@* Copyright @copyright{} 2024 Matthew Trzcinski@* >> Copyright @copyright{} 2024 Richard Sent@* +Copyright @copyright{} >> 2024 Nigko Yerden@* >> >> Permission is granted to copy, distribute and/or modify this >> document under the terms of the GNU Free Documentation License, >> Version 1.3 or @@ -21849,6 +21850,16 @@ Networking Services >> @file{/var/run/tor/control-sock}, which will be made writable by >> members of the @code{tor} group. >> >> +@item @code{transport-plugin} (default: @code{#f}) +This must be >> either @code{#f} or a ``file-like'' object pointing to the >> +pluggable transport plugin executable. In the latter case the >> +@code{#:config-file} file should contain line(s) configuring +one >> or more bridges. + +@item @code{pluggable-transport} (default: >> @code{"obfs4"}) +A string that specifies the type of the pluggable >> transport in +case @code{#:transport-plugin} is not @code{#f}. + >> @end table @end deftp >> >> diff --git a/gnu/services/networking.scm >> b/gnu/services/networking.scm index 8e64e529ab..6e535ea8ef 100644 >> --- a/gnu/services/networking.scm +++ >> b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © >> 2023 Declan Tsien ;;; Copyright © 2023 >> Bruno Victal ;;; Copyright © 2023 muradm >> +;;; Copyright © 2024 Nigko Yerden >> ;;; ;;; This file is part of GNU Guix. >> ;;; @@ -159,6 +160,8 @@ (define-module (gnu services networking) >> tor-configuration-hidden-services >> tor-configuration-socks-socket-type >> tor-configuration-control-socket-path + >> tor-configuration-transport-plugin-path + >> tor-configuration-pluggable-transport >> tor-onion-service-configuration tor-onion-service-configuration? >> tor-onion-service-configuration-name @@ -955,7 +958,11 @@ >> (define-record-type* (socks-socket-type >> tor-configuration-socks-socket-type ; 'tcp or 'unix (default >> 'tcp)) (control-socket? tor-configuration-control-socket-path - >> (default #f))) + (default #f)) + >> (transport-plugin tor-configuration-transport-plugin-path + >> (default #f)) + (pluggable-transport >> tor-configuration-pluggable-transport + (default >> "obfs4"))) >> >> (define %tor-accounts ;; User account and groups for Tor. @@ -988,7 >> +995,8 @@ (define-configuration/no-serialization >> tor-onion-service-configuration (define (tor-configuration->torrc >> config) "Return a 'torrc' file for CONFIG." (match-record config >> - (tor config-file hidden-services >> socks-socket-type control-socket?) + (tor config-file >> hidden-services socks-socket-type control-socket? + >> transport-plugin pluggable-transport) (computed-file "torrc" >> (with-imported-modules '((guix build utils)) @@ -1027,6 +1035,13 @@ >> (define (tor-configuration->torrc config) (cons name mapping))) >> hidden-services)) >> >> + (when #$transport-plugin + (format >> port "\ +UseBridges 1 +ClientTransportPlugin ~a exec ~a~%" + >> #$pluggable-transport + >> #$transport-plugin)) + (display "\ ### End of automatically >> generated lines.\n\n" port) > > Even if it had succeded though, I'm not sure if this is the best > approach to it, since it would break guix system configuration, > right? How would one know beforehand which binary to point to? One > would first need to install the PT and look to its path on store and > then link to it in a new configuration. And then this link would have > to be manualy updated. Am I missing something here? > > Finally, next time, try to keep the issue to a single thread. I'm > replying to #70332 and #70302 just for reference, but let's keep to > #70341 going forward. > > Cheers! From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 30 05:13:57 2024 Received: (at 70341) by debbugs.gnu.org; 30 Apr 2024 09:13:57 +0000 Received: from localhost ([127.0.0.1]:59260 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s1jYi-00066j-OY for submit@debbugs.gnu.org; Tue, 30 Apr 2024 05:13:57 -0400 Received: from mail-lf1-x142.google.com ([2a00:1450:4864:20::142]:58490) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s1jYf-00066Z-Sb for 70341@debbugs.gnu.org; Tue, 30 Apr 2024 05:13:55 -0400 Received: by mail-lf1-x142.google.com with SMTP id 2adb3069b0e04-51ca95db667so5049722e87.0 for <70341@debbugs.gnu.org>; Tue, 30 Apr 2024 02:13:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714468406; x=1715073206; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=HAH3OO75DNDOpJPG5hKHEneiWg+NI6QH72b+/r2YOb8=; b=e0u+4byUwMGrLQqD0GBEFNPRgEZQltPt3Si0YQ7RhotF/isbB126a8hBqHG7UTLhWR LGdgV1rEQk2AJGUMsv4XXKmYtZ8qGr/LUmVvk7Vc8wapBRCodqGIaCleMsMpnA8o4OZH G/txOyR+o6jpJazxj9NY6PSGFLdgI8rBhO/vVnx3Px3lB11BH5a4vAtNyOkw1vG1bslf U7ZV/rkuGuiNChUDD3/TcQcP/LPIT0P0aIwJ1Ap+KjorHo5Ns0NScZf3mrjlIagFy3fT FXPqFGlPycstY5R3BuF+LGRmNC47j1Th6eOfHhjwZJqryQx/WKpaamLiZBxkgK0j3PPn Ld/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714468406; x=1715073206; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HAH3OO75DNDOpJPG5hKHEneiWg+NI6QH72b+/r2YOb8=; b=P6NL2Ph+k8Oh7LweUV0ORvjbecCa+kLpgvr13UT9ammzDSKa3bHL6x6WkUWJGw9opG mvQoFxaX1ZirryNuYD2yLJdFUIhyg+FpAboZSq+5Zfkhs1P1kdCk3DLkYcP2anm91TxI VEYMJZ0AS8B8/fKvq3vMN4cSa3sOk6mjBC1MrwT1A7n3bW0ij+hlgkXL/LpKJh3PZ9Hf 0xePCA02ErAE+rBrdSQB3/dogVXEy9PS7uDeJ2JGrlSkR014u4w0E7RU9HOOC7JqBpjT e1DNv8/IC8qpZDshut7bzfoYHNCNF6DzyGrbMxnf24qwrIIRNjtrpL0s/pWNS2LfwTz1 KcOQ== X-Gm-Message-State: AOJu0Yy2TByhTmsDKQdUQktabYpq4mV8TmeV/JGhDGAxVHRdIVWw2Dju lMXr+g4SQv4I8zRqInUaKdq3XhEhGPUnl3lNHZ1FTX4Abdg2y9WoIZ1eZJHV X-Google-Smtp-Source: AGHT+IGldG+Hz+M9M+u8UbpLAJguXqojgZMFJe+wsaBEUytzZaF6uYj5gU/taSegupmkmEivUOQ0Ow== X-Received: by 2002:a19:760f:0:b0:51b:7415:655f with SMTP id c15-20020a19760f000000b0051b7415655fmr9565828lff.36.1714468406037; Tue, 30 Apr 2024 02:13:26 -0700 (PDT) Received: from [127.0.0.1] ([188.68.138.94]) by smtp.gmail.com with ESMTPSA id y24-20020a197518000000b00518b91e8fd7sm4374411lfe.235.2024.04.30.02.13.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Apr 2024 02:13:25 -0700 (PDT) Message-ID: Date: Tue, 30 Apr 2024 14:13:24 +0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug#70341] [PATCH v3] services: tor: Add support for pluggable transports. From: Nigko Yerden To: =?UTF-8?Q?Andr=C3=A9_Batista?= References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: 70341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi André, Here is some additional information about the patched tor-service-type which reveals: 1) Why it can fail if not properly configured. 2) Its internal workings which I find kind of cool. First, it is not necessary to use PT-plugin from ready-to-go Guix package. It is possible to download PT-plugin source code and compile it directly, say, somewhere in $HOME folder. The corresponding configuration may look like this (service tor-service-type (config-file (plain-file "torrc" ".... Bridge obfs4 ...")) (transport-plugin (local-file "/home/..../lyrebird" #:recursive? #t))) But this will not necessary work. The reason why it can fail is somewhat interesting. As we know, the tor process, thanks to the 'least-authority-wrapper', is run inside a container, which, in particular, means it has very limited view of the file system. But PT-plugin executable is linked dynamically by default and has its dependency libraries inaccessible from within the container. However, if PT-plugin is linked statically, the configuration above will work. Similarly, if PT-plugin is specified as a direct string path to the store item like this (transport-plugin "/gnu/store/..../bin/lyrebird") it may not work for the same reason. However, if a file-like object is used instead like this (transport-plugin (file-append PT-PACKAGE "/bin/lyrebird")) all the dependencies of PT-PACKAGE are added automatically to the list of allowed paths inside the container (this is provided by the call to 'references-file' from inside 'least-authority-wrapper' procedure). As for me this means that the suggested patch fits very well to the guix'y way of doing things. Regards, Nigko From debbugs-submit-bounces@debbugs.gnu.org Fri May 10 04:35:33 2024 Received: (at 70341) by debbugs.gnu.org; 10 May 2024 08:35:34 +0000 Received: from localhost ([127.0.0.1]:41821 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s5Lj3-0003gZ-0M for submit@debbugs.gnu.org; Fri, 10 May 2024 04:35:33 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:60789) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s5Lix-0003gI-OG for 70341@debbugs.gnu.org; Fri, 10 May 2024 04:35:31 -0400 Received: by mail-lj1-f195.google.com with SMTP id 38308e7fff4ca-2e0a0cc5e83so27351211fa.1 for <70341@debbugs.gnu.org>; Fri, 10 May 2024 01:35:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715330063; x=1715934863; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=a/XxKLYfLTRZtD/+twN0ygtiWygE2upDzAySnFMBLM0=; b=i3Qq2BgqzjnTh576QIIkdJc4//HOgGJ+eMTK6tKvgd06QJPiybT5ge8NncNNPWPIpX 8n253mESzAaBaeCg4yOJNEUgz7fuLp52azBm9ewugOvQW7H9zjsGXWjQvLBmJXcG+5Om iF9XmOP1+ODuWewRGIy8Tq/Ua9+RT2XnDn07z2SnF388KE/8QqC9g8EHZS0SQLayFsiE WdcXlc5ze30irjKDmpDG59YO38B9IoVh6LnpGHd9qb0voV20XrW3M9GICXjIAJwcb83W Zz6icouExoR74cCD8Xc9/2/HFj+2yKxqXVtDLKnzRuBRkyvnILMfsnCc3njMwGUCnhKk BH3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715330063; x=1715934863; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a/XxKLYfLTRZtD/+twN0ygtiWygE2upDzAySnFMBLM0=; b=JeiSq2BcNR2A6qIVEPYlTMjCgP76jLxFXIqj1y1ej4qWn3LXCfOKMV1VOZXUe4coUX yhfYu1811nJ6kGZ/jOtjR8RFlDAr+gBGj/zztVfIFXZBK4szGs8FMW25iVtoaayGl7g/ zv2FoPFauLNHyj/znJzAgUcgnsykDcLMdCtFEsrMEnaKQ94tG3y8MtzBCAXLhiwnj+wv A7iII1HwCVq2I9XuiJusbhacxTutxxEzU99f9xeGjGK9doPQ9pTbojWqp/aUWjy02dR+ nYEwGgRgXF5UI4X0KyvntFHnr4D9XeUVRgwUcE1uv4awkVWh3sE+Wt8RMbu0vrbZcUqR Y26g== X-Gm-Message-State: AOJu0Yws7UJeix5Lzy8eJwpM39p1sdRzZ/VtMCN6mUU/xEf8BzuaETK1 Hy9W8WNGSWPnZtAvRhDA1XNfrUO27FTxyqxbjE8rCKbbQnsyfmsMO6uZF7Pq X-Google-Smtp-Source: AGHT+IEB1GhAaNZ49ERrIZm2e2UXu37XpRB8zRPXIu8HF3Ef+iO6VEuMtaAPoqOx1ge/191bPRHhLA== X-Received: by 2002:a2e:9355:0:b0:2dc:d2c5:ee9 with SMTP id 38308e7fff4ca-2e51fe52115mr11000991fa.2.1715330062336; Fri, 10 May 2024 01:34:22 -0700 (PDT) Received: from localhost.localdomain ([62.33.150.148]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2e4d0bbcc28sm4369801fa.11.2024.05.10.01.34.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 May 2024 01:34:21 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v4] services: tor: Add support for pluggable transports. Date: Fri, 10 May 2024 13:32:02 +0500 Message-ID: <0983e0fb3aa290e1e0796c31c174bb2b7fdb615e.1715329922.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). Example configuration snippet to be appended to operation-system services (see https://bridges.torproject.org/ to get full bridge's lines): (service tor-service-type (tor-configuration (config-file (plain-file "torrc" "\ UseBridges 1 Bridge obfs4 ... Bridge obfs4 ...")) (transport-plugins (list (tor-transport-plugin (path-to-binary (file-append go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird "/bin/lyrebird"))))))) * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-transport-plugin-role', 'tor-transport-plugin-protocol', and 'tor-transport-plugin-path'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- doc/guix.texi | 48 +++++++++++++++++++++++ gnu/services/networking.scm | 76 +++++++++++++++++++++++++++++-------- 2 files changed, 108 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1c1e0164e7..ae9bd7e290 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -127,6 +127,7 @@ Copyright @copyright{} 2024 Herman Rimm@* Copyright @copyright{} 2024 Matthew Trzcinski@* Copyright @copyright{} 2024 Richard Sent@* +Copyright @copyright{} 2024 Nigko Yerden@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -21877,6 +21878,13 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + + @end table @end deftp @@ -21905,6 +21913,46 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plagguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +``ClientTransportPlugin ...'' or to +``ServerTransportPlugin ...'' line in the default +configuration file, see the @code{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{path-to-binary} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..cb1749ffe6 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -159,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-transport-plugin-role + tor-transport-plugin-protocol + tor-transport-plugin-path tor-hidden-service ; deprecated tor-service-type @@ -955,7 +962,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -985,10 +994,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-transport-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-transport-plugin-protocol + (default "obfs4")) + (path-to-binary tor-transport-plugin-path)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1050,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol path) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol path))) + '#$(map (match-lambda + (($ role protocol path) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + path))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1076,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-transport-plugin-path plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 360fea15cb25d0cdf55ec55488956257a0219fe4 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu May 23 17:49:57 2024 Received: (at 70341) by debbugs.gnu.org; 23 May 2024 21:49:57 +0000 Received: from localhost ([127.0.0.1]:32930 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sAGJx-0007t6-5O for submit@debbugs.gnu.org; Thu, 23 May 2024 17:49:57 -0400 Received: from mx1.riseup.net ([198.252.153.129]:44350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sAGJr-0007t0-Q8 for 70341@debbugs.gnu.org; Thu, 23 May 2024 17:49:56 -0400 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4VlhfC1mvGzDqTH; Thu, 23 May 2024 21:49:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1716500979; bh=tJ5zFNAGLKbnfcOGbs3xrU474IT2El+5bmh5YAywQjA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=F3wrxckAwQ54be7ZG4BdVKqAXoKolttshh9nd7FXN0C2kr5OgOZdNI5FT9xoKsR1m FsXr0ZLG+z0uq9itIMJDqi2Smp0iLEziH2d4i20bP2Mj4xHPjizptRxwszMyOZ3DP+ yEWdBFmEn3obj2YVdBNw4xowe9DXjulxpTnN9X1M= X-Riseup-User-ID: A8E35A8CAAEB7BB3FE138D3ED9C9845F767AD35CEEDB029842BE06BB9315AFB6 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4Vlhf96xNhzFvck; Thu, 23 May 2024 21:49:37 +0000 (UTC) Date: Thu, 23 May 2024 18:49:23 -0300 From: =?iso-8859-1?Q?Andr=E9?= Batista To: Nigko Yerden Subject: Re: [bug#70341] [PATCH v4] services: tor: Add support for pluggable transports. Message-ID: References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <0983e0fb3aa290e1e0796c31c174bb2b7fdb615e.1715329922.git.nigko.yerden@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <0983e0fb3aa290e1e0796c31c174bb2b7fdb615e.1715329922.git.nigko.yerden@gmail.com> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 70341 Cc: 70341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Nigko, I'm sorry for the delay. I can confirm that this patch works as described and the instructions are clear and provide enough information to setup a proper configuration. Maybe my shortcoming regarding '#:mappings' gave you room for improvement :) There was only one typo that I should mention: sex 10 mai 2024 às 13:32:02 (1715358722), nigko.yerden@gmail.com enviou: > (...) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 1c1e0164e7..ae9bd7e290 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > > (...) > > @@ -21905,6 +21913,46 @@ Networking Services > @end table > @end deftp > > +@cindex pluggable transports, tor > +@deftp {Data Type} tor-transport-plugin > +Data type representing a Tor pluggable transport plugin in > +@code{tor-configuration}. Plagguble transports are programs You've exchanged 'a' for 'u' here ^ when typing Pluggable. Other than that, all seem good to me and I find it to be a nice little touch to Guix. Let's wait for a maintainer to pick it up. Cheers! From debbugs-submit-bounces@debbugs.gnu.org Fri May 31 01:45:45 2024 Received: (at 70341) by debbugs.gnu.org; 31 May 2024 05:45:45 +0000 Received: from localhost ([127.0.0.1]:52981 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCv5E-0006X7-EX for submit@debbugs.gnu.org; Fri, 31 May 2024 01:45:45 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:57779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCv5B-0006Wt-CT for 70341@debbugs.gnu.org; Fri, 31 May 2024 01:45:42 -0400 Received: by mail-lf1-f66.google.com with SMTP id 2adb3069b0e04-52b88740a93so357044e87.3 for <70341@debbugs.gnu.org>; Thu, 30 May 2024 22:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717134264; x=1717739064; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=eSGjI6QfbrlqDo5oNwsE6SBP0X2CNPaqk9WA0p46S+8=; b=Ivm/rKhYo6OuPCuQeqUiC9UxBdhpAjsYgsp5T2YSG4Th6vy10YzdPD6qyCgg03q/Do DjFc55OcEdluFGbTpA2B4u1NdJyxZLt9FGdHYH6e3YmtRdGzKNhd7Do9ni2HOaQumYyZ O1TnbkUwIX3q4nI3TAkF0OuRwid9nTOSobrFvR48YpAPGLI7KEibxjz78ya1NFOgrYY7 5vh5RRRNPvBvhe27UeOVH8ZbKLdWuk5RMVwGXIiXOKqP7aM2h7UDxpptbvfm+8rcK2t+ 8syQcg66jtdzruUgEv4/6Mmweb81A7yUMAYdwLrRtKU5XrqteVqSNya13LiKPzS2FCZo Z+mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717134264; x=1717739064; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eSGjI6QfbrlqDo5oNwsE6SBP0X2CNPaqk9WA0p46S+8=; b=xMvdDeW8GWutOSRrrTQr+FrIZjyfUhDGFZ/sRArCOCOs9s1hKVEyGGxY6TubvcGxDZ YhBsgQkUMxDpp4vZolYc2Mw+ib11K+LgQ75r9TpjwWEVO1OFVaw4VgIC5M0cIQwsUNl+ JXcNscsDTbxu6Ee0tctkMcjDTCBGgvID1N6hMmgbHmD81EmOKej2+gUaylYgGTyp4065 wYIH7tOdV5KFU9EWrpW3Gi5txgGWe6Xomxth5VKyW4x5QEpZMlo39FRdRsL/k3FvWCxM +yXF/f0uGqy75W5gm2Jj58Pz7PoVXwnDatxdGiH+fCiXk4bOcKxNBWFKhzou1fAI6zGS 0t9g== X-Gm-Message-State: AOJu0YxVMNfN3jTF8w2siSjtuEe/33OTV1xPR1aTFuhNoXVKrxxmQ2Ef vgwtDaBeFE7e3vZ4rqML7n/hQzmWow0b2OLH4w68N3kySkM51+lov+uPDwrm X-Google-Smtp-Source: AGHT+IF6P98hgonDB8T3KJ0RiuwYgJhGtGtuiBCMRxDFbaSmFJunKKNRf42gbX6fWvMNpYiszIIAAg== X-Received: by 2002:ac2:4316:0:b0:520:c2c1:153a with SMTP id 2adb3069b0e04-52b896d2716mr570849e87.58.1717134263450; Thu, 30 May 2024 22:44:23 -0700 (PDT) Received: from localhost.localdomain ([188.68.134.234]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52b84d892bdsm208848e87.250.2024.05.30.22.44.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 22:44:22 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v5] services: tor: Add support for pluggable transports. Date: Fri, 31 May 2024 10:43:11 +0500 Message-ID: <1c519115fbb093a4a581e9b8a7efa591bebd72b4.1717134191.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Matthew Trzcinski , Maxim Cournoyer Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). Example configuration snippet to be appended to operation-system services (see https://bridges.torproject.org/ to get full bridge's lines): (service tor-service-type (tor-configuration (config-file (plain-file "torrc" "\ UseBridges 1 Bridge obfs4 ... Bridge obfs4 ...")) (transport-plugins (list (tor-transport-plugin (path-to-binary (file-append go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird "/bin/lyrebird"))))))) * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-transport-plugin-role', 'tor-transport-plugin-protocol', and 'tor-transport-plugin-path'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- doc/guix.texi | 48 +++++++++++++++++++++++ gnu/services/networking.scm | 76 +++++++++++++++++++++++++++++-------- 2 files changed, 108 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1224104038..b997e6d4d7 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -128,6 +128,7 @@ Copyright @copyright{} 2024 Matthew Trzcinski@* Copyright @copyright{} 2024 Richard Sent@* Copyright @copyright{} 2024 Dariqq@* +Copyright @copyright{} 2024 Nigko Yerden@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -21960,6 +21961,13 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + + @end table @end deftp @@ -21988,6 +21996,46 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plugguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +``ClientTransportPlugin ...'' or to +``ServerTransportPlugin ...'' line in the default +configuration file, see the @code{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{path-to-binary} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..cb1749ffe6 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -159,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-transport-plugin-role + tor-transport-plugin-protocol + tor-transport-plugin-path tor-hidden-service ; deprecated tor-service-type @@ -955,7 +962,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -985,10 +994,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-transport-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-transport-plugin-protocol + (default "obfs4")) + (path-to-binary tor-transport-plugin-path)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1050,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol path) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol path))) + '#$(map (match-lambda + (($ role protocol path) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + path))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1076,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-transport-plugin-path plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 8144c587f89641d5976d5b3832297d391d489fbd -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 20 12:32:32 2024 Received: (at 70341) by debbugs.gnu.org; 20 Jun 2024 16:32:32 +0000 Received: from localhost ([127.0.0.1]:35608 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKKi7-00070N-W8 for submit@debbugs.gnu.org; Thu, 20 Jun 2024 12:32:32 -0400 Received: from mail-pg1-f172.google.com ([209.85.215.172]:43160) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKKi5-0006zk-Bl; Thu, 20 Jun 2024 12:32:30 -0400 Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-681bc7f50d0so1590575a12.0; Thu, 20 Jun 2024 09:32:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718901079; x=1719505879; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=84b6Q38J/wDnizdVUUKfZzy3RB/iq62VOgxzqaKFPao=; b=dZ8W21P6Xx1wj2NmhuXW9lw+VUrHmKRURLoKUYTqcDJp0JjiAWw0h8xTb0xKGeWdgl goWuyf+PtXP66iBOQ9gbET/xabxq32yuyzgnrSMwmSiC1KIxgiZ6KzoR7jV2R3v9TNNX 2J3lx2HPhilNNPdS297zpM1IxX7ALhOMk84PlMld/LGGL2ScXFrhdnJ6jk1lhYFkBujs 7Jnq1MdiuApOTwiXJEcjg1oBIbtmx5DRTVzl6DPpFq00hxUFgZOiFvIiWg0jP7OGzxw/ eLMx4eAA0tPBRfuO/y0UQ5ka3gsm/RJ0GP59STMOl6591SbV4iKHFPh/1c4RrEG3WEcp iUVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718901079; x=1719505879; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=84b6Q38J/wDnizdVUUKfZzy3RB/iq62VOgxzqaKFPao=; b=bUuIUAkcLjG45J6nIESuOFBUUemyquLNSMYlaS0BvnXJ0tImVhR2a6IezS2d5Cyxe6 QM0wFV2GG3axrKlQh1eRy6m2ho0ME3n6C1cnWKhWUjYRJVx9FXW3Lz51cWXWzrfreg9B XwUYeiPqDvOf4crccN0W7MJC7JsZe5HujV6V1VcUahFFF96ohrQwHpcmk2PPuPuojWhj tKNpF7GowwtNnPygnc0gPn9wtSJM1FwEMedZHcA5CFzWnVguMsqc9CKvAIroxViPR0/X qI3lS08ZE792MXK1FskjJmoz8PqEMXzm7YNE8QW+X7va9iG9ztscunKk/+U27aoQTDcD wOnA== X-Forwarded-Encrypted: i=1; AJvYcCXyO8fC8kHpBjusfPRusMVjDnM0b9d6pNdbVoUyGul7zecQ6cr14tcCV+SXxNJVKeYhoEgawkWajh407BVrnyjjL6FxIWa+FSsawXcW+VFtR3S8r6MEIap3hKye/Q== X-Gm-Message-State: AOJu0YzqTQrng4T7s1gUD1IznsWFhSnVxG4MkE6i1Lf9Ue7h/tTCsmBx 2b4Ul1IdWf/D9QFAveAOObSv2AfwqjxG91CiTxqyyqovK0yNLv+Q8HcqKCFyCW0y1m2pR0EDQEe uBR9G6J1NOg5EIf/gg6HPTfG/s5U= X-Google-Smtp-Source: AGHT+IH1lgFGz7TcvRuwpPkRU1oewYoQm94hr/cbgLY3HcMuVK9pqTHdKZxeOOBgUj/4nDpgIcPf2QQPZ/BUvE4ER7E= X-Received: by 2002:a17:90a:d806:b0:2c7:49b4:7e3a with SMTP id 98e67ed59e1d1-2c749b47eb2mr11014551a91.7.1718901078927; Thu, 20 Jun 2024 09:31:18 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Vincent Legoll Date: Thu, 20 Jun 2024 16:31:07 +0000 Message-ID: Subject: Re: Tor daemon is unable to use obfuscation To: Nigko Yerden Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: 70332@debbugs.gnu.org, 70302@debbugs.gnu.org, 70341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Thu, Jun 20, 2024 at 4:11=E2=80=AFPM Nigko Yerden wrote: > Yes, the issue still need fixing. > Here is my suggestion https://issues.guix.gnu.org/70341 Thanks, and now all these issues are linked together so we won't forget to close them at once, if appropriate. --=20 Vincent Legoll From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 11 09:29:53 2024 Received: (at 70341) by debbugs.gnu.org; 11 Jul 2024 13:29:53 +0000 Received: from localhost ([127.0.0.1]:51279 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sRtrs-0004Re-GH for submit@debbugs.gnu.org; Thu, 11 Jul 2024 09:29:53 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:43089) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sRtro-0004RO-Dp for 70341@debbugs.gnu.org; Thu, 11 Jul 2024 09:29:51 -0400 Received: by mail-lf1-f66.google.com with SMTP id 2adb3069b0e04-52e9a550e9fso1947759e87.0 for <70341@debbugs.gnu.org>; Thu, 11 Jul 2024 06:29:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720704527; x=1721309327; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LxDKX6wD4Yge+LiW0LsacQAvCFwfYLzU/zDqNXPFwC0=; b=Gq9pndhzj22SuV8DA4Gh72tLGXatjnspiS2NW/+WSRKLFwvL5pifeDw5/1avsi97Kz eE+r9D0AclY1l6dM7yRIjbIFrAiU7t9Zd48jqBh5Oibybjc6yyeH6wQeqKcAKdEikpnw BKYDTK/RJv3qOnYh0bSBSjLZ0iax0C8FEVXfAVqcIFcoAXCWME3iLIDiuFA11ZVbFkm1 dfWu1K4nx0g9moOM7ThLcTtqlxuC4GYk/OFVfUOMnUVPtbWywYl9riuqTKg49G8DvTcL xEIUhNJR2fC/8/5Uqfv8XyzVKyA/Ns4OHj/OWEapX1OwhhozWVNEqbA4ePxAConbmHRz vGHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720704527; x=1721309327; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LxDKX6wD4Yge+LiW0LsacQAvCFwfYLzU/zDqNXPFwC0=; b=NMbET7jIGxX+f0FJxq3WNLO/00Y2XcEURlh4RTuEI6OLd+6vnA+fue21G+ThIm8dCw lWe0cME34koN1s3S8fDb37H5JgJ60QjQiPUXsC563KKI2bEvUFmNAPuazEHiq9a/IGoJ m624StvttPp9DpIrwBaIUfKpgZHJd9Sn022IlGCB6RcXOqnCRZXxauCDD3PHJb+PLw31 cC4W9xyF9WWZ0VfZet0H0ydSBiYEtK02RatsOWXY2ob1SQUU7YBQEy9cWzmDYYxaayQC bseyyAVMqIg+3rKvAne90vrCewNy/HAR749n5MhkRJBKT+l9sq+zbAsy2RZR8v8M5FFl aTbg== X-Gm-Message-State: AOJu0YzlsZErt5tq6QNZoh/159nvrnywxr2icPgI4ph9suUGM7lBttIF U17IVWO51d9jW1B4mmbHPp6kxgYiImQnID5Cctvm9KguatMh0B3wmCC/Mf/w X-Google-Smtp-Source: AGHT+IETO0nPaYCrx0D4MfqkVK4AUhhKgdh58QuYhs3w268JZilZfy9ulMum6/kMdeMXR6s50AYeuw== X-Received: by 2002:a05:6512:32c2:b0:52b:bee8:e987 with SMTP id 2adb3069b0e04-52ec6e66494mr722570e87.3.1720704526574; Thu, 11 Jul 2024 06:28:46 -0700 (PDT) Received: from localhost.localdomain ([188.68.138.53]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52eb906e75dsm981911e87.270.2024.07.11.06.28.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jul 2024 06:28:46 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v6] services: tor: Add support for pluggable transports. Date: Thu, 11 Jul 2024 18:27:32 +0500 Message-ID: <11bf71bb5d31417eb7586e34e3e5e8b52eebf659.1720704452.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Matthew Trzcinski , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). Example configuration snippet to be appended to operation-system services (see https://bridges.torproject.org/ to get full bridge's lines): (service tor-service-type (tor-configuration (config-file (plain-file "torrc" "\ UseBridges 1 Bridge obfs4 ... Bridge obfs4 ...")) (transport-plugins (list (tor-transport-plugin (path-to-binary (file-append go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird "/bin/lyrebird"))))))) * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-transport-plugin-role', 'tor-transport-plugin-protocol', and 'tor-transport-plugin-path'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- Just rebasing. doc/guix.texi | 47 +++++++++++++++++++++++++ gnu/services/networking.scm | 69 ++++++++++++++++++++++++++++++------- 2 files changed, 103 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 5b77c84b4a..ccaab5985c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22006,6 +22006,13 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + + @end table @end deftp @@ -22034,6 +22041,46 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plugguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +``ClientTransportPlugin ...'' or to +``ServerTransportPlugin ...'' line in the default +configuration file, see the @code{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{path-to-binary} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 12d8934e43..4b1b164845 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -160,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-transport-plugin-role + tor-transport-plugin-protocol + tor-transport-plugin-path tor-hidden-service ; deprecated tor-service-type @@ -966,7 +972,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -996,10 +1004,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-transport-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-transport-plugin-protocol + (default "obfs4")) + (path-to-binary tor-transport-plugin-path)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1038,6 +1060,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol path) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol path))) + '#$(map (match-lambda + (($ role protocol path) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + path))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1050,20 +1086,27 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-transport-plugin-path plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: af4c90dc736295b19fda88cd8652f67f138409a1 -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 09 05:17:36 2024 Received: (at 70341) by debbugs.gnu.org; 9 Aug 2024 09:17:36 +0000 Received: from localhost ([127.0.0.1]:37672 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1scLkd-00017W-KE for submit@debbugs.gnu.org; Fri, 09 Aug 2024 05:17:36 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:59744) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1scLkZ-00017G-BZ for 70341@debbugs.gnu.org; Fri, 09 Aug 2024 05:17:33 -0400 Received: by mail-lf1-f66.google.com with SMTP id 2adb3069b0e04-530d0882370so1778106e87.3 for <70341@debbugs.gnu.org>; Fri, 09 Aug 2024 02:17:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723194957; x=1723799757; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=lmUqyD4zIXm3sD8deFGZixqvR6wh8S7U6X2jyUSymCQ=; b=WoBjfJtlDvld4ULHiMhGwzTORlQNIN8+ZnL/68Sd4Z1KfuN8lj90rjN/bncr+38cPe V+TV57BB5EYGA2SnHR0PwQkRWP0yx/QUj24JH9pGQSCaDzAWyBXDTfZRjUyF9JCyEckt 4hLhuMNqpma6pBTEYbhG8yZbdMigpXcUr8ORzTKpEnJJwe6yiBsSvCtQblbA+lvMqA1O kMWMkutgF6peq84rBH6H9/9F7bgGnjQH7pwxagNmL1nR5GKQxU/I/JTI+lenyWkYAhzb 7R/OPVrcxVwxDhvm7M4EZdSWyuulGzpi+r0zUFxLQdiKf4jUpMoXKmpN5mImrrxFUSL/ 7VQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723194957; x=1723799757; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lmUqyD4zIXm3sD8deFGZixqvR6wh8S7U6X2jyUSymCQ=; b=ROlhmKPxBjgD0+nUpgeAdNgJU55rD5zdMn+7ohvJpPg/Ufe0ZU2p3wp/Ox8o6TemsB 0r9BFmP9Xg4VFrK2fMBVdHQcRPMnwLU+vqH4h1ZF8uwkWB2RG9QMFPK1ffXu0TmEaWrz iGfDcS6nzInGd0zdW6WSdFLXM7fto9KWl/50ITiyQlbjYHIYHesVype6NywlXrml6/qk VR7tRArcFaqosyzpEF/rAdqfYTRUYromhDoyi+3OUxP9exf/0MPyb9HpeF3n2o6xGBSt EUe6rRysLzfIUEYpPW0qNCDY2iLq1ZowaBZDFT4v04tFo0xJcDThWqnsnWQMqOqmgyKD ae+A== X-Gm-Message-State: AOJu0YyL6n0naNne9ON+3P3V2c0yeO9JkS253j2uyGERr5ZtIC06fEhU ZBgGuUrorzx1IdoL5lkTqpc0kW+0b6ulLlFXJcO4omKO6FSUOhG8943WkJd7 X-Google-Smtp-Source: AGHT+IGs45b8CymRsZiEWM/3RNBXalKa7gHq+2sq2SQ0OklBadoTCai6OWSO2+4ocDMdSbNnPcSi/w== X-Received: by 2002:a05:6512:1597:b0:52e:934c:8e76 with SMTP id 2adb3069b0e04-530ee9e13f2mr700187e87.41.1723194956652; Fri, 09 Aug 2024 02:15:56 -0700 (PDT) Received: from localhost.localdomain ([188.168.200.73]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-530de457b6dsm915350e87.166.2024.08.09.02.15.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Aug 2024 02:15:56 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v7] services: tor: Add support for pluggable transports. Date: Fri, 9 Aug 2024 14:15:27 +0500 Message-ID: <6bcd7fab071edaf6c8ffbbfd86fef286ee7e38e7.1723194927.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Matthew Trzcinski , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). Example configuration snippet to be appended to operation-system services (see https://bridges.torproject.org/ to get full bridge's lines): (service tor-service-type (tor-configuration (config-file (plain-file "torrc" "\ UseBridges 1 Bridge obfs4 ... Bridge obfs4 ...")) (transport-plugins (list (tor-transport-plugin (path-to-binary (file-append go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird "/bin/lyrebird"))))))) * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-transport-plugin-role', 'tor-transport-plugin-protocol', and 'tor-transport-plugin-path'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- doc/guix.texi | 47 +++++++++++++++++++++++++ gnu/services/networking.scm | 69 ++++++++++++++++++++++++++++++------- 2 files changed, 103 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b7eb8fd346..0319003b20 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22006,6 +22006,13 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + + @end table @end deftp @@ -22034,6 +22041,46 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plugguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +``ClientTransportPlugin ...'' or to +``ServerTransportPlugin ...'' line in the default +configuration file, see the @code{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{path-to-binary} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 12d8934e43..4b1b164845 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -160,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-transport-plugin-role + tor-transport-plugin-protocol + tor-transport-plugin-path tor-hidden-service ; deprecated tor-service-type @@ -966,7 +972,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -996,10 +1004,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-transport-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-transport-plugin-protocol + (default "obfs4")) + (path-to-binary tor-transport-plugin-path)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1038,6 +1060,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol path) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol path))) + '#$(map (match-lambda + (($ role protocol path) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + path))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1050,20 +1086,27 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-transport-plugin-path plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 20dbf225f332ccc707578263ed710dcf2a8fb78e -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 04 10:09:21 2024 Received: (at 70341) by debbugs.gnu.org; 4 Sep 2024 14:09:21 +0000 Received: from localhost ([127.0.0.1]:35089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slqhF-000305-6m for submit@debbugs.gnu.org; Wed, 04 Sep 2024 10:09:21 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slqhC-0002z0-1P for 70341@debbugs.gnu.org; Wed, 04 Sep 2024 10:09:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1slqg4-0002G7-BM; Wed, 04 Sep 2024 10:08:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=A1rZ5mGRdCKDZTcDkyk/zvuxIBEsT5NwBwP47yUd77g=; b=KAxAvHltZo+lYpsFSFZ+ 1sIT/isn5VdTf8P6tXM6bgy2oBZ14VWIr+a2JYG+3qOqil3/WJTloKwwu+6YB/bsiKjoiZ1jCedBD BjsJ3cB028EOMkcpzt92D5FQRDKKEVbhIw3LDobKRUmpZu1KihI2Buh8ugC6bkqPptJfsSGjlOvSC YS/RQkT+t9F1/u1PEh5ujil2TbF+gO6adZWvIKotgyT/3uPm03kCUN1WBal5C2Drh9mvAY8IZqtXg xsoOAwOuOCiuOh7C0f3fGEFipjPmv0g85jujXU/TSmaoirO/jAqlUm17BSnTQUDqvliDDFIKJK4Ju p+tQqWOe8t3gbA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Nigko Yerden Subject: Re: [bug#70341] [PATCH v7] services: tor: Add support for pluggable transports. In-Reply-To: <6bcd7fab071edaf6c8ffbbfd86fef286ee7e38e7.1723194927.git.nigko.yerden@gmail.com> (Nigko Yerden's message of "Fri, 9 Aug 2024 14:15:27 +0500") References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <6bcd7fab071edaf6c8ffbbfd86fef286ee7e38e7.1723194927.git.nigko.yerden@gmail.com> Date: Wed, 04 Sep 2024 16:08:03 +0200 Message-ID: <87ed5zcy0s.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Nigko, Nigko Yerden skribis: > Pluggable transports are programs that disguise Tor traffic, which > can be useful in case Tor is censored. Pluggable transports > cannot be configured by #:config-file file exclusively because Tor [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [209.51.188.92 listed in zen.spamhaus.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [209.51.188.92 listed in list.dnswl.org] X-Debbugs-Envelope-To: 70341 Cc: Maxim Cournoyer , Florian Pelz , 70341@debbugs.gnu.org, Matthew Trzcinski X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) Hi Nigko, Nigko Yerden skribis: > Pluggable transports are programs that disguise Tor traffic, which > can be useful in case Tor is censored. Pluggable transports > cannot be configured by #:config-file file exclusively because Tor > process is run via 'least-authority-wrapper' and cannot have access > to transport plugin, which is a separate executable (Bug#70302, > Bug#70332). > > Example configuration snippet to be appended to > operation-system services > (see https://bridges.torproject.org/ to get > full bridge's lines): > > (service tor-service-type > (tor-configuration > (config-file (plain-file "torrc" > "\ > UseBridges 1 > Bridge obfs4 ... > Bridge obfs4 ...")) > (transport-plugins > (list (tor-transport-plugin > (path-to-binary > (file-append > go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-l= yrebird > "/bin/lyrebird"))))))) > > * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' > data type and 'transport-plugins' option for 'tor-configuration. > * gnu/services/networking.scm: Export > 'tor-configuration-transport-plugins', 'tor-transport-plugin', > 'tor-transport-plugin?', 'tor-transport-plugin-role', > 'tor-transport-plugin-protocol', and 'tor-transport-plugin-path'. > (): Add 'transport-plugins' field. > (): New variable. > (tor-configuration->torrc): Add content to 'torrc' computed-file. > (tor-shepherd-service): Add file-system-mapping(s). > > Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a [...] > +Each transport plugin corresponds either to > +``ClientTransportPlugin ...'' or to > +``ServerTransportPlugin ...'' line in the default Maybe use @code{=E2=80=A6} instead of quotes above. Could you perhaps move the example from the commit log to doc/guix.texi, enclosed in @lisp, and with one or two sentences explaining what it does? > +configuration file, see the @code{man tor}. Rather: =E2=80=9Csee @command{man tor}.=E2=80=9D > +(define-record-type* > + tor-transport-plugin make-tor-transport-plugin > + tor-transport-plugin? > + (role tor-transport-plugin-role > + (default 'client) > + (sanitize (lambda (value) > + (if (memq value '(client server)) > + value > + (configuration-field-error #f 'role value))))) > + (protocol tor-transport-plugin-protocol > + (default "obfs4")) > + (path-to-binary tor-transport-plugin-path)) Rather: (program tor-plugin-program) The doc needs to be updated as well. (By convention, in Guix and GNU, =E2=80=9Cpath=E2=80=9D refers to =E2=80=9C= search paths=E2=80=9D like $PATH or $PYTHONPATH; to avoid the ambiguity, we use the term =E2=80=9Cfile name=E2=80=9D or something along these lines.) Apart from that it looks great to me. Could you send an updated patch? Thanks, and apologies for the delay! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 17 09:28:46 2024 Received: (at 70341) by debbugs.gnu.org; 17 Sep 2024 13:28:46 +0000 Received: from localhost ([127.0.0.1]:54244 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqYG5-0004h9-0u for submit@debbugs.gnu.org; Tue, 17 Sep 2024 09:28:46 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:60854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqYG0-0004gq-R6 for 70341@debbugs.gnu.org; Tue, 17 Sep 2024 09:28:43 -0400 Received: by mail-lf1-f67.google.com with SMTP id 2adb3069b0e04-5365cf5de24so7179921e87.1 for <70341@debbugs.gnu.org>; Tue, 17 Sep 2024 06:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726579640; x=1727184440; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=p3WMi7N+akGeMTF04UA5IN1ZXwyV5p6SGd6MyrD/I3Y=; b=eN3ZCgdhbZ9vlgZc/MzMashTkpdLbrxguxVN7N8ERDnsmdJn0E9XEKbXcLul9c/3Kj pkJ9ZKdDnwy1fnJhMuqZoTnvPX8k+6cV3K7Lokz83ry3xTiGO7qM5PYt/SXMlLjDol8P w0YH13gD6V2qjn9vc2R0KGIMkFzQKhKjtP5gJ8096WhCoLDwMP69+Ua2lZPW3U46TdWs MYp74jszzYvXKTQvUAfWrk/s40gwRhaMEnC73kWOqX/e3/pqt9QYTFoiPC51nPdpBiUL xE9s2wAXm14GNQ+2MsXNJgzE2Gwn/9Yop3lFxmeBLV8hVzqMErxAyCnMjoLW+XSb2FcQ iDug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726579640; x=1727184440; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=p3WMi7N+akGeMTF04UA5IN1ZXwyV5p6SGd6MyrD/I3Y=; b=VYsRFLgev+Co38xLJbuUlclCXIxJ5IuV29f/cdjJpl71i4Mc7CqvzKkNffaH7g5Uct gSj4h+WAXLD8Sb2AGJVB6rptIXleEyaIN6m8g3Dr1BJyi91bi/v+bgLo6u90LAjIrUHK +ktoI2029buTHiAb/sGJzxAZZ30bbaWhUCH0jxd9xHxbgNsweItrL/YzAd5l8kxGiVvX anj5/Ww1UtYQDIrdCgIn3smzHa9yvQ6b6O1kbpmyAt/Ektk5V5132rrUsZRcGLaJTUFO NQ+AEyO8+4G1CH2ucizCwHXe9i+Z3BQjXvxsGrh1Etb2+CjAgkyzM7NJmL1TPWLMtNKP PdDQ== X-Gm-Message-State: AOJu0YwojlbYzu3xXwJFqUb7Rgxhl+UeuJMSd5J/v2SRsAvcICqNBKHY b8D9bLe7KEEzx+H/itPv5xQyk/YwWilgKZEZK9+7w6ZiWowkSUnVPiTcHWiJ X-Google-Smtp-Source: AGHT+IFNqb+Xmqtl+/n+c5E+GZmKciVT63P6UTcsdRLjnbXbls94f38wVYMPyDKv3glQBAOHli2Tzw== X-Received: by 2002:a05:6512:3b22:b0:536:553f:3eec with SMTP id 2adb3069b0e04-53678faa045mr10569447e87.5.1726579639074; Tue, 17 Sep 2024 06:27:19 -0700 (PDT) Received: from localhost.localdomain ([188.168.141.132]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-536870bb955sm1196986e87.301.2024.09.17.06.27.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Sep 2024 06:27:18 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v8] services: tor: Add support for pluggable transports. Date: Tue, 17 Sep 2024 18:11:28 +0500 Message-ID: X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). ;;; Copyright © 2024 Nigko Yerden * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-plugin-role', 'tor-plugin-protocol', and 'tor-plugin-program'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- Hello Ludo, Thanks for looking at and sorry for delay. I have made corrections in accordance with your suggestions: 1. Move example from commit message to doc/guix.tex. 2. Replace 'path-to-binary' field with 'program'. 3. Replace 'tor-transport-plugin-{role,protocol,path-to-binary}' accessors with 'tor-plugin-{role,protocol,program}'. 4. Use @code{ClientTransportPlugin ...} instead of quotes and @command{man tor} instead of @code{man tor}. Regards, Nigko doc/guix.texi | 68 ++++++++++++++++++++++++++++++++++++ gnu/services/networking.scm | 69 ++++++++++++++++++++++++++++++------- 2 files changed, 124 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index bc4d306c2d..ad785f97e6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22045,6 +22045,12 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + @end table @end deftp @@ -22073,6 +22079,68 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plugguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +@code{ClientTransportPlugin ...} or to +@code{ServerTransportPlugin ...} line in the default +configuration file, see @command{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{program} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table + +Suppose you would like Tor daemon to use obfs4 type obfuscation and +to connect to Tor network via obfs4 bridge (a nonpublic Tor relay with +support for obfs4 type obfuscation). Then you may go to +@url{https://bridges.torproject.org/, https://bridges.torproject.org/} +and get there a couple of bridge lines (each starts with @code{obfs4 ...}) +and use these lines in tor-service-type configuration as follows: +@lisp +(service tor-service-type + (tor-configuration + (config-file (plain-file "torrc" + "\ +UseBridges 1 +Bridge obfs4 ... +Bridge obfs4 ...")) + (transport-plugins + (list (tor-transport-plugin + (program + (file-append + go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird + "/bin/lyrebird"))))))) +@end lisp +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 12d8934e43..5a4e3a960d 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -160,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-plugin-role + tor-plugin-protocol + tor-plugin-program tor-hidden-service ; deprecated tor-service-type @@ -966,7 +972,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -996,10 +1004,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-plugin-protocol + (default "obfs4")) + (program tor-plugin-program)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1038,6 +1060,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol program) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol program))) + '#$(map (match-lambda + (($ role protocol program) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + program))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1050,20 +1086,27 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-plugin-program plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 8dae6b47542b906682f83b06b0478fcbd0776fd6 -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 06 13:46:27 2024 Received: (at 70341) by debbugs.gnu.org; 6 Oct 2024 17:46:27 +0000 Received: from localhost ([127.0.0.1]:42271 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxVKs-00070e-Kb for submit@debbugs.gnu.org; Sun, 06 Oct 2024 13:46:27 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:57429) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxVKo-00070N-Ns for 70341@debbugs.gnu.org; Sun, 06 Oct 2024 13:46:25 -0400 Received: by mail-wr1-f66.google.com with SMTP id ffacd0b85a97d-37d00322446so2920047f8f.2 for <70341@debbugs.gnu.org>; Sun, 06 Oct 2024 10:46:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728236715; x=1728841515; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DhFCjHtjTSGDWaIwvDpa2zZImxW8GkMJ5v4pSZoR4lQ=; b=a8yeqQHnCyj/ZunLL7GlELa5PkwtONLbeiXhwV6U/MeuQhpEBEBsw1VYzqTDE0HoAV yih333MQ7l0ydt//m+2TScL3+hDQ8Z0nmokwaalM7S3LY4+lKlQ1/vPSBG5r+tOUCN/Y 6h8M9b+tzqNCgufV+Ag92gj6TE+VA9eGiWGCmyp1UwAdQrJ00V0IPRhtm05oPLA8A2Uh A//S/3rGQ2Y+p/E4rR4UIetgHZEADr6Yrn7lIq7mQXJw6ux8d79qT5PTF/at1sHmb0Od T930h+cxfdgQgE5mXUkNk8l/v81g04ALPvJA4AhTU38vkVxZF1HC/aWfoCFokueVd2BL gB5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728236715; x=1728841515; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DhFCjHtjTSGDWaIwvDpa2zZImxW8GkMJ5v4pSZoR4lQ=; b=VRh+VGrw0XBJA2jYCkhZ8Qh7TeKHSS3DhgShHPcfA0kqPBBsZxE8bftjXa5F3IJYL/ P0pT/HlAlgLgx/fUv21IIAaU4R8cqKJbhfxQivobFG6kRf7/jS3ypX2NWMiAy8pAZuPK ludVbsAkWbL85iHmPupcc38MCvKBMlhDjQ/TVsHBcfRk3PiZCjDkSh1S1ZSwCPavNPQV nJLGgwPufJr7BphB+xk033W5Lu1BYlqA/PQlm44FqCt99huf7rwhK2Bn6VchcXcrIF7w nXcRYc0bzxGkzbejXV3ZZPMvBmxGGMmZ7a+6OQuC2IWwWjupuD1LLV18d4J8Mt4XmPom aBGw== X-Gm-Message-State: AOJu0YzU1/g0lT0haN+2nY+v+W7ni0M2z+MzqgAcUZ3Yzh8jBJ78eVhb 1ZlFdCCvZDcK5yTmajtQF3y+K7IdRAc7t0k3bWJRO1KO7vk+oSYIo7NXjqk8 X-Google-Smtp-Source: AGHT+IFl2tduIPLAkD84l8dFJBch0NyZnga5MtQR6I0omfcbSPTnJctAzRRDXkx4hgxNltx0FHNVdA== X-Received: by 2002:adf:cf0d:0:b0:37c:d2ac:dd7d with SMTP id ffacd0b85a97d-37d0e783784mr4645843f8f.30.1728236715006; Sun, 06 Oct 2024 10:45:15 -0700 (PDT) Received: from localhost.localdomain ([188.168.141.132]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d1690f270sm3991574f8f.21.2024.10.06.10.45.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Oct 2024 10:45:14 -0700 (PDT) From: Nigko Yerden To: 70341@debbugs.gnu.org Subject: [PATCH v9] services: tor: Add support for pluggable transports. Date: Sun, 6 Oct 2024 22:39:08 +0500 Message-ID: X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341 Cc: Nigko Yerden X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pluggable transports are programs that disguise Tor traffic, which can be useful in case Tor is censored. Pluggable transports cannot be configured by #:config-file file exclusively because Tor process is run via 'least-authority-wrapper' and cannot have access to transport plugin, which is a separate executable (Bug#70302, Bug#70332). ;;; Copyright © 2024 Nigko Yerden * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' data type and 'transport-plugins' option for 'tor-configuration. * gnu/services/networking.scm: Export 'tor-configuration-transport-plugins', 'tor-transport-plugin', 'tor-transport-plugin?', 'tor-plugin-role', 'tor-plugin-protocol', and 'tor-plugin-program'. (): Add 'transport-plugins' field. (): New variable. (tor-configuration->torrc): Add content to 'torrc' computed-file. (tor-shepherd-service): Add file-system-mapping(s). Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a --- This v9 patch version is exactly the same as v8 one. I submit this version exclusively because of qa.quix.gnu.org weird behavior. Regards, Nigko doc/guix.texi | 68 ++++++++++++++++++++++++++++++++++++ gnu/services/networking.scm | 69 ++++++++++++++++++++++++++++++------- 2 files changed, 124 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 52e36e4354..0405b1536d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22045,6 +22045,12 @@ Networking Services @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + @end table @end deftp @@ -22073,6 +22079,68 @@ Networking Services @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plugguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +@code{ClientTransportPlugin ...} or to +@code{ServerTransportPlugin ...} line in the default +configuration file, see @command{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{program} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table + +Suppose you would like Tor daemon to use obfs4 type obfuscation and +to connect to Tor network via obfs4 bridge (a nonpublic Tor relay with +support for obfs4 type obfuscation). Then you may go to +@url{https://bridges.torproject.org/, https://bridges.torproject.org/} +and get there a couple of bridge lines (each starts with @code{obfs4 ...}) +and use these lines in tor-service-type configuration as follows: +@lisp +(service tor-service-type + (tor-configuration + (config-file (plain-file "torrc" + "\ +UseBridges 1 +Bridge obfs4 ... +Bridge obfs4 ...")) + (transport-plugins + (list (tor-transport-plugin + (program + (file-append + go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird + "/bin/lyrebird"))))))) +@end lisp +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 12d8934e43..5a4e3a960d 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -160,10 +160,16 @@ (define-module (gnu services networking) tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-plugin-role + tor-plugin-protocol + tor-plugin-program tor-hidden-service ; deprecated tor-service-type @@ -966,7 +972,9 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -996,10 +1004,24 @@ (define-configuration/no-serialization tor-onion-service-configuration @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-plugin-protocol + (default "obfs4")) + (program tor-plugin-program)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1038,6 +1060,20 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol program) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol program))) + '#$(map (match-lambda + (($ role protocol program) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + program))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1050,20 +1086,27 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-plugin-program plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 964c075dc5bcd1875b61c6eafbaab990cf49f69d -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 14 08:40:24 2024 Received: (at 70341-done) by debbugs.gnu.org; 14 Oct 2024 12:40:24 +0000 Received: from localhost ([127.0.0.1]:37038 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0KN5-0008Pn-Iq for submit@debbugs.gnu.org; Mon, 14 Oct 2024 08:40:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57660) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0Jgg-0004th-Q4 for 70341-done@debbugs.gnu.org; Mon, 14 Oct 2024 07:56:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t0JRn-0004zk-RO; Mon, 14 Oct 2024 07:41:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=DJDMKRV2XDXRR2X41VuvOnFfS08eb8ZYEholJWnTxEw=; b=eFEgeNaQQ1wa+ANHcdZk Lhfqc+aKr3JLDYoaBuaKoqiPt4JaPGp7bqeba8oq8xZt4flrdS+1a/83ZFnw93oaa0oWiHIEnC5p8 wVhv0d70tw/PH3u1ph253rc/IXWoHYpBJaXGL0202g2dfQanzjEiG5ZxBurg4egI/3raXP+sgNuY3 sXXlSaETioqKPJAcGIlJTJBuAKc3cY8exxAOsHcIaViBw4FH4GSzy/7Tfxy+pbkWuuNZQBgBD3LOm YXyBT8Mg81mYgRSE05O1eCIfcq38OUIBnAiJ9eATOZv9Wse2yiBgmlw7WOZp5O2oGihkHQ6uxmpbq ZRYBGVD6xE7PuA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Nigko Yerden Subject: Re: [bug#70341] [PATCH v9] services: tor: Add support for pluggable transports. In-Reply-To: (Nigko Yerden's message of "Sun, 6 Oct 2024 22:39:08 +0500") References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Tridi 23 =?utf-8?Q?Vend=C3=A9miaire?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du Navet X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 14 Oct 2024 13:41:08 +0200 Message-ID: <87msj63oa3.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 70341-done Cc: Maxim Cournoyer , Florian Pelz , 70341-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Nigko Yerden skribis: > Pluggable transports are programs that disguise Tor traffic, which > can be useful in case Tor is censored. Pluggable transports > cannot be configured by #:config-file file exclusively because Tor > process is run via 'least-authority-wrapper' and cannot have access > to transport plugin, which is a separate executable (Bug#70302, > Bug#70332). > > ;;; Copyright =C2=A9 2024 Nigko Yerden > > * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' > data type and 'transport-plugins' option for 'tor-configuration. > * gnu/services/networking.scm: Export > 'tor-configuration-transport-plugins', 'tor-transport-plugin', > 'tor-transport-plugin?', 'tor-plugin-role', > 'tor-plugin-protocol', and 'tor-plugin-program'. > (): Add 'transport-plugins' field. > (): New variable. > (tor-configuration->torrc): Add content to 'torrc' computed-file. > (tor-shepherd-service): Add file-system-mapping(s). > > Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a Finally applied, thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 14 12:59:54 2024 Received: (at 70341-done) by debbugs.gnu.org; 14 Oct 2024 16:59:54 +0000 Received: from localhost ([127.0.0.1]:42700 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0OQE-00015C-DX for submit@debbugs.gnu.org; Mon, 14 Oct 2024 12:59:54 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:50312) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0OQC-00014l-H1 for 70341-done@debbugs.gnu.org; Mon, 14 Oct 2024 12:59:53 -0400 Received: by mail-lf1-f68.google.com with SMTP id 2adb3069b0e04-539ee1acb86so1903528e87.0 for <70341-done@debbugs.gnu.org>; Mon, 14 Oct 2024 09:59:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728925109; x=1729529909; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:content-language:from :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=AlnZte0l6nltwwqqE1we4F8xYUYqlBBca2OqMCrF2dQ=; b=X3iqMFbar5slMCroV93ygFxEx7N4jOGoqqNOLA1SCxIZ/w8nf6m9imMwNBdnb6vC9c WEbPghSVJBoPiUdIDxRsgdE8NVptNCIVUou41DBxcJBjW/E2EvDgSlCWQ5yKCJmONPL4 Atvdoq4/w4tsVOTwzX1owm21wQiaR0obYNN6OPzhi6N+BbHysjWSKd1RySWI8ussjNcX PAsRsrenjz6ichiyqFVZxa+ri2p0txXdpOYlkzIcSy16rJvvOwvjEEiVQ9aTe5nMFKOI r/vnebRhNms53YIbZiiyAyxYzChqtgkuVmVOuZDPFDpdMrHDN2V1fWccstanSGwJsi61 75vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728925109; x=1729529909; h=content-transfer-encoding:in-reply-to:content-language:from :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AlnZte0l6nltwwqqE1we4F8xYUYqlBBca2OqMCrF2dQ=; b=uy1yV1Yo7y1TpjnV7roIxWIDUdQWw4NQIFSvdCHff8pD4drl78yG1Q1hDtQQknL3W8 lVgHh/Ap/xe9FWWlgITeRkWHOeoZyOj5x8jxRg7oLGKb9Yi3Jucyh2mtWuJXtHWRaSpP a8QSlhyvh+wffLexP8KmnjeUWZmKGr+w3OudbI/veR2C0c9jj9VXMc5jayhr08AtS6J1 CvVaWNlXuGuevJRiU9ce+crYIjHZZGAxjOj4fcZLTQvusPw/mskWKSjErJdJSrhJ3770 5tXSVSX2QIZdkRYgBVQkKFf8gkvcLvdqoH03GX6z+q0Kb22gcrrLfW0S7iuQ5CyleCy+ LdMQ== X-Gm-Message-State: AOJu0YwykMeVXKfKL3AKs2Tw0fACixAD8c/PuXVIFacbU/czztyvycq1 DqiyzvnkITe6ef16Daq4K7PtdNDEwlmTDRnuIUCPTwu5TdG7aPGZ5cMDWU1c X-Google-Smtp-Source: AGHT+IHDHfMJeBsgZdzIjYD91Nt5j+22S0Q/VR1HPr8MHP94SGZLw7e7VQRQ0eFVg+8Ve45vxQ2Arg== X-Received: by 2002:a05:6512:3512:b0:539:f827:2fbc with SMTP id 2adb3069b0e04-539f8273130mr1386614e87.26.1728923778131; Mon, 14 Oct 2024 09:36:18 -0700 (PDT) Received: from [127.0.0.1] ([188.68.132.132]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-539e0f8237fsm1210901e87.308.2024.10.14.09.36.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Oct 2024 09:36:17 -0700 (PDT) Message-ID: <3cac8217-4bc8-4986-ad93-d5cecd9894ff@gmail.com> Date: Mon, 14 Oct 2024 21:36:16 +0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug#70341] [PATCH v9] services: tor: Add support for pluggable transports. To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <87msj63oa3.fsf@gnu.org> From: Nigko Yerden Content-Language: en-US In-Reply-To: <87msj63oa3.fsf@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341-done Cc: Maxim Cournoyer , Florian Pelz , 70341-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) It is my first commit in Guix. Thanks! Regards, Nigko Ludovic Courtès wrote: > Hi, > > Nigko Yerden skribis: > >> Pluggable transports are programs that disguise Tor traffic, which >> can be useful in case Tor is censored. Pluggable transports >> cannot be configured by #:config-file file exclusively because Tor >> process is run via 'least-authority-wrapper' and cannot have access >> to transport plugin, which is a separate executable (Bug#70302, >> Bug#70332). >> >> ;;; Copyright © 2024 Nigko Yerden >> >> * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' >> data type and 'transport-plugins' option for 'tor-configuration. >> * gnu/services/networking.scm: Export >> 'tor-configuration-transport-plugins', 'tor-transport-plugin', >> 'tor-transport-plugin?', 'tor-plugin-role', >> 'tor-plugin-protocol', and 'tor-plugin-program'. >> (): Add 'transport-plugins' field. >> (): New variable. >> (tor-configuration->torrc): Add content to 'torrc' computed-file. >> (tor-shepherd-service): Add file-system-mapping(s). >> >> Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a > > Finally applied, thanks! > > Ludo’. From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 15 02:27:27 2024 Received: (at 70341-done) by debbugs.gnu.org; 15 Oct 2024 06:27:27 +0000 Received: from localhost ([127.0.0.1]:53218 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0b1j-0007BV-0S for submit@debbugs.gnu.org; Tue, 15 Oct 2024 02:27:27 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:43336) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0b1h-0007BH-9a for 70341-done@debbugs.gnu.org; Tue, 15 Oct 2024 02:27:26 -0400 Received: by mail-lf1-f67.google.com with SMTP id 2adb3069b0e04-539e8586b53so2034929e87.1 for <70341-done@debbugs.gnu.org>; Mon, 14 Oct 2024 23:27:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728973566; x=1729578366; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=KVaEe+96n8gdF4g4J5XxARW69kMrL7p97GM2YWPpgfs=; b=g9Cj7SECwO7w+aEHlxIuw9Qr38QKF5g2kbcwmQmMmLMtzabFepEcLaiFN/LKWf0Hty JBo7Kh8kK3GMmS9NFRyZwOANbk8UATbYnznJLB3U04w/jcx4Zjl5eFbRXzzSchn5slzl t2kvWB5nshtoTJFbqcQJnwDMPLGXd76YgVImRkEFNL0GGwrL2SZsEyDiDoMqm/5Uomvi SQvJr9CRX92hzRKV90rD3OCHAQTsW0+aerXwA1KcZicjPzenih01fUW6YDgoJmAAH4Xo NV7skqvrsURGsYgHvzyYsxgZiB9CfRSpaLOFjWSUpH/nCzNPOxcX/APh1M4PsNcQuzzr KCkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728973566; x=1729578366; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KVaEe+96n8gdF4g4J5XxARW69kMrL7p97GM2YWPpgfs=; b=lcyZu+5NV0lEzTDEsrR6FQ66gs0zwrQnAqSjL+FudhfQ+3bwRSQL2Wc47bTJtDhDut X4xkknAZjhoo8VNYoRNgsSKCTLd9w/ppgmvdRq/9hW+gKXiWLljTA6QzwZeE8Z1fBTX7 yci+s6PNhGVuly0antkQmGBvAkP4YqSftPI5p60GbIybNMWQP9Ly5v0oEftXEBwxpUI5 4rV8Dn0Y9v31PyQagUsQGlPph/cP1SKiRnpMSZcfzu0mD8hULXSb3vjwXA0EDVkREaA1 XLOyo9o/KWfO938Coaz2td4aOnMvJU1o7sJvJ83D+puI8w6K85z9yb6j7YHqzd5VamV0 RvJg== X-Gm-Message-State: AOJu0Yzdt2cHHcJjevGdyoCKCt7hPK54JV4yrwIpxnZ1N/xGlrDhVuXm TTRu6YEksUMclw0VcPZMF7l/RbSCVMHwYE0pacvBDchow6LeHGQa X-Google-Smtp-Source: AGHT+IEjvw/CIxBB3eWUfGyl7q8IgYCmDH1l45u6OtHmv5AJvEhbG5rfW5p8hDxPtxYJ8GsvDPIscA== X-Received: by 2002:a05:6512:1384:b0:52e:fa08:f0f5 with SMTP id 2adb3069b0e04-539d6e5dfa8mr4278428e87.13.1728973565467; Mon, 14 Oct 2024 23:26:05 -0700 (PDT) Received: from [127.0.0.1] ([188.68.134.54]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-539ffff3b64sm78406e87.123.2024.10.14.23.26.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Oct 2024 23:26:04 -0700 (PDT) Message-ID: Date: Tue, 15 Oct 2024 11:26:03 +0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug#70341] [PATCH v9] services: tor: Add support for pluggable transports. To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <87msj63oa3.fsf@gnu.org> Content-Language: en-US From: Nigko Yerden In-Reply-To: <87msj63oa3.fsf@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70341-done Cc: Maxim Cournoyer , Florian Pelz , 70341-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Ludovic Courtès wrote: > Hi, > > Nigko Yerden skribis: > >> Pluggable transports are programs that disguise Tor traffic, which >> can be useful in case Tor is censored. Pluggable transports >> cannot be configured by #:config-file file exclusively because Tor >> process is run via 'least-authority-wrapper' and cannot have access >> to transport plugin, which is a separate executable (Bug#70302, >> Bug#70332). >> >> ;;; Copyright © 2024 Nigko Yerden >> >> * doc/guix.texi (Networking Services): Document 'tor-transport-plugin' >> data type and 'transport-plugins' option for 'tor-configuration. >> * gnu/services/networking.scm: Export >> 'tor-configuration-transport-plugins', 'tor-transport-plugin', >> 'tor-transport-plugin?', 'tor-plugin-role', >> 'tor-plugin-protocol', and 'tor-plugin-program'. >> (): Add 'transport-plugins' field. >> (): New variable. >> (tor-configuration->torrc): Add content to 'torrc' computed-file. >> (tor-shepherd-service): Add file-system-mapping(s). >> >> Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a > > Finally applied, thanks! > > Ludo’. The files 'doc/guix.texi' and 'gnu/services/networking.scm' miss my copyright messages. May I send them via a separate patch? Regards, Nigko From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 15 11:57:08 2024 Received: (at 70341-done) by debbugs.gnu.org; 15 Oct 2024 15:57:09 +0000 Received: from localhost ([127.0.0.1]:56575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0jv2-0002qO-IY for submit@debbugs.gnu.org; Tue, 15 Oct 2024 11:57:08 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38156) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0jv1-0002ph-25 for 70341-done@debbugs.gnu.org; Tue, 15 Oct 2024 11:57:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t0ji0-0000N1-Hv; Tue, 15 Oct 2024 11:43:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=FPALwPzlvkSHIUlIqmoX8iEWXBY5ZHfxVWymkM5Y8ks=; b=ULVu0V0wMOmwLhj/dbkA XdFI3jqiNefJFrMozRcFUSDwTeNQIAhZYyFRvP30+aoJVhVCNrRXAx88eRA03x6HKW8k9QgYt5rCI hc0D2npmO2AZaMlPRmiPGZrwTlytmt/JXsIvqMGqRfS2Y/FD9KQbDOXFYjzs3lWRhBEZ/NVipuuCc gNywJy2Fv6YH/MdcCMnCCr/J4wSA3t8xyWIcsIwYOKMySVbl4i+BQgfKpLQUVHA2Y4jD8a0tKG+Er QFNAbvDw08QU/ey0G2AjTRBVCmwfGD26A5rNPRUALOkvCHAZfFTHPJRXM4nouXcnFGg1DYVKl58Tz GqR/8zm308iCaA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Nigko Yerden Subject: Re: [bug#70341] [PATCH v9] services: tor: Add support for pluggable transports. In-Reply-To: (Nigko Yerden's message of "Tue, 15 Oct 2024 11:26:03 +0500") References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <87msj63oa3.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 24 =?utf-8?Q?Vend=C3=A9miaire?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de l'Amaryllis X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 15 Oct 2024 17:43:38 +0200 Message-ID: <87wmi9wevp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 70341-done Cc: Maxim Cournoyer , Florian Pelz , 70341-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Nigko Yerden skribis: > The files 'doc/guix.texi' and 'gnu/services/networking.scm' miss my copyr= ight messages. > May I send them via a separate patch? Sure, please do. Ludo=E2=80=99. From unknown Fri Jun 20 07:16:45 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 13 Nov 2024 12:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator