Package: guix-patches;
Reported by: Nigko Yerden <nigko.yerden <at> gmail.com>
Date: Thu, 11 Apr 2024 14:54:06 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Nigko Yerden <nigko.yerden <at> gmail.com> To: guix-patches <at> gnu.org Cc: Nigko Yerden <nigko.yerden <at> gmail.com> Subject: [PATCH] gnu: Add support for pluggable transports to tor-service-type Date: Thu, 11 Apr 2024 19:48:17 +0500
In Tor parlance pluggable transports are programs that disguise
Tor traffic, which is useful, e.g., for censorship circumvention.
There are several types of pluggable transports, e.g.,
obfs4 (lyrebird), meek, Snowflake etc.
There are pluggable transport plugins in guix repo:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
go-github-com-operatorfoundation-obfs4
This commit adds the following #:-fields to tor-configuration
record type:
transport-plugin? - /path/to/transport/plugin/binary (string)
(default #f)
pluggable-transport - type of pluggable transport (string)
(default "obfs4")
Since tor process is run by shepherd service inside Linux
namespaces, we need to add path to transport plugin to
the list of file system mappings in the argument of
list-authority-wrapper function.
Pluggable transports do not work without bridges,
which can be obtained from the official site
https://bridges.torproject.org/. The user should specify
bridges in #:config-file field of the tor-configuration
record. For expample obfs4 bridges are specified as follows
Bridge obfs4 ...
Bridge obfs4 ...
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
Hello Guix!
This is a bug-fix for
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html,
see also
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html.
Best Regards,
Nigko Yerden
gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 16 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e64e529ab..b7d9a878e9 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien <at> riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai <at> makinata.eu>
;;; Copyright © 2023 muradm <mail <at> muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -955,7 +956,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin? tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin? pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin?
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin?))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))
base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
--
2.41.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.