GNU bug report logs -
#70341
[PATCH] gnu: Add support for pluggable transports to tor-service-type
Previous Next
Reported by: Nigko Yerden <nigko.yerden <at> gmail.com>
Date: Thu, 11 Apr 2024 14:54:06 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#70341: [PATCH] gnu: Add support for pluggable transports to tor-service-type
which was filed against the guix-patches package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 70341 <at> debbugs.gnu.org.
--
70341: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=70341
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hi,
Nigko Yerden <nigko.yerden <at> gmail.com> skribis:
> Pluggable transports are programs that disguise Tor traffic, which
> can be useful in case Tor is censored. Pluggable transports
> cannot be configured by #:config-file file exclusively because Tor
> process is run via 'least-authority-wrapper' and cannot have access
> to transport plugin, which is a separate executable (Bug#70302,
> Bug#70332).
>
> ;;; Copyright © 2024 Nigko Yerden <nigko.yerden <at> gmail.com>
>
> * doc/guix.texi (Networking Services): Document 'tor-transport-plugin'
> data type and 'transport-plugins' option for 'tor-configuration.
> * gnu/services/networking.scm: Export
> 'tor-configuration-transport-plugins', 'tor-transport-plugin',
> 'tor-transport-plugin?', 'tor-plugin-role',
> 'tor-plugin-protocol', and 'tor-plugin-program'.
> (<tor-configuration>): Add 'transport-plugins' field.
> (<tor-transport-plugin>): New variable.
> (tor-configuration->torrc): Add content to 'torrc' computed-file.
> (tor-shepherd-service): Add file-system-mapping(s).
>
> Change-Id: I1b0319358778c7aee650bc843e021a6803a1cf3a
Finally applied, thanks!
Ludo’.
[Message part 3 (message/rfc822, inline)]
In Tor parlance pluggable transports are programs that disguise
Tor traffic, which is useful, e.g., for censorship circumvention.
There are several types of pluggable transports, e.g.,
obfs4 (lyrebird), meek, Snowflake etc.
There are pluggable transport plugins in guix repo:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
go-github-com-operatorfoundation-obfs4
This commit adds the following #:-fields to tor-configuration
record type:
transport-plugin? - /path/to/transport/plugin/binary (string)
(default #f)
pluggable-transport - type of pluggable transport (string)
(default "obfs4")
Since tor process is run by shepherd service inside Linux
namespaces, we need to add path to transport plugin to
the list of file system mappings in the argument of
list-authority-wrapper function.
Pluggable transports do not work without bridges,
which can be obtained from the official site
https://bridges.torproject.org/. The user should specify
bridges in #:config-file field of the tor-configuration
record. For expample obfs4 bridges are specified as follows
Bridge obfs4 ...
Bridge obfs4 ...
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
Hello Guix!
This is a bug-fix for
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html,
see also
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html.
Best Regards,
Nigko Yerden
gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 16 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e64e529ab..b7d9a878e9 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien <at> riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai <at> makinata.eu>
;;; Copyright © 2023 muradm <mail <at> muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -955,7 +956,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin? tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin? pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin?
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin?))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))
base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
--
2.41.0
This bug report was last modified 218 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.