[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#70341] [PATCH v3] services: tor: Add support for pluggable transpor
|
From: |
Nigko Yerden |
|
Subject: |
[bug#70341] [PATCH v3] services: tor: Add support for pluggable transports. |
|
Date: |
Mon, 22 Apr 2024 08:58:39 +0500 |
Pluggable transports are programs that disguise Tor traffic, which
can be useful in case Tor is censored. Pluggable transports
cannot be configured by #:config-file file exclusively because Tor
process is run via 'least-authority-wrapper' and cannot have access
to transport plugin, which is a separate executable (Bug#70302,
Bug#70332).
* doc/guix.texi (Networking Services): Document 'transport-plugin' and
'pluggable-transport' options for 'tor-configuration'.
* gnu/services/networking.scm: Export 'tor-configuration-transport-plugin-path',
'tor-configuration-pluggable-transport'.
(<tor-configuration>): Add 'transport-plugin' and 'pluggable-transport'
fields.
(tor-configuration->torrc)[transport-plugin]: Add content to 'torrc'
computed-file.
(tor-shepherd-service)[transport-plugin]: Add file-system-mapping.
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
doc/guix.texi | 11 ++++++++
gnu/services/networking.scm | 54 ++++++++++++++++++++++++++-----------
2 files changed, 49 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 65af136e61..eb0837860e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -127,6 +127,7 @@
Copyright @copyright{} 2024 Herman Rimm@*
Copyright @copyright{} 2024 Matthew Trzcinski@*
Copyright @copyright{} 2024 Richard Sent@*
+Copyright @copyright{} 2024 Nigko Yerden@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -21849,6 +21850,16 @@ Networking Services
@file{/var/run/tor/control-sock}, which will be made writable by members of the
@code{tor} group.
+@item @code{transport-plugin} (default: @code{#f})
+This must be either @code{#f} or a ``file-like'' object pointing to the
+pluggable transport plugin executable. In the latter case the
+@code{#:config-file} file should contain line(s) configuring
+one or more bridges.
+
+@item @code{pluggable-transport} (default: @code{"obfs4"})
+A string that specifies the type of the pluggable transport in
+case @code{#:transport-plugin} is not @code{#f}.
+
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e64e529ab..6e535ea8ef 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 muradm <mail@muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -159,6 +160,8 @@ (define-module (gnu services networking)
tor-configuration-hidden-services
tor-configuration-socks-socket-type
tor-configuration-control-socket-path
+ tor-configuration-transport-plugin-path
+ tor-configuration-pluggable-transport
tor-onion-service-configuration
tor-onion-service-configuration?
tor-onion-service-configuration-name
@@ -955,7 +958,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +995,8 @@ (define-configuration/no-serialization
tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1035,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1054,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path
config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))
base-commit: 9fa34ad616b94ad881b5ca48ef88bd84f877a0e9
--
2.41.0