From patchwork Sun Apr 9 14:47:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bruno Victal X-Patchwork-Id: 49054 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7CB1617434; Sun, 9 Apr 2023 15:48:28 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AD48F17425 for ; Sun, 9 Apr 2023 15:48:18 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1plWKq-0008Sh-GN; Sun, 09 Apr 2023 10:48:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plWKp-0008SM-2y for guix-patches@gnu.org; Sun, 09 Apr 2023 10:48:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1plWKo-0001hy-QU for guix-patches@gnu.org; Sun, 09 Apr 2023 10:48:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1plWKo-0005Ha-Cp for guix-patches@gnu.org; Sun, 09 Apr 2023 10:48:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#62005] [PATCH v2] services: tor: Deprecate 'tor-hidden-service' procedure. References: <6254896f46b35816c7784569724d82248e4b7acf.1678123306.git.mirai@makinata.eu> In-Reply-To: <6254896f46b35816c7784569724d82248e4b7acf.1678123306.git.mirai@makinata.eu> Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 09 Apr 2023 14:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62005 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62005@debbugs.gnu.org Cc: ludo@gnu.org, Bruno Victal Received: via spool by 62005-submit@debbugs.gnu.org id=B62005.168105165120139 (code B ref 62005); Sun, 09 Apr 2023 14:48:02 +0000 Received: (at 62005) by debbugs.gnu.org; 9 Apr 2023 14:47:31 +0000 Received: from localhost ([127.0.0.1]:33554 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plWKI-0005Ek-CX for submit@debbugs.gnu.org; Sun, 09 Apr 2023 10:47:31 -0400 Received: from smtpmciv4.myservices.hosting ([185.26.107.240]:50642) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plWKF-0005Eb-NL for 62005@debbugs.gnu.org; Sun, 09 Apr 2023 10:47:29 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv4.myservices.hosting (Postfix) with ESMTP id 80609207A8; Sun, 9 Apr 2023 16:47:26 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id E7BA08009B; Sun, 9 Apr 2023 16:47:25 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1cDVcOlNP1KJ; Sun, 9 Apr 2023 16:47:24 +0200 (CEST) Received: from guix-nuc.home.arpa (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id ABD8D80079; Sun, 9 Apr 2023 16:47:23 +0200 (CEST) From: Bruno Victal Date: Sun, 9 Apr 2023 15:47:19 +0100 Message-Id: <2f32f2b2bb371a2356cc385ccafdf86e7135d4cd.1681051448.git.mirai@makinata.eu> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Due to (now renamed) 'hidden-service' record type not being exported, the only way Onion services (formely hidden services) could have worked is through the now deprecated 'tor-hidden-service' procedure. This commit updates the Tor service documentation, corrects some inconsistently named accessors in record-type, renames and refactors tor-hidden-service-configuration to tor-onion-service-configuration using define-configuration and also exports it, allowing Onion services to be configured directly within a record. Lastly, it also deprecates the 'tor-hidden-service' procedure. * doc/guix.texi (Networking Services): Substitute mentions of “Hidden services” with “Onion Services”. Add a Tor Onion service configuration example. Document . Remove mention of 'tor-hidden-service' procedure. * gnu/services/networking.scm: Export tor-configuration-tor, tor-configuration-config-file, tor-configuration-hidden-services, tor-configuration-socks-socket-type, tor-configuration-control-socket-path, tor-onion-service-configuration, tor-onion-service-configuration?, tor-onion-service-configuration-name, tor-onion-service-configuration-mapping. ()[control-socket?]: Rename accessor. (): Replace with … (): … this. (tor-configuration->torrc): Update record-type name. (tor-activation): Ditto. (tor-hidden-service-type): Remove variable. (tor-hidden-service): Deprecate procedure. --- Notable changes since v1: * Replaced mentions of hidden services with Onion Services. * Use define-configuration for tor-onion-service-configuration. Tested with: make check-system TESTS=tor and inspected output from 'tor-configuration->torrc'. doc/guix.texi | 61 ++++++++++++++++++++++-------------- gnu/services/networking.scm | 62 +++++++++++++++++++++++-------------- 2 files changed, 76 insertions(+), 47 deletions(-) base-commit: 02033bfc05a1e82b12e80c6d000e1724e910e899 diff --git a/doc/guix.texi b/doc/guix.texi index ed42488882..6a89562cf1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20578,11 +20578,21 @@ Networking Services @cindex Tor @defvar tor-service-type -This is the type for a service that runs the @uref{https://torproject.org, -Tor} anonymous networking daemon. The service is configured using a +Type for a service that runs the @uref{https://torproject.org, Tor} +anonymous networking daemon. The service is configured using a @code{} record. By default, the Tor daemon runs as the @code{tor} unprivileged user, which is a member of the @code{tor} group. +In addition to adding Tor @dfn{Onion Service}s records to the service +configuration directly, this service can be extended by other services to add +Onion Services, as in this example: + +@lisp +(simple-service 'my-extra-onion-service tor-service-type + (list (tor-onion-service-configuration + (name "extra-onion-service") + (mapping '((80 . "127.0.0.1:8080")))))) +@end lisp @end defvar @deftp {Data Type} tor-configuration @@ -20601,11 +20611,10 @@ Networking Services syntax. @item @code{hidden-services} (default: @code{'()}) -The list of @code{} records to use. For any hidden service -you include in this list, appropriate configuration to enable the hidden -service will be automatically added to the default configuration file. You -may conveniently create @code{} records using the -@code{tor-hidden-service} procedure described below. +The list of @code{} records to use. +For any Onion Service you include in this list, appropriate +configuration to enable the Onion Service will be automatically added to +the default configuration file. @item @code{socks-socket-type} (default: @code{'tcp}) The default socket type that Tor should use for its SOCKS socket. This must @@ -20630,26 +20639,30 @@ Networking Services @end table @end deftp -@cindex hidden service -@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping} -Define a new Tor @dfn{hidden service} called @var{name} and implementing -@var{mapping}. @var{mapping} is a list of port/host tuples, such as: - -@example - '((22 "127.0.0.1:22") - (80 "127.0.0.1:8080")) -@end example +@cindex onion service, tor +@deftp {Data Type} tor-onion-service-configuration +Data Type representing a Tor @dfn{Onion Service} configuration. +See @url{https://community.torproject.org/onion-services/, the Tor +project's documentation} for more information. +Available @code{tor-onion-service-configuration} fields are: -In this example, port 22 of the hidden service is mapped to local port 22, and -port 80 is mapped to local port 8080. +@table @asis +@item @code{name} (type: string) +Name for this Onion Service. This creates a +@file{/var/lib/tor/hidden-services/@var{name}} directory, where the +@file{hostname} file contains the @indicateurl{.onion} host name for this Onion +Service. -This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where -the @file{hostname} file contains the @code{.onion} host name for the hidden -service. +@item @code{mapping} (type: alist) +Association list of port to address mappings. The following example: +@lisp +'((22 . "127.0.0.1:22") + (80 . "127.0.0.1:8080")) +@end lisp +maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080. -See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor -project's documentation} for more information. -@end deffn +@end table +@end deftp The @code{(gnu services rsync)} module provides the following services: diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 19c109d238..866368aa90 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -138,7 +138,16 @@ (define-module (gnu services networking) tor-configuration tor-configuration? - tor-hidden-service + tor-configuration-tor + tor-configuration-config-file + tor-configuration-hidden-services + tor-configuration-socks-socket-type + tor-configuration-control-socket-path + tor-onion-service-configuration + tor-onion-service-configuration? + tor-onion-service-configuration-name + tor-onion-service-configuration-mapping + tor-hidden-service ; deprecated tor-service-type network-manager-configuration @@ -908,7 +917,7 @@ (define-record-type* (default '())) (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) - (control-socket? tor-control-socket-path + (control-socket? tor-configuration-control-socket-path (default #f))) (define %tor-accounts @@ -922,11 +931,22 @@ (define %tor-accounts (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) -(define-record-type - (hidden-service name mapping) - hidden-service? - (name hidden-service-name) ;string - (mapping hidden-service-mapping)) ;list of port/address tuples +(define-configuration/no-serialization tor-onion-service-configuration + (name + string + "Name for this Onion Service. This creates a +@file{/var/lib/tor/hidden-services/@var{name}} directory, where the +@file{hostname} file contains the @indicateurl{.onion} host name for this +Onion Service.") + + (mapping + alist + "Association list of port to address mappings. The following example: +@lisp +'((22 . \"127.0.0.1:22\") + (80 . \"127.0.0.1:8080\")) +@end lisp +maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." @@ -966,7 +986,7 @@ (define (tor-configuration->torrc config) tcp-port host)) ports hosts))) '#$(map (match-lambda - (($ name mapping) + (($ name mapping) (cons name mapping))) hidden-services)) @@ -1053,7 +1073,7 @@ (define (tor-activation config) (chmod "/var/lib" #o755) (for-each initialize - '#$(map hidden-service-name + '#$(map tor-onion-service-configuration-name (tor-configuration-hidden-services config))))) (define tor-service-type @@ -1066,7 +1086,7 @@ (define tor-service-type (service-extension activation-service-type tor-activation))) - ;; This can be extended with hidden services. + ;; This can be extended with Tor Onion Services. (compose concatenate) (extend (lambda (config services) (tor-configuration @@ -1079,21 +1099,14 @@ (define tor-service-type "Run the @uref{https://torproject.org, Tor} anonymous networking daemon."))) -(define tor-hidden-service-type - ;; A type that extends Tor with hidden services. - (service-type (name 'tor-hidden-service) - (extensions - (list (service-extension tor-service-type list))) - (description - "Define a new Tor @dfn{hidden service}."))) - -(define (tor-hidden-service name mapping) +(define-deprecated (tor-hidden-service name mapping) + #f "Define a new Tor @dfn{hidden service} called @var{name} and implementing @var{mapping}. @var{mapping} is a list of port/host tuples, such as: @example - '((22 \"127.0.0.1:22\") - (80 \"127.0.0.1:8080\")) + '((22 . \"127.0.0.1:22\") + (80 . \"127.0.0.1:8080\")) @end example In this example, port 22 of the hidden service is mapped to local port 22, and @@ -1105,8 +1118,11 @@ (define (tor-hidden-service name mapping) See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor project's documentation} for more information." - (service tor-hidden-service-type - (hidden-service name mapping))) + (simple-service 'tor-hidden-service + tor-service-type + (list (tor-onion-service-configuration + (name name) + (mapping mapping))))) ;;;