[bug#70341,v2] services: tor: Add support for pluggable transports.
Commit Message
Pluggable transports are programs that disguise Tor traffic, which
can be useful in cases when Tor is censored. Pluggable transports
cannot be configured by #:config-file file exclusively because Tor
process is run via 'least-authority-wrapper' and cannot have access
to transport plugin, which is a separate executable (Bug:#70302,
Bug:#70332).
* doc/guix.texi (Networking Services): Document 'transport-plugin' and
'pluggable-transport' options for 'tor-configuration'.
* gnu/services/networking.scm (<tor-configuration>): Add 'transport-plugin'
and 'pluggable-transport' fields.
(tor-configuration->torrc)[transport-plugin]: Add content to 'torrc'
computed-file.
(tor-shepherd-service)[transport-plugin-path]: Add file-system-mapping.
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
doc/guix.texi | 11 ++++++++
gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------
2 files changed, 47 insertions(+), 16 deletions(-)
base-commit: 0f68306268773f0eaa4327e1f6fdcb39442e4a34
@@ -127,6 +127,7 @@
Copyright @copyright{} 2024 Herman Rimm@*
Copyright @copyright{} 2024 Matthew Trzcinski@*
Copyright @copyright{} 2024 Richard Sent@*
+Copyright @copyright{} 2024 Nigko Yerden@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -21849,6 +21850,16 @@ Networking Services
@file{/var/run/tor/control-sock}, which will be made writable by members of the
@code{tor} group.
+@item @code{transport-plugin} (default: @code{#f})
+This must be either @code{#f}, in which case the pluggable transports are
+not used by Tor, or a ``file-like'' object pointing to the pluggable transport
+plugin executable. In the latter case the @code{#:config-file} file
+should contain line(s) configuring one or more bridges.
+
+@item @code{pluggable-transport} (default: @code{"obfs4"})
+A string that specifies the type of the pluggable transport in
+case @code{#:transport-plugin} is not @code{#f}.
+
@end table
@end deftp
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 muradm <mail@muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -955,7 +956,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))