diff options
author | Chris Marusich <cmmarusich@gmail.com> | 2018-07-22 16:23:53 -0700 |
---|---|---|
committer | Chris Marusich <cmmarusich@gmail.com> | 2018-08-28 00:14:24 -0700 |
commit | 5dfd80e1c5c9803a281804801592d191cf9148ae (patch) | |
tree | b7a1dcec0f39d5aa9782d03611d019e6171d2501 /gnu/services | |
parent | 526ce419303ac511be8d51b41471022bed472e6b (diff) | |
download | guix-5dfd80e1c5c9803a281804801592d191cf9148ae.tar.gz guix-5dfd80e1c5c9803a281804801592d191cf9148ae.zip |
services: tor: Add a system test.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/networking.scm | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d5d0cf9d1d..66772e48b7 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -612,6 +613,7 @@ demand."))) ### These lines were generated from your system configuration: User tor DataDirectory /var/lib/tor +PidFile /var/run/tor/tor.pid Log notice syslog\n" port) (for-each (match-lambda @@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%" #t)))))))) (define (tor-shepherd-service config) - "Return a <shepherd-service> running TOR." + "Return a <shepherd-service> running Tor." (match config (($ <tor-configuration> tor) (let ((torrc (tor-configuration->torrc config))) @@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%" (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog - (target source))))) + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t))) + #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) (documentation "Run the Tor anonymous network overlay.")))))))) (define (tor-hidden-service-activation config) - "Return the activation gexp for SERVICES, a list of hidden services." + "Set up directories for Tor and its hidden services, if any." #~(begin (use-modules (guix build utils)) @@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%" ;; The daemon bails out if we give wider permissions. (chmod directory #o700))) + ;; Allow Tor to write its PID file. + (mkdir-p "/var/run/tor") + (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user)) + ;; Set the group permissions to rw so that if the system administrator + ;; has specified UnixSocksGroupWritable=1 in their torrc file, members + ;; of the "tor" group will be able to use the SOCKS socket. + (chmod "/var/run/tor" #o750) + + ;; Allow Tor to access the hidden services' directories. (mkdir-p "/var/lib/tor") (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) (chmod "/var/lib/tor" #o700) |