aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorChris Marusich <cmmarusich@gmail.com>2018-07-22 16:23:53 -0700
committerChris Marusich <cmmarusich@gmail.com>2018-08-28 00:14:24 -0700
commit5dfd80e1c5c9803a281804801592d191cf9148ae (patch)
treeb7a1dcec0f39d5aa9782d03611d019e6171d2501 /gnu/services
parent526ce419303ac511be8d51b41471022bed472e6b (diff)
downloadguix-5dfd80e1c5c9803a281804801592d191cf9148ae.tar.gz
guix-5dfd80e1c5c9803a281804801592d191cf9148ae.zip
services: tor: Add a system test.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) <start>: Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new <file-system-mapping> to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/networking.scm22
1 files changed, 19 insertions, 3 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d5d0cf9d1d..66772e48b7 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(for-each (match-lambda
@@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
#t))))))))
(define (tor-shepherd-service config)
- "Return a <shepherd-service> running TOR."
+ "Return a <shepherd-service> running Tor."
(match config
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
@@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
- (target source)))))
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t)))
+ #:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
- "Return the activation gexp for SERVICES, a list of hidden services."
+ "Set up directories for Tor and its hidden services, if any."
#~(begin
(use-modules (guix build utils))
@@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
+ ;; Allow Tor to write its PID file.
+ (mkdir-p "/var/run/tor")
+ (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+ ;; Set the group permissions to rw so that if the system administrator
+ ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+ ;; of the "tor" group will be able to use the SOCKS socket.
+ (chmod "/var/run/tor" #o750)
+
+ ;; Allow Tor to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)