services: tor: Add a system test.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) <start>: Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new <file-system-mapping> to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure.
This commit is contained in:
parent
526ce41930
commit
5dfd80e1c5
|
@ -7,6 +7,7 @@
|
||||||
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
|
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
|
||||||
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
||||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||||
|
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -612,6 +613,7 @@ demand.")))
|
||||||
### These lines were generated from your system configuration:
|
### These lines were generated from your system configuration:
|
||||||
User tor
|
User tor
|
||||||
DataDirectory /var/lib/tor
|
DataDirectory /var/lib/tor
|
||||||
|
PidFile /var/run/tor/tor.pid
|
||||||
Log notice syslog\n" port)
|
Log notice syslog\n" port)
|
||||||
|
|
||||||
(for-each (match-lambda
|
(for-each (match-lambda
|
||||||
|
@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
|
||||||
#t))))))))
|
#t))))))))
|
||||||
|
|
||||||
(define (tor-shepherd-service config)
|
(define (tor-shepherd-service config)
|
||||||
"Return a <shepherd-service> running TOR."
|
"Return a <shepherd-service> running Tor."
|
||||||
(match config
|
(match config
|
||||||
(($ <tor-configuration> tor)
|
(($ <tor-configuration> tor)
|
||||||
(let ((torrc (tor-configuration->torrc config)))
|
(let ((torrc (tor-configuration->torrc config)))
|
||||||
|
@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
|
||||||
(writable? #t))
|
(writable? #t))
|
||||||
(file-system-mapping
|
(file-system-mapping
|
||||||
(source "/dev/log") ;for syslog
|
(source "/dev/log") ;for syslog
|
||||||
(target source)))))
|
(target source))
|
||||||
|
(file-system-mapping
|
||||||
|
(source "/var/run/tor")
|
||||||
|
(target source)
|
||||||
|
(writable? #t)))
|
||||||
|
#:pid-file "/var/run/tor/tor.pid"))
|
||||||
(stop #~(make-kill-destructor))
|
(stop #~(make-kill-destructor))
|
||||||
(documentation "Run the Tor anonymous network overlay."))))))))
|
(documentation "Run the Tor anonymous network overlay."))))))))
|
||||||
|
|
||||||
(define (tor-hidden-service-activation config)
|
(define (tor-hidden-service-activation config)
|
||||||
"Return the activation gexp for SERVICES, a list of hidden services."
|
"Set up directories for Tor and its hidden services, if any."
|
||||||
#~(begin
|
#~(begin
|
||||||
(use-modules (guix build utils))
|
(use-modules (guix build utils))
|
||||||
|
|
||||||
|
@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
|
||||||
;; The daemon bails out if we give wider permissions.
|
;; The daemon bails out if we give wider permissions.
|
||||||
(chmod directory #o700)))
|
(chmod directory #o700)))
|
||||||
|
|
||||||
|
;; Allow Tor to write its PID file.
|
||||||
|
(mkdir-p "/var/run/tor")
|
||||||
|
(chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
|
||||||
|
;; Set the group permissions to rw so that if the system administrator
|
||||||
|
;; has specified UnixSocksGroupWritable=1 in their torrc file, members
|
||||||
|
;; of the "tor" group will be able to use the SOCKS socket.
|
||||||
|
(chmod "/var/run/tor" #o750)
|
||||||
|
|
||||||
|
;; Allow Tor to access the hidden services' directories.
|
||||||
(mkdir-p "/var/lib/tor")
|
(mkdir-p "/var/lib/tor")
|
||||||
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
|
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
|
||||||
(chmod "/var/lib/tor" #o700)
|
(chmod "/var/lib/tor" #o700)
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
#:use-module (gnu packages bash)
|
#:use-module (gnu packages bash)
|
||||||
#:use-module (gnu packages networking)
|
#:use-module (gnu packages networking)
|
||||||
#:use-module (gnu services shepherd)
|
#:use-module (gnu services shepherd)
|
||||||
#:export (%test-inetd %test-openvswitch %test-dhcpd))
|
#:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
|
||||||
|
|
||||||
(define %inetd-os
|
(define %inetd-os
|
||||||
;; Operating system with 2 inetd services.
|
;; Operating system with 2 inetd services.
|
||||||
|
@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
|
||||||
(name "dhcpd")
|
(name "dhcpd")
|
||||||
(description "Test a running DHCP daemon configuration.")
|
(description "Test a running DHCP daemon configuration.")
|
||||||
(value (run-dhcpd-test))))
|
(value (run-dhcpd-test))))
|
||||||
|
|
||||||
|
|
||||||
|
;;;
|
||||||
|
;;; Services related to Tor
|
||||||
|
;;;
|
||||||
|
|
||||||
|
(define %tor-os
|
||||||
|
(simple-operating-system
|
||||||
|
(tor-service)))
|
||||||
|
|
||||||
|
(define (run-tor-test)
|
||||||
|
(define os
|
||||||
|
(marionette-operating-system %tor-os
|
||||||
|
#:imported-modules '((gnu services herd))
|
||||||
|
#:requirements '(tor)))
|
||||||
|
|
||||||
|
(define test
|
||||||
|
(with-imported-modules '((gnu build marionette))
|
||||||
|
#~(begin
|
||||||
|
(use-modules (gnu build marionette)
|
||||||
|
(ice-9 popen)
|
||||||
|
(ice-9 rdelim)
|
||||||
|
(srfi srfi-64))
|
||||||
|
|
||||||
|
(define marionette
|
||||||
|
(make-marionette (list #$(virtual-machine os))))
|
||||||
|
|
||||||
|
(mkdir #$output)
|
||||||
|
(chdir #$output)
|
||||||
|
|
||||||
|
(test-begin "tor")
|
||||||
|
|
||||||
|
(test-assert "tor is alive"
|
||||||
|
(marionette-eval
|
||||||
|
'(begin
|
||||||
|
(use-modules (gnu services herd)
|
||||||
|
(srfi srfi-1))
|
||||||
|
(live-service-running
|
||||||
|
(find (lambda (live)
|
||||||
|
(memq 'tor
|
||||||
|
(live-service-provision live)))
|
||||||
|
(current-services))))
|
||||||
|
marionette))
|
||||||
|
|
||||||
|
(test-end)
|
||||||
|
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
|
||||||
|
|
||||||
|
(gexp->derivation "tor-test" test))
|
||||||
|
|
||||||
|
(define %test-tor
|
||||||
|
(system-test
|
||||||
|
(name "tor")
|
||||||
|
(description "Test a running Tor daemon configuration.")
|
||||||
|
(value (run-tor-test))))
|
||||||
|
|
Loading…
Reference in New Issue