services: tor: Add a system test.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) <start>: Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new <file-system-mapping> to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure.
This commit is contained in:
parent
526ce41930
commit
5dfd80e1c5
|
@ -7,6 +7,7 @@
|
|||
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
|
||||
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -612,6 +613,7 @@ demand.")))
|
|||
### These lines were generated from your system configuration:
|
||||
User tor
|
||||
DataDirectory /var/lib/tor
|
||||
PidFile /var/run/tor/tor.pid
|
||||
Log notice syslog\n" port)
|
||||
|
||||
(for-each (match-lambda
|
||||
|
@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
|
|||
#t))))))))
|
||||
|
||||
(define (tor-shepherd-service config)
|
||||
"Return a <shepherd-service> running TOR."
|
||||
"Return a <shepherd-service> running Tor."
|
||||
(match config
|
||||
(($ <tor-configuration> tor)
|
||||
(let ((torrc (tor-configuration->torrc config)))
|
||||
|
@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
|
|||
(writable? #t))
|
||||
(file-system-mapping
|
||||
(source "/dev/log") ;for syslog
|
||||
(target source)))))
|
||||
(target source))
|
||||
(file-system-mapping
|
||||
(source "/var/run/tor")
|
||||
(target source)
|
||||
(writable? #t)))
|
||||
#:pid-file "/var/run/tor/tor.pid"))
|
||||
(stop #~(make-kill-destructor))
|
||||
(documentation "Run the Tor anonymous network overlay."))))))))
|
||||
|
||||
(define (tor-hidden-service-activation config)
|
||||
"Return the activation gexp for SERVICES, a list of hidden services."
|
||||
"Set up directories for Tor and its hidden services, if any."
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
|
||||
|
@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
|
|||
;; The daemon bails out if we give wider permissions.
|
||||
(chmod directory #o700)))
|
||||
|
||||
;; Allow Tor to write its PID file.
|
||||
(mkdir-p "/var/run/tor")
|
||||
(chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
|
||||
;; Set the group permissions to rw so that if the system administrator
|
||||
;; has specified UnixSocksGroupWritable=1 in their torrc file, members
|
||||
;; of the "tor" group will be able to use the SOCKS socket.
|
||||
(chmod "/var/run/tor" #o750)
|
||||
|
||||
;; Allow Tor to access the hidden services' directories.
|
||||
(mkdir-p "/var/lib/tor")
|
||||
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
|
||||
(chmod "/var/lib/tor" #o700)
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#:use-module (gnu packages bash)
|
||||
#:use-module (gnu packages networking)
|
||||
#:use-module (gnu services shepherd)
|
||||
#:export (%test-inetd %test-openvswitch %test-dhcpd))
|
||||
#:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
|
||||
|
||||
(define %inetd-os
|
||||
;; Operating system with 2 inetd services.
|
||||
|
@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
|
|||
(name "dhcpd")
|
||||
(description "Test a running DHCP daemon configuration.")
|
||||
(value (run-dhcpd-test))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Services related to Tor
|
||||
;;;
|
||||
|
||||
(define %tor-os
|
||||
(simple-operating-system
|
||||
(tor-service)))
|
||||
|
||||
(define (run-tor-test)
|
||||
(define os
|
||||
(marionette-operating-system %tor-os
|
||||
#:imported-modules '((gnu services herd))
|
||||
#:requirements '(tor)))
|
||||
|
||||
(define test
|
||||
(with-imported-modules '((gnu build marionette))
|
||||
#~(begin
|
||||
(use-modules (gnu build marionette)
|
||||
(ice-9 popen)
|
||||
(ice-9 rdelim)
|
||||
(srfi srfi-64))
|
||||
|
||||
(define marionette
|
||||
(make-marionette (list #$(virtual-machine os))))
|
||||
|
||||
(mkdir #$output)
|
||||
(chdir #$output)
|
||||
|
||||
(test-begin "tor")
|
||||
|
||||
(test-assert "tor is alive"
|
||||
(marionette-eval
|
||||
'(begin
|
||||
(use-modules (gnu services herd)
|
||||
(srfi srfi-1))
|
||||
(live-service-running
|
||||
(find (lambda (live)
|
||||
(memq 'tor
|
||||
(live-service-provision live)))
|
||||
(current-services))))
|
||||
marionette))
|
||||
|
||||
(test-end)
|
||||
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
|
||||
|
||||
(gexp->derivation "tor-test" test))
|
||||
|
||||
(define %test-tor
|
||||
(system-test
|
||||
(name "tor")
|
||||
(description "Test a running Tor daemon configuration.")
|
||||
(value (run-tor-test))))
|
||||
|
|
Loading…
Reference in New Issue