[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/06: services: tor: Add a system test.
From: |
Chris Marusich |
Subject: |
01/06: services: tor: Add a system test. |
Date: |
Tue, 28 Aug 2018 03:44:55 -0400 (EDT) |
marusich pushed a commit to branch master
in repository guix.
commit 5dfd80e1c5c9803a281804801592d191cf9148ae
Author: Chris Marusich <address@hidden>
Date: Sun Jul 22 16:23:53 2018 -0700
services: tor: Add a system test.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container
with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add
a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
---
gnu/services/networking.scm | 22 +++++++++++++++---
gnu/tests/networking.scm | 56 ++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d5d0cf9..66772e4 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <address@hidden>
;;; Copyright © 2017 Marius Bakke <address@hidden>
;;; Copyright © 2018 Tobias Geerinckx-Rice <address@hidden>
+;;; Copyright © 2018 Chris Marusich <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(for-each (match-lambda
@@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
#t))))))))
(define (tor-shepherd-service config)
- "Return a <shepherd-service> running TOR."
+ "Return a <shepherd-service> running Tor."
(match config
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
@@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
- (target source)))))
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t)))
+ #:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
- "Return the activation gexp for SERVICES, a list of hidden services."
+ "Set up directories for Tor and its hidden services, if any."
#~(begin
(use-modules (guix build utils))
@@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
+ ;; Allow Tor to write its PID file.
+ (mkdir-p "/var/run/tor")
+ (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+ ;; Set the group permissions to rw so that if the system administrator
+ ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+ ;; of the "tor" group will be able to use the SOCKS socket.
+ (chmod "/var/run/tor" #o750)
+
+ ;; Allow Tor to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index 323679e..5e54edc 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -30,7 +30,7 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages networking)
#:use-module (gnu services shepherd)
- #:export (%test-inetd %test-openvswitch %test-dhcpd))
+ #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
(define %inetd-os
;; Operating system with 2 inetd services.
@@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
(name "dhcpd")
(description "Test a running DHCP daemon configuration.")
(value (run-dhcpd-test))))
+
+
+;;;
+;;; Services related to Tor
+;;;
+
+(define %tor-os
+ (simple-operating-system
+ (tor-service)))
+
+(define (run-tor-test)
+ (define os
+ (marionette-operating-system %tor-os
+ #:imported-modules '((gnu services herd))
+ #:requirements '(tor)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (ice-9 popen)
+ (ice-9 rdelim)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$(virtual-machine os))))
+
+ (mkdir #$output)
+ (chdir #$output)
+
+ (test-begin "tor")
+
+ (test-assert "tor is alive"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd)
+ (srfi srfi-1))
+ (live-service-running
+ (find (lambda (live)
+ (memq 'tor
+ (live-service-provision live)))
+ (current-services))))
+ marionette))
+
+ (test-end)
+ (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+ (gexp->derivation "tor-test" test))
+
+(define %test-tor
+ (system-test
+ (name "tor")
+ (description "Test a running Tor daemon configuration.")
+ (value (run-tor-test))))
- branch master updated (526ce41 -> 3bcb305), Chris Marusich, 2018/08/28
- 06/06: services: tor: Make it easier to use UNIX sockets., Chris Marusich, 2018/08/28
- 05/06: tests: tor: Add more test cases., Chris Marusich, 2018/08/28
- 04/06: marionette: Add wait-for-unix-socket., Chris Marusich, 2018/08/28
- 01/06: services: tor: Add a system test.,
Chris Marusich <=
- 02/06: services: tor: Rename activation procedure., Chris Marusich, 2018/08/28
- 03/06: marionette: Add support for QEMU's "quit" command., Chris Marusich, 2018/08/28