Re: [PATCH] doc: cookbook: Update entry about getting substitutes throug

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] doc: cookbook: Update entry about getting substitutes throug

From:	André Batista
Subject:	Re: [PATCH] doc: cookbook: Update entry about getting substitutes through Tor.
Date:	Thu, 18 Jun 2020 11:06:11 -0300

Hello Brice,

qua 17 jun 2020 às 08:37:59 (1592393879), brice@waegenei.re enviou:
> Hello André,
> 
> Thank you for the patch and your feedback!

It's me who should be thanking you!

> When writing this section of the cookbook I was worried that some
> readers will misunderstood it so I added a big warning at the
> front but it doesn't seems to be enough since you sent this mail.

Sorry to disturb you, your warning was clear enough. I've only
thought that there was room for improvement whilst there remains
the need for a proper solution to the problem at hand.

> I would like to keep the warnings at the beginning of the section
> to be sure that readers don't miss it when skimming trough it.
> Any rewording of that part to make the scope of the section or
> the warnings more clear is welcome.

It follows attached a new version of the previous patch which
changes the comment to the warning quote. I had previously thought
that it would be worse to inflate the warning with this comment even
more so as the section's title already mentions it's related to
substitutes.

> Note that this section is only about getting *substitutes* through
> tor and it should probably be kept that way to avoid confusing the
> user in regard to what (narrow) security benefit this configuration
> offer.

Note taken, but it seems to me that if someone is going through the
trouble of configuring guix to get substitutes through Tor, such a
person would most likely also wish to update guix through the same
network. It does nothing to fix the possible leaks when substitutes
aren't available, but it makes it clear that it's possible/advisable
on such scenario to pull using torsocks. I don't think it misinforms
users.

> On a wider front I would prefer to have a foolproof configuration
> that route *all* guix related traffic through Tor, instead of that
> half-way setup.  Providing a way to 'torify' any service with
> something like 'make-forkexec-constructor/trosocks', as
> 'make-forkexec-constructor/container' does for containerizing a
> service, would be great[0].  A less engaged option would be to
> make 'guix-daemon' compatible with 'torsocks' since doing it so
> makes guix unusable[1].

I too would prefer it, but a half-way setup is what we have for now.
So a three-quarters-way would be an improvement though not the fix
we're in need. I'll dig deeper and will come back to you if I make
any progress.

From 1d6e29dcbc5b9a8659294af033863a31526eab76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
Date: Thu, 18 Jun 2020 10:23:23 -0300
Subject: [PATCH] doc: cookbook: Update entry about getting substitutes through
 Tor.
To: guix-devel@gnu.org

* doc/guix-cookbook.texi (Getting substitutes from Tor): Update
section warning to mention the use of torsocks when pulling.
---
 doc/guix-cookbook.texi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 1342826c97..d5a8459363 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -15,6 +15,7 @@ Copyright @copyright{} 2020 Oleg Pykhalov@*
 Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
+Copyright @copyright{} 2020 André Batista@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1799,10 +1800,16 @@ HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, 
etc connections
 will still go through the clearnet.  Again, this configuration isn't
 foolproof some of your traffic won't get routed by Tor at all.  Use it
 at your own risk.
+
+Also note that the procedure described here applies only to package
+substitution. When you update your guix distribution with
+@command{guix pull}, you still need to use @command{torsocks} if
+you want to route the connection to guix's git repository servers
+through Tor.
 @end quotation
 
 Guix's substitute server is available as a Onion service, if you want
-to use it to get your substitutes from Tor configure your system as
+to use it to get your substitutes through Tor configure your system as
 follow:
 
 @lisp
-- 
2.26.2

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] doc: cookbook: Add entry about getting substitutes through Tor., Brice Waegeneire, 2020/06/03
- Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor., Ludovic Courtès, 2020/06/04
  - Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor., Brice Waegeneire, 2020/06/04
    - Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor., André Batista, 2020/06/16
    - Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor., Brice Waegeneire, 2020/06/17
    - Re: [PATCH] doc: cookbook: Update entry about getting substitutes through Tor., André Batista <=
    - Re: [PATCH] doc: cookbook: Update entry about getting substitutes through Tor., Brice Waegeneire, 2020/06/28

Prev by Date: Re: “Reproducible research articles, from source code to PDF”
Next by Date: Re: “Reproducible research articles, from source code to PDF”
Previous by thread: Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor.
Next by thread: Re: [PATCH] doc: cookbook: Update entry about getting substitutes through Tor.
Index(es):
- Date
- Thread