Re: [PATCH] Add Tor client only package definition
Hi Ludo, qui 02 jul 2020 às 11:36:24 (1593700584), l...@gnu.org enviou: > Hi André, > > Applied, but without those evil tabs that ‘guix lint’ reported. ;-) That's embarrassing. I could swear I had removed those before sending. > The closure as reported by ‘guix size’ is 96.7 MiB for ‘tor-client’ > vs. 97.0 MiB for ‘tor’. So it’s not compelling from that point of view, > but having less “dead” code when you only use the client is a probably > good idea. > > Thanks! I'm glad to have helped and hope to be able to contribute more. Tonight it's celebration time for me, I'll be drinking to the memory of those who came before and made it possible for me to be here now. :D > PS: In the future, please email guix-patc...@gnu.org to minimize chances > of losing sight of the patch: > https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html Sure thing. I've only sent it here because I was unsure if it was worth it. Thank you for all your work on guix!
Re: [PATCH] Add Tor client only package definition
Hi André, André Batista skribis: > From ac47ba538dd5cf628b26cce05e3b15b24ca03077 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Andr=C3=A9=20Batista?= > Date: Tue, 16 Jun 2020 19:20:57 -0300 > Subject: [PATCH] gnu: Add tor-client. > To: guix-devel@gnu.org > > * gnu/packages/tor.scm (tor-client): New variable. Applied, but without those evil tabs that ‘guix lint’ reported. ;-) The closure as reported by ‘guix size’ is 96.7 MiB for ‘tor-client’ vs. 97.0 MiB for ‘tor’. So it’s not compelling from that point of view, but having less “dead” code when you only use the client is a probably good idea. Thanks! Ludo’. PS: In the future, please email guix-patc...@gnu.org to minimize chances of losing sight of the patch: https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html
Re: [PATCH] Add Tor client only package definition
From ac47ba538dd5cf628b26cce05e3b15b24ca03077 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Batista?=
Date: Tue, 16 Jun 2020 19:20:57 -0300
Subject: [PATCH] gnu: Add tor-client.
To: guix-devel@gnu.org
* gnu/packages/tor.scm (tor-client): New variable.
---
gnu/packages/tor.scm | 31 +--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 2f2623b0e6..06debfed07 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2017 Rutger Helling
;;; Copyright © 2018 Ricardo Wurmus
;;; Copyright © 2020 Vincent Legoll
+;;; Copyright © 2020 André Batista
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,6 +28,7 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
@@ -85,11 +87,36 @@ location. Tor works with many of your existing
applications, including
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.
+This package is the full featured @code{tor} which is needed for running
+relays, bridges or directory authorities. If you just want to access the Tor
+network or to setup an onion service you may install @code{tor-client}
+instead.")
+(license license:bsd-3)))
+
+(define-public tor-client
+ (package
+ (inherit tor)
+ (name "tor-client")
+ (arguments
+(substitute-keyword-arguments (package-arguments tor)
+ ((#:configure-flags flags)
+ (append flags
+ '("--disable-module-relay")
+ (synopsis "Client to the anonymous Tor network")
+ (description
+"Tor protects you by bouncing your communications around a distributed
+network of relays run by volunteers all around the world: it prevents
+somebody watching your Internet connection from learning what sites you
+visit, and it prevents the sites you visit from learning your physical
+location. Tor works with many of your existing applications, including
+web browsers, instant messaging clients, remote login, and other
+applications based on the TCP protocol.
+
To @code{torify} applications (to take measures to ensure that an application,
which has not been designed for use with Tor such as ssh, will use only Tor for
internet connectivity, and also ensures that there are no leaks from DNS, UDP
or
-the application layer) you need to install @code{torsocks}.")
-(license license:bsd-3)))
+the application layer) you need to install @code{torsocks}. This package only
+provides a client to the Tor Network.")))
(define-public torsocks
(package
--
2.26.2
signature.asc
Description: PGP signature
Re: [PATCH] Add Tor client only package definition
I need to stop thinking of cars and cdrs. It didn't even try to compile
again, just gave me the address on the store, so I'm guessing guile is
smart enough to see it's equivalent and does not care at all.
I'll be less clumsy next time around.
---
--- a/gnu/packages/tor.scm 2020-06-03 01:29:12.723126381 -0300
+++ b/gnu/packages/tor.scm 2020-06-03 01:29:02.532964662 -0300
@@ -27,6 +27,7 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
@@ -85,11 +86,36 @@
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.
+This package is the full featured @code{tor} which is needed for running
+relays, bridges or directory authorities. If you just want to access the Tor
+network or to setup an onion service you may install @code{tor-client}
+instead.")
+(license license:bsd-3)))
+
+(define-public tor-client
+ (package
+(inherit tor)
+(name "tor-client")
+(arguments
+ (substitute-keyword-arguments (package-arguments tor)
+ ((#:configure-flags flags)
+(append flags
+'("--disable-module-relay")
+(synopsis "Client to the anonymous Tor network")
+(description
+ "Tor protects you by bouncing your communications around a distributed
+network of relays run by volunteers all around the world: it prevents
+somebody watching your Internet connection from learning what sites you
+visit, and it prevents the sites you visit from learning your physical
+location. Tor works with many of your existing applications, including
+web browsers, instant messaging clients, remote login, and other
+applications based on the TCP protocol.
+
To @code{torify} applications (to take measures to ensure that an application,
which has not been designed for use with Tor such as ssh, will use only Tor for
internet connectivity, and also ensures that there are no leaks from DNS, UDP
or
-the application layer) you need to install @code{torsocks}.")
-(license license:bsd-3)))
+the application layer) you need to install @code{torsocks}. This package only
+provides a client to the Tor Network.")))
(define-public torsocks
(package
Re: [PATCH] Add Tor client only package definition
There was a missing space on the previous email. 'indent-code.el' did
not keep exactly the same indenting as other definitions so I did
insert spaces by hand but forgot one, so I'm resending.
Also, I've forgot to mention that the build seems to be deterministic.
---
commit: 018cffc9c9e5a5855733f5f45a1c4d396bb6a321
--- a/gnu/packages/tor.scm 2020-05-31 00:45:08.246476629 -0300
+++ b/gnu/packages/tor.scm 2020-05-31 17:50:52.023646115 -0300
@@ -27,6 +27,7 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
@@ -85,11 +86,36 @@
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.
+This package is the full featured @code{tor} which is needed for running
+relays, bridges or directory authorities. If you just want to access the Tor
+Network or to setup an onion service you may install @code{tor-client}
+instead.")
+(license license:bsd-3)))
+
+(define-public tor-client
+ (package
+(inherit tor)
+(name "tor-client")
+(arguments
+ (substitute-keyword-arguments (package-arguments tor)
+ ((#:configure-flags flags)
+`(list ,@(cdr flags)
+ "--disable-module-relay"
+(synopsis "Client to the anonymous Tor network")
+(description
+ "Tor protects you by bouncing your communications around a distributed
+network of relays run by volunteers all around the world: it prevents
+somebody watching your Internet connection from learning what sites you
+visit, and it prevents the sites you visit from learning your physical
+location. Tor works with many of your existing applications, including
+web browsers, instant messaging clients, remote login, and other
+applications based on the TCP protocol.
+
To @code{torify} applications (to take measures to ensure that an application,
which has not been designed for use with Tor such as ssh, will use only Tor for
internet connectivity, and also ensures that there are no leaks from DNS, UDP
or
-the application layer) you need to install @code{torsocks}.")
-(license license:bsd-3)))
+the application layer) you need to install @code{torsocks}. This package only
+provides a client to the Tor Network.")))
(define-public torsocks
(package
signature.asc
Description: PGP signature
Re: [PATCH] Add Tor client only package definition
Hi Ludo,
ter 26 mai 2020 às 11:56:21 (1590504981), nan...@riseup.net enviou:
> dom 24 mai 2020 às 22:51:16 (1590371476), l...@gnu.org enviou:
> > It looks good to me overall! Some nitpicking:
> >
> > We’d rather use ‘substitute-keyword-arguments’ to augment
> > #:configure-flags without touching the other keyword arguments (there
> > are several examples in the source).
> >
> >
> > We generally avoid concatenating text like this, for the reasons
> > explained at:
> >
> > https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html
> >
> >
> > Regarding the format of patches, you can take a look at this:
> >
> > https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html
>
> I'll send a new patch taking your warnings into account.
I'm a little bit short on time, so I couldn't do everything I was supposed
to. I'm sending the attached patch for your consideration, just in case
someone wants to try it out, though I still need to clone the git repo, try
to build it on a pre-inst-env, and try to compile on archs other than i686
and x86_64.
I've run './etc/indent-code.el', guix lint and there where no errors.
It might take me some time to properly set up everything here and complete
the remaining steps, so please do tell me if you think the reasoning on the
previous email does not hold up or is not worth the trouble.
This diff was taken upon commit 018cffc9c9e5a5855733f5f45a1c4d396bb6a321.
--- a/gnu/packages/tor.scm 2020-05-31 00:45:08.246476629 -0300
+++ b/gnu/packages/tor.scm 2020-05-31 16:36:57.355970253 -0300
@@ -27,6 +27,7 @@
(define-module (gnu packages tor)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
@@ -85,11 +86,36 @@
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.
+This package is the full featured @code{tor} which is needed for running
+relays, bridges or directory authorities. If you just want to access the Tor
+Network or to setup an onion service you may install @code{tor-client}
+instead.")
+(license license:bsd-3)))
+
+(define-public tor-client
+ (package
+(inherit tor)
+(name "tor-client")
+(arguments
+ (substitute-keyword-arguments (package-arguments tor)
+ ((#:configure-flags flags)
+`(list ,@(cdr flags)
+ "--disable-module-relay"
+(synopsis "Client to the anonymous Tor network")
+(description
+ "Tor protects you by bouncing your communications around a distributed
+network of relays run by volunteers all around the world: it prevents
+somebody watching your Internet connection from learning what sites you
+visit, and it prevents the sites you visit from learning your physical
+location. Tor works with many of your existing applications, including
+web browsers, instant messaging clients, remote login, and other
+applications based on the TCP protocol.
+
To @code{torify} applications (to take measures to ensure that an application,
which has not been designed for use with Tor such as ssh, will use only Tor for
internet connectivity, and also ensures that there are no leaks from DNS, UDP
or
-the application layer) you need to install @code{torsocks}.")
-(license license:bsd-3)))
+the application layer) you need to install @code{torsocks}. This package only
+provides a client to the Tor Network.")))
(define-public torsocks
(package
signature.asc
Description: PGP signature
Re: [PATCH] Add Tor client only package definition
Hi Ludo, dom 24 mai 2020 às 22:51:16 (1590371476), l...@gnu.org enviou: > Hi Andre, > > What difference does it make, for instance in terms of the total size > returned by “guix size tor-client” vs. “guix size tor”? Considering only the total size, the difference doesn't appear to be significant: 90.6 MiB vs 91.0 MiB. However, since most of it is relared to gcc and glibc, I also thought it would be more accurate to compare the difference between the binaries. Comparing those, there is a 8.5% reduction on it's size - from 4120K to 3768K on my i686 machine[1]. On x86_64, it goes from 97.0MiB to 96.7MiB total size or 3840K to 3532K, which equals a reduction of 8.0% on the bin[2]. I did not try to emulate other architectures, but I can do it, if you think the idea is worth. > Are there other considerations, such as a reduced attack surface? Other considerations were: not loading code which is not meant to be used into memory, reducing the compilation and check time as well as avoiding running relays by mistake (miunderstanding on ORPort or copy+pasting old configs or config files found on the web). AFAIUI, this could also mean a reduced attack surface, but I couldn't think of a way of exploiting the relay module without relying on a prior exploit. Maybe if the user is running a onion service or through the SocksPort. I dont know. > It looks good to me overall! Some nitpicking: I see you've been kind to me. Thank you. > We’d rather use ‘substitute-keyword-arguments’ to augment > #:configure-flags without touching the other keyword arguments (there > are several examples in the source). I've overlooked the warning on section 14.5.3 of guix manual regarding Lispers tendency to overuse car, cdr cadr and co. > We generally avoid concatenating text like this, for the reasons > explained at: > > https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html And I've also overlooked this section. > Regarding the format of patches, you can take a look at this: > > https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html This I had read, but I thought I could skip some of it since it was not a new package, just a new flag through inheritance. But I suppose I was just passing the burden onto others. I'll send a new patch taking your warnings into account. --- Notes: 1: user@local ~$ guix size tor tor-client store item totalself /gnu/store/z4li262il798hbl0l1h1k3a5g7r6bffa-glibc-2.31 37.7 36.0 34.6% /gnu/store/1527570cy2g7ld4wppmh3skvi27kvm43-gcc-7.5.0-lib 65.0 27.4 26.3% /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5 91.0 13.5 13.0% /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5 90.6 13.1 12.6% /gnu/store/9p15ivj0lc5sd5ivizn8lnzh781lbbgr-openssl-1.1.1f 71.5 6.4 6.2% /gnu/store/m21nvi8k4jqhdfxgra87zdri1xpdi8hy-libevent-2.1.11 67.2 2.2 2.1% /gnu/store/izqg5ia1ci2xijfw6l1qmw4sylc4p9x9-bash-static-5.0.16 1.6 1.6 1.6% /gnu/store/v1g7f3p4f0851mywrla8qmr9hb8jgfjr-bash-minimal-5.0.16 38.8 1.1 1.0% /gnu/store/4zsgsg1x32nmwgm6dr5fbb9akkydkclz-zstd-1.4.4-lib 66.0 1.0 1.0% /gnu/store/fwyjnzl9z55d9byzsn8nq8g0vlbxxmgn-xz-5.2.467.0 0.9 0.9% /gnu/store/3ai13wmy7d8civi5xpvl9x0bm9qjfszx-libseccomp-2.4.365.6 0.6 0.6% /gnu/store/pqyqxd5mbvlb22ifxzp4q2skjfq1p8yj-zlib-1.2.11 65.3 0.2 0.2% total: 104.1 MiB user@local ~$ ls -s /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor 4120 /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor user@local ~$ ls -s /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor 3768 /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor 2: store item totalself /gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31 38.4 36.7 33.4% /gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib 71.0 32.6 29.7% /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5 97.0 13.2 12.0% /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5 96.7 12.9 11.7% /gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f 77.4 6.4 5.9% /gnu/store/c7wscymmk379v16invi8m68f6v5c8gsv-libevent-2.1.11 73.3 2.3 2.1% /gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16 1.6 1.6 1.5% /gnu/store/v04z33qas38iiv5ndasf4cw80kqyyr1r-zstd-1.4.4-lib 72.1 1.1 1.0% /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16 39.4 1.0 0.9% /gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.473.0 0.9 0.8% /gnu/store/5gc93y4n3f9p5sivp0i4f7ixqmqz3zpv-libseccomp-2.4.371.9 0.9 0.8% /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11 71.2
Re: [PATCH] Add Tor client only package definition
Hi Andre,
Andre Batista skribis:
> Starting on version 0.4.3.5, Tor provides a configuration flag to
> disable relay code (--disable-module-relay). Considering most
> people are running clients, not relays, I thought it would be
> nice for guix to have a client-only package definition (maybe
> it could even be the default?). What do you think?
What difference does it make, for instance in terms of the total size
returned by “guix size tor-client” vs. “guix size tor”?
Are there other considerations, such as a reduced attack surface?
> I've tested the code below and it works as expected on my guix
> install. However, since I'm neither a schemer nor guixpert, fell
> free to teach me how to do it the guix way.
It looks good to me overall! Some nitpicking:
> + (define-public tor-client
> + (package
> + (inherit tor)
> + (name "tor-client")
> + (arguments
> + `(#:configure-flags
> +`(,@(cons "--disable-module-relay"
> + ,(cadr (package-arguments tor))
We’d rather use ‘substitute-keyword-arguments’ to augment
#:configure-flags without touching the other keyword arguments (there
are several examples in the source).
> + (synopsis "Client to the anonymous Tor network")
> + (description
> + (string-append (package-description tor)
> + "\n\nThis package only provides the client funcionality to the Tor
> +Network. If you want to setup a relay you need to install @code{tor}."
We generally avoid concatenating text like this, for the reasons
explained at:
https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html
Regarding the format of patches, you can take a look at this:
https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html
Thanks,
Ludo’.
