Re: [PATCH] Add Tor client only package definition
I need to stop thinking of cars and cdrs. It didn't even try to compile again, just gave me the address on the store, so I'm guessing guile is smart enough to see it's equivalent and does not care at all. I'll be less clumsy next time around. --- --- a/gnu/packages/tor.scm 2020-06-03 01:29:12.723126381 -0300 +++ b/gnu/packages/tor.scm 2020-06-03 01:29:02.532964662 -0300 @@ -27,6 +27,7 @@ (define-module (gnu packages tor) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) + #:use-module (guix utils) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix build-system gnu) @@ -85,11 +86,36 @@ web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol. +This package is the full featured @code{tor} which is needed for running +relays, bridges or directory authorities. If you just want to access the Tor +network or to setup an onion service you may install @code{tor-client} +instead.") +(license license:bsd-3))) + +(define-public tor-client + (package +(inherit tor) +(name "tor-client") +(arguments + (substitute-keyword-arguments (package-arguments tor) + ((#:configure-flags flags) +(append flags +'("--disable-module-relay") +(synopsis "Client to the anonymous Tor network") +(description + "Tor protects you by bouncing your communications around a distributed +network of relays run by volunteers all around the world: it prevents +somebody watching your Internet connection from learning what sites you +visit, and it prevents the sites you visit from learning your physical +location. Tor works with many of your existing applications, including +web browsers, instant messaging clients, remote login, and other +applications based on the TCP protocol. + To @code{torify} applications (to take measures to ensure that an application, which has not been designed for use with Tor such as ssh, will use only Tor for internet connectivity, and also ensures that there are no leaks from DNS, UDP or -the application layer) you need to install @code{torsocks}.") -(license license:bsd-3))) +the application layer) you need to install @code{torsocks}. This package only +provides a client to the Tor Network."))) (define-public torsocks (package
Re: [PATCH] Add Tor client only package definition
There was a missing space on the previous email. 'indent-code.el' did not keep exactly the same indenting as other definitions so I did insert spaces by hand but forgot one, so I'm resending. Also, I've forgot to mention that the build seems to be deterministic. --- commit: 018cffc9c9e5a5855733f5f45a1c4d396bb6a321 --- a/gnu/packages/tor.scm 2020-05-31 00:45:08.246476629 -0300 +++ b/gnu/packages/tor.scm 2020-05-31 17:50:52.023646115 -0300 @@ -27,6 +27,7 @@ (define-module (gnu packages tor) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) + #:use-module (guix utils) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix build-system gnu) @@ -85,11 +86,36 @@ web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol. +This package is the full featured @code{tor} which is needed for running +relays, bridges or directory authorities. If you just want to access the Tor +Network or to setup an onion service you may install @code{tor-client} +instead.") +(license license:bsd-3))) + +(define-public tor-client + (package +(inherit tor) +(name "tor-client") +(arguments + (substitute-keyword-arguments (package-arguments tor) + ((#:configure-flags flags) +`(list ,@(cdr flags) + "--disable-module-relay" +(synopsis "Client to the anonymous Tor network") +(description + "Tor protects you by bouncing your communications around a distributed +network of relays run by volunteers all around the world: it prevents +somebody watching your Internet connection from learning what sites you +visit, and it prevents the sites you visit from learning your physical +location. Tor works with many of your existing applications, including +web browsers, instant messaging clients, remote login, and other +applications based on the TCP protocol. + To @code{torify} applications (to take measures to ensure that an application, which has not been designed for use with Tor such as ssh, will use only Tor for internet connectivity, and also ensures that there are no leaks from DNS, UDP or -the application layer) you need to install @code{torsocks}.") -(license license:bsd-3))) +the application layer) you need to install @code{torsocks}. This package only +provides a client to the Tor Network."))) (define-public torsocks (package signature.asc Description: PGP signature
Re: [PATCH] Add Tor client only package definition
Hi Ludo, dom 24 mai 2020 às 22:51:16 (1590371476), l...@gnu.org enviou: > Hi Andre, > > What difference does it make, for instance in terms of the total size > returned by “guix size tor-client” vs. “guix size tor”? Considering only the total size, the difference doesn't appear to be significant: 90.6 MiB vs 91.0 MiB. However, since most of it is relared to gcc and glibc, I also thought it would be more accurate to compare the difference between the binaries. Comparing those, there is a 8.5% reduction on it's size - from 4120K to 3768K on my i686 machine[1]. On x86_64, it goes from 97.0MiB to 96.7MiB total size or 3840K to 3532K, which equals a reduction of 8.0% on the bin[2]. I did not try to emulate other architectures, but I can do it, if you think the idea is worth. > Are there other considerations, such as a reduced attack surface? Other considerations were: not loading code which is not meant to be used into memory, reducing the compilation and check time as well as avoiding running relays by mistake (miunderstanding on ORPort or copy+pasting old configs or config files found on the web). AFAIUI, this could also mean a reduced attack surface, but I couldn't think of a way of exploiting the relay module without relying on a prior exploit. Maybe if the user is running a onion service or through the SocksPort. I dont know. > It looks good to me overall! Some nitpicking: I see you've been kind to me. Thank you. > We’d rather use ‘substitute-keyword-arguments’ to augment > #:configure-flags without touching the other keyword arguments (there > are several examples in the source). I've overlooked the warning on section 14.5.3 of guix manual regarding Lispers tendency to overuse car, cdr cadr and co. > We generally avoid concatenating text like this, for the reasons > explained at: > > https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html And I've also overlooked this section. > Regarding the format of patches, you can take a look at this: > > https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html This I had read, but I thought I could skip some of it since it was not a new package, just a new flag through inheritance. But I suppose I was just passing the burden onto others. I'll send a new patch taking your warnings into account. --- Notes: 1: user@local ~$ guix size tor tor-client store item totalself /gnu/store/z4li262il798hbl0l1h1k3a5g7r6bffa-glibc-2.31 37.7 36.0 34.6% /gnu/store/1527570cy2g7ld4wppmh3skvi27kvm43-gcc-7.5.0-lib 65.0 27.4 26.3% /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5 91.0 13.5 13.0% /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5 90.6 13.1 12.6% /gnu/store/9p15ivj0lc5sd5ivizn8lnzh781lbbgr-openssl-1.1.1f 71.5 6.4 6.2% /gnu/store/m21nvi8k4jqhdfxgra87zdri1xpdi8hy-libevent-2.1.11 67.2 2.2 2.1% /gnu/store/izqg5ia1ci2xijfw6l1qmw4sylc4p9x9-bash-static-5.0.16 1.6 1.6 1.6% /gnu/store/v1g7f3p4f0851mywrla8qmr9hb8jgfjr-bash-minimal-5.0.16 38.8 1.1 1.0% /gnu/store/4zsgsg1x32nmwgm6dr5fbb9akkydkclz-zstd-1.4.4-lib 66.0 1.0 1.0% /gnu/store/fwyjnzl9z55d9byzsn8nq8g0vlbxxmgn-xz-5.2.467.0 0.9 0.9% /gnu/store/3ai13wmy7d8civi5xpvl9x0bm9qjfszx-libseccomp-2.4.365.6 0.6 0.6% /gnu/store/pqyqxd5mbvlb22ifxzp4q2skjfq1p8yj-zlib-1.2.11 65.3 0.2 0.2% total: 104.1 MiB user@local ~$ ls -s /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor 4120 /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor user@local ~$ ls -s /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor 3768 /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor 2: store item totalself /gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31 38.4 36.7 33.4% /gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib 71.0 32.6 29.7% /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5 97.0 13.2 12.0% /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5 96.7 12.9 11.7% /gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f 77.4 6.4 5.9% /gnu/store/c7wscymmk379v16invi8m68f6v5c8gsv-libevent-2.1.11 73.3 2.3 2.1% /gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16 1.6 1.6 1.5% /gnu/store/v04z33qas38iiv5ndasf4cw80kqyyr1r-zstd-1.4.4-lib 72.1 1.1 1.0% /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16 39.4 1.0 0.9% /gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.473.0 0.9 0.8% /gnu/store/5gc93y4n3f9p5sivp0i4f7ixqmqz3zpv-libseccomp-2.4.371.9 0.9 0.8% /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11 71.2
[PATCH] Add Tor client only package definition
Hello Guix, Starting on version 0.4.3.5, Tor provides a configuration flag to disable relay code (--disable-module-relay). Considering most people are running clients, not relays, I thought it would be nice for guix to have a client-only package definition (maybe it could even be the default?). What do you think? I've tested the code below and it works as expected on my guix install. However, since I'm neither a schemer nor guixpert, fell free to teach me how to do it the guix way. --- a/gnu/packages/tor.scm 2020-05-16 23:35:47.690031277 -0300 +++ b/gnu/packages/tor.scm 2020-05-16 23:47:11.291254106 -0300 @@ -91,6 +91,20 @@ the application layer) you need to install @code{torsocks}.") (license license:bsd-3))) + (define-public tor-client + (package + (inherit tor) + (name "tor-client") + (arguments + `(#:configure-flags +`(,@(cons "--disable-module-relay" + ,(cadr (package-arguments tor)) + (synopsis "Client to the anonymous Tor network") + (description + (string-append (package-description tor) + "\n\nThis package only provides the client funcionality to the Tor +Network. If you want to setup a relay you need to install @code{tor}." + (define-public torsocks (package (name "torsocks") signature.asc Description: PGP signature