Received: (at submit) by debbugs.gnu.org; 15 Mar 2021 11:15:53 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 15 07:15:53 2021 Received: from localhost ([127.0.0.1]:34958 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lLlCT-0001Da-1O for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 07:15:53 -0400 Received: from lists.gnu.org ([209.51.188.17]:36822) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <raid5atemyhomework@HIDDEN>) id 1lLlCQ-0001DR-W6 for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 07:15:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34350) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <raid5atemyhomework@HIDDEN>) id 1lLlCQ-00046s-OX for guix-patches@HIDDEN; Mon, 15 Mar 2021 07:15:50 -0400 Received: from mail-40138.protonmail.ch ([185.70.40.138]:26729) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <raid5atemyhomework@HIDDEN>) id 1lLlCO-0004r6-In for guix-patches@HIDDEN; Mon, 15 Mar 2021 07:15:50 -0400 Date: Mon, 15 Mar 2021 11:15:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1615806944; bh=O7QFE32VxVWAhPys/8DlwmSwWUZ7QJD1DdoFdoAJ/vU=; h=Date:To:From:Reply-To:Subject:From; b=oa+UWsBaBrn4zGjmRJ63o1z7EK47llWugOl8YB2r1x1cByz/xolXJwKuEeAe5jwgt Wp2OGuAlgqxZoPbZjAdFeme6cAouBYmo9n/XttLFZw3CeBYLdlWBsXmtUtp52JRok3 P9c7tEPbWmv5ZynjVyWy0yngGNOM/A8CI38myqBA= To: Guix Patches <guix-patches@HIDDEN> From: raid5atemyhomework <raid5atemyhomework@HIDDEN> Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor. Message-ID: <z7bo5cNBBIFwYrhxbJfvgpqSV8WXpQlpP9NKuZkyGvuXUP7iVJ86yHGgPuVlYgAmxas9QM_VF6XBy5AiktHlNubv_a6RMMwqIisIFzMHW7A=@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch Received-SPF: pass client-ip=185.70.40.138; envelope-from=raid5atemyhomework@HIDDEN; helo=mail-40138.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.1 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: raid5atemyhomework <raid5atemyhomework@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will b= e respected only if tor is started up. If you reconfigure your OS without = restarting the tor service, the directory permissions are reset due to the = activation code being re-run and resetting the directory permissions. This change simply does not chmod if the directory already exists. Thanks raid5atemyhomework From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001 From: raid5atemyhomework <raid5atemyhomework@HIDDEN> Date: Mon, 15 Mar 2021 19:10:01 +0800 Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor. * gnu/services/networking.scm (tor-activation): Do not change permissions of tor data directory if it already exists. --- gnu/services/networking.scm | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 231a9f66c7..65d2d39f0b 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%" ;; of the "tor" group will be able to use the SOCKS socket. (chmod "/var/run/tor" #o750) - ;; Allow Tor to access the hidden services' directories. - (mkdir-p "/var/lib/tor") + ;; If the directory already exists, do not chmod it again; the user + ;; might have set "DataDirectoryGroupReadable 1" in the torrc. + ;; Without this check, a `guix system reconfigure` will cause the + ;; directory to lose group permissions until Tor is restarted, even + ;; if changes to the operating-system were unrelated to Tor. + (unless (file-exists? "/var/lib/tor") + (mkdir-p "/var/lib/tor") + ;; Allow only Tor and root to access the hidden services' director= ies. + (chmod "/var/lib/tor" #o700)) (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) - (chmod "/var/lib/tor" #o700) ;; Make sure /var/lib is accessible to the 'tor' user. (chmod "/var/lib" #o755) -- 2.30.2
raid5atemyhomework <raid5atemyhomework@HIDDEN>
:guix-patches@HIDDEN
.
Full text available.guix-patches@HIDDEN
:bug#47155
; Package guix-patches
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.