Received: (at submit) by debbugs.gnu.org; 15 Mar 2021 11:15:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 15 07:15:53 2021
Received: from localhost ([127.0.0.1]:34958 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLlCT-0001Da-1O
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 07:15:53 -0400
Received: from lists.gnu.org ([209.51.188.17]:36822)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <raid5atemyhomework@HIDDEN>)
id 1lLlCQ-0001DR-W6
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 07:15:51 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34350)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <raid5atemyhomework@HIDDEN>)
id 1lLlCQ-00046s-OX
for guix-patches@HIDDEN; Mon, 15 Mar 2021 07:15:50 -0400
Received: from mail-40138.protonmail.ch ([185.70.40.138]:26729)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <raid5atemyhomework@HIDDEN>)
id 1lLlCO-0004r6-In
for guix-patches@HIDDEN; Mon, 15 Mar 2021 07:15:50 -0400
Date: Mon, 15 Mar 2021 11:15:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail; t=1615806944;
bh=O7QFE32VxVWAhPys/8DlwmSwWUZ7QJD1DdoFdoAJ/vU=;
h=Date:To:From:Reply-To:Subject:From;
b=oa+UWsBaBrn4zGjmRJ63o1z7EK47llWugOl8YB2r1x1cByz/xolXJwKuEeAe5jwgt
Wp2OGuAlgqxZoPbZjAdFeme6cAouBYmo9n/XttLFZw3CeBYLdlWBsXmtUtp52JRok3
P9c7tEPbWmv5ZynjVyWy0yngGNOM/A8CI38myqBA=
To: Guix Patches <guix-patches@HIDDEN>
From: raid5atemyhomework <raid5atemyhomework@HIDDEN>
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
Message-ID: <z7bo5cNBBIFwYrhxbJfvgpqSV8WXpQlpP9NKuZkyGvuXUP7iVJ86yHGgPuVlYgAmxas9QM_VF6XBy5AiktHlNubv_a6RMMwqIisIFzMHW7A=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
mailout.protonmail.ch
Received-SPF: pass client-ip=185.70.40.138;
envelope-from=raid5atemyhomework@HIDDEN; helo=mail-40138.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.1 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: raid5atemyhomework <raid5atemyhomework@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will b=
e respected only if tor is started up. If you reconfigure your OS without =
restarting the tor service, the directory permissions are reset due to the =
activation code being re-run and resetting the directory permissions.
This change simply does not chmod if the directory already exists.
Thanks
raid5atemyhomework
From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@HIDDEN>
Date: Mon, 15 Mar 2021 19:10:01 +0800
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
* gnu/services/networking.scm (tor-activation): Do not change permissions
of tor data directory if it already exists.
---
gnu/services/networking.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..65d2d39f0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%"
;; of the "tor" group will be able to use the SOCKS socket.
(chmod "/var/run/tor" #o750)
- ;; Allow Tor to access the hidden services' directories.
- (mkdir-p "/var/lib/tor")
+ ;; If the directory already exists, do not chmod it again; the user
+ ;; might have set "DataDirectoryGroupReadable 1" in the torrc.
+ ;; Without this check, a `guix system reconfigure` will cause the
+ ;; directory to lose group permissions until Tor is restarted, even
+ ;; if changes to the operating-system were unrelated to Tor.
+ (unless (file-exists? "/var/lib/tor")
+ (mkdir-p "/var/lib/tor")
+ ;; Allow only Tor and root to access the hidden services' director=
ies.
+ (chmod "/var/lib/tor" #o700))
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
- (chmod "/var/lib/tor" #o700)
;; Make sure /var/lib is accessible to the 'tor' user.
(chmod "/var/lib" #o755)
--
2.30.2
raid5atemyhomework <raid5atemyhomework@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#47155; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.