Package: guix-patches;
Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>
Date: Thu, 21 Oct 2021 11:57:01 UTC
Severity: normal
Tags: patch
To reply to this bug, email your comments to 51315 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#51315; Package guix-patches.
(Thu, 21 Oct 2021 11:57:01 GMT) Full text and rfc822 format available.Tobias Geerinckx-Rice <me <at> tobias.gr>:guix-patches <at> gnu.org.
(Thu, 21 Oct 2021 11:57:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: guix-patches <at> gnu.org Subject: [PATCH] services: tor: Raise file descriptor ulimit. Date: Thu, 21 Oct 2021 13:56:22 +0200
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---
Guix,
I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one.
This patch does the job, but boy, would I like to know if there's a better way to do it.
Kind regards,
T G-R
[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.
gnu/services/networking.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e19add927d..13150cb98e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
(list #$(file-append bash "/bin/bash") "-c"
(string-append "ulimit -n 32768; exec "
- #$(file-append tor "/bin/tor") " -f " #$torrc))
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
guix-patches <at> gnu.org:bug#51315; Package guix-patches.
(Thu, 21 Oct 2021 12:02:02 GMT) Full text and rfc822 format available.Message #8 received at 51315 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: 51315 <at> debbugs.gnu.org Subject: [PATCH v2] services: tor: Raise file descriptor ulimit. Date: Thu, 21 Oct 2021 14:01:03 +0200
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---
♪ …one of these days I'll send the right bleedin' patch… ♪
gnu/services/networking.scm | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 7e310b70ec..5a8852f262 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,24 +1,24 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw <at> netris.org>
;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd <at> gnu.org>
;;; Copyright © 2017 Clément Lassieur <clement <at> lassieur.org>
;;; Copyright © 2017 Thomas Danckaert <post <at> thomasdanckaert.be>
;;; Copyright © 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me <at> tobias.gr>
+;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2018 Chris Marusich <cmmarusich <at> gmail.com>
;;; Copyright © 2018 Arun Isaac <arunisaac <at> systemreboot.net>
;;; Copyright © 2019 Florian Pelz <pelzflorian <at> pelzflorian.de>
;;; Copyright © 2019, 2021 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;; Copyright © 2019 Sou Bunnbu <iyzsong <at> member.fsf.org>
;;; Copyright © 2019 Alex Griffin <a <at> ajgrf.com>
;;; Copyright © 2020 Brice Waegeneire <brice <at> waegenei.re>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust <at> gmail.com>
;;; Copyright © 2021 Christine Lemmer-Webber <cwebber <at> dustycloud.org>
;;; Copyright © 2021 Maxime Devos <maximedevos <at> telenet.be>
;;; Copyright © 2021 Guillaume Le Vaillant <glv <at> posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
@@ -948,32 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
- (list #$(file-append tor "/bin/tor") "-f" #$torrc)
+ (list #$(file-append bash "/bin/bash") "-c"
+ (string-append "ulimit -n 32768; exec "
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
guix-patches <at> gnu.org:bug#51315; Package guix-patches.
(Thu, 28 Oct 2021 18:44:01 GMT) Full text and rfc822 format available.Message #11 received at 51315 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Tobias Geerinckx-Rice <me <at> tobias.gr> Cc: 51315 <at> debbugs.gnu.org Subject: Re: bug#51315: [PATCH] services: tor: Raise file descriptor ulimit. Date: Thu, 28 Oct 2021 20:43:10 +0200
Hello!
Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
> + ;; The file descriptor ulimit must be raised in the
> + ;; environment from which the daemon is launched; see
> + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
> + ;; The exact number is somewhat arbitrary but taken from
> + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
> (start #~(make-forkexec-constructor/container
> - (list #$(file-append tor "/bin/tor") "-f" #$torrc)
> + (list #$(file-append bash "/bin/bash") "-c"
> + (string-append "ulimit -n 32768; exec "
> + #$(file-append tor "/bin/tor")
> + " -f " #$torrc))
Instead of going through Bash, what about something like:
(lambda _
(let ((pid (fork+exec-command/container …)))
(container-excursion* pid
(lambda () (setrlimit 'nofile 32768 32768)))
pid))
?
Ludo’.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.