|
From: | GNU bug Tracking System |
Subject: | bug#41694: closed ([PATCH] doc: cookbook: Add entry about getting substitutes through Tor.) |
Date: | Thu, 04 Jun 2020 12:55:02 +0000 |
Your message dated Thu, 04 Jun 2020 12:54:00 +0000 with message-id <5b7e576318d73e89ba5a9cafb6861061@waegenei.re> and subject line Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. has caused the debbugs.gnu.org bug report #41694, regarding [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 41694: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=41694 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. Date: Wed, 3 Jun 2020 21:12:49 +0200 * doc/guix-cookbook.texi (Getting substitutes from Tor): New section. --- doc/guix-cookbook.texi | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 5574a60857..83abc704ca 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -14,6 +14,7 @@ Copyright @copyright{} 2019 Pierre Neidhardt@* Copyright @copyright{} 2020 Oleg Pykhalov@* Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* +Copyright @copyright{} 2020 Brice Waegeneire@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1326,6 +1327,7 @@ reference. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. +* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @node Customizing the Kernel @@ -1785,6 +1787,59 @@ mount itself. )) @end lisp +@node Getting substitutes from Tor +@section Getting substitutes from Tor + +@quotation Warning +@emph{Not all} Guix daemon's traffic will go through Tor! Only +HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections +will still go through the clearnet. Again, this configuration isn't +foolproof some of your traffic won't get routed by Tor at all. Use it +at your own risk. +@end quotation + +Guix's substitute server is available as a hidden service, if you want +to use it to get your substitutes from Tor configure your system as +follow: + +@lisp +(use-modules (gnu)) +(use-service-module base networking) + +(operating-system + … + (services + (cons + (service tor-service-type + (tor-configuration + (config-file (plain-file "tor-config" + "HTTPTunnelPort 127.0.0.1:9250")))) + (modify-services %base-services + (guix-service-type + config => (guix-configuration + (inherit config) + ;; ci.guix.gnu.org's hidden service + (substitute-urls "https://bp7o7ckwlewr4slm.onion") + (http-proxy "http://localhost:9250"))))))) +@end lisp + +This will keep a tor process running that provides a HTTP CONNECT tunnel +which will be used by @command{guix-daemon}. The daemon can use other +protocols than HTTP(S) to get remote resources, request using those +protocols won't go through Tor since we are only setting a HTTP tunnel +here. Note that @code{substitutes-urls} is using HTTPS and not HTTP or +it won't work, that's a limitation of Tor's tunnel; you may want to use +@command{privoxy} instead to avoid such limitations. + +If you don't want to always get substitutes through Tor but using it just +some of the times, then skip the @code{guix-configuration}. When you +want to get a substitute from the Tor tunnel run: + +@example +# herd set-http-proxy guix-daemon http://localhost:9250 +$ guix build --substitute-urls=https://bp7o7ckwlewr4slm.onion hello +@end example + @c ********************************************************************* @node Advanced package management @chapter Advanced package management -- 2.26.2
--- End Message ---
--- Begin Message ---Subject: Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. Date: Thu, 04 Jun 2020 12:54:00 +0000 User-agent: Roundcube Webmail/1.3.8 Hello, On 2020-06-04 12:29, Ludovic Courtès wrote:Hi, Brice Waegeneire <brice@waegenei.re> skribis:* doc/guix-cookbook.texi (Getting substitutes from Tor): New section.Yay!+@node Getting substitutes from Tor +@section Getting substitutes from Tor + +@quotation Warning +@emph{Not all} Guix daemon's traffic will go through Tor! Only +HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections +will still go through the clearnet. Again, this configuration isn't+foolproof some of your traffic won't get routed by Tor at all. Use it+at your own risk. +@end quotationI would suggest adding a line of intro before the warning, otherwise we see the warning before even knowing what the section is about. :-)+Guix's substitute server is available as a hidden service, if you wantI think official terminology these days is “Onion service”.+to use it to get your substitutes from Tor configure your system as +follow: + +@lisp +(use-modules (gnu)) +(use-service-module base networking) + +(operating-system + … + (services + (cons + (service tor-service-type + (tor-configuration + (config-file (plain-file "tor-config"+ "HTTPTunnelPort 127.0.0.1:9250"))))+ (modify-services %base-services + (guix-service-type^^^^^^^^^^^^^ Too many spaces here.+@example +# herd set-http-proxy guix-daemon http://localhost:9250 +$ guix build --substitute-urls=https://bp7o7ckwlewr4slm.onion hello +@end exampleTo make it copy/pastable, you can remove the prompt and write it as: sudo herd set-http-proxy … guix build … Something along these lines LGTM. Thank you! Ludo’.Thank you for the review Ludovic.Pushed as c987b72382e739bf887849b02c533eda317ea52b with the 3 modifications youwere requesting. - Brice
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |