Browse Source

services: tor: Add a system test.

* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/ in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file.  Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring.  Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
Chris Marusich 4 years ago
No known key found for this signature in database GPG Key ID: DD409A15D822469D
  1. 22
  2. 56


@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <>
;;; Copyright © 2017 Marius Bakke <>
;;; Copyright © 2018 Tobias Geerinckx-Rice <>
;;; Copyright © 2018 Chris Marusich <>
;;; This file is part of GNU Guix.
@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
PidFile /var/run/tor/
Log notice syslog\n" port)
(for-each (match-lambda
@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
(define (tor-shepherd-service config)
"Return a <shepherd-service> running TOR."
"Return a <shepherd-service> running Tor."
(match config
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(source "/dev/log") ;for syslog
(target source)))))
(target source))
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
"Return the activation gexp for SERVICES, a list of hidden services."
"Set up directories for Tor and its hidden services, if any."
(use-modules (guix build utils))
@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
;; Allow Tor to write its PID file.
(mkdir-p "/var/run/tor")
(chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
;; Set the group permissions to rw so that if the system administrator
;; has specified UnixSocksGroupWritable=1 in their torrc file, members
;; of the "tor" group will be able to use the SOCKS socket.
(chmod "/var/run/tor" #o750)
;; Allow Tor to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)


@ -30,7 +30,7 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages networking)
#:use-module (gnu services shepherd)
#:export (%test-inetd %test-openvswitch %test-dhcpd))
#:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
(define %inetd-os
;; Operating system with 2 inetd services.
@ -339,3 +339,57 @@ subnet netmask {
(name "dhcpd")
(description "Test a running DHCP daemon configuration.")
(value (run-dhcpd-test))))
;;; Services related to Tor
(define %tor-os
(define (run-tor-test)
(define os
(marionette-operating-system %tor-os
#:imported-modules '((gnu services herd))
#:requirements '(tor)))
(define test
(with-imported-modules '((gnu build marionette))
(use-modules (gnu build marionette)
(ice-9 popen)
(ice-9 rdelim)
(srfi srfi-64))
(define marionette
(make-marionette (list #$(virtual-machine os))))
(mkdir #$output)
(chdir #$output)
(test-begin "tor")
(test-assert "tor is alive"
(use-modules (gnu services herd)
(srfi srfi-1))
(find (lambda (live)
(memq 'tor
(live-service-provision live)))
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
(gexp->derivation "tor-test" test))
(define %test-tor
(name "tor")
(description "Test a running Tor daemon configuration.")
(value (run-tor-test))))