services: tor: Add a system test.

* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) <start>: Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new <file-system-mapping> to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure.
4 years ago · 5dfd80e1c5
2 changed files with 74 additions and 4 deletions
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@ -7,6 +7,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -612,6 +613,7 @@ demand.")))
 ### These lines were generated from your system configuration:
 User tor
 DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
 Log notice syslog\n" port)

                (for-each (match-lambda
@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
                #t))))))))

 (define (tor-shepherd-service config)
-  "Return a <shepherd-service> running TOR."
+  "Return a <shepherd-service> running Tor."
  (match config
    (($ <tor-configuration> tor)
     (let ((torrc (tor-configuration->torrc config)))
@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
                                            (writable? #t))
                                           (file-system-mapping
                                            (source "/dev/log") ;for syslog
-                                            (target source)))))
+                                            (target source))
+                                           (file-system-mapping
+                                            (source "/var/run/tor")
+                                            (target source)
+                                            (writable? #t)))
+                          #:pid-file "/var/run/tor/tor.pid"))
                (stop #~(make-kill-destructor))
                (documentation "Run the Tor anonymous network overlay."))))))))

 (define (tor-hidden-service-activation config)
-  "Return the activation gexp for SERVICES, a list of hidden services."
+  "Set up directories for Tor and its hidden services, if any."
  #~(begin
      (use-modules (guix build utils))

@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
          ;; The daemon bails out if we give wider permissions.
          (chmod directory #o700)))

+      ;; Allow Tor to write its PID file.
+      (mkdir-p "/var/run/tor")
+      (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+      ;; Set the group permissions to rw so that if the system administrator
+      ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+      ;; of the "tor" group will be able to use the SOCKS socket.
+      (chmod "/var/run/tor" #o750)
+
+      ;; Allow Tor to access the hidden services' directories.
      (mkdir-p "/var/lib/tor")
      (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
      (chmod "/var/lib/tor" #o700)
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@ -30,7 +30,7 @@
  #:use-module (gnu packages bash)
  #:use-module (gnu packages networking)
  #:use-module (gnu services shepherd)
-  #:export (%test-inetd %test-openvswitch %test-dhcpd))
+  #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))

 (define %inetd-os
  ;; Operating system with 2 inetd services.
@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
   (name "dhcpd")
   (description "Test a running DHCP daemon configuration.")
   (value (run-dhcpd-test))))
+
+
+;;;
+;;; Services related to Tor
+;;;
+
+(define %tor-os
+  (simple-operating-system
+   (tor-service)))
+
+(define (run-tor-test)
+  (define os
+    (marionette-operating-system %tor-os
+                                 #:imported-modules '((gnu services herd))
+                                 #:requirements '(tor)))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (ice-9 popen)
+                       (ice-9 rdelim)
+                       (srfi srfi-64))
+
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "tor")
+
+          (test-assert "tor is alive"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd)
+                             (srfi srfi-1))
+                (live-service-running
+                 (find (lambda (live)
+                         (memq 'tor
+                               (live-service-provision live)))
+                       (current-services))))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "tor-test" test))
+
+(define %test-tor
+  (system-test
+   (name "tor")
+   (description "Test a running Tor daemon configuration.")
+   (value (run-tor-test))))