Toggle quote (8 lines)
> > Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> > this is needed for Bitcoin Core support. From what I can see more daemons support
> > `ControlPort` than `ControlSocket`.
>
> Ok, but take a look at
> https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin.
> Maybe its out of date though: https://blog.torproject.org/tor-heart-cryptocurrencies
The issue is already known, and is mitigated by use of e.g. JoinMarket and Wasabi Wallet, when used with proper care to disentangle public coin addresses from your own spending.
In my particular case, use of Tor is not for pseudonymity (though if you want I can provide a coin address for Bitcoin and you can try donating to it and see if you can track me using the described technique, so you can try seeing if it actually works against an expert user of Bitcoin), but rather as a replacement for my lack of a public IP address --- instead of using a public IP address (which my ISP is much too stupid to provide to me unless I get a ***much*** higher tier of paid support) I use a Tor hidden service to allow other users to connect to my node.
Toggle quote (28 lines)
> > Thanks
> > raid5atemyhomework
> > From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
> > From: raid5atemyhomework raid5atemyhomework@protonmail.com
> > Date: Sat, 27 Mar 2021 14:29:31 +0800
> > Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.
> >
> > - gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
> > (tor-configuration->torrc): Support `control-port?` field.
> > (tor-activation): Allow group access to data directory if `control-port?`.
> >
> > - doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.
>
> Usually we`quote', 'quote', "quote" or ‘quote’, but never`quote`.
> I recommend 'quote', as in
>
> commit 43937666ba6975b6c847be8e67cecd781ce27049
> Author: Ludovic Courtès ludo@gnu.org
> Date: Fri Mar 19 14:23:57 2021 +0100
>
> download: 'tls-wrap' treats premature TLS termination as EOF.
>
> This is a backport of Guile commit
> 076276c4f580368b4106316a77752d69c8f1494a.
>
> * guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
> call in 'catch' and handle 'error/premature-termination' GnuTLS errors.
Okay.
Thaks
raid5atemyhomework
From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
* gnu/services/networking.scm (tor-configuration): Add 'control-port?' field.
(tor-configuration->torrc): Support 'control-port?' field.
(tor-activation): Allow group access to data directory if 'control-port?'.
* doc/guix.texi (Networking Services)[Tor]: Describe new 'control-port?' field.
---
doc/guix.texi | 13 +++++++++++++
gnu/services/networking.scm | 24 +++++++++++++++++++++---
2 files changed, 34 insertions(+), 3 deletions(-)
Toggle diff (87 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c23d044ff5..a9c8f930be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -87,6 +87,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
Copyright @copyright{} 2020 John Soo@*
Copyright @copyright{} 2020 Jonathan Brielmaier@*
Copyright @copyright{} 2020 Edgar Vincent@*
+Copyright @copyright{} 2021 raid5atemyhomework@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16676,6 +16677,18 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
@file{/var/run/tor/control-sock}, which will be made writable by members of the
@code{tor} group.
+@item @code{control-port?} (default: @code{#f})
+Whether or not to provide a ``control port'' by which Tor can be controlled
+to, for instance, dynamically instantiate tor onion services. This is more
+commonly supported by Tor controllers than using a UNIX domain socket as
+above. If @code{#t}, Tor will listen for authenticated control commands over
+the control port 9051. In order to authenticate to this port, Tor controllers
+need to read the cookie file at @file{/var/lib/tor/control_auth_cookie}, which
+will be made readable by members of the @code{tor} group.
+
+This can be set to a number instead, which will make Tor listen for control
+commands over the specified port number.
+
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..a4fbeaadfe 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -747,7 +747,9 @@ demand.")))
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-control-socket-path
- (default #f)))
+ (default #f))
+ (control-port? tor-control-port?
+ (default #f))) ; #f | #t | number
(define %tor-accounts
;; User account and groups for Tor.
@@ -770,7 +772,8 @@ demand.")))
"Return a 'torrc' file for CONFIG."
(match config
(($ <tor-configuration> tor config-file services
- socks-socket-type control-socket?)
+ socks-socket-type control-socket?
+ control-port?)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -795,6 +798,16 @@ UnixSocksGroupWritable 1\n" port))
ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1\n"
port))
+ (when #$control-port?
+ (format port
+ "\
+ControlPort ~a
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1\n"
+ #$(if (eq? control-port? #t)
+ 9051
+ control-port?)))
(for-each (match-lambda
((service (ports hosts) ...)
@@ -884,7 +897,12 @@ HiddenServicePort ~a ~a~%"
;; Allow Tor to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
- (chmod "/var/lib/tor" #o700)
+ ;; Allow Tor controllers to access the cookie file if control-port?
+ ;; By default this is where Tor puts the cookie file, and most Tor
+ ;; controllers expect this file location (and not on `/var/run/tor`).
+ (chmod "/var/lib/tor" #$(if (tor-control-port? config)
+ #o750
+ #o700))
;; Make sure /var/lib is accessible to the 'tor' user.
(chmod "/var/lib" #o755)