Feature request: Make guix communicate over Hidden Services

  • Open
  • quality assurance status badge
Details
2 participants
  • bo0od
  • Ludovic Courtès
Owner
unassigned
Submitted by
bo0od
Severity
wishlist
B
B
bo0od wrote on 8 Apr 2021 01:30
(address . bug-guix@gnu.org)
2bf8f666-b29c-b84a-ba27-ff9e379dc278@riseup.net
Hi There,

I hope to see guix has the ability to communicate over Tor (not TLS over
Tor, but Tor-Tor (client-server), Something similar to how apt doing

This is mitigate the security problems of clearnet DNS,TLS and so as
hiding metadata (more privacy).

ThX!
L
L
Ludovic Courtès wrote on 19 Apr 2021 18:39
(name . bo0od)(address . bo0od@riseup.net)(address . 47647@debbugs.gnu.org)
87wnsydy90.fsf@gnu.org
Hi,

bo0od <bo0od@riseup.net> skribis:

Toggle quote (5 lines)
> I hope to see guix has the ability to communicate over Tor (not TLS
> over Tor, but Tor-Tor (client-server), Something similar to how apt
> doing with apt-transport-tor
> https://packages.debian.org/buster/apt-transport-tor

B
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 47647@debbugs.gnu.org)
c15b36ad-9226-52b1-f5d5-cb48c8454fa0@riseup.net
Yeah not clean connection, What i meant by this feature sorry i didnt
say it clearer at the the first text which is Guix main repository
guix-git must be mirrored over tor hidden services then when using guix
install or guix pull or ...etc is going to be all over Tor (no TLS used).

This is what debian do, If i change main repositories from TLS -> Onion
(apt-transport-tor pre-installed) then apt install or upgrade..etc i get
everything over Tor without any leaks to clearnet/TLS.

Thats what i hope to see in Guix.

Ludovic Courtès:
Toggle quote (17 lines)
> Hi,
>
> bo0od <bo0od@riseup.net> skribis:
>
>> I hope to see guix has the ability to communicate over Tor (not TLS
>> over Tor, but Tor-Tor (client-server), Something similar to how apt
>> doing with apt-transport-tor
>> https://packages.debian.org/buster/apt-transport-tor
>
> Check out this cookbook recipe:
>
> https://guix.gnu.org/cookbook/en/html_node/Getting-substitutes-from-Tor.html
>
> HTH!
>
> Ludo’.
>
L
L
Ludovic Courtès wrote on 20 Apr 2021 18:36
(name . bo0od)(address . bo0od@riseup.net)(address . 47647@debbugs.gnu.org)
87fszkc3r8.fsf@gnu.org
Hi,

bo0od <bo0od@riseup.net> skribis:

Toggle quote (6 lines)
> Yeah not clean connection, What i meant by this feature sorry i didnt
> say it clearer at the the first text which is Guix main repository
> guix-git must be mirrored over tor hidden services then when using
> guix install or guix pull or ...etc is going to be all over Tor (no
> TLS used).

OK, this is what the cookbook entry proposes, right?

The missing bit is accessing the Git repo of the ‘guix’ channel via an
Onion service (for ‘guix pull’), though one can easily create such a
mirror.

HTH,
Ludo’.
B
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 47647@debbugs.gnu.org)
b1fda2f9-8489-563c-b8f9-97a5231012c7@riseup.net
Yeah but how can someone create Tor mirror to guix upstream/main
repository if its not done by the upstream themselves?

Unless user make his own server and get all guix packages there in order
for him to have Tor-Tor connection from his own server/repository which
is crazy amount of effort compared to just mounting the upstream main
server (same server not different one) to Tor.

Having clearnet and Tor entries for same server way much easier to
create new server just for Tor.

Ludovic Courtès:
Toggle quote (19 lines)
> Hi,
>
> bo0od <bo0od@riseup.net> skribis:
>
>> Yeah not clean connection, What i meant by this feature sorry i didnt
>> say it clearer at the the first text which is Guix main repository
>> guix-git must be mirrored over tor hidden services then when using
>> guix install or guix pull or ...etc is going to be all over Tor (no
>> TLS used).
>
> OK, this is what the cookbook entry proposes, right?
>
> The missing bit is accessing the Git repo of the ‘guix’ channel via an
> Onion service (for ‘guix pull’), though one can easily create such a
> mirror.
>
> HTH,
> Ludo’.
>
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 47647@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 47647
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch