Commit | Line | Data |
---|---|---|
7f08437b | 1 | ;;; GNU Guix --- Functional package management for GNU |
9355498d | 2 | ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
722ec722 | 3 | ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> |
09b5cdf8 | 4 | ;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner <efraim@flashner.co.il> |
3c986a7d | 5 | ;;; Copyright © 2016, 2017 Nikita <nikita@n0.is> |
8574c822 | 6 | ;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
b76762a9 | 7 | ;;; Copyright © 2017, 2018, 2019, 2021 Eric Bavier <bavier@posteo.net> |
7e9e1a36 | 8 | ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> |
90664247 | 9 | ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net> |
3926d0fc | 10 | ;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com> |
e418c3d0 | 11 | ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> |
1239aabd | 12 | ;;; Copyright © 2020 André Batista <nandre@riseup.net> |
7f08437b LC |
13 | ;;; |
14 | ;;; This file is part of GNU Guix. | |
15 | ;;; | |
16 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
17 | ;;; under the terms of the GNU General Public License as published by | |
18 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
19 | ;;; your option) any later version. | |
20 | ;;; | |
21 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
22 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
23 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
24 | ;;; GNU General Public License for more details. | |
25 | ;;; | |
26 | ;;; You should have received a copy of the GNU General Public License | |
27 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
28 | ||
29 | (define-module (gnu packages tor) | |
71794d7b | 30 | #:use-module ((guix licenses) #:prefix license:) |
7f08437b | 31 | #:use-module (guix packages) |
1239aabd | 32 | #:use-module (guix utils) |
7f08437b | 33 | #:use-module (guix download) |
ba583bd2 | 34 | #:use-module (guix git-download) |
7f08437b | 35 | #:use-module (guix build-system gnu) |
c4605e4c | 36 | #:use-module (guix build-system python) |
ba583bd2 | 37 | #:use-module (gnu packages) |
f3cf25c3 | 38 | #:use-module (gnu packages base) |
7f08437b | 39 | #:use-module (gnu packages libevent) |
f3cf25c3 | 40 | #:use-module (gnu packages linux) |
ac257f12 | 41 | #:use-module (gnu packages check) |
7f08437b | 42 | #:use-module (gnu packages compression) |
b2e3dd94 | 43 | #:use-module (gnu packages pcre) |
6c97f17f | 44 | #:use-module (gnu packages pkg-config) |
8850303e | 45 | #:use-module (gnu packages python) |
4afdb792 | 46 | #:use-module (gnu packages python-crypto) |
1b2f753d | 47 | #:use-module (gnu packages python-web) |
44d10b1f | 48 | #:use-module (gnu packages python-xyz) |
b8ea5204 | 49 | #:use-module (gnu packages qt) |
b2e3dd94 | 50 | #:use-module (gnu packages autotools) |
cc2b77df | 51 | #:use-module (gnu packages tls) |
b2e3dd94 | 52 | #:use-module (gnu packages w3m)) |
7f08437b LC |
53 | |
54 | (define-public tor | |
55 | (package | |
56 | (name "tor") | |
09b5cdf8 | 57 | (version "0.4.5.7") |
7f08437b LC |
58 | (source (origin |
59 | (method url-fetch) | |
0ab57b0d | 60 | (uri (string-append "https://dist.torproject.org/tor-" |
7f08437b LC |
61 | version ".tar.gz")) |
62 | (sha256 | |
63 | (base32 | |
09b5cdf8 | 64 | "0x7hhl0svfc4yh9xvq7kkzgmwjcw1ak9i0794wjg4biy2fmclzs4")))) |
7f08437b | 65 | (build-system gnu-build-system) |
28740402 TGR |
66 | (arguments |
67 | `(#:configure-flags | |
68 | (list "--enable-lzma" | |
a8487d4d TGR |
69 | "--enable-zstd") |
70 | #:phases | |
71 | (modify-phases %standard-phases | |
72 | (add-before 'check 'skip-practracker | |
73 | ;; This is a style linter. It doesn't get to throw fatal errors. | |
74 | (lambda _ | |
75 | (setenv "TOR_DISABLE_PRACTRACKER" "set") | |
76 | #t))))) | |
8850303e | 77 | (native-inputs |
6c97f17f | 78 | `(("pkg-config" ,pkg-config) |
28740402 | 79 | ("python" ,python))) ; for tests |
7f08437b | 80 | (inputs |
28740402 | 81 | `(("libevent" ,libevent) |
6c97f17f | 82 | ("libseccomp" ,libseccomp) |
28740402 | 83 | ("openssl" ,openssl) |
6c97f17f | 84 | ("xz" ,xz) |
28740402 | 85 | ("zlib" ,zlib) |
ec0de9d8 | 86 | ("zstd" ,zstd "lib"))) |
0ab57b0d | 87 | (home-page "https://www.torproject.org/") |
9e771e3b | 88 | (synopsis "Anonymous network router to improve privacy on the Internet") |
7f08437b LC |
89 | (description |
90 | "Tor protects you by bouncing your communications around a distributed | |
91 | network of relays run by volunteers all around the world: it prevents | |
92 | somebody watching your Internet connection from learning what sites you | |
93 | visit, and it prevents the sites you visit from learning your physical | |
35b9e423 | 94 | location. Tor works with many of your existing applications, including |
7f08437b | 95 | web browsers, instant messaging clients, remote login, and other |
fc9286d0 | 96 | applications based on the TCP protocol. |
55b27569 | 97 | |
1239aabd AB |
98 | This package is the full featured @code{tor} which is needed for running |
99 | relays, bridges or directory authorities. If you just want to access the Tor | |
100 | network or to setup an onion service you may install @code{tor-client} | |
101 | instead.") | |
102 | (license license:bsd-3))) | |
103 | ||
104 | (define-public tor-client | |
105 | (package | |
106 | (inherit tor) | |
107 | (name "tor-client") | |
108 | (arguments | |
109 | (substitute-keyword-arguments (package-arguments tor) | |
110 | ((#:configure-flags flags) | |
111 | (append flags | |
112 | '("--disable-module-relay"))))) | |
113 | (synopsis "Client to the anonymous Tor network") | |
114 | (description | |
115 | "Tor protects you by bouncing your communications around a distributed | |
116 | network of relays run by volunteers all around the world: it prevents | |
117 | somebody watching your Internet connection from learning what sites you | |
118 | visit, and it prevents the sites you visit from learning your physical | |
119 | location. Tor works with many of your existing applications, including | |
120 | web browsers, instant messaging clients, remote login, and other | |
121 | applications based on the TCP protocol. | |
122 | ||
fc9286d0 | 123 | To @code{torify} applications (to take measures to ensure that an application, |
124 | which has not been designed for use with Tor such as ssh, will use only Tor for | |
125 | internet connectivity, and also ensures that there are no leaks from DNS, UDP or | |
1239aabd AB |
126 | the application layer) you need to install @code{torsocks}. |
127 | ||
128 | This package only provides a client to the Tor Network."))) | |
4f7e152b LC |
129 | |
130 | (define-public torsocks | |
131 | (package | |
132 | (name "torsocks") | |
15c661ec | 133 | (version "2.3.0") |
4f7e152b | 134 | (source (origin |
91988aee | 135 | (method url-fetch) |
136 | (uri (string-append "https://people.torproject.org/~dgoulet/" | |
d77ade87 | 137 | "torsocks/torsocks-" version ".tar.xz")) |
ba583bd2 LC |
138 | (sha256 |
139 | (base32 | |
15c661ec | 140 | "08inrkap29gikb6sdmb58z43hw4abwrfw7ny40c4xzdkss0vkwdr")))) |
4f7e152b | 141 | (build-system gnu-build-system) |
f3cf25c3 | 142 | (inputs |
15c661ec | 143 | `(("libcap" ,libcap))) |
f3cf25c3 EB |
144 | (arguments |
145 | `(#:phases (modify-phases %standard-phases | |
146 | (add-after 'build 'absolutize | |
147 | (lambda* (#:key inputs #:allow-other-keys) | |
148 | (substitute* "src/bin/torsocks" | |
15c661ec TGR |
149 | (("getcap=.*") |
150 | (string-append "getcap=" (which "getcap") "\n"))) | |
f3cf25c3 | 151 | #t))))) |
91988aee | 152 | (home-page "https://www.torproject.org/") |
4f7e152b LC |
153 | (synopsis "Use socks-friendly applications with Tor") |
154 | (description | |
155 | "Torsocks allows you to use most socks-friendly applications in a safe | |
156 | way with Tor. It ensures that DNS requests are handled safely and explicitly | |
157 | rejects UDP traffic from the application you're using.") | |
ba583bd2 LC |
158 | |
159 | ;; All the files explicitly say "version 2 only". | |
71794d7b | 160 | (license license:gpl2))) |
b2e3dd94 LC |
161 | |
162 | (define-public privoxy | |
163 | (package | |
164 | (name "privoxy") | |
8e7ebd35 | 165 | (version "3.0.32") |
b2e3dd94 LC |
166 | (source (origin |
167 | (method url-fetch) | |
168 | (uri (string-append "mirror://sourceforge/ijbswa/Sources/" | |
169 | version "%20%28stable%29/privoxy-" | |
170 | version "-stable-src.tar.gz")) | |
171 | (sha256 | |
172 | (base32 | |
8e7ebd35 | 173 | "1mzfxwnvnf1jkvfcrsivm6mjwdzjrc3h89qziz0mwi32ih0f87f6")))) |
b2e3dd94 LC |
174 | (build-system gnu-build-system) |
175 | (arguments | |
ae5c6fca LC |
176 | '(;; The default 'sysconfdir' is $out/etc; change that to |
177 | ;; $out/etc/privoxy. | |
178 | #:configure-flags (list (string-append "--sysconfdir=" | |
179 | (assoc-ref %outputs "out") | |
e418c3d0 | 180 | "/etc/privoxy") |
70feedbb | 181 | "--localstatedir=/var" |
a5ec9f78 | 182 | "--with-brotli" |
70feedbb | 183 | "--with-openssl") |
e418c3d0 BW |
184 | #:tests? #f ; no test suite |
185 | #:phases | |
186 | (modify-phases %standard-phases | |
187 | (add-after 'unpack 'patch-default-logging | |
188 | (lambda _ | |
189 | (with-fluids ((%default-port-encoding "ISO-8859-1")) | |
190 | ;; Do not create /var/run nor /var/log/privoxy/logfile. | |
191 | (substitute* "GNUmakefile.in" | |
192 | (("(logfile \\|\\| exit )1" _ match) | |
193 | (string-append match "0")) | |
194 | (("(\\$\\(DESTDIR\\)\\$\\(SHARE_DEST\\)) \\\\" _ match) | |
195 | match) | |
196 | ((".*\\$\\(LOG_DEST\\) \\$\\(DESTDIR\\)\\$\\(PID_DEST\\).*") | |
197 | "")) | |
198 | ;; Disable logging in the default configuration to allow for | |
199 | ;; non-root users using it as is. | |
200 | (substitute* "config" | |
201 | (("^logdir") "#logdir") | |
202 | (("^logfile") "#logfile"))) | |
203 | #t))))) | |
b2e3dd94 | 204 | (inputs |
a5ec9f78 TGR |
205 | `(("brotli" ,brotli) |
206 | ("openssl" ,openssl) | |
b2e3dd94 | 207 | ("pcre" ,pcre) |
70feedbb | 208 | ("w3m" ,w3m) |
3926d0fc VL |
209 | ("zlib" ,zlib))) |
210 | (native-inputs | |
211 | `(("autoconf" ,autoconf) | |
b2e3dd94 | 212 | ("automake" ,automake))) |
a8f3d492 | 213 | (home-page "https://www.privoxy.org") |
b2e3dd94 LC |
214 | (synopsis "Web proxy with advanced filtering capabilities for enhancing privacy") |
215 | (description | |
216 | "Privoxy is a non-caching web proxy with advanced filtering capabilities | |
217 | for enhancing privacy, modifying web page data and HTTP headers, controlling | |
218 | access, and removing ads and other obnoxious Internet junk. Privoxy has a | |
219 | flexible configuration and can be customized to suit individual needs and | |
220 | tastes. It has application for both stand-alone systems and multi-user | |
221 | networks.") | |
71794d7b | 222 | (license license:gpl2+))) |
b8ea5204 | 223 | |
b76762a9 | 224 | (define-public onionshare-cli |
b8ea5204 | 225 | (package |
b76762a9 EB |
226 | (name "onionshare-cli") |
227 | (version "2.3.1") | |
b8ea5204 EF |
228 | (source |
229 | (origin | |
d123b094 RW |
230 | (method git-fetch) |
231 | (uri (git-reference | |
b0e7b699 | 232 | (url "https://github.com/micahflee/onionshare") |
d123b094 RW |
233 | (commit (string-append "v" version)))) |
234 | (file-name (git-file-name name version)) | |
b8ea5204 | 235 | (sha256 |
b76762a9 | 236 | (base32 "1llvnvb676s2cs6a4y7isxdj75ddfvskw1p93v5m35vsw7f72kqz")))) |
b8ea5204 | 237 | (build-system python-build-system) |
b8ea5204 | 238 | (native-inputs |
b2fb40de | 239 | `(("python-pytest" ,python-pytest))) |
b8ea5204 | 240 | (inputs |
b76762a9 EB |
241 | ;; TODO: obfs4proxy |
242 | `(("python-click" ,python-click) | |
243 | ("python-eventlet" ,python-eventlet) | |
4afdb792 | 244 | ("python-flask" ,python-flask) |
3268fba3 | 245 | ("python-flask-httpauth" ,python-flask-httpauth) |
b76762a9 EB |
246 | ("python-flask-socketio" ,python-flask-socketio) |
247 | ("python-psutil" ,python-psutil) | |
248 | ("python-pycryptodome" ,python-pycryptodome) | |
4afdb792 | 249 | ("python-pysocks" ,python-pysocks) |
b76762a9 EB |
250 | ("python-requests" ,python-requests) |
251 | ("python-stem" ,python-stem) | |
252 | ("python-unidecode" ,python-unidecode) | |
253 | ("python-urllib3" ,python-urllib3) | |
254 | ("tor" ,tor))) | |
255 | (arguments | |
256 | `(#:phases | |
257 | (modify-phases %standard-phases | |
258 | (add-after 'unpack 'bake-tor | |
259 | (lambda* (#:key inputs #:allow-other-keys) | |
260 | (substitute* (list "cli/onionshare_cli/common.py" | |
261 | "desktop/src/onionshare/gui_common.py") | |
262 | (("shutil\\.which\\(\\\"tor\\\"\\)") | |
263 | (string-append "\"" (which "tor") "\""))) | |
264 | #t)) | |
265 | (add-before 'build 'change-directory | |
266 | (lambda _ (chdir "cli") #t)) | |
267 | (replace 'check | |
268 | (lambda _ | |
269 | (setenv "HOME" "/tmp") | |
270 | ;; Greendns is not needed for testing, and if eventlet tries to | |
271 | ;; load it, an OSError is thrown when getprotobyname is called. | |
272 | ;; Thankfully there is an environment variable to disable the | |
273 | ;; greendns import, so use it: | |
274 | (setenv "EVENTLET_NO_GREENDNS" "yes") | |
275 | (invoke "pytest" "-v" "./tests")))))) | |
b8ea5204 EF |
276 | (home-page "https://onionshare.org/") |
277 | (synopsis "Securely and anonymously share files") | |
b76762a9 EB |
278 | (description "OnionShare lets you securely and anonymously share files, |
279 | host websites, and chat with friends using the Tor network. | |
280 | ||
281 | This package contains @code{onionshare-cli}, a command-line interface to | |
282 | OnionShare.") | |
283 | ;; Bundled, minified jquery and socket.io are expat licensed. | |
3268fba3 | 284 | (license (list license:gpl3+ license:expat)))) |
61ac7544 | 285 | |
b76762a9 EB |
286 | (define-public onionshare |
287 | (package (inherit onionshare-cli) | |
288 | (name "onionshare") | |
289 | (arguments | |
290 | (substitute-keyword-arguments (package-arguments onionshare-cli) | |
291 | ((#:phases phases) | |
292 | `(modify-phases ,phases | |
293 | (replace 'change-directory | |
294 | (lambda _ (chdir "desktop/src") #t)) | |
295 | (add-after 'unpack 'patch-tests | |
296 | (lambda _ | |
297 | ;; Disable tests that require starting servers, which will hang | |
298 | ;; during build: | |
299 | ;; - test_autostart_and_autostop_timer_mismatch | |
300 | ;; - test_autostart_timer | |
301 | ;; - test_autostart_timer_too_short | |
302 | ;; - test_autostop_timer_too_short | |
303 | (substitute* "desktop/tests/test_gui_share.py" | |
304 | (("( *)def test_autost(art|op)_(timer(_too_short)?|and_[^(]*)\\(" & >) | |
305 | (string-append > "@pytest.mark.skip\n" &))) | |
306 | ;; - test_13_quit_with_server_started_should_warn | |
307 | (substitute* "desktop/tests/test_gui_tabs.py" | |
308 | (("( *)def test_13" & >) | |
309 | (string-append > "@pytest.mark.skip\n" &))) | |
310 | ;; Remove multiline load-path adjustment, so that onionshare-cli | |
311 | ;; modules are loaded from input | |
312 | (use-modules (ice-9 regex) | |
313 | (ice-9 rdelim)) | |
314 | (with-atomic-file-replacement "desktop/tests/conftest.py" | |
315 | (let ((start-rx (make-regexp "^# Allow importing"))) | |
316 | (lambda (in out) | |
317 | (let loop () | |
318 | (let ((line (read-line in 'concat))) | |
319 | (if (regexp-exec start-rx line) | |
320 | (begin ; slurp until closing paren | |
321 | (let slurp () | |
322 | (let ((line (read-line in 'concat))) | |
323 | (if (string=? line ")\n") | |
324 | (dump-port in out) ; done | |
325 | (slurp))))) | |
326 | (begin | |
327 | (display line out) | |
328 | (loop)))))))))) | |
329 | (replace 'check | |
330 | (lambda _ | |
331 | ;; Some tests need a writable homedir: | |
332 | (setenv "HOME" "/tmp") | |
333 | ;; Ensure installed modules can be found: | |
334 | (setenv "PYTHONPATH" | |
335 | (string-append %output "/lib/python" | |
336 | ,(version-major+minor (package-version python)) | |
337 | "/site-packages:" | |
338 | (getenv "PYTHONPATH"))) | |
339 | ;; Avoid `getprotobyname` issues: | |
340 | (setenv "EVENTLET_NO_GREENDNS" "yes") | |
341 | ;; Make Qt render "offscreen": | |
342 | (setenv "QT_QPA_PLATFORM" "offscreen") | |
343 | ;; Must be run from "desktop" dir: | |
344 | (chdir "..") | |
345 | (invoke "./tests/run.sh"))) | |
346 | (add-after 'install 'install-data | |
347 | (lambda* (#:key outputs #:allow-other-keys) | |
348 | (let* ((out (assoc-ref outputs "out")) | |
349 | (share (string-append out "/share"))) | |
350 | (install-file "org.onionshare.OnionShare.svg" | |
351 | (string-append share "/icons/hicolor/scalable/apps")) | |
352 | (install-file "org.onionshare.OnionShare.desktop" | |
353 | (string-append share "/applications")) | |
354 | #t))))))) | |
355 | (native-inputs | |
356 | `(("python-pytest" ,python-pytest))) | |
357 | (inputs | |
358 | ;; TODO: obfs4proxy | |
359 | `(("onionshare-cli" ,onionshare-cli) | |
360 | ("python-shiboken-2" ,python-shiboken-2) | |
361 | ("python-pyside-2" ,python-pyside-2) | |
362 | ("python-qrcode" ,python-qrcode) | |
363 | ;; The desktop client uses onionshare-cli like a python module. But | |
364 | ;; propagating onionshare-cli's inputs is not great, since a user would | |
365 | ;; not expect to have those installed when using onionshare-cli as a | |
366 | ;; standalone utility. So add onionshare-cli's inputs here. | |
367 | ,@(package-inputs onionshare-cli))) | |
368 | (description "OnionShare lets you securely and anonymously share files, | |
369 | host websites, and chat with friends using the Tor network."))) | |
370 | ||
61ac7544 | 371 | (define-public nyx |
18ab54d4 TGR |
372 | (package |
373 | (name "nyx") | |
ab1019f1 | 374 | (version "2.1.0") |
18ab54d4 TGR |
375 | (source |
376 | (origin | |
377 | (method url-fetch) | |
378 | (uri (pypi-uri name version)) | |
379 | (sha256 | |
380 | (base32 | |
ab1019f1 | 381 | "02rrlllz2ci6i6cs3iddyfns7ang9a54jrlygd2jw1f9s6418ll8")))) |
18ab54d4 TGR |
382 | (build-system python-build-system) |
383 | (inputs | |
384 | `(("python-stem" ,python-stem))) | |
385 | (arguments | |
386 | `(#:phases | |
387 | (modify-phases %standard-phases | |
388 | (add-after 'install 'install-man-page | |
389 | (lambda* (#:key outputs #:allow-other-keys) | |
390 | (let* ((out (assoc-ref outputs "out")) | |
391 | (man (string-append out "/share/man"))) | |
392 | (install-file "nyx.1" (string-append man "/man1")) | |
393 | #t))) | |
394 | (add-after 'install 'install-sample-configuration | |
395 | (lambda* (#:key outputs #:allow-other-keys) | |
396 | (let* ((out (assoc-ref outputs "out")) | |
397 | (doc (string-append out "/share/doc/" ,name "-" ,version))) | |
398 | (install-file "web/nyxrc.sample" doc) | |
399 | #t)))) | |
400 | ;; XXX The tests seem to require more of a real terminal than the build | |
401 | ;; environment provides: | |
402 | ;; _curses.error: setupterm: could not find terminal | |
403 | ;; With TERM=linux, the tests try to move the cursor and still fail: | |
404 | ;; _curses.error: cbreak() returned ERR | |
405 | #:tests? #f)) | |
406 | (home-page "https://nyx.torproject.org/") | |
407 | (synopsis "Tor relay status monitor") | |
408 | (description | |
409 | "Nyx monitors the performance of relays participating in the | |
61ac7544 TGR |
410 | @uref{https://www.torproject.org/, Tor anonymity network}. It displays this |
411 | information visually and in real time, using a curses-based terminal interface. | |
412 | This makes Nyx well-suited for remote shell connections and servers without a | |
413 | graphical display. It's like @command{top} for Tor, providing detailed | |
414 | statistics and status reports on: | |
415 | ||
416 | @enumerate | |
417 | @item connections (with IP address, hostname, fingerprint, and consensus data), | |
418 | @item bandwidth, processor, and memory usage, | |
419 | @item the relay's current configuration, | |
420 | @item logged events, | |
421 | @item and much more. | |
422 | @end enumerate | |
423 | ||
424 | Potential client and exit connections are scrubbed of sensitive information.") | |
18ab54d4 | 425 | (license license:gpl3+))) |