[jackhill/guix/guix.git] / gnu / packages / tor.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Nikita <nikita@n0.is>
;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017, 2018, 2019, 2021 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2020 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages tor)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix utils)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages pcre)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages python-crypto)
  #:use-module (gnu packages python-web)
  #:use-module (gnu packages python-xyz)
  #:use-module (gnu packages qt)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages w3m))

(define-public tor
  (package
    (name "tor")
    (version "0.4.5.7")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://dist.torproject.org/tor-"
                                 version ".tar.gz"))
             (sha256
              (base32
               "0x7hhl0svfc4yh9xvq7kkzgmwjcw1ak9i0794wjg4biy2fmclzs4"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags
       (list "--enable-lzma"
             "--enable-zstd")
       #:phases
       (modify-phases %standard-phases
         (add-before 'check 'skip-practracker
           ;; This is a style linter.  It doesn't get to throw fatal errors.
           (lambda _
             (setenv "TOR_DISABLE_PRACTRACKER" "set")
             #t)))))
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("python" ,python)))             ; for tests
    (inputs
     `(("libevent" ,libevent)
       ("libseccomp" ,libseccomp)
       ("openssl" ,openssl)
       ("xz" ,xz)
       ("zlib" ,zlib)
       ("zstd" ,zstd "lib")))
    (home-page "https://www.torproject.org/")
    (synopsis "Anonymous network router to improve privacy on the Internet")
    (description
     "Tor protects you by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location.  Tor works with many of your existing applications, including
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.

This package is the full featured @code{tor} which is needed for running
relays, bridges or directory authorities. If you just want to access the Tor
network or to setup an onion service you may install @code{tor-client}
instead.")
    (license license:bsd-3)))

(define-public tor-client
  (package
    (inherit tor)
    (name "tor-client")
    (arguments
     (substitute-keyword-arguments (package-arguments tor)
       ((#:configure-flags flags)
        (append flags
                '("--disable-module-relay")))))
    (synopsis "Client to the anonymous Tor network")
    (description
     "Tor protects you by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location.  Tor works with many of your existing applications, including
web browsers, instant messaging clients, remote login, and other
applications based on the TCP protocol.

To @code{torify} applications (to take measures to ensure that an application,
which has not been designed for use with Tor such as ssh, will use only Tor for
internet connectivity, and also ensures that there are no leaks from DNS, UDP or
the application layer) you need to install @code{torsocks}.

This package only provides a client to the Tor Network.")))

(define-public torsocks
  (package
    (name "torsocks")
    (version "2.3.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://people.torproject.org/~dgoulet/"
                                  "torsocks/torsocks-" version ".tar.xz"))
              (sha256
               (base32
                "08inrkap29gikb6sdmb58z43hw4abwrfw7ny40c4xzdkss0vkwdr"))))
    (build-system gnu-build-system)
    (inputs
     `(("libcap" ,libcap)))
    (arguments
     `(#:phases (modify-phases %standard-phases
                  (add-after 'build 'absolutize
                    (lambda* (#:key inputs #:allow-other-keys)
                      (substitute* "src/bin/torsocks"
                        (("getcap=.*")
                         (string-append "getcap=" (which "getcap") "\n")))
                      #t)))))
    (home-page "https://www.torproject.org/")
    (synopsis "Use socks-friendly applications with Tor")
    (description
     "Torsocks allows you to use most socks-friendly applications in a safe
way with Tor.  It ensures that DNS requests are handled safely and explicitly
rejects UDP traffic from the application you're using.")

    ;; All the files explicitly say "version 2 only".
    (license license:gpl2)))

(define-public privoxy
  (package
    (name "privoxy")
    (version "3.0.32")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/ijbswa/Sources/"
                                 version "%20%28stable%29/privoxy-"
                                 version "-stable-src.tar.gz"))
             (sha256
              (base32
               "1mzfxwnvnf1jkvfcrsivm6mjwdzjrc3h89qziz0mwi32ih0f87f6"))))
    (build-system gnu-build-system)
    (arguments
     '(;; The default 'sysconfdir' is $out/etc; change that to
       ;; $out/etc/privoxy.
       #:configure-flags (list (string-append "--sysconfdir="
                                              (assoc-ref %outputs "out")
                                              "/etc/privoxy")
                               "--localstatedir=/var"
                               "--with-brotli"
                               "--with-openssl")
       #:tests? #f                      ; no test suite
       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-default-logging
           (lambda _
             (with-fluids ((%default-port-encoding "ISO-8859-1"))
               ;; Do not create /var/run nor /var/log/privoxy/logfile.
               (substitute* "GNUmakefile.in"
                 (("(logfile \\|\\| exit )1" _ match)
                  (string-append match "0"))
                 (("(\\$\\(DESTDIR\\)\\$\\(SHARE_DEST\\)) \\\\" _ match)
                  match)
                 ((".*\\$\\(LOG_DEST\\) \\$\\(DESTDIR\\)\\$\\(PID_DEST\\).*")
                  ""))
               ;; Disable logging in the default configuration to allow for
               ;; non-root users using it as is.
               (substitute* "config"
                 (("^logdir") "#logdir")
                 (("^logfile") "#logfile")))
             #t)))))
    (inputs
     `(("brotli" ,brotli)
       ("openssl" ,openssl)
       ("pcre" ,pcre)
       ("w3m" ,w3m)
       ("zlib" ,zlib)))
    (native-inputs
     `(("autoconf" ,autoconf)
       ("automake" ,automake)))
    (home-page "https://www.privoxy.org")
    (synopsis "Web proxy with advanced filtering capabilities for enhancing privacy")
    (description
     "Privoxy is a non-caching web proxy with advanced filtering capabilities
for enhancing privacy, modifying web page data and HTTP headers, controlling
access, and removing ads and other obnoxious Internet junk.  Privoxy has a
flexible configuration and can be customized to suit individual needs and
tastes.  It has application for both stand-alone systems and multi-user
networks.")
    (license license:gpl2+)))

(define-public onionshare-cli
  (package
    (name "onionshare-cli")
    (version "2.3.1")
    (source
      (origin
        (method git-fetch)
        (uri (git-reference
              (url "https://github.com/micahflee/onionshare")
              (commit (string-append "v" version))))
        (file-name (git-file-name name version))
        (sha256
         (base32 "1llvnvb676s2cs6a4y7isxdj75ddfvskw1p93v5m35vsw7f72kqz"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-pytest" ,python-pytest)))
    (inputs
     ;; TODO: obfs4proxy
     `(("python-click" ,python-click)
       ("python-eventlet" ,python-eventlet)
       ("python-flask" ,python-flask)
       ("python-flask-httpauth" ,python-flask-httpauth)
       ("python-flask-socketio" ,python-flask-socketio)
       ("python-psutil" ,python-psutil)
       ("python-pycryptodome" ,python-pycryptodome)
       ("python-pysocks" ,python-pysocks)
       ("python-requests" ,python-requests)
       ("python-stem" ,python-stem)
       ("python-unidecode" ,python-unidecode)
       ("python-urllib3" ,python-urllib3)
       ("tor" ,tor)))
    (arguments
     `(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'bake-tor
           (lambda* (#:key inputs #:allow-other-keys)
             (substitute* (list "cli/onionshare_cli/common.py"
                                "desktop/src/onionshare/gui_common.py")
               (("shutil\\.which\\(\\\"tor\\\"\\)")
                (string-append "\"" (which "tor") "\"")))
             #t))
         (add-before 'build 'change-directory
           (lambda _ (chdir "cli") #t))
         (replace 'check
           (lambda _
             (setenv "HOME" "/tmp")
             ;; Greendns is not needed for testing, and if eventlet tries to
             ;; load it, an OSError is thrown when getprotobyname is called.
             ;; Thankfully there is an environment variable to disable the
             ;; greendns import, so use it:
             (setenv "EVENTLET_NO_GREENDNS" "yes")
             (invoke "pytest" "-v" "./tests"))))))
    (home-page "https://onionshare.org/")
    (synopsis "Securely and anonymously share files")
    (description "OnionShare lets you securely and anonymously share files,
host websites, and chat with friends using the Tor network.

This package contains @code{onionshare-cli}, a command-line interface to
OnionShare.")
    ;; Bundled, minified jquery and socket.io are expat licensed.
    (license (list license:gpl3+ license:expat))))

(define-public onionshare
  (package (inherit onionshare-cli)
    (name "onionshare")
    (arguments
     (substitute-keyword-arguments (package-arguments onionshare-cli)
      ((#:phases phases)
       `(modify-phases ,phases
         (replace 'change-directory
           (lambda _ (chdir "desktop/src") #t))
         (add-after 'unpack 'patch-tests
           (lambda _
             ;; Disable tests that require starting servers, which will hang
             ;; during build:
             ;; - test_autostart_and_autostop_timer_mismatch
             ;; - test_autostart_timer
             ;; - test_autostart_timer_too_short
             ;; - test_autostop_timer_too_short
             (substitute* "desktop/tests/test_gui_share.py"
               (("( *)def test_autost(art|op)_(timer(_too_short)?|and_[^(]*)\\(" & >)
                (string-append > "@pytest.mark.skip\n" &)))
             ;; - test_13_quit_with_server_started_should_warn
             (substitute* "desktop/tests/test_gui_tabs.py"
               (("( *)def test_13" & >)
                (string-append > "@pytest.mark.skip\n" &)))
             ;; Remove multiline load-path adjustment, so that onionshare-cli
             ;; modules are loaded from input
             (use-modules (ice-9 regex)
                          (ice-9 rdelim))
             (with-atomic-file-replacement "desktop/tests/conftest.py"
               (let ((start-rx (make-regexp "^# Allow importing")))
                 (lambda (in out)
                   (let loop ()
                     (let ((line (read-line in 'concat)))
                       (if (regexp-exec start-rx line)
                           (begin      ; slurp until closing paren
                             (let slurp ()
                               (let ((line (read-line in 'concat)))
                                 (if (string=? line ")\n")
                                     (dump-port in out) ; done
                                     (slurp)))))
                           (begin
                             (display line out)
                             (loop))))))))))
         (replace 'check
           (lambda _
             ;; Some tests need a writable homedir:
             (setenv "HOME" "/tmp")
             ;; Ensure installed modules can be found:
             (setenv "PYTHONPATH"
                     (string-append %output "/lib/python"
                                    ,(version-major+minor (package-version python))
                                    "/site-packages:"
                                    (getenv "PYTHONPATH")))
             ;; Avoid `getprotobyname` issues:
             (setenv "EVENTLET_NO_GREENDNS" "yes")
             ;; Make Qt render "offscreen":
             (setenv "QT_QPA_PLATFORM" "offscreen")
             ;; Must be run from "desktop" dir:
             (chdir "..")
             (invoke "./tests/run.sh")))
         (add-after 'install 'install-data
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (share (string-append out "/share")))
               (install-file "org.onionshare.OnionShare.svg"
                             (string-append share "/icons/hicolor/scalable/apps"))
               (install-file "org.onionshare.OnionShare.desktop"
                             (string-append share "/applications"))
               #t)))))))
    (native-inputs
     `(("python-pytest" ,python-pytest)))
    (inputs
     ;; TODO: obfs4proxy
     `(("onionshare-cli" ,onionshare-cli)
       ("python-shiboken-2" ,python-shiboken-2)
       ("python-pyside-2" ,python-pyside-2)
       ("python-qrcode" ,python-qrcode)
       ;; The desktop client uses onionshare-cli like a python module.  But
       ;; propagating onionshare-cli's inputs is not great, since a user would
       ;; not expect to have those installed when using onionshare-cli as a
       ;; standalone utility.  So add onionshare-cli's inputs here.
       ,@(package-inputs onionshare-cli)))
    (description "OnionShare lets you securely and anonymously share files,
host websites, and chat with friends using the Tor network.")))

(define-public nyx
  (package
    (name "nyx")
    (version "2.1.0")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "02rrlllz2ci6i6cs3iddyfns7ang9a54jrlygd2jw1f9s6418ll8"))))
    (build-system python-build-system)
    (inputs
     `(("python-stem" ,python-stem)))
    (arguments
     `(#:phases
       (modify-phases %standard-phases
         (add-after 'install 'install-man-page
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (man (string-append out "/share/man")))
               (install-file "nyx.1" (string-append man "/man1"))
               #t)))
         (add-after 'install 'install-sample-configuration
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
               (install-file "web/nyxrc.sample" doc)
               #t))))
       ;; XXX The tests seem to require more of a real terminal than the build
       ;; environment provides:
       ;;   _curses.error: setupterm: could not find terminal
       ;; With TERM=linux, the tests try to move the cursor and still fail:
       ;;   _curses.error: cbreak() returned ERR
       #:tests? #f))
    (home-page "https://nyx.torproject.org/")
    (synopsis "Tor relay status monitor")
    (description
     "Nyx monitors the performance of relays participating in the
@uref{https://www.torproject.org/, Tor anonymity network}.  It displays this
information visually and in real time, using a curses-based terminal interface.
This makes Nyx well-suited for remote shell connections and servers without a
graphical display.  It's like @command{top} for Tor, providing detailed
statistics and status reports on:

@enumerate
@item connections (with IP address, hostname, fingerprint, and consensus data),
@item bandwidth, processor, and memory usage,
@item the relay's current configuration,
@item logged events,
@item and much more.
@end enumerate

Potential client and exit connections are scrubbed of sensitive information.")
    (license license:gpl3+)))
Commit	Line	Data
7f08437b	1	;;; GNU Guix --- Functional package management for GNU
9355498d	2	;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
722ec722	3	;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
09b5cdf8	4	;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
3c986a7d	5	;;; Copyright © 2016, 2017 Nikita <nikita@n0.is>
8574c822	6	;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
b76762a9	7	;;; Copyright © 2017, 2018, 2019, 2021 Eric Bavier <bavier@posteo.net>
7e9e1a36	8	;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
90664247	9	;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
3926d0fc	10	;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
e418c3d0	11	;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
1239aabd	12	;;; Copyright © 2020 André Batista <nandre@riseup.net>
7f08437b LC	13	;;;
	14	;;; This file is part of GNU Guix.
	15	;;;
	16	;;; GNU Guix is free software; you can redistribute it and/or modify it
	17	;;; under the terms of the GNU General Public License as published by
	18	;;; the Free Software Foundation; either version 3 of the License, or (at
	19	;;; your option) any later version.
	20	;;;
	21	;;; GNU Guix is distributed in the hope that it will be useful, but
	22	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	23	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	24	;;; GNU General Public License for more details.
	25	;;;
	26	;;; You should have received a copy of the GNU General Public License
	27	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	28
	29	(define-module (gnu packages tor)
71794d7b	30	#:use-module ((guix licenses) #:prefix license:)
7f08437b	31	#:use-module (guix packages)
1239aabd	32	#:use-module (guix utils)
7f08437b	33	#:use-module (guix download)
ba583bd2	34	#:use-module (guix git-download)
7f08437b	35	#:use-module (guix build-system gnu)
c4605e4c	36	#:use-module (guix build-system python)
ba583bd2	37	#:use-module (gnu packages)
f3cf25c3	38	#:use-module (gnu packages base)
7f08437b	39	#:use-module (gnu packages libevent)
f3cf25c3	40	#:use-module (gnu packages linux)
ac257f12	41	#:use-module (gnu packages check)
7f08437b	42	#:use-module (gnu packages compression)
b2e3dd94	43	#:use-module (gnu packages pcre)
6c97f17f	44	#:use-module (gnu packages pkg-config)
8850303e	45	#:use-module (gnu packages python)
4afdb792	46	#:use-module (gnu packages python-crypto)
1b2f753d	47	#:use-module (gnu packages python-web)
44d10b1f	48	#:use-module (gnu packages python-xyz)
b8ea5204	49	#:use-module (gnu packages qt)
b2e3dd94	50	#:use-module (gnu packages autotools)
cc2b77df	51	#:use-module (gnu packages tls)
b2e3dd94	52	#:use-module (gnu packages w3m))
7f08437b LC	53
	54	(define-public tor
	55	(package
	56	(name "tor")
09b5cdf8	57	(version "0.4.5.7")
7f08437b LC	58	(source (origin
7f08437b LC	59	(method url-fetch)
0ab57b0d	60	(uri (string-append "https://dist.torproject.org/tor-"
7f08437b LC	61	version ".tar.gz"))
	62	(sha256
	63	(base32
09b5cdf8	64	"0x7hhl0svfc4yh9xvq7kkzgmwjcw1ak9i0794wjg4biy2fmclzs4"))))
7f08437b	65	(build-system gnu-build-system)
28740402 TGR	66	(arguments
	67	`(#:configure-flags
	68	(list "--enable-lzma"
a8487d4d TGR	69	"--enable-zstd")
	70	#:phases
	71	(modify-phases %standard-phases
	72	(add-before 'check 'skip-practracker
	73	;; This is a style linter. It doesn't get to throw fatal errors.
	74	(lambda _
	75	(setenv "TOR_DISABLE_PRACTRACKER" "set")
	76	#t)))))
8850303e	77	(native-inputs
6c97f17f	78	`(("pkg-config" ,pkg-config)
28740402	79	("python" ,python))) ; for tests
7f08437b	80	(inputs
28740402	81	`(("libevent" ,libevent)
6c97f17f	82	("libseccomp" ,libseccomp)
28740402	83	("openssl" ,openssl)
6c97f17f	84	("xz" ,xz)
28740402	85	("zlib" ,zlib)
ec0de9d8	86	("zstd" ,zstd "lib")))
0ab57b0d	87	(home-page "https://www.torproject.org/")
9e771e3b	88	(synopsis "Anonymous network router to improve privacy on the Internet")
7f08437b LC	89	(description
	90	"Tor protects you by bouncing your communications around a distributed
	91	network of relays run by volunteers all around the world: it prevents
	92	somebody watching your Internet connection from learning what sites you
	93	visit, and it prevents the sites you visit from learning your physical
35b9e423	94	location. Tor works with many of your existing applications, including
7f08437b	95	web browsers, instant messaging clients, remote login, and other
fc9286d0	96	applications based on the TCP protocol.
55b27569	97
1239aabd AB	98	This package is the full featured @code{tor} which is needed for running
	99	relays, bridges or directory authorities. If you just want to access the Tor
	100	network or to setup an onion service you may install @code{tor-client}
	101	instead.")
	102	(license license:bsd-3)))
	103
	104	(define-public tor-client
	105	(package
	106	(inherit tor)
	107	(name "tor-client")
	108	(arguments
	109	(substitute-keyword-arguments (package-arguments tor)
	110	((#:configure-flags flags)
	111	(append flags
	112	'("--disable-module-relay")))))
	113	(synopsis "Client to the anonymous Tor network")
	114	(description
	115	"Tor protects you by bouncing your communications around a distributed
	116	network of relays run by volunteers all around the world: it prevents
	117	somebody watching your Internet connection from learning what sites you
	118	visit, and it prevents the sites you visit from learning your physical
	119	location. Tor works with many of your existing applications, including
	120	web browsers, instant messaging clients, remote login, and other
	121	applications based on the TCP protocol.
	122
fc9286d0	123	To @code{torify} applications (to take measures to ensure that an application,
	124	which has not been designed for use with Tor such as ssh, will use only Tor for
	125	internet connectivity, and also ensures that there are no leaks from DNS, UDP or
1239aabd AB	126	the application layer) you need to install @code{torsocks}.
	127
	128	This package only provides a client to the Tor Network.")))
4f7e152b LC	129
	130	(define-public torsocks
	131	(package
	132	(name "torsocks")
15c661ec	133	(version "2.3.0")
4f7e152b	134	(source (origin
91988aee	135	(method url-fetch)
91988aee	136	(uri (string-append "https://people.torproject.org/~dgoulet/"
d77ade87	137	"torsocks/torsocks-" version ".tar.xz"))
ba583bd2 LC	138	(sha256
ba583bd2 LC	139	(base32
15c661ec	140	"08inrkap29gikb6sdmb58z43hw4abwrfw7ny40c4xzdkss0vkwdr"))))
4f7e152b	141	(build-system gnu-build-system)
f3cf25c3	142	(inputs
15c661ec	143	`(("libcap" ,libcap)))
f3cf25c3 EB	144	(arguments
	145	`(#:phases (modify-phases %standard-phases
	146	(add-after 'build 'absolutize
	147	(lambda* (#:key inputs #:allow-other-keys)
	148	(substitute* "src/bin/torsocks"
15c661ec TGR	149	(("getcap=.*")
15c661ec TGR	150	(string-append "getcap=" (which "getcap") "\n")))
f3cf25c3	151	#t)))))
91988aee	152	(home-page "https://www.torproject.org/")
4f7e152b LC	153	(synopsis "Use socks-friendly applications with Tor")
	154	(description
	155	"Torsocks allows you to use most socks-friendly applications in a safe
	156	way with Tor. It ensures that DNS requests are handled safely and explicitly
	157	rejects UDP traffic from the application you're using.")
ba583bd2 LC	158
ba583bd2 LC	159	;; All the files explicitly say "version 2 only".
71794d7b	160	(license license:gpl2)))
b2e3dd94 LC	161
	162	(define-public privoxy
	163	(package
	164	(name "privoxy")
8e7ebd35	165	(version "3.0.32")
b2e3dd94 LC	166	(source (origin
	167	(method url-fetch)
	168	(uri (string-append "mirror://sourceforge/ijbswa/Sources/"
	169	version "%20%28stable%29/privoxy-"
	170	version "-stable-src.tar.gz"))
	171	(sha256
	172	(base32
8e7ebd35	173	"1mzfxwnvnf1jkvfcrsivm6mjwdzjrc3h89qziz0mwi32ih0f87f6"))))
b2e3dd94 LC	174	(build-system gnu-build-system)
b2e3dd94 LC	175	(arguments
ae5c6fca LC	176	'(;; The default 'sysconfdir' is $out/etc; change that to
	177	;; $out/etc/privoxy.
	178	#:configure-flags (list (string-append "--sysconfdir="
	179	(assoc-ref %outputs "out")
e418c3d0	180	"/etc/privoxy")
70feedbb	181	"--localstatedir=/var"
a5ec9f78	182	"--with-brotli"
70feedbb	183	"--with-openssl")
e418c3d0 BW	184	#:tests? #f ; no test suite
	185	#:phases
	186	(modify-phases %standard-phases
	187	(add-after 'unpack 'patch-default-logging
	188	(lambda _
	189	(with-fluids ((%default-port-encoding "ISO-8859-1"))
	190	;; Do not create /var/run nor /var/log/privoxy/logfile.
	191	(substitute* "GNUmakefile.in"
	192	(("(logfile \\\|\\\| exit )1" _ match)
	193	(string-append match "0"))
	194	(("(\\$\\(DESTDIR\\)\\$\\(SHARE_DEST\\)) \\\\" _ match)
	195	match)
	196	((".\\$\\(LOG_DEST\\) \\$\\(DESTDIR\\)\\$\\(PID_DEST\\).")
	197	""))
	198	;; Disable logging in the default configuration to allow for
	199	;; non-root users using it as is.
	200	(substitute* "config"
	201	(("^logdir") "#logdir")
	202	(("^logfile") "#logfile")))
	203	#t)))))
b2e3dd94	204	(inputs
a5ec9f78 TGR	205	`(("brotli" ,brotli)
a5ec9f78 TGR	206	("openssl" ,openssl)
b2e3dd94	207	("pcre" ,pcre)
70feedbb	208	("w3m" ,w3m)
3926d0fc VL	209	("zlib" ,zlib)))
	210	(native-inputs
	211	`(("autoconf" ,autoconf)
b2e3dd94	212	("automake" ,automake)))
a8f3d492	213	(home-page "https://www.privoxy.org")
b2e3dd94 LC	214	(synopsis "Web proxy with advanced filtering capabilities for enhancing privacy")
	215	(description
	216	"Privoxy is a non-caching web proxy with advanced filtering capabilities
	217	for enhancing privacy, modifying web page data and HTTP headers, controlling
	218	access, and removing ads and other obnoxious Internet junk. Privoxy has a
	219	flexible configuration and can be customized to suit individual needs and
	220	tastes. It has application for both stand-alone systems and multi-user
	221	networks.")
71794d7b	222	(license license:gpl2+)))
b8ea5204	223
b76762a9	224	(define-public onionshare-cli
b8ea5204	225	(package
b76762a9 EB	226	(name "onionshare-cli")
b76762a9 EB	227	(version "2.3.1")
b8ea5204 EF	228	(source
b8ea5204 EF	229	(origin
d123b094 RW	230	(method git-fetch)
d123b094 RW	231	(uri (git-reference
b0e7b699	232	(url "https://github.com/micahflee/onionshare")
d123b094 RW	233	(commit (string-append "v" version))))
d123b094 RW	234	(file-name (git-file-name name version))
b8ea5204	235	(sha256
b76762a9	236	(base32 "1llvnvb676s2cs6a4y7isxdj75ddfvskw1p93v5m35vsw7f72kqz"))))
b8ea5204	237	(build-system python-build-system)
b8ea5204	238	(native-inputs
b2fb40de	239	`(("python-pytest" ,python-pytest)))
b8ea5204	240	(inputs
b76762a9 EB	241	;; TODO: obfs4proxy
	242	`(("python-click" ,python-click)
	243	("python-eventlet" ,python-eventlet)
4afdb792	244	("python-flask" ,python-flask)
3268fba3	245	("python-flask-httpauth" ,python-flask-httpauth)
b76762a9 EB	246	("python-flask-socketio" ,python-flask-socketio)
	247	("python-psutil" ,python-psutil)
	248	("python-pycryptodome" ,python-pycryptodome)
4afdb792	249	("python-pysocks" ,python-pysocks)
b76762a9 EB	250	("python-requests" ,python-requests)
	251	("python-stem" ,python-stem)
	252	("python-unidecode" ,python-unidecode)
	253	("python-urllib3" ,python-urllib3)
	254	("tor" ,tor)))
	255	(arguments
	256	`(#:phases
	257	(modify-phases %standard-phases
	258	(add-after 'unpack 'bake-tor
	259	(lambda* (#:key inputs #:allow-other-keys)
	260	(substitute* (list "cli/onionshare_cli/common.py"
	261	"desktop/src/onionshare/gui_common.py")
	262	(("shutil\\.which\\(\\\"tor\\\"\\)")
	263	(string-append "\"" (which "tor") "\"")))
	264	#t))
	265	(add-before 'build 'change-directory
	266	(lambda _ (chdir "cli") #t))
	267	(replace 'check
	268	(lambda _
	269	(setenv "HOME" "/tmp")
	270	;; Greendns is not needed for testing, and if eventlet tries to
	271	;; load it, an OSError is thrown when getprotobyname is called.
	272	;; Thankfully there is an environment variable to disable the
	273	;; greendns import, so use it:
	274	(setenv "EVENTLET_NO_GREENDNS" "yes")
	275	(invoke "pytest" "-v" "./tests"))))))
b8ea5204 EF	276	(home-page "https://onionshare.org/")
b8ea5204 EF	277	(synopsis "Securely and anonymously share files")
b76762a9 EB	278	(description "OnionShare lets you securely and anonymously share files,
	279	host websites, and chat with friends using the Tor network.
	280
	281	This package contains @code{onionshare-cli}, a command-line interface to
	282	OnionShare.")
	283	;; Bundled, minified jquery and socket.io are expat licensed.
3268fba3	284	(license (list license:gpl3+ license:expat))))
61ac7544	285
b76762a9 EB	286	(define-public onionshare
	287	(package (inherit onionshare-cli)
	288	(name "onionshare")
	289	(arguments
	290	(substitute-keyword-arguments (package-arguments onionshare-cli)
	291	((#:phases phases)
	292	`(modify-phases ,phases
	293	(replace 'change-directory
	294	(lambda _ (chdir "desktop/src") #t))
	295	(add-after 'unpack 'patch-tests
	296	(lambda _
	297	;; Disable tests that require starting servers, which will hang
	298	;; during build:
	299	;; - test_autostart_and_autostop_timer_mismatch
	300	;; - test_autostart_timer
	301	;; - test_autostart_timer_too_short
	302	;; - test_autostop_timer_too_short
	303	(substitute* "desktop/tests/test_gui_share.py"
	304	(("( )def test_autost(art\|op)_(timer(_too_short)?\|and_[^(])\\(" & >)
	305	(string-append > "@pytest.mark.skip\n" &)))
	306	;; - test_13_quit_with_server_started_should_warn
	307	(substitute* "desktop/tests/test_gui_tabs.py"
	308	(("( *)def test_13" & >)
	309	(string-append > "@pytest.mark.skip\n" &)))
	310	;; Remove multiline load-path adjustment, so that onionshare-cli
	311	;; modules are loaded from input
	312	(use-modules (ice-9 regex)
	313	(ice-9 rdelim))
	314	(with-atomic-file-replacement "desktop/tests/conftest.py"
	315	(let ((start-rx (make-regexp "^# Allow importing")))
	316	(lambda (in out)
	317	(let loop ()
	318	(let ((line (read-line in 'concat)))
	319	(if (regexp-exec start-rx line)
	320	(begin ; slurp until closing paren
	321	(let slurp ()
	322	(let ((line (read-line in 'concat)))
	323	(if (string=? line ")\n")
	324	(dump-port in out) ; done
	325	(slurp)))))
	326	(begin
	327	(display line out)
	328	(loop))))))))))
	329	(replace 'check
	330	(lambda _
	331	;; Some tests need a writable homedir:
	332	(setenv "HOME" "/tmp")
	333	;; Ensure installed modules can be found:
	334	(setenv "PYTHONPATH"
	335	(string-append %output "/lib/python"
	336	,(version-major+minor (package-version python))
	337	"/site-packages:"
	338	(getenv "PYTHONPATH")))
	339	;; Avoid `getprotobyname` issues:
	340	(setenv "EVENTLET_NO_GREENDNS" "yes")
	341	;; Make Qt render "offscreen":
	342	(setenv "QT_QPA_PLATFORM" "offscreen")
	343	;; Must be run from "desktop" dir:
	344	(chdir "..")
	345	(invoke "./tests/run.sh")))
	346	(add-after 'install 'install-data
	347	(lambda* (#:key outputs #:allow-other-keys)
	348	(let* ((out (assoc-ref outputs "out"))
	349	(share (string-append out "/share")))
350	(install-file "org.onionshare.OnionShare.svg"
351	(string-append share "/icons/hicolor/scalable/apps"))
352	(install-file "org.onionshare.OnionShare.desktop"
353	(string-append share "/applications"))
354	#t)))))))
355	(native-inputs
356	`(("python-pytest" ,python-pytest)))
357	(inputs
358	;; TODO: obfs4proxy
359	`(("onionshare-cli" ,onionshare-cli)
360	("python-shiboken-2" ,python-shiboken-2)
361	("python-pyside-2" ,python-pyside-2)
362	("python-qrcode" ,python-qrcode)
363	;; The desktop client uses onionshare-cli like a python module. But
364	;; propagating onionshare-cli's inputs is not great, since a user would
365	;; not expect to have those installed when using onionshare-cli as a
366	;; standalone utility. So add onionshare-cli's inputs here.
367	,@(package-inputs onionshare-cli)))
368	(description "OnionShare lets you securely and anonymously share files,
369	host websites, and chat with friends using the Tor network.")))
370
61ac7544	371	(define-public nyx
18ab54d4 TGR	372	(package
18ab54d4 TGR	373	(name "nyx")
ab1019f1	374	(version "2.1.0")
18ab54d4 TGR	375	(source
	376	(origin
	377	(method url-fetch)
	378	(uri (pypi-uri name version))
	379	(sha256
	380	(base32
ab1019f1	381	"02rrlllz2ci6i6cs3iddyfns7ang9a54jrlygd2jw1f9s6418ll8"))))
18ab54d4 TGR	382	(build-system python-build-system)
	383	(inputs
	384	`(("python-stem" ,python-stem)))
	385	(arguments
	386	`(#:phases
	387	(modify-phases %standard-phases
	388	(add-after 'install 'install-man-page
	389	(lambda* (#:key outputs #:allow-other-keys)
	390	(let* ((out (assoc-ref outputs "out"))
	391	(man (string-append out "/share/man")))
	392	(install-file "nyx.1" (string-append man "/man1"))
	393	#t)))
	394	(add-after 'install 'install-sample-configuration
	395	(lambda* (#:key outputs #:allow-other-keys)
	396	(let* ((out (assoc-ref outputs "out"))
	397	(doc (string-append out "/share/doc/" ,name "-" ,version)))
	398	(install-file "web/nyxrc.sample" doc)
	399	#t))))
	400	;; XXX The tests seem to require more of a real terminal than the build
	401	;; environment provides:
	402	;; _curses.error: setupterm: could not find terminal
	403	;; With TERM=linux, the tests try to move the cursor and still fail:
	404	;; _curses.error: cbreak() returned ERR
	405	#:tests? #f))
	406	(home-page "https://nyx.torproject.org/")
	407	(synopsis "Tor relay status monitor")
	408	(description
	409	"Nyx monitors the performance of relays participating in the
61ac7544 TGR	410	@uref{https://www.torproject.org/, Tor anonymity network}. It displays this
	411	information visually and in real time, using a curses-based terminal interface.
	412	This makes Nyx well-suited for remote shell connections and servers without a
	413	graphical display. It's like @command{top} for Tor, providing detailed
	414	statistics and status reports on:
	415
	416	@enumerate
	417	@item connections (with IP address, hostname, fingerprint, and consensus data),
	418	@item bandwidth, processor, and memory usage,
	419	@item the relay's current configuration,
	420	@item logged events,
	421	@item and much more.
	422	@end enumerate
	423
	424	Potential client and exit connections are scrubbed of sensitive information.")
18ab54d4	425	(license license:gpl3+)))