Merge pull request #1278 from exarkun/3999.structure-config-manipulation

Safely customize the Tor introducer's configuration

Fixes: ticket:3999
This commit is contained in:
Jean-Paul Calderone 2023-05-01 17:09:55 -04:00 committed by GitHub
commit 1d92d9ff81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 73 additions and 86 deletions

View File

@ -48,7 +48,7 @@ from .util import (
generate_ssh_key, generate_ssh_key,
block_with_timeout, block_with_timeout,
) )
from allmydata.node import read_config
# No reason for HTTP requests to take longer than two minutes in the # No reason for HTTP requests to take longer than two minutes in the
# integration tests. See allmydata/scripts/common_http.py for usage. # integration tests. See allmydata/scripts/common_http.py for usage.
@ -212,13 +212,6 @@ def flog_gatherer(reactor, temp_dir, flog_binary, request):
include_result=False, include_result=False,
) )
def introducer(reactor, temp_dir, flog_gatherer, request): def introducer(reactor, temp_dir, flog_gatherer, request):
config = '''
[node]
nickname = introducer0
web.port = 4560
log_gatherer.furl = {log_furl}
'''.format(log_furl=flog_gatherer)
intro_dir = join(temp_dir, 'introducer') intro_dir = join(temp_dir, 'introducer')
print("making introducer", intro_dir) print("making introducer", intro_dir)
@ -238,9 +231,10 @@ log_gatherer.furl = {log_furl}
) )
pytest_twisted.blockon(done_proto.done) pytest_twisted.blockon(done_proto.done)
# over-write the config file with our stuff config = read_config(intro_dir, "tub.port")
with open(join(intro_dir, 'tahoe.cfg'), 'w') as f: config.set_config("node", "nickname", "introducer-tor")
f.write(config) config.set_config("node", "web.port", "4562")
config.set_config("node", "log_gatherer.furl", flog_gatherer)
# "tahoe run" is consistent across Linux/macOS/Windows, unlike the old # "tahoe run" is consistent across Linux/macOS/Windows, unlike the old
# "start" command. # "start" command.
@ -288,15 +282,9 @@ def introducer_furl(introducer, temp_dir):
include_result=False, include_result=False,
) )
def tor_introducer(reactor, temp_dir, flog_gatherer, request): def tor_introducer(reactor, temp_dir, flog_gatherer, request):
config = '''
[node]
nickname = introducer_tor
web.port = 4561
log_gatherer.furl = {log_furl}
'''.format(log_furl=flog_gatherer)
intro_dir = join(temp_dir, 'introducer_tor') intro_dir = join(temp_dir, 'introducer_tor')
print("making introducer", intro_dir) print("making Tor introducer in {}".format(intro_dir))
print("(this can take tens of seconds to allocate Onion address)")
if not exists(intro_dir): if not exists(intro_dir):
mkdir(intro_dir) mkdir(intro_dir)
@ -307,16 +295,21 @@ log_gatherer.furl = {log_furl}
request, request,
( (
'create-introducer', 'create-introducer',
'--tor-control-port', 'tcp:localhost:8010', # The control port should agree with the configuration of the
# Tor network we bootstrap with chutney.
'--tor-control-port', 'tcp:localhost:8007',
'--hide-ip',
'--listen=tor', '--listen=tor',
intro_dir, intro_dir,
), ),
) )
pytest_twisted.blockon(done_proto.done) pytest_twisted.blockon(done_proto.done)
# over-write the config file with our stuff # adjust a few settings
with open(join(intro_dir, 'tahoe.cfg'), 'w') as f: config = read_config(intro_dir, "tub.port")
f.write(config) config.set_config("node", "nickname", "introducer-tor")
config.set_config("node", "web.port", "4561")
config.set_config("node", "log_gatherer.furl", flog_gatherer)
# "tahoe run" is consistent across Linux/macOS/Windows, unlike the old # "tahoe run" is consistent across Linux/macOS/Windows, unlike the old
# "start" command. # "start" command.
@ -339,7 +332,9 @@ log_gatherer.furl = {log_furl}
pass pass
request.addfinalizer(cleanup) request.addfinalizer(cleanup)
print("Waiting for introducer to be ready...")
pytest_twisted.blockon(protocol.magic_seen) pytest_twisted.blockon(protocol.magic_seen)
print("Introducer ready.")
return transport return transport
@ -350,6 +345,7 @@ def tor_introducer_furl(tor_introducer, temp_dir):
print("Don't see {} yet".format(furl_fname)) print("Don't see {} yet".format(furl_fname))
sleep(.1) sleep(.1)
furl = open(furl_fname, 'r').read() furl = open(furl_fname, 'r').read()
print(f"Found Tor introducer furl: {furl} in {furl_fname}")
return furl return furl
@ -495,7 +491,7 @@ def chutney(reactor, temp_dir: str) -> tuple[str, dict[str, str]]:
'git', 'git',
( (
'git', 'clone', 'git', 'clone',
'https://git.torproject.org/chutney.git', 'https://gitlab.torproject.org/tpo/core/chutney.git',
chutney_dir, chutney_dir,
), ),
env=environ, env=environ,
@ -511,7 +507,7 @@ def chutney(reactor, temp_dir: str) -> tuple[str, dict[str, str]]:
( (
'git', '-C', chutney_dir, 'git', '-C', chutney_dir,
'reset', '--hard', 'reset', '--hard',
'c825cba0bcd813c644c6ac069deeb7347d3200ee' 'c4f6789ad2558dcbfeb7d024c6481d8112bfb6c2'
), ),
env=environ, env=environ,
) )
@ -538,6 +534,10 @@ def tor_network(reactor, temp_dir, chutney, request):
env = environ.copy() env = environ.copy()
env.update(chutney_env) env.update(chutney_env)
env.update({
# default is 60, probably too short for reliable automated use.
"CHUTNEY_START_TIME": "600",
})
chutney_argv = (sys.executable, '-m', 'chutney.TorNet') chutney_argv = (sys.executable, '-m', 'chutney.TorNet')
def chutney(argv): def chutney(argv):
proto = _DumpOutputProtocol(None) proto = _DumpOutputProtocol(None)
@ -551,17 +551,9 @@ def tor_network(reactor, temp_dir, chutney, request):
return proto.done return proto.done
# now, as per Chutney's README, we have to create the network # now, as per Chutney's README, we have to create the network
# ./chutney configure networks/basic
# ./chutney start networks/basic
pytest_twisted.blockon(chutney(("configure", basic_network))) pytest_twisted.blockon(chutney(("configure", basic_network)))
pytest_twisted.blockon(chutney(("start", basic_network)))
# print some useful stuff
try:
pytest_twisted.blockon(chutney(("status", basic_network)))
except ProcessTerminated:
print("Chutney.TorNet status failed (continuing)")
# before we start the network, ensure we will tear down at the end
def cleanup(): def cleanup():
print("Tearing down Chutney Tor network") print("Tearing down Chutney Tor network")
try: try:
@ -570,5 +562,13 @@ def tor_network(reactor, temp_dir, chutney, request):
# If this doesn't exit cleanly, that's fine, that shouldn't fail # If this doesn't exit cleanly, that's fine, that shouldn't fail
# the test suite. # the test suite.
pass pass
request.addfinalizer(cleanup) request.addfinalizer(cleanup)
pytest_twisted.blockon(chutney(("start", basic_network)))
pytest_twisted.blockon(chutney(("wait_for_bootstrap", basic_network)))
# print some useful stuff
try:
pytest_twisted.blockon(chutney(("status", basic_network)))
except ProcessTerminated:
print("Chutney.TorNet status failed (continuing)")

View File

@ -23,6 +23,8 @@ from twisted.internet.error import ProcessExitedAlready
from allmydata.test.common import ( from allmydata.test.common import (
write_introducer, write_introducer,
) )
from allmydata.node import read_config
if which("docker") is None: if which("docker") is None:
pytest.skip('Skipping I2P tests since Docker is unavailable', allow_module_level=True) pytest.skip('Skipping I2P tests since Docker is unavailable', allow_module_level=True)
@ -68,13 +70,6 @@ def i2p_network(reactor, temp_dir, request):
include_result=False, include_result=False,
) )
def i2p_introducer(reactor, temp_dir, flog_gatherer, request): def i2p_introducer(reactor, temp_dir, flog_gatherer, request):
config = '''
[node]
nickname = introducer_i2p
web.port = 4561
log_gatherer.furl = {log_furl}
'''.format(log_furl=flog_gatherer)
intro_dir = join(temp_dir, 'introducer_i2p') intro_dir = join(temp_dir, 'introducer_i2p')
print("making introducer", intro_dir) print("making introducer", intro_dir)
@ -94,8 +89,10 @@ log_gatherer.furl = {log_furl}
pytest_twisted.blockon(done_proto.done) pytest_twisted.blockon(done_proto.done)
# over-write the config file with our stuff # over-write the config file with our stuff
with open(join(intro_dir, 'tahoe.cfg'), 'w') as f: config = read_config(intro_dir, "tub.port")
f.write(config) config.set_config("node", "nickname", "introducer_i2p")
config.set_config("node", "web.port", "4563")
config.set_config("node", "log_gatherer.furl", flog_gatherer)
# "tahoe run" is consistent across Linux/macOS/Windows, unlike the old # "tahoe run" is consistent across Linux/macOS/Windows, unlike the old
# "start" command. # "start" command.
@ -133,6 +130,7 @@ def i2p_introducer_furl(i2p_introducer, temp_dir):
@pytest_twisted.inlineCallbacks @pytest_twisted.inlineCallbacks
@pytest.mark.skip("I2P tests are not functioning at all, for unknown reasons")
def test_i2p_service_storage(reactor, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl): def test_i2p_service_storage(reactor, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl):
yield _create_anonymous_node(reactor, 'carol_i2p', 8008, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl) yield _create_anonymous_node(reactor, 'carol_i2p', 8008, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl)
yield _create_anonymous_node(reactor, 'dave_i2p', 8009, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl) yield _create_anonymous_node(reactor, 'dave_i2p', 8009, request, temp_dir, flog_gatherer, i2p_network, i2p_introducer_furl)

View File

@ -18,6 +18,7 @@ from twisted.python.filepath import (
from allmydata.test.common import ( from allmydata.test.common import (
write_introducer, write_introducer,
) )
from allmydata.client import read_config
# see "conftest.py" for the fixtures (e.g. "tor_network") # see "conftest.py" for the fixtures (e.g. "tor_network")
@ -32,8 +33,8 @@ if sys.platform.startswith('win'):
def test_onion_service_storage(reactor, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl): def test_onion_service_storage(reactor, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl):
carol = yield _create_anonymous_node(reactor, 'carol', 8008, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl) carol = yield _create_anonymous_node(reactor, 'carol', 8008, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl)
dave = yield _create_anonymous_node(reactor, 'dave', 8009, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl) dave = yield _create_anonymous_node(reactor, 'dave', 8009, request, temp_dir, flog_gatherer, tor_network, tor_introducer_furl)
yield util.await_client_ready(carol, minimum_number_of_servers=2) yield util.await_client_ready(carol, minimum_number_of_servers=2, timeout=600)
yield util.await_client_ready(dave, minimum_number_of_servers=2) yield util.await_client_ready(dave, minimum_number_of_servers=2, timeout=600)
# ensure both nodes are connected to "a grid" by uploading # ensure both nodes are connected to "a grid" by uploading
# something via carol, and retrieve it using dave. # something via carol, and retrieve it using dave.
@ -60,7 +61,7 @@ def test_onion_service_storage(reactor, request, temp_dir, flog_gatherer, tor_ne
) )
yield proto.done yield proto.done
cap = proto.output.getvalue().strip().split()[-1] cap = proto.output.getvalue().strip().split()[-1]
print("TEH CAP!", cap) print("capability: {}".format(cap))
proto = util._CollectOutputProtocol(capture_stderr=False) proto = util._CollectOutputProtocol(capture_stderr=False)
reactor.spawnProcess( reactor.spawnProcess(
@ -85,7 +86,7 @@ def _create_anonymous_node(reactor, name, control_port, request, temp_dir, flog_
web_port = "tcp:{}:interface=localhost".format(control_port + 2000) web_port = "tcp:{}:interface=localhost".format(control_port + 2000)
if True: if True:
print("creating", node_dir.path) print(f"creating {node_dir.path} with introducer {introducer_furl}")
node_dir.makedirs() node_dir.makedirs()
proto = util._DumpOutputProtocol(None) proto = util._DumpOutputProtocol(None)
reactor.spawnProcess( reactor.spawnProcess(
@ -95,10 +96,14 @@ def _create_anonymous_node(reactor, name, control_port, request, temp_dir, flog_
sys.executable, '-b', '-m', 'allmydata.scripts.runner', sys.executable, '-b', '-m', 'allmydata.scripts.runner',
'create-node', 'create-node',
'--nickname', name, '--nickname', name,
'--webport', web_port,
'--introducer', introducer_furl, '--introducer', introducer_furl,
'--hide-ip', '--hide-ip',
'--tor-control-port', 'tcp:localhost:{}'.format(control_port), '--tor-control-port', 'tcp:localhost:{}'.format(control_port),
'--listen', 'tor', '--listen', 'tor',
'--shares-needed', '1',
'--shares-happy', '1',
'--shares-total', '2',
node_dir.path, node_dir.path,
), ),
env=environ, env=environ,
@ -108,35 +113,13 @@ def _create_anonymous_node(reactor, name, control_port, request, temp_dir, flog_
# Which services should this client connect to? # Which services should this client connect to?
write_introducer(node_dir, "default", introducer_furl) write_introducer(node_dir, "default", introducer_furl)
with node_dir.child('tahoe.cfg').open('w') as f:
node_config = '''
[node]
nickname = %(name)s
web.port = %(web_port)s
web.static = public_html
log_gatherer.furl = %(log_furl)s
[tor] config = read_config(node_dir.path, "tub.port")
control.port = tcp:localhost:%(control_port)d config.set_config("node", "log_gatherer.furl", flog_gatherer)
onion.external_port = 3457 config.set_config("tor", "onion", "true")
onion.local_port = %(local_port)d config.set_config("tor", "onion.external_port", "3457")
onion = true config.set_config("tor", "control.port", f"tcp:port={control_port}:host=127.0.0.1")
onion.private_key_file = private/tor_onion.privkey config.set_config("tor", "onion.private_key_file", "private/tor_onion.privkey")
[client]
shares.needed = 1
shares.happy = 1
shares.total = 2
''' % {
'name': name,
'web_port': web_port,
'log_furl': flog_gatherer,
'control_port': control_port,
'local_port': control_port + 1000,
}
node_config = node_config.encode("utf-8")
f.write(node_config)
print("running") print("running")
result = yield util._run_node(reactor, node_dir.path, request, None) result = yield util._run_node(reactor, node_dir.path, request, None)

View File

@ -93,7 +93,6 @@ class _CollectOutputProtocol(ProcessProtocol):
self.output.write(data) self.output.write(data)
def errReceived(self, data): def errReceived(self, data):
print("ERR: {!r}".format(data))
if self.capture_stderr: if self.capture_stderr:
self.output.write(data) self.output.write(data)
@ -605,19 +604,27 @@ def await_client_ready(tahoe, timeout=10, liveness=60*2, minimum_number_of_serve
print("waiting because '{}'".format(e)) print("waiting because '{}'".format(e))
time.sleep(1) time.sleep(1)
continue continue
servers = js['servers']
if len(js['servers']) < minimum_number_of_servers: if len(servers) < minimum_number_of_servers:
print("waiting because insufficient servers") print(f"waiting because {servers} is fewer than required ({minimum_number_of_servers})")
time.sleep(1) time.sleep(1)
continue continue
print(
f"Now: {time.ctime()}\n"
f"Server last-received-data: {[time.ctime(s['last_received_data']) for s in servers]}"
)
server_times = [ server_times = [
server['last_received_data'] server['last_received_data']
for server in js['servers'] for server in servers
] ]
# if any times are null/None that server has never been # if any times are null/None that server has never been
# contacted (so it's down still, probably) # contacted (so it's down still, probably)
if any(t is None for t in server_times): never_received_data = server_times.count(None)
print("waiting because at least one server not contacted") if never_received_data > 0:
print(f"waiting because {never_received_data} server(s) not contacted")
time.sleep(1) time.sleep(1)
continue continue

View File

@ -0,0 +1 @@
A bug where Introducer nodes configured to listen on Tor or I2P would not actually do so has been fixed.

View File

@ -68,10 +68,6 @@ def create_introducer(basedir=u"."):
default_connection_handlers, foolscap_connection_handlers = create_connection_handlers(config, i2p_provider, tor_provider) default_connection_handlers, foolscap_connection_handlers = create_connection_handlers(config, i2p_provider, tor_provider)
tub_options = create_tub_options(config) tub_options = create_tub_options(config)
# we don't remember these because the Introducer doesn't make
# outbound connections.
i2p_provider = None
tor_provider = None
main_tub = create_main_tub( main_tub = create_main_tub(
config, tub_options, default_connection_handlers, config, tub_options, default_connection_handlers,
foolscap_connection_handlers, i2p_provider, tor_provider, foolscap_connection_handlers, i2p_provider, tor_provider,
@ -83,6 +79,8 @@ def create_introducer(basedir=u"."):
i2p_provider, i2p_provider,
tor_provider, tor_provider,
) )
i2p_provider.setServiceParent(node)
tor_provider.setServiceParent(node)
return defer.succeed(node) return defer.succeed(node)
except Exception: except Exception:
return Failure() return Failure()