From 26dd2e5de2d52302f7471c752915eef59a8f79d4 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Tue, 24 Sep 2019 15:56:20 -0400 Subject: [PATCH] Steps towards performing really Ristretto-flavored PrivacyPass The issuer runs. Helpers to poke the right API calls into the right place forthcoming... --- nixos/modules/issuer.nix | 36 +++++++++++++++++++++++++ nixos/modules/private-storage.nix | 11 +------- nixos/modules/pspkgs.nix | 11 ++++++++ nixos/modules/tests/private-storage.nix | 21 +++++++++++++++ nixos/pkgs/zkapissuer.nix | 10 +++++++ 5 files changed, 79 insertions(+), 10 deletions(-) create mode 100644 nixos/modules/issuer.nix create mode 100644 nixos/modules/pspkgs.nix create mode 100644 nixos/pkgs/zkapissuer.nix diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix new file mode 100644 index 00000000..8f98a6e7 --- /dev/null +++ b/nixos/modules/issuer.nix @@ -0,0 +1,36 @@ +# A NixOS module which can run a Ristretto-based issuer for PrivacyStorage +# ZKAPs. +{ lib, pkgs, config, ... }: let + pspkgs = pkgs.callPackage ./pspkgs.nix { }; + zkapissuer = pspkgs.callPackage ../pkgs/zkapissuer.nix { }; +in { + options = { + services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service"; + services.private-storage-issuer.package = lib.mkOption { + default = zkapissuer.components.exes."PaymentServer-exe"; + type = lib.types.package; + example = lib.literalExample "pkgs.zkapissuer"; + description = '' + The package to use for the ZKAP issuer. + ''; + }; + }; + + config = let + cfg = config.services.private-storage-issuer; + in + lib.mkIf cfg.enable { + systemd.services.zkapissuer = { + enable = true; + description = "ZKAP Issuer"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/PaymentServer-exe"; + Type = "simple"; + Restart = "always"; + }; + }; + }; +} diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix index d2db7dd6..58f4ba36 100644 --- a/nixos/modules/private-storage.nix +++ b/nixos/modules/private-storage.nix @@ -2,16 +2,7 @@ # preferred configuration for the Private Storage grid. { pkgs, lib, config, ... }: let - # Derive a brand new version of pkgs which has our overlay applied. The - # overlay defines a new version of Tahoe-LAFS and some of its dependencies - # and maybe other useful Private Storage customizations. - pspkgs = import pkgs.path - { overlays = [ - # needs fetchFromGitHub to check out zkapauthorizer - (pkgs.callPackage ./zkap-overlay.nix { }) - (import ./overlays.nix) - ]; - }; + pspkgs = pkgs.callPackage ./pspkgs.nix { }; # Grab the configuration for this module for convenient access below. cfg = config.services.private-storage; in diff --git a/nixos/modules/pspkgs.nix b/nixos/modules/pspkgs.nix new file mode 100644 index 00000000..189778e0 --- /dev/null +++ b/nixos/modules/pspkgs.nix @@ -0,0 +1,11 @@ +# Derive a brand new version of pkgs which has our overlay applied. The +# overlay defines a new version of Tahoe-LAFS and some of its dependencies +# and maybe other useful Private Storage customizations. +{ pkgs }: +import pkgs.path { + overlays = [ + # needs fetchFromGitHub to check out zkapauthorizer + (pkgs.callPackage ./zkap-overlay.nix { }) + (import ./overlays.nix) + ]; +} diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix index 30818b33..b2f2f1f0 100644 --- a/nixos/modules/tests/private-storage.nix +++ b/nixos/modules/tests/private-storage.nix @@ -47,6 +47,15 @@ import <nixpkgs/nixos/tests/make-test.nix> { services.private-storage.publicIPv4 = "storage"; services.private-storage.introducerFURL = introducerFURL; } // networkConfig; + + # Operate an issuer as well. + issuer = + { config, pkgs, ... }: + { imports = + [ ../issuer.nix + ]; + services.private-storage-issuer.enable = true; + }; }; # Test the machines with a Perl program (sobbing). @@ -135,6 +144,18 @@ import <nixpkgs/nixos/tests/make-test.nix> { ); $client->waitForOpenPort(3456); + # + # Get some ZKAPs from the issuer. + # + + # Simulate a payment for a voucher. + $voucher = "0123456789"; + $client->succeed("${simulate-payment} $voucher"); + + # Tell the client to redeem the voucher. + $client->succeed("${redeem-voucher} $voucher"); + + # The client should be prepped now. Make it try to use some storage. my ($code, $out) = $client->execute( 'tahoe -d /tmp/client ' . 'put /etc/issue' diff --git a/nixos/pkgs/zkapissuer.nix b/nixos/pkgs/zkapissuer.nix new file mode 100644 index 00000000..823a9f91 --- /dev/null +++ b/nixos/pkgs/zkapissuer.nix @@ -0,0 +1,10 @@ +{ fetchFromGitHub, callPackage }: +let + paymentServer = fetchFromGitHub { + owner = "PrivateStorage"; + repo = "PaymentServer"; + rev = "6fbaac7a14d2a03b74e10a4a82b1147ee1dd7d49"; + sha256 = "0z8mqmns3fqbjy765830s5q6lhz3lxmslxahjc155jsv5b46gjip"; + }; +in + (callPackage "${paymentServer}/nix" { }).PaymentServer -- GitLab