Merge pull request #1697 from zcash/1686-zcb-tor-dir-perms

zcash_client_backend: Allow disabling Tor directory permissions tightening
2025-02-08 04:59:46 +00:00 · 2025-02-08 04:59:46 +00:00 · ad503f7219
parent 59a65259fb ba1c6a1303
commit ad503f7219
5 changed files with 25 additions and 5 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -6158,6 +6158,7 @@ dependencies = [
 "crossbeam-channel",
 "document-features",
 "dynosaur",
+ "fs-mistrust",
 "futures-util",
 "group",
 "gumdrop",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -158,6 +158,7 @@ incrementalmerkletree-testing = "0.3"
 #   failure due to incompatible `libsqlite3-sys` versions.
 arti-client = { version = "0.23", default-features = false, features = ["compression", "rustls", "tokio"] }
 dynosaur = "0.1.1"
+fs-mistrust = "0.8"
 tokio = "1"
 tor-rtcompat = "0.23"
 tower = "0.4"
--- a/zcash_client_backend/CHANGELOG.md
+++ b/zcash_client_backend/CHANGELOG.md
@ -11,6 +11,9 @@ and this library adheres to Rust's notion of
 - MSRV is now 1.81.0.
 - Migrated to `bip32 =0.6.0-pre.1`, `nonempty 0.11`, `incrementalmerkletree 0.8`,
  `shardtree 0.6`.
+- `zcash_client_backend::tor`:
+  - `tor::Client::create` now takes an optional `with_permissions` argument for
+    configuring `fs_mistrust::Mistrust`.
 - `zcash_client_backend::wallet::Recipient` has changed:
  - The `Recipient::External` variant is now a structured variant.
  - The `Recipient::EphemeralTransparent` variant is now only available if
--- a/zcash_client_backend/Cargo.toml
+++ b/zcash_client_backend/Cargo.toml
@ -120,6 +120,7 @@ crossbeam-channel.workspace = true
 rayon.workspace = true

 # - Tor
+fs-mistrust = { workspace = true, optional = true }
 tokio = { workspace = true, optional = true, features = ["fs"] }
 tor-rtcompat = { workspace = true, optional = true }
 tower = { workspace = true, optional = true }
@ -201,6 +202,7 @@ sync = [
 tor = [
    "dep:arti-client",
    "dep:dynosaur",
+    "dep:fs-mistrust",
    "dep:futures-util",
    "dep:http-body-util",
    "dep:hyper",
--- a/zcash_client_backend/src/tor.rs
+++ b/zcash_client_backend/src/tor.rs
@ -24,18 +24,31 @@ impl Client {
    /// Preserving the contents of this directory will speed up subsequent calls to
    /// `Client::create`.
    ///
+    /// If `with_permissions` is `None`, the default from [`arti_client`] will be used
+    /// (enable permissions checks unless the `ARTI_FS_DISABLE_PERMISSION_CHECKS` env
+    /// variable is set).
+    ///
    /// Returns an error if `tor_dir` does not exist, or if bootstrapping fails.
-    pub async fn create(tor_dir: &Path) -> Result<Self, Error> {
+    pub async fn create(
+        tor_dir: &Path,
+        with_permissions: Option<impl FnOnce(&mut fs_mistrust::MistrustBuilder)>,
+    ) -> Result<Self, Error> {
        let runtime = PreferredRuntime::current()?;

        if !tokio::fs::try_exists(tor_dir).await? {
            return Err(Error::MissingTorDirectory);
        }

-        let config = TorClientConfigBuilder::from_directories(
+        let mut config_builder = TorClientConfigBuilder::from_directories(
            tor_dir.join("arti-data"),
            tor_dir.join("arti-cache"),
-        )
+        );
+
+        if let Some(f) = with_permissions {
+            f(config_builder.storage().permissions());
+        }
+
+        let config = config_builder
            .build()
            .expect("all required fields initialized");