vanguards: init at 0.3.1

[ForgottenBeast]

add derivation for vanguards, a set of scripts that increase security for tor hidden services by protecting against guard discovery attacks

resources:
https://github.com/mikeperry-tor/vanguards
https://spec.torproject.org/vanguards-spec/index.html?highlight=vanguards

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[ForgottenBeast]

@FliegendeWurst reopened here! and now it works with the ubuntu patches

[FliegendeWurst]

To fix the circular import error, try: (postPatch is relevant here)

{ python312Packages, fetchFromGitHub, lib }:
python312Packages.buildPythonApplication rec {
  pname = "vanguards";
  version = "0.3.1";

  dependencies = [ python312Packages.stem ];
  #tries to access the network during the tests, which fails
  doCheck = false;

  src = fetchFromGitHub {
    owner = "mikeperry-tor";
    repo = pname;
    rev = "8132fa0e556fbcbb3538ff9b48a2180c0c5e8fbd";
    sha256 = "sha256-XauSTgoH6zXv2DXyX2lQc6gy6Ysm41fKnyuWZ3hj7kI=";
  };
  patches = [
    ./python-3.12.patch
    ./store-state-in-var-lib-tor.patch
  ];
  postPatch = ''
    substituteInPlace src/vanguards/main.py --replace-fail \
      'import stem.response.events' 'import stem.socket; import stem.control; import stem.response.events'
  '';

  meta = {
    maintainers = with lib.maintainers; [ ForgottenBeast ];
    mainProgram = "vanguards";
    license = lib.licenses.mit;
    description = ''
      Runs alongside tor and interacts with its control port
      in order to protect and alert against guard node attacks on hidden services
    '';
  };
}

[ForgottenBeast]

To fix the circular import error, try: (postPatch is relevant here)

{ python312Packages, fetchFromGitHub, lib }:
python312Packages.buildPythonApplication rec {
  pname = "vanguards";
  version = "0.3.1";

  dependencies = [ python312Packages.stem ];
  #tries to access the network during the tests, which fails
  doCheck = false;

  src = fetchFromGitHub {
    owner = "mikeperry-tor";
    repo = pname;
    rev = "8132fa0e556fbcbb3538ff9b48a2180c0c5e8fbd";
    sha256 = "sha256-XauSTgoH6zXv2DXyX2lQc6gy6Ysm41fKnyuWZ3hj7kI=";
  };
  patches = [
    ./python-3.12.patch
    ./store-state-in-var-lib-tor.patch
  ];
  postPatch = ''
    substituteInPlace src/vanguards/main.py --replace-fail \
      'import stem.response.events' 'import stem.socket; import stem.control; import stem.response.events'
  '';

  meta = {
    maintainers = with lib.maintainers; [ ForgottenBeast ];
    mainProgram = "vanguards";
    license = lib.licenses.mit;
    description = ''
      Runs alongside tor and interacts with its control port
      in order to protect and alert against guard node attacks on hidden services
    '';
  };
}

thanks, that did it! I have never used substituteInPlace before

[ForgottenBeast]

reformated with nixfmt-classic instead of nixfmt-rfc-style

[FliegendeWurst]

No, you do need the new one

[ForgottenBeast]

my bad, I thought the failing test regarding nix file formatting was because of that. I rolled back the change

[ForgottenBeast]

is there anything else I should be doing/fixing?

[FliegendeWurst]

LGTM. Some suggestions to follow nixpkgs conventions. Will merge once addressed :)

[ForgottenBeast]

I applied your proposed changes, this will be very helpful when I'll want to contribute again. Thank you for the mentoring!