1
//! A relay binary used to join the Tor network to relay anonymous communication.
2
//!
3
//! NOTE: This binary is still highly experimental as in active development, not stable and
4
//! without any type of guarantee of running or even working.
5
//!
6
//! ## Error handling
7
//!
8
//! We return [`anyhow::Error`] for functions whose errors will always result in an exit and don't
9
//! need to be handled individually.
10
//! When we do need to handle errors, functions should return a more comprehensive error type (for
11
//! example one created with `thiserror`).
12

            
13
// @@ begin lint list maintained by maint/add_warning @@
14
#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)
15
#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)
16
#![warn(missing_docs)]
17
#![warn(noop_method_call)]
18
#![warn(unreachable_pub)]
19
#![warn(clippy::all)]
20
#![deny(clippy::await_holding_lock)]
21
#![deny(clippy::cargo_common_metadata)]
22
#![deny(clippy::cast_lossless)]
23
#![deny(clippy::checked_conversions)]
24
#![warn(clippy::cognitive_complexity)]
25
#![deny(clippy::debug_assert_with_mut_call)]
26
#![deny(clippy::exhaustive_enums)]
27
#![deny(clippy::exhaustive_structs)]
28
#![deny(clippy::expl_impl_clone_on_copy)]
29
#![deny(clippy::fallible_impl_from)]
30
#![deny(clippy::implicit_clone)]
31
#![deny(clippy::large_stack_arrays)]
32
#![warn(clippy::manual_ok_or)]
33
#![deny(clippy::missing_docs_in_private_items)]
34
#![warn(clippy::needless_borrow)]
35
#![warn(clippy::needless_pass_by_value)]
36
#![warn(clippy::option_option)]
37
#![deny(clippy::print_stderr)]
38
#![deny(clippy::print_stdout)]
39
#![warn(clippy::rc_buffer)]
40
#![deny(clippy::ref_option_ref)]
41
#![warn(clippy::semicolon_if_nothing_returned)]
42
#![warn(clippy::trait_duplication_in_bounds)]
43
#![deny(clippy::unchecked_time_subtraction)]
44
#![deny(clippy::unnecessary_wraps)]
45
#![warn(clippy::unseparated_literal_suffix)]
46
#![deny(clippy::unwrap_used)]
47
#![deny(clippy::mod_module_files)]
48
#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness
49
#![allow(clippy::uninlined_format_args)]
50
#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945
51
#![allow(clippy::result_large_err)] // temporary workaround for arti#587
52
#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best
53
#![allow(clippy::needless_lifetimes)] // See arti#1765
54
#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060
55
#![allow(clippy::collapsible_if)] // See arti#2342
56
#![deny(clippy::unused_async)]
57
#![deny(clippy::string_slice)] // See arti#2571
58
//! <!-- @@ end lint list maintained by maint/add_warning @@ -->
59

            
60
mod cli;
61
mod client;
62
mod config;
63
mod keys;
64
mod relay;
65
mod stream;
66
mod tasks;
67
mod util;
68

            
69
use std::io::IsTerminal as _;
70

            
71
use anyhow::Context;
72
use cfg_if::cfg_if;
73
use clap::Parser;
74
use futures::FutureExt;
75
use safelog::with_safe_logging_suppressed;
76
use tor_basic_utils::iter_join;
77
use tor_error::warn_report;
78
use tor_rtcompat::SpawnExt;
79
use tor_rtcompat::tokio::TokioRustlsRuntime;
80
use tor_rtcompat::{Runtime, ToplevelRuntime};
81
use tracing::{debug, info, trace, warn};
82
use tracing_subscriber::FmtSubscriber;
83
use tracing_subscriber::filter::EnvFilter;
84
use tracing_subscriber::util::SubscriberInitExt;
85

            
86
use crate::config::{DEFAULT_LOG_LEVEL, TorRelayConfig, base_resolver};
87
use crate::relay::InertTorRelay;
88

            
89
fn main() {
90
    // Will exit if '--help' used or there's a parse error.
91
    let cli = cli::Cli::parse();
92

            
93
    if let Err(e) = main_main(cli) {
94
        // TODO: Use arti_client's `HintableError` here (see `arti::main`)?
95
        // TODO: Why do we suppress safe logging?
96
        // TODO: Do we want to log the error?
97
        // We use anyhow's error formatting here rather than `tor_error::report_and_exit` since the
98
        // latter seems to omit some error info and anyhow's error formatting is nicer.
99
        #[allow(clippy::print_stderr)]
100
        with_safe_logging_suppressed(|| {
101
            eprintln!("Error: {e:?}");
102
            // The 127 is copied from `tor_error::report_and_exit`.
103
            // It's unclear why 127 was chosen there.
104
            std::process::exit(127);
105
        });
106
    }
107
}
108

            
109
/// The real main without the error formatting.
110
fn main_main(cli: cli::Cli) -> anyhow::Result<()> {
111
    // Register a basic stderr logger until we have enough info to configure the main logger.
112
    // Unlike arti, we enable timestamps for this pre-config logger.
113
    // TODO: Consider using timestamps with reduced-granularity (see `LogPrecision`).
114
    let level: tracing::metadata::Level = cli
115
        .global
116
        .log_level
117
        .map(Into::into)
118
        .unwrap_or(DEFAULT_LOG_LEVEL);
119
    let filter = EnvFilter::builder()
120
        .with_default_directive(level.into())
121
        .parse("")
122
        .expect("empty filter directive should be trivially parsable");
123
    FmtSubscriber::builder()
124
        .with_env_filter(filter)
125
        .with_ansi(std::io::stderr().is_terminal())
126
        .with_writer(std::io::stderr)
127
        .finish()
128
        .init();
129

            
130
    match cli.command {
131
        #[allow(clippy::print_stdout)]
132
        cli::Commands::BuildInfo => {
133
            println!("Version: {}", env!("CARGO_PKG_VERSION"));
134
            // these are set by our build script
135
            println!("Features: {}", env!("BUILD_FEATURES"));
136
            println!("Profile: {}", env!("BUILD_PROFILE"));
137
            println!("Debug: {}", env!("BUILD_DEBUG"));
138
            println!("Optimization level: {}", env!("BUILD_OPT_LEVEL"));
139
            println!("Rust version: {}", env!("BUILD_RUSTC_VERSION"));
140
            println!("Target triple: {}", env!("BUILD_TARGET"));
141
            println!("Host triple: {}", env!("BUILD_HOST"));
142
        }
143
        cli::Commands::Run(args) => start_relay(args, cli.global)?,
144
    }
145

            
146
    Ok(())
147
}
148

            
149
/// Initialize and start the relay.
150
#[allow(clippy::cognitive_complexity)]
151
// Pass by value so that we don't need to clone fields, which keeps the code simpler.
152
#[allow(clippy::needless_pass_by_value)]
153
fn start_relay(_args: cli::RunArgs, global_args: cli::GlobalArgs) -> anyhow::Result<()> {
154
    // TODO: Warn (or exit?) if running as root; see 'arti::process::running_as_root()'.
155

            
156
    let mut cfg_sources = global_args
157
        .config()
158
        .context("Failed to get configuration sources")?;
159

            
160
    debug!(
161
        "Using override options: {}",
162
        iter_join(", ", cfg_sources.options()),
163
    );
164

            
165
    // A Mistrust object to use for loading our configuration.
166
    // Elsewhere, we use the value _from_ the configuration.
167
    let cfg_mistrust = if global_args.disable_fs_permission_checks {
168
        fs_mistrust::Mistrust::new_dangerously_trust_everyone()
169
    } else {
170
        fs_mistrust::MistrustBuilder::default()
171
            // By default, a `Mistrust` checks an environment variable.
172
            // We do not (at the moment) want this behaviour for relays:
173
            // https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/2699#note_3147502
174
            .ignore_environment()
175
            .build()
176
            .expect("default fs-mistrust should be buildable")
177
    };
178

            
179
    cfg_sources.set_mistrust(cfg_mistrust);
180

            
181
    let cfg = cfg_sources
182
        .load()
183
        .context("Failed to load configuration sources")?;
184
    let config =
185
        tor_config::resolve::<TorRelayConfig>(cfg).context("Failed to resolve configuration")?;
186

            
187
    // TODO: Configure a proper logger, not just a simple stderr logger.
188
    // TODO: We may want this to be the global logger, but if we use arti's `setup_logging` in the
189
    // future, it returns a `LogGuards` which we'd have no way of holding on to until the
190
    // application exits (see https://gitlab.torproject.org/tpo/core/arti/-/issues/1791).
191
    let filter = EnvFilter::builder()
192
        .parse(&config.logging.console)
193
        .with_context(|| {
194
            format!(
195
                "Failed to parse console logging directive {:?}",
196
                config.logging.console,
197
            )
198
        })?;
199
    let logger = tracing_subscriber::FmtSubscriber::builder()
200
        .with_env_filter(filter)
201
        .with_ansi(std::io::stderr().is_terminal())
202
        .with_writer(std::io::stderr)
203
        .finish();
204
    let logger = tracing::Dispatch::new(logger);
205

            
206
    // Disable safe logging if requested.
207
    // This guard will be dropped at the end of this function,
208
    // which means we effectively re-enable safe logging once this function returns.
209
    // TODO: Do we want this guard behaviour?
210
    // I think it would be better to enable safe-logging forever?
211
    let _safelog_guard = if config.logging.log_sensitive_information {
212
        match safelog::disable_safe_logging() {
213
            Ok(guard) => Some(guard),
214
            Err(e) => {
215
                // We don't need to propagate this error;
216
                // it isn't the end of the world if we were unable to disable safe logging.
217
                warn_report!(e, "Unable to disable safe logging");
218
                None
219
            }
220
        }
221
    } else {
222
        None
223
    };
224

            
225
    if let Some(listen) = {
226
        // https://github.com/metrics-rs/metrics/issues/567
227
        config
228
            .metrics
229
            .prometheus
230
            .listen
231
            .single_address_legacy()
232
            .context("can only listen on a single address for Prometheus metrics")?
233
    } {
234
        cfg_if! {
235
            if #[cfg(feature = "metrics")] {
236
                metrics_exporter_prometheus::PrometheusBuilder::new()
237
                    .with_http_listener(listen)
238
                    .install()
239
                    .with_context(|| format!(
240
                        "set up Prometheus metrics exporter on {listen}"
241
                    ))?;
242
                info!("Arti Prometheus metrics export scraper endpoint http://{listen}");
243
            } else {
244
                let _ = listen;
245
                warn!("`metrics.prometheus.listen` config set but `metrics` cargo feature compiled out in `arti-relay` crate");
246
            }
247
        }
248
    }
249

            
250
    tracing::dispatcher::with_default(&logger, || {
251
        let runtime = init_runtime().context("Failed to initialize the runtime")?;
252

            
253
        // Configure tor-log-ratelim early before we begin logging.
254
        tor_log_ratelim::install_runtime(runtime.clone())
255
            .context("Failed to initialize tor-log-ratelim")?;
256

            
257
        let path_resolver = base_resolver();
258
        let relay =
259
            InertTorRelay::new(config, path_resolver).context("Failed to initialize the relay")?;
260

            
261
        match mainloop(&runtime, run_relay(runtime.clone(), relay))? {
262
            MainloopStatus::Finished(Err(e)) => Err(e),
263
            MainloopStatus::CtrlC => {
264
                info!("Received a ctrl-c; stopping the relay");
265
                Ok(())
266
            }
267
        }
268
    })
269
}
270

            
271
/// A helper to drive a future using a runtime.
272
///
273
/// This calls `block_on` on the runtime.
274
/// The future will be cancelled on a ctrl-c event.
275
fn mainloop<T: Send + 'static>(
276
    runtime: &impl ToplevelRuntime,
277
    fut: impl Future<Output = T> + Send + 'static,
278
) -> anyhow::Result<MainloopStatus<T>> {
279
    trace!("Starting runtime");
280

            
281
    let rv = runtime.block_on(async {
282
        // Code running in 'block_on' runs slower than in a task (in tokio at least),
283
        // so the future is run on a task.
284
        let mut handle = runtime
285
            .spawn_with_handle(fut)
286
            .context("Failed to spawn task")?
287
            .fuse();
288

            
289
        futures::select!(
290
            // Signal handler is registered on the first poll.
291
            res = tokio::signal::ctrl_c().fuse() => {
292
                let () = res.context("Failed to listen for ctrl-c event")?;
293
                trace!("Received a ctrl-c");
294
                // Dropping the handle will cancel the task, so we do that explicitly here.
295
                drop(handle);
296
                Ok(MainloopStatus::CtrlC)
297
            }
298
            x = handle => Ok(MainloopStatus::Finished(x)),
299
        )
300
    });
301

            
302
    trace!("Finished runtime");
303
    rv
304
}
305

            
306
/// Run the relay.
307
///
308
/// This blocks until the relay stops.
309
async fn run_relay<R: Runtime>(
310
    runtime: R,
311
    inert_relay: InertTorRelay,
312
) -> anyhow::Result<void::Void> {
313
    let relay = inert_relay
314
        .init(runtime)
315
        .await
316
        .context("Failed to bootstrap")?;
317

            
318
    // This blocks until end of time or an error.
319
    relay.run().await
320
}
321

            
322
/// Initialize a runtime.
323
///
324
/// Any cli commands that need a runtime should call this so that we use a consistent runtime.
325
fn init_runtime() -> std::io::Result<impl ToplevelRuntime> {
326
    // Use the tokio runtime from tor_rtcompat unless we later find a reason to use tokio directly.
327
    // See https://gitlab.torproject.org/tpo/core/arti/-/work_items/1744.
328
    // Relays must use rustls as native-tls doesn't support
329
    // `CertifiedConn::export_keying_material()`.
330

            
331
    // Note: See comments in `tor_rtcompat::impls::rustls::RustlsProvider`
332
    // about choice of default crypto provider.
333
    let _idempotent_ignore = rustls::crypto::CryptoProvider::install_default(
334
        rustls::crypto::aws_lc_rs::default_provider(),
335
    );
336

            
337
    TokioRustlsRuntime::create()
338
}
339

            
340
/// The result of [`mainloop`].
341
enum MainloopStatus<T> {
342
    /// The result from the completed future.
343
    Finished(T),
344
    /// The future was cancelled due to a ctrl-c event.
345
    CtrlC,
346
}