summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorAlessio Vanni <vannilla@firemail.cc>2021-09-07 14:50:20 +0200
committerAlessio Vanni <vannilla@firemail.cc>2021-09-07 14:50:20 +0200
commit6e1bb6601e21a3329950129b9dc39e05746e3b65 (patch)
treedfc20058c8b430ef37c059ec21c2905168a07084 /contrib
parent382fc8faaf4ccccd870dc7e746a9f002f3f6cfd1 (diff)
parent3da9cbd621a98c885a0c633ddaec0a84aa8a8e66 (diff)
-Merge branch 'master' into dev/vanni/build-info
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh57
-rwxr-xr-xcontrib/scripts/netjail/netjail_setup_internet.sh105
-rw-r--r--contrib/services/systemd/Makefile.am5
-rw-r--r--contrib/services/systemd/gnunet-user.service11
-rw-r--r--contrib/services/systemd/gnunet.service17
-rw-r--r--contrib/services/systemd/sysusers-gnunet.conf4
-rw-r--r--contrib/services/systemd/tmpfiles-gnunet.conf10
7 files changed, 127 insertions, 82 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index d070f7220..d53315052 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -2,6 +2,7 @@
#
JAILOR=${SUDO_USER:?must run in sudo}
+PREFIX=${PPID:?must run from a parent process}
# running with `sudo` is required to be
# able running the actual commands as the
@@ -9,6 +10,22 @@ JAILOR=${SUDO_USER:?must run in sudo}
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+export RESULT=
+export NAMESPACE_NUM=0
+export INTERFACE_NUM=0
+
+netjail_next_namespace() {
+ local NUM=$NAMESPACE_NUM
+ NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
+ RESULT=$NUM
+}
+
+netjail_next_interface() {
+ local NUM=$INTERFACE_NUM
+ INTERFACE_NUM=$(($INTERFACE_NUM + 1))
+ RESULT=$NUM
+}
+
netjail_opt() {
local OPT=$1
shift 1
@@ -17,7 +34,7 @@ netjail_opt() {
while [ $# -gt 0 ]; do
if [ "$1" = "$OPT" ]; then
- printf "%d" $INDEX
+ RESULT=$INDEX
return
fi
@@ -25,7 +42,7 @@ netjail_opt() {
shift 1
done
- printf "%d" 0
+ RESULT=0
}
netjail_opts() {
@@ -42,7 +59,7 @@ netjail_opts() {
shift 1
done
- printf "$DEF"
+ RESULT="$DEF"
}
netjail_check() {
@@ -73,15 +90,15 @@ netjail_check_bin() {
fi
}
-netjail_print_name() {
- printf "%s%02x%02x" $1 $2 ${3:-0}
-}
-
netjail_bridge() {
- local BRIDGE=$1
+ netjail_next_interface
+ local NUM=$RESULT
+ local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
ip link add $BRIDGE type bridge
ip link set dev $BRIDGE up
+
+ RESULT=$BRIDGE
}
netjail_bridge_clear() {
@@ -91,9 +108,13 @@ netjail_bridge_clear() {
}
netjail_node() {
- local NODE=$1
+ netjail_next_namespace
+ local NUM=$RESULT
+ local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
ip netns add $NODE
+
+ RESULT=$NODE
}
netjail_node_clear() {
@@ -108,8 +129,13 @@ netjail_node_link_bridge() {
local ADDRESS=$3
local MASK=$4
- local LINK_IF="$NODE-$BRIDGE-0"
- local LINK_BR="$NODE-$BRIDGE-1"
+ netjail_next_interface
+ local NUM_IF=$RESULT
+ netjail_next_interface
+ local NUM_BR=$RESULT
+
+ local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
+ local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
ip link add $LINK_IF type veth peer name $LINK_BR
ip link set $LINK_IF netns $NODE
@@ -120,13 +146,12 @@ netjail_node_link_bridge() {
ip -n $NODE link set up dev lo
ip link set $LINK_BR up
+
+ RESULT=$LINK_BR
}
netjail_node_unlink_bridge() {
- local NODE=$1
- local BRIDGE=$2
-
- local LINK_BR="$NODE-$BRIDGE-1"
+ local LINK_BR=$1
ip link delete $LINK_BR
}
@@ -152,7 +177,7 @@ netjail_node_exec() {
local FD_OUT=$3
shift 3
- unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
+ ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
}
netjail_kill() {
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
index 6ae047274..e3880783f 100755
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -1,4 +1,5 @@
#!/bin/sh
+
. "./netjail_core.sh"
set -eu
@@ -6,6 +7,7 @@ set -x
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+PREFIX=$PPID
LOCAL_M=$1
GLOBAL_N=$2
@@ -14,11 +16,14 @@ shift 2
netjail_check $(($LOCAL_M * $GLOBAL_N))
# Starts optionally an amount of nodes without NAT starting with "92.68.151.1"
-KNOWN=$(netjail_opt '--known' $@)
-KNOWN_NUM=$(netjail_opts '--known' 0 $@)
+netjail_opt '--known' $@
+KNOWN=$RESULT
+netjail_opts '--known' 0 $@
+KNOWN_NUM=$RESULT
# Starts optionally 'stunserver' on "92.68.150.254":
-STUN=$(netjail_opt '--stun' $@)
+netjail_opt '--stun' $@
+STUN=$RESULT
if [ $KNOWN -gt 0 ]; then
shift 2
@@ -32,8 +37,6 @@ if [ $STUN -gt 0 ]; then
netjail_check_bin stunserver
shift 1
-
- STUN_NODE=$(netjail_print_name "S" 254)
fi
netjail_check_bin $1
@@ -45,43 +48,42 @@ KNOWN_GROUP="92.68.151"
CLEANUP=0
echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"
-NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
-
-netjail_bridge $NETWORK_NET
+netjail_bridge
+NETWORK_NET=$RESULT
for X in $(seq $KNOWN); do
- KNOWN_NODE=$(netjail_print_name "K" $X)
-
- netjail_node $KNOWN_NODE
- netjail_node_link_bridge $KNOWN_NODE $NETWORK_NET "$KNOWN_GROUP.$X" 16
+ netjail_node
+ KNOWN_NODES[$X]=$RESULT
+ netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
+ KNOWN_LINKS[$X]=$RESULT
done
-for N in $(seq $GLOBAL_N); do
- ROUTER=$(netjail_print_name "R" $N)
-
- netjail_node $ROUTER
- netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 16
+declare -A NODES
+declare -A NODE_LINKS
- ROUTER_NET=$(netjail_print_name "r" $N)
-
- netjail_bridge $ROUTER_NET
+for N in $(seq $GLOBAL_N); do
+ netjail_node
+ ROUTERS[$N]=$RESULT
+ netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
+ NETWORK_LINKS[$N]=$RESULT
+ netjail_bridge
+ ROUTER_NETS[$N]=$RESULT
for M in $(seq $LOCAL_M); do
- NODE=$(netjail_print_name "N" $N $M)
-
- netjail_node $NODE
- netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24
+ netjail_node
+ NODES[$N,$M]=$RESULT
+ netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
+ NODE_LINKS[$N,$M]=$RESULT
done
ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
-
- netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24
- netjail_node_add_nat $ROUTER $ROUTER_ADDR 24
+ netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
+ ROUTER_LINKS[$N]=$RESULT
+
+ netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
for M in $(seq $LOCAL_M); do
- NODE=$(netjail_print_name "N" $N $M)
-
- netjail_node_add_default $NODE $ROUTER_ADDR
+ netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
done
done
@@ -89,67 +91,58 @@ WAITING=""
KILLING=""
if [ $STUN -gt 0 ]; then
- netjail_node $STUN_NODE
+ netjail_node
+ STUN_NODE=$RESULT
netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16
+ STUN_LINK=$RESULT
netjail_node_exec $STUN_NODE 0 1 stunserver &
KILLING="$!"
fi
for X in $(seq $KNOWN); do
- KNOWN_NODE=$(netjail_print_name "K" $X)
INDEX=$(($X - 1))
-
+
FD_X=$(($INDEX * 2 + 3 + 0))
FD_Y=$(($INDEX * 2 + 3 + 1))
- netjail_node_exec $KNOWN_NODE $FD_X $FD_Y $@ &
+ netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ &
WAITING="$! $WAITING"
done
for N in $(seq $GLOBAL_N); do
for M in $(seq $LOCAL_M); do
- NODE=$(netjail_print_name "N" $N $M)
INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))
-
+
FD_X=$(($INDEX * 2 + 3 + 0))
FD_Y=$(($INDEX * 2 + 3 + 1))
- netjail_node_exec $NODE $FD_X $FD_Y $@ &
+ netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ &
WAITING="$! $WAITING"
done
done
cleanup() {
if [ $STUN -gt 0 ]; then
- STUN_NODE=$(netjail_print_name "S" 254)
-
- netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
+ netjail_node_unlink_bridge $STUN_LINK
netjail_node_clear $STUN_NODE
fi
for X in $(seq $KNOWN); do
- KNOWN_NODE=$(netjail_print_name "K" $X)
-
- netjail_node_unlink_bridge $KNOWN_NODE $NETWORK_NET
- netjail_node_clear $KNOWN_NODE
+ netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
+ netjail_node_clear ${KNOWN_NODES[$X]}
done
for N in $(seq $GLOBAL_N); do
- ROUTER_NET=$(netjail_print_name "r" $N)
-
for M in $(seq $LOCAL_M); do
- NODE=$(netjail_print_name "N" $N $M)
-
- netjail_node_unlink_bridge $NODE $ROUTER_NET
- netjail_node_clear $NODE
+ netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
+ netjail_node_clear ${NODES[$N,$M]}
done
- ROUTER=$(netjail_print_name "R" $N)
-
- netjail_bridge_clear $ROUTER_NET
- netjail_node_unlink_bridge $ROUTER $NETWORK_NET
- netjail_node_clear $ROUTER
+ netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
+ netjail_bridge_clear ${ROUTER_NETS[$N]}
+ netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
+ netjail_node_clear ${ROUTERS[$N]}
done
netjail_bridge_clear $NETWORK_NET
@@ -162,7 +155,7 @@ trapped_cleanup() {
cleanup
}
-trap 'trapped_cleanup' 2
+trap 'trapped_cleanup' ERR
netjail_waitall $WAITING
netjail_killall $KILLING
diff --git a/contrib/services/systemd/Makefile.am b/contrib/services/systemd/Makefile.am
index 39a6f2a81..ec2ff7704 100644
--- a/contrib/services/systemd/Makefile.am
+++ b/contrib/services/systemd/Makefile.am
@@ -1,7 +1,10 @@
pkginitdir= $(pkgdatadir)/services/systemd
pkginit_DATA = \
- gnunet.service
+ gnunet.service \
+ gnunet-user.service \
+ sysusers-gnunet.conf \
+ tmpfiles-gnunet.conf
EXTRA_DIST = \
$(pkginit_DATA)
diff --git a/contrib/services/systemd/gnunet-user.service b/contrib/services/systemd/gnunet-user.service
new file mode 100644
index 000000000..c9d3be0ad
--- /dev/null
+++ b/contrib/services/systemd/gnunet-user.service
@@ -0,0 +1,11 @@
+# Typically to be place into /usr/lib/systemd/user/gnunet.service
+[Unit]
+Description=GNUnet user service
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c ~/.config/gnunet.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/services/systemd/gnunet.service b/contrib/services/systemd/gnunet.service
index 1c458cea6..daa38a046 100644
--- a/contrib/services/systemd/gnunet.service
+++ b/contrib/services/systemd/gnunet.service
@@ -1,15 +1,14 @@
-# Copyright (C) 2019 GNUnet e.V.
-#
-# Copying and distribution of this file, with or without modification,
-# are permitted in any medium without royalty provided the copyright
-# notice and this notice are preserved. This file is offered as-is,
-# without any warranty.
-
+# Typically placed into /usr/lib/systemd/system/gnunet.service
[Unit]
-Description=Service that runs a GNUnet for the user gnunet
+Description=GNUnet system service
After=network.target
[Service]
-User=gnunet
Type=simple
+User=gnunet
ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
+StateDirectory=gnunet
+StateDirectoryMode=0700
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/services/systemd/sysusers-gnunet.conf b/contrib/services/systemd/sysusers-gnunet.conf
new file mode 100644
index 000000000..b7b8abeed
--- /dev/null
+++ b/contrib/services/systemd/sysusers-gnunet.conf
@@ -0,0 +1,4 @@
+# Typically placed into /usr/lib/sysusers.d/gnunet.conf
+g gnunet -
+u gnunet - "GNUnet system account" /var/lib/gnunet
+g gnunetdns -
diff --git a/contrib/services/systemd/tmpfiles-gnunet.conf b/contrib/services/systemd/tmpfiles-gnunet.conf
new file mode 100644
index 000000000..ffffa3284
--- /dev/null
+++ b/contrib/services/systemd/tmpfiles-gnunet.conf
@@ -0,0 +1,10 @@
+# Typically placed into /usr/lib/tmpfiles.d/gnunet.conf
+d /var/lib/gnunet 0700 gnunet gnunet - -
+z /usr/lib/gnunet/gnunet-helper-dns 4750 root gnunetdns - -
+z /usr/lib/gnunet/gnunet-service-dns 2750 gnunet gnunetdns - -
+z /usr/lib/gnunet/libexec/gnunet-helper-vpn 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-transport-wlan 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-transport-bluetooth 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-exit 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-nat-server 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-nat-client 4750 root root - -