diff options
author | lurchi <lurchi@strangeplace.net> | 2019-06-26 20:04:24 +0200 |
---|---|---|
committer | lurchi <lurchi@strangeplace.net> | 2019-06-26 20:04:24 +0200 |
commit | 456743e92bffa6055b8a5dcf6334fca84a5457c3 (patch) | |
tree | 352126a8c0861b799cb107f0654ebe40a9c69c89 /doc/handbook/chapters/installation.texi | |
parent | 51e989e7d85e7d72977e93f78819a6a84b5dba4e (diff) | |
download | gnunet-456743e92bffa6055b8a5dcf6334fca84a5457c3.tar.gz gnunet-456743e92bffa6055b8a5dcf6334fca84a5457c3.zip |
improve the installation chapter
Diffstat (limited to 'doc/handbook/chapters/installation.texi')
-rw-r--r-- | doc/handbook/chapters/installation.texi | 88 |
1 files changed, 61 insertions, 27 deletions
diff --git a/doc/handbook/chapters/installation.texi b/doc/handbook/chapters/installation.texi index 9caf3cded..72fe19b24 100644 --- a/doc/handbook/chapters/installation.texi +++ b/doc/handbook/chapters/installation.texi | |||
@@ -6,6 +6,16 @@ source. For instructions on how to install GNUnet as a binary package | |||
6 | please refer to the official documentation of your operating system or | 6 | please refer to the official documentation of your operating system or |
7 | package manager. | 7 | package manager. |
8 | 8 | ||
9 | For understanding this guide properly it is important to know that | ||
10 | there are two different ways of running GNUnet: | ||
11 | |||
12 | * Running the @emph{user services only} | ||
13 | * Running both @emph{user and system services} | ||
14 | |||
15 | The latter variant has a better security model and requires extra preparation | ||
16 | before running @code{make install} and a different configuration. Beginners who want to | ||
17 | quickly try out GNUnet can use the @emph{user services only} variant. | ||
18 | |||
9 | @menu | 19 | @menu |
10 | * Installing dependencies:: | 20 | * Installing dependencies:: |
11 | * Getting the Source Code:: | 21 | * Getting the Source Code:: |
@@ -125,22 +135,37 @@ In the next chapter we will assume that the source code is available | |||
125 | in the home directory at @code{~/gnunet}. | 135 | in the home directory at @code{~/gnunet}. |
126 | 136 | ||
127 | @c ----------------------------------------------------------------------- | 137 | @c ----------------------------------------------------------------------- |
128 | @node Create @code{gnunet} user and group | 138 | @node Create user and groups for the GNUnet services |
129 | @section Create @code{gnunet} user and group | 139 | @section Create user and groups for the GNUnet services |
130 | The GNUnet services should be run as a dedicated user called | ||
131 | @code{gnunet}. For using them a user should be in the same group as | ||
132 | this system user. | ||
133 | 140 | ||
134 | Create user @code{gnunet} who is member of the group @code{gnunet} and | 141 | @cartouche{If only user services shall be used this section can be skipped}. |
135 | specify a home directory where the GNUnet services will store | 142 | |
136 | persistant data such as information about peers. | 143 | For using both user and system services, a dedicated user called @code{gnunet} |
144 | is needed. The system services will run as that user and the user services | ||
145 | will communicate with them over unix domain sockets. That's why the user | ||
146 | running GNUnet applications will need to be in the @code{gnunet} group. | ||
147 | In addition the group @code{gnunetdns} may be needed (see below). | ||
148 | |||
149 | Create user @code{gnunet} who is member of the group @code{gnunet} | ||
150 | (automatically created) and specify a home directory where the GNUnet | ||
151 | services will store persistant data such as information about peers. | ||
137 | @example | 152 | @example |
138 | $ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet | 153 | $ sudo useradd --system --home-dir /var/lib/gnunet --create-home gnunet |
139 | @end example | 154 | @end example |
140 | 155 | ||
141 | Now add your own user to the @code{gnunet} group. | 156 | Now add your own user to the @code{gnunet} group. |
157 | |||
142 | @example | 158 | @example |
143 | $ sudo adduser alice gnunet | 159 | $ sudo usermod -aG gnunet alice |
160 | @end example | ||
161 | |||
162 | Create a group @code{gnunetdns}. This allows using @code{setgid} in a way | ||
163 | that only the DNS service can run the @code{gnunet-helper-dns} binary. This | ||
164 | is only needed if @emph{system-wide DNS interception} will be used. For more | ||
165 | information see @xref{Configuring system-wide DNS interception}. | ||
166 | |||
167 | @example | ||
168 | $ sudo groupadd gnunetdns | ||
144 | @end example | 169 | @end example |
145 | 170 | ||
146 | @c ----------------------------------------------------------------------- | 171 | @c ----------------------------------------------------------------------- |
@@ -190,13 +215,19 @@ $ make -j5 | |||
190 | @section Installation | 215 | @section Installation |
191 | The compiled binaries can be installed using @code{make install}. It | 216 | The compiled binaries can be installed using @code{make install}. It |
192 | needs to be run as root (or with sudo) because some binaries need the | 217 | needs to be run as root (or with sudo) because some binaries need the |
193 | @code{suid} bit set. Without that some GNUnet subsystems (such as VPN) | 218 | @code{suid} bit set. Without that some features (e.g. the VPN service, |
194 | will not work. | 219 | system-wide DNS interception, NAT traversal using ICMP) will not work. |
195 | 220 | ||
196 | @example | 221 | @example |
197 | $ sudo make install | 222 | $ sudo make install |
198 | @end example | 223 | @end example |
199 | 224 | ||
225 | @node Extra Installation step: NSS plugin | ||
226 | |||
227 | @cartouche{The installation of the NSS plugin can be skipped if GNS | ||
228 | resolution shall be used with legacy applications (that only | ||
229 | support DNS).} | ||
230 | |||
200 | One important library is the GNS plugin for NSS (the name services | 231 | One important library is the GNS plugin for NSS (the name services |
201 | switch) which allows using GNS (the GNU name system) in the normal DNS | 232 | switch) which allows using GNS (the GNU name system) in the normal DNS |
202 | resolution process. Unfortunately NSS expects it in a specific | 233 | resolution process. Unfortunately NSS expects it in a specific |
@@ -234,29 +265,32 @@ The exact details may differ a bit, which is fine. Add the text | |||
234 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 | 265 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 |
235 | @end example | 266 | @end example |
236 | 267 | ||
237 | Optionally, if GNS shall be used with a browser, execute the GNS | 268 | @node Extra installation step: installing the GNS Certificate Authority |
238 | CA-setup script. It will isetup the GNS Certificate Authority with the | 269 | @subsection Extra installation step: installing the GNS Certificate Authority |
239 | user's browser. | 270 | |
271 | @cartouche{Installing the GNS certificate authority is only necessary if GNS shall | ||
272 | be used in a browser.} | ||
273 | |||
274 | The GNS Certificate authority can provide TLS certificates for GNS names while | ||
275 | downloading webpages from legacy webservers. This allows browsers to use HTTPS | ||
276 | in combinations with GNS name resolution. | ||
277 | |||
278 | To install it execute the GNS CA-setup script. So far Firefox and Chromium are | ||
279 | supported. | ||
280 | |||
240 | @example | 281 | @example |
241 | $ gnunet-gns-proxy-setup-ca | 282 | $ gnunet-gns-proxy-setup-ca |
242 | @end example | 283 | @end example |
243 | 284 | ||
244 | Finally install a configuration file in | 285 | A local proxy server, that takes care of the name resolution and provides |
245 | @code{~/.config/gnunet.conf}. Below you find an example config which | 286 | certificates on-the-fly needs to be started: |
246 | allows you to start GNUnet. | ||
247 | 287 | ||
248 | @example | 288 | @example |
249 | [arm] | 289 | $ /usr/lib/gnunet/libexec/gnunet-gns-proxy |
250 | SYSTEM_ONLY = NO | ||
251 | USER_ONLY = NO | ||
252 | |||
253 | [transport] | ||
254 | PLUGINS = tcp | ||
255 | @end example | 290 | @end example |
256 | 291 | ||
257 | 292 | Now GNS should work in browsers that are configured to use a SOCKS proxy on | |
258 | 293 | @code{localhost:7777}. | |
259 | |||
260 | 294 | ||
261 | 295 | ||
262 | @node Checking the Installation | 296 | @node Checking the Installation |