7 files changed, 127 insertions, 82 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index d070f7220..d53315052 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -2,6 +2,7 @@
 # 
 JAILOR=${SUDO_USER:?must run in sudo}
+PREFIX=${PPID:?must run from a parent process}
 # running with `sudo` is required to be
 # able running the actual commands as the
@@ -9,6 +10,22 @@ JAILOR=${SUDO_USER:?must run in sudo}
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+export RESULT=
+export NAMESPACE_NUM=0
+export INTERFACE_NUM=0
+netjail_next_namespace() {
+        local NUM=$NAMESPACE_NUM
+        NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
+        RESULT=$NUM
+}
+netjail_next_interface() {
+        local NUM=$INTERFACE_NUM
+        INTERFACE_NUM=$(($INTERFACE_NUM + 1))
+        RESULT=$NUM
+}
 netjail_opt() {
        local OPT=$1
        shift 1
@@ -17,7 +34,7 @@ netjail_opt() {
        while [ $# -gt 0 ]; do
                if [ "$1" = "$OPT" ]; then
-                        printf "%d" $INDEX
+                        RESULT=$INDEX
                        return
                fi
@@ -25,7 +42,7 @@ netjail_opt() {
                shift 1
        done
-        printf "%d" 0
+        RESULT=0
 }
 netjail_opts() {
@@ -42,7 +59,7 @@ netjail_opts() {
                shift 1
        done
        
-        printf "$DEF"
+        RESULT="$DEF"
 }
 netjail_check() {
@@ -73,15 +90,15 @@ netjail_check_bin() {
        fi
 }
-netjail_print_name() {
-        printf "%s%02x%02x" $1 $2 ${3:-0}
-}
 netjail_bridge() {
-        local BRIDGE=$1
+        netjail_next_interface
+        local NUM=$RESULT
+        local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
        ip link add $BRIDGE type bridge
        ip link set dev $BRIDGE up
+        
+        RESULT=$BRIDGE
 }
 netjail_bridge_clear() {
@@ -91,9 +108,13 @@ netjail_bridge_clear() {
 }
 netjail_node() {
-        local NODE=$1
+        netjail_next_namespace
+        local NUM=$RESULT
+        local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
        ip netns add $NODE
+        
+        RESULT=$NODE
 }
 netjail_node_clear() {
@@ -108,8 +129,13 @@ netjail_node_link_bridge() {
        local ADDRESS=$3
        local MASK=$4
        
-        local LINK_IF="$NODE-$BRIDGE-0"
+        netjail_next_interface
-        local LINK_BR="$NODE-$BRIDGE-1"
+        local NUM_IF=$RESULT
+        netjail_next_interface
+        local NUM_BR=$RESULT
+        
+        local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
+        local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
        ip link add $LINK_IF type veth peer name $LINK_BR
        ip link set $LINK_IF netns $NODE
@@ -120,13 +146,12 @@ netjail_node_link_bridge() {
        ip -n $NODE link set up dev lo
        ip link set $LINK_BR up
+        
+        RESULT=$LINK_BR
 }
 netjail_node_unlink_bridge() {
-        local NODE=$1
+        local LINK_BR=$1
-        local BRIDGE=$2
-        
-        local LINK_BR="$NODE-$BRIDGE-1"
        ip link delete $LINK_BR
 }
@@ -152,7 +177,7 @@ netjail_node_exec() {
        local FD_OUT=$3
        shift 3
-        unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
+        ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
 }
 netjail_kill() {
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
index 6ae047274..e3880783f 100755
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
 . "./netjail_core.sh"
 set -eu
@@ -6,6 +7,7 @@ set -x
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+PREFIX=$PPID
 LOCAL_M=$1
 GLOBAL_N=$2
@@ -14,11 +16,14 @@ shift 2
 netjail_check $(($LOCAL_M * $GLOBAL_N))
 # Starts optionally an amount of nodes without NAT starting with "92.68.151.1"
-KNOWN=$(netjail_opt '--known' $@)
+netjail_opt '--known' $@
-KNOWN_NUM=$(netjail_opts '--known' 0 $@)
+KNOWN=$RESULT
+netjail_opts '--known' 0 $@
+KNOWN_NUM=$RESULT
 # Starts optionally 'stunserver' on "92.68.150.254":
-STUN=$(netjail_opt '--stun' $@)
+netjail_opt '--stun' $@
+STUN=$RESULT
 if [ $KNOWN -gt 0 ]; then
        shift 2
@@ -32,8 +37,6 @@ if [ $STUN -gt 0 ]; then
        netjail_check_bin stunserver
        
        shift 1
-        
-        STUN_NODE=$(netjail_print_name "S" 254)
 fi
 netjail_check_bin $1
@@ -45,43 +48,42 @@ KNOWN_GROUP="92.68.151"
 CLEANUP=0
 echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"
-NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
+netjail_bridge
+NETWORK_NET=$RESULT
-netjail_bridge $NETWORK_NET
 for X in $(seq $KNOWN); do
-        KNOWN_NODE=$(netjail_print_name "K" $X)
+        netjail_node
+        KNOWN_NODES[$X]=$RESULT
-        netjail_node $KNOWN_NODE
+        netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
-        netjail_node_link_bridge $KNOWN_NODE $NETWORK_NET "$KNOWN_GROUP.$X" 16
+        KNOWN_LINKS[$X]=$RESULT
 done
-for N in $(seq $GLOBAL_N); do
+declare -A NODES
-        ROUTER=$(netjail_print_name "R" $N)
+declare -A NODE_LINKS
-        netjail_node $ROUTER 
-        netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 16
-        ROUTER_NET=$(netjail_print_name "r" $N)
+for N in $(seq $GLOBAL_N); do
+        netjail_node
-        netjail_bridge $ROUTER_NET
+        ROUTERS[$N]=$RESULT
+        netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
+        NETWORK_LINKS[$N]=$RESULT
+        netjail_bridge
+        ROUTER_NETS[$N]=$RESULT
        
        for M in $(seq $LOCAL_M); do
-                NODE=$(netjail_print_name "N" $N $M)
+                netjail_node
+                NODES[$N,$M]=$RESULT
-                netjail_node $NODE
+                netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
-                netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24
+                NODE_LINKS[$N,$M]=$RESULT
        done
        ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
+        netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
-        netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24
+        ROUTER_LINKS[$N]=$RESULT
-        netjail_node_add_nat $ROUTER $ROUTER_ADDR 24
+        
+        netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
        
        for M in $(seq $LOCAL_M); do
-                NODE=$(netjail_print_name "N" $N $M)
+                netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
-                
-                netjail_node_add_default $NODE $ROUTER_ADDR
        done
 done
@@ -89,67 +91,58 @@ WAITING=""
 KILLING=""
 if [ $STUN -gt 0 ]; then
-        netjail_node $STUN_NODE
+        netjail_node
+        STUN_NODE=$RESULT
        netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16
+        STUN_LINK=$RESULT
        netjail_node_exec $STUN_NODE 0 1 stunserver &
        KILLING="$!"
 fi
 for X in $(seq $KNOWN); do
-        KNOWN_NODE=$(netjail_print_name "K" $X)
        INDEX=$(($X - 1))
-        
        FD_X=$(($INDEX * 2 + 3 + 0))
        FD_Y=$(($INDEX * 2 + 3 + 1))
-        netjail_node_exec $KNOWN_NODE $FD_X $FD_Y $@ &
+        netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ &
        WAITING="$! $WAITING"
 done
 for N in $(seq $GLOBAL_N); do
        for M in $(seq $LOCAL_M); do
-                NODE=$(netjail_print_name "N" $N $M)
                INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))
+                
                FD_X=$(($INDEX * 2 + 3 + 0))
                FD_Y=$(($INDEX * 2 + 3 + 1))
-                netjail_node_exec $NODE $FD_X $FD_Y $@ &
+                netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ &
                WAITING="$! $WAITING"
        done
 done
 cleanup() {
        if [ $STUN -gt 0 ]; then
-                STUN_NODE=$(netjail_print_name "S" 254)
+                netjail_node_unlink_bridge $STUN_LINK
-                netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
                netjail_node_clear $STUN_NODE
        fi
        for X in $(seq $KNOWN); do
-                KNOWN_NODE=$(netjail_print_name "K" $X)
+                netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
-                
+                netjail_node_clear ${KNOWN_NODES[$X]}
-                netjail_node_unlink_bridge $KNOWN_NODE $NETWORK_NET
-                netjail_node_clear $KNOWN_NODE
        done
        for N in $(seq $GLOBAL_N); do
-                ROUTER_NET=$(netjail_print_name "r" $N)
                for M in $(seq $LOCAL_M); do
-                        NODE=$(netjail_print_name "N" $N $M)
+                        netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
+                        netjail_node_clear ${NODES[$N,$M]}
-                        netjail_node_unlink_bridge $NODE $ROUTER_NET
-                        netjail_node_clear $NODE
                done
-                ROUTER=$(netjail_print_name "R" $N)
+                netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
-                
+                netjail_bridge_clear ${ROUTER_NETS[$N]}
-                netjail_bridge_clear $ROUTER_NET
+                netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
-                netjail_node_unlink_bridge $ROUTER $NETWORK_NET
+                netjail_node_clear ${ROUTERS[$N]}
-                netjail_node_clear $ROUTER
        done
        netjail_bridge_clear $NETWORK_NET
@@ -162,7 +155,7 @@ trapped_cleanup() {
        cleanup
 }
-trap 'trapped_cleanup' 2
+trap 'trapped_cleanup' ERR
 netjail_waitall $WAITING
 netjail_killall $KILLING
diff --git a/contrib/services/systemd/Makefile.am b/contrib/services/systemd/Makefile.am
index 39a6f2a81..ec2ff7704 100644
--- a/contrib/services/systemd/Makefile.am
+++ b/contrib/services/systemd/Makefile.am
@@ -1,7 +1,10 @@
 pkginitdir= $(pkgdatadir)/services/systemd
 pkginit_DATA = \
-  gnunet.service
+  gnunet.service \
+  gnunet-user.service \
+  sysusers-gnunet.conf \
+  tmpfiles-gnunet.conf
 EXTRA_DIST = \
  $(pkginit_DATA)
diff --git a/contrib/services/systemd/gnunet-user.service b/contrib/services/systemd/gnunet-user.service
new file mode 100644
index 000000000..c9d3be0ad
--- /dev/null
+++ b/contrib/services/systemd/gnunet-user.service
@@ -0,0 +1,11 @@
+# Typically to be place into /usr/lib/systemd/user/gnunet.service
+[Unit]
+Description=GNUnet user service
+After=network.target
+[Service]
+Type=simple
+ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c ~/.config/gnunet.conf
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/services/systemd/gnunet.service b/contrib/services/systemd/gnunet.service
index 1c458cea6..daa38a046 100644
--- a/contrib/services/systemd/gnunet.service
+++ b/contrib/services/systemd/gnunet.service
@@ -1,15 +1,14 @@
-# Copyright (C) 2019 GNUnet e.V.
+# Typically placed into /usr/lib/systemd/system/gnunet.service
-#
-# Copying and distribution of this file, with or without modification,
-# are permitted in any medium without royalty provided the copyright
-# notice and this notice are preserved.  This file is offered as-is,
-# without any warranty.
 [Unit]
-Description=Service that runs a GNUnet for the user gnunet
+Description=GNUnet system service
 After=network.target
 [Service]
-User=gnunet
 Type=simple
+User=gnunet
 ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
+StateDirectory=gnunet
+StateDirectoryMode=0700
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/services/systemd/sysusers-gnunet.conf b/contrib/services/systemd/sysusers-gnunet.conf
new file mode 100644
index 000000000..b7b8abeed
--- /dev/null
+++ b/contrib/services/systemd/sysusers-gnunet.conf
@@ -0,0 +1,4 @@
+# Typically placed into /usr/lib/sysusers.d/gnunet.conf
+g gnunet -
+u gnunet - "GNUnet system account" /var/lib/gnunet
+g gnunetdns -
diff --git a/contrib/services/systemd/tmpfiles-gnunet.conf b/contrib/services/systemd/tmpfiles-gnunet.conf
new file mode 100644
index 000000000..ffffa3284
--- /dev/null
+++ b/contrib/services/systemd/tmpfiles-gnunet.conf
@@ -0,0 +1,10 @@
+# Typically placed into /usr/lib/tmpfiles.d/gnunet.conf
+d /var/lib/gnunet 0700 gnunet gnunet - -
+z /usr/lib/gnunet/gnunet-helper-dns 4750 root gnunetdns - -
+z /usr/lib/gnunet/gnunet-service-dns 2750 gnunet gnunetdns - -
+z /usr/lib/gnunet/libexec/gnunet-helper-vpn 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-transport-wlan 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-transport-bluetooth 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-exit 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-nat-server 4750 root root - -
+z /usr/lib/gnunet/libexec/gnunet-helper-nat-client 4750 root root - -

diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh index d070f7220..d53315052 100755 --- a/contrib/scripts/netjail/netjail_core.sh +++ b/contrib/scripts/netjail/netjail_core.sh
@@ -2,6 +2,7 @@
2	#	2	#
3		3
4	JAILOR=${SUDO_USER:?must run in sudo}	4	JAILOR=${SUDO_USER:?must run in sudo}
		5	PREFIX=${PPID:?must run from a parent process}
5		6
6	# running with `sudo` is required to be	7	# running with `sudo` is required to be
7	# able running the actual commands as the	8	# able running the actual commands as the
@@ -9,6 +10,22 @@ JAILOR=${SUDO_USER:?must run in sudo}
9		10
10	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"	11	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11		12
		13	export RESULT=
		14	export NAMESPACE_NUM=0
		15	export INTERFACE_NUM=0
		16
		17	netjail_next_namespace() {
		18	local NUM=$NAMESPACE_NUM
		19	NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
		20	RESULT=$NUM
		21	}
		22
		23	netjail_next_interface() {
		24	local NUM=$INTERFACE_NUM
		25	INTERFACE_NUM=$(($INTERFACE_NUM + 1))
		26	RESULT=$NUM
		27	}
		28
12	netjail_opt() {	29	netjail_opt() {
13	local OPT=$1	30	local OPT=$1
14	shift 1	31	shift 1
@@ -17,7 +34,7 @@ netjail_opt() {
17		34
18	while [ $# -gt 0 ]; do	35	while [ $# -gt 0 ]; do
19	if [ "$1" = "$OPT" ]; then	36	if [ "$1" = "$OPT" ]; then
20	printf "%d" $INDEX	37	RESULT=$INDEX
21	return	38	return
22	fi	39	fi
23		40
@@ -25,7 +42,7 @@ netjail_opt() {
25	shift 1	42	shift 1
26	done	43	done
27		44
28	printf "%d" 0	45	RESULT=0
29	}	46	}
30		47
31	netjail_opts() {	48	netjail_opts() {
@@ -42,7 +59,7 @@ netjail_opts() {
42	shift 1	59	shift 1
43	done	60	done
44		61
45	printf "$DEF"	62	RESULT="$DEF"
46	}	63	}
47		64
48	netjail_check() {	65	netjail_check() {
@@ -73,15 +90,15 @@ netjail_check_bin() {
73	fi	90	fi
74	}	91	}
75		92
76	netjail_print_name() {
77	printf "%s%02x%02x" $1 $2 ${3:-0}
78	}
79
80	netjail_bridge() {	93	netjail_bridge() {
81	local BRIDGE=$1	94	netjail_next_interface
		95	local NUM=$RESULT
		96	local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
82		97
83	ip link add $BRIDGE type bridge	98	ip link add $BRIDGE type bridge
84	ip link set dev $BRIDGE up	99	ip link set dev $BRIDGE up
		100
		101	RESULT=$BRIDGE
85	}	102	}
86		103
87	netjail_bridge_clear() {	104	netjail_bridge_clear() {
@@ -91,9 +108,13 @@ netjail_bridge_clear() {
91	}	108	}
92		109
93	netjail_node() {	110	netjail_node() {
94	local NODE=$1	111	netjail_next_namespace
		112	local NUM=$RESULT
		113	local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
95		114
96	ip netns add $NODE	115	ip netns add $NODE
		116
		117	RESULT=$NODE
97	}	118	}
98		119
99	netjail_node_clear() {	120	netjail_node_clear() {
@@ -108,8 +129,13 @@ netjail_node_link_bridge() {
108	local ADDRESS=$3	129	local ADDRESS=$3
109	local MASK=$4	130	local MASK=$4
110		131
111	local LINK_IF="$NODE-$BRIDGE-0"	132	netjail_next_interface
112	local LINK_BR="$NODE-$BRIDGE-1"	133	local NUM_IF=$RESULT
		134	netjail_next_interface
		135	local NUM_BR=$RESULT
		136
		137	local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
		138	local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
113		139
114	ip link add $LINK_IF type veth peer name $LINK_BR	140	ip link add $LINK_IF type veth peer name $LINK_BR
115	ip link set $LINK_IF netns $NODE	141	ip link set $LINK_IF netns $NODE
@@ -120,13 +146,12 @@ netjail_node_link_bridge() {
120	ip -n $NODE link set up dev lo	146	ip -n $NODE link set up dev lo
121		147
122	ip link set $LINK_BR up	148	ip link set $LINK_BR up
		149
		150	RESULT=$LINK_BR
123	}	151	}
124		152
125	netjail_node_unlink_bridge() {	153	netjail_node_unlink_bridge() {
126	local NODE=$1	154	local LINK_BR=$1
127	local BRIDGE=$2
128
129	local LINK_BR="$NODE-$BRIDGE-1"
130		155
131	ip link delete $LINK_BR	156	ip link delete $LINK_BR
132	}	157	}
@@ -152,7 +177,7 @@ netjail_node_exec() {
152	local FD_OUT=$3	177	local FD_OUT=$3
153	shift 3	178	shift 3
154		179
155	unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN	180	ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
156	}	181	}
157		182
158	netjail_kill() {	183	netjail_kill() {


diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh index 6ae047274..e3880783f 100755 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -1,4 +1,5 @@
1	#!/bin/sh	1	#!/bin/sh
		2
2	. "./netjail_core.sh"	3	. "./netjail_core.sh"
3		4
4	set -eu	5	set -eu
@@ -6,6 +7,7 @@ set -x
6		7
7	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"	8	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
8		9
		10	PREFIX=$PPID
9	LOCAL_M=$1	11	LOCAL_M=$1
10	GLOBAL_N=$2	12	GLOBAL_N=$2
11		13
@@ -14,11 +16,14 @@ shift 2
14	netjail_check $(($LOCAL_M * $GLOBAL_N))	16	netjail_check $(($LOCAL_M * $GLOBAL_N))
15		17
16	# Starts optionally an amount of nodes without NAT starting with "92.68.151.1"	18	# Starts optionally an amount of nodes without NAT starting with "92.68.151.1"
17	KNOWN=$(netjail_opt '--known' $@)	19	netjail_opt '--known' $@
18	KNOWN_NUM=$(netjail_opts '--known' 0 $@)	20	KNOWN=$RESULT
		21	netjail_opts '--known' 0 $@
		22	KNOWN_NUM=$RESULT
19		23
20	# Starts optionally 'stunserver' on "92.68.150.254":	24	# Starts optionally 'stunserver' on "92.68.150.254":
21	STUN=$(netjail_opt '--stun' $@)	25	netjail_opt '--stun' $@
		26	STUN=$RESULT
22		27
23	if [ $KNOWN -gt 0 ]; then	28	if [ $KNOWN -gt 0 ]; then
24	shift 2	29	shift 2
@@ -32,8 +37,6 @@ if [ $STUN -gt 0 ]; then
32	netjail_check_bin stunserver	37	netjail_check_bin stunserver
33		38
34	shift 1	39	shift 1
35
36	STUN_NODE=$(netjail_print_name "S" 254)
37	fi	40	fi
38		41
39	netjail_check_bin $1	42	netjail_check_bin $1
@@ -45,43 +48,42 @@ KNOWN_GROUP="92.68.151"
45	CLEANUP=0	48	CLEANUP=0
46	echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"	49	echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"
47		50
48	NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)	51	netjail_bridge
49		52	NETWORK_NET=$RESULT
50	netjail_bridge $NETWORK_NET
51		53
52	for X in $(seq $KNOWN); do	54	for X in $(seq $KNOWN); do
53	KNOWN_NODE=$(netjail_print_name "K" $X)	55	netjail_node
54		56	KNOWN_NODES[$X]=$RESULT
55	netjail_node $KNOWN_NODE	57	netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
56	netjail_node_link_bridge $KNOWN_NODE $NETWORK_NET "$KNOWN_GROUP.$X" 16	58	KNOWN_LINKS[$X]=$RESULT
57	done	59	done
58		60
59	for N in $(seq $GLOBAL_N); do	61	declare -A NODES
60	ROUTER=$(netjail_print_name "R" $N)	62	declare -A NODE_LINKS
61
62	netjail_node $ROUTER
63	netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 16
64		63
65	ROUTER_NET=$(netjail_print_name "r" $N)	64	for N in $(seq $GLOBAL_N); do
66		65	netjail_node
67	netjail_bridge $ROUTER_NET	66	ROUTERS[$N]=$RESULT
		67	netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
		68	NETWORK_LINKS[$N]=$RESULT
		69	netjail_bridge
		70	ROUTER_NETS[$N]=$RESULT
68		71
69	for M in $(seq $LOCAL_M); do	72	for M in $(seq $LOCAL_M); do
70	NODE=$(netjail_print_name "N" $N $M)	73	netjail_node
71		74	NODES[$N,$M]=$RESULT
72	netjail_node $NODE	75	netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
73	netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24	76	NODE_LINKS[$N,$M]=$RESULT
74	done	77	done
75		78
76	ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"	79	ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
77		80	netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
78	netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24	81	ROUTER_LINKS[$N]=$RESULT
79	netjail_node_add_nat $ROUTER $ROUTER_ADDR 24	82
		83	netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
80		84
81	for M in $(seq $LOCAL_M); do	85	for M in $(seq $LOCAL_M); do
82	NODE=$(netjail_print_name "N" $N $M)	86	netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
83
84	netjail_node_add_default $NODE $ROUTER_ADDR
85	done	87	done
86	done	88	done
87		89
@@ -89,67 +91,58 @@ WAITING=""
89	KILLING=""	91	KILLING=""
90		92
91	if [ $STUN -gt 0 ]; then	93	if [ $STUN -gt 0 ]; then
92	netjail_node $STUN_NODE	94	netjail_node
		95	STUN_NODE=$RESULT
93	netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16	96	netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16
		97	STUN_LINK=$RESULT
94		98
95	netjail_node_exec $STUN_NODE 0 1 stunserver &	99	netjail_node_exec $STUN_NODE 0 1 stunserver &
96	KILLING="$!"	100	KILLING="$!"
97	fi	101	fi
98		102
99	for X in $(seq $KNOWN); do	103	for X in $(seq $KNOWN); do
100	KNOWN_NODE=$(netjail_print_name "K" $X)
101	INDEX=$(($X - 1))	104	INDEX=$(($X - 1))
102		105
103	FD_X=$(($INDEX * 2 + 3 + 0))	106	FD_X=$(($INDEX * 2 + 3 + 0))
104	FD_Y=$(($INDEX * 2 + 3 + 1))	107	FD_Y=$(($INDEX * 2 + 3 + 1))
105		108
106	netjail_node_exec $KNOWN_NODE $FD_X $FD_Y $@ &	109	netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ &
107	WAITING="$! $WAITING"	110	WAITING="$! $WAITING"
108	done	111	done
109		112
110	for N in $(seq $GLOBAL_N); do	113	for N in $(seq $GLOBAL_N); do
111	for M in $(seq $LOCAL_M); do	114	for M in $(seq $LOCAL_M); do
112	NODE=$(netjail_print_name "N" $N $M)
113	INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))	115	INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))
114		116
115	FD_X=$(($INDEX * 2 + 3 + 0))	117	FD_X=$(($INDEX * 2 + 3 + 0))
116	FD_Y=$(($INDEX * 2 + 3 + 1))	118	FD_Y=$(($INDEX * 2 + 3 + 1))
117		119
118	netjail_node_exec $NODE $FD_X $FD_Y $@ &	120	netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ &
119	WAITING="$! $WAITING"	121	WAITING="$! $WAITING"
120	done	122	done
121	done	123	done
122		124
123	cleanup() {	125	cleanup() {
124	if [ $STUN -gt 0 ]; then	126	if [ $STUN -gt 0 ]; then
125	STUN_NODE=$(netjail_print_name "S" 254)	127	netjail_node_unlink_bridge $STUN_LINK
126
127	netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
128	netjail_node_clear $STUN_NODE	128	netjail_node_clear $STUN_NODE
129	fi	129	fi
130		130
131	for X in $(seq $KNOWN); do	131	for X in $(seq $KNOWN); do
132	KNOWN_NODE=$(netjail_print_name "K" $X)	132	netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
133		133	netjail_node_clear ${KNOWN_NODES[$X]}
134	netjail_node_unlink_bridge $KNOWN_NODE $NETWORK_NET
135	netjail_node_clear $KNOWN_NODE
136	done	134	done
137		135
138	for N in $(seq $GLOBAL_N); do	136	for N in $(seq $GLOBAL_N); do
139	ROUTER_NET=$(netjail_print_name "r" $N)
140
141	for M in $(seq $LOCAL_M); do	137	for M in $(seq $LOCAL_M); do
142	NODE=$(netjail_print_name "N" $N $M)	138	netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
143		139	netjail_node_clear ${NODES[$N,$M]}
144	netjail_node_unlink_bridge $NODE $ROUTER_NET
145	netjail_node_clear $NODE
146	done	140	done
147		141
148	ROUTER=$(netjail_print_name "R" $N)	142	netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
149		143	netjail_bridge_clear ${ROUTER_NETS[$N]}
150	netjail_bridge_clear $ROUTER_NET	144	netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
151	netjail_node_unlink_bridge $ROUTER $NETWORK_NET	145	netjail_node_clear ${ROUTERS[$N]}
152	netjail_node_clear $ROUTER
153	done	146	done
154		147
155	netjail_bridge_clear $NETWORK_NET	148	netjail_bridge_clear $NETWORK_NET
@@ -162,7 +155,7 @@ trapped_cleanup() {
162	cleanup	155	cleanup
163	}	156	}
164		157
165	trap 'trapped_cleanup' 2	158	trap 'trapped_cleanup' ERR
166		159
167	netjail_waitall $WAITING	160	netjail_waitall $WAITING
168	netjail_killall $KILLING	161	netjail_killall $KILLING


diff --git a/contrib/services/systemd/Makefile.am b/contrib/services/systemd/Makefile.am index 39a6f2a81..ec2ff7704 100644 --- a/contrib/services/systemd/Makefile.am +++ b/contrib/services/systemd/Makefile.am
@@ -1,7 +1,10 @@
1	pkginitdir= $(pkgdatadir)/services/systemd	1	pkginitdir= $(pkgdatadir)/services/systemd
2		2
3	pkginit_DATA = \	3	pkginit_DATA = \
4	gnunet.service	4	gnunet.service \
		5	gnunet-user.service \
		6	sysusers-gnunet.conf \
		7	tmpfiles-gnunet.conf
5		8
6	EXTRA_DIST = \	9	EXTRA_DIST = \
7	$(pkginit_DATA)	10	$(pkginit_DATA)


diff --git a/contrib/services/systemd/gnunet-user.service b/contrib/services/systemd/gnunet-user.service new file mode 100644 index 000000000..c9d3be0ad --- /dev/null +++ b/contrib/services/systemd/gnunet-user.service
@@ -0,0 +1,11 @@
		1	# Typically to be place into /usr/lib/systemd/user/gnunet.service
		2	[Unit]
		3	Description=GNUnet user service
		4	After=network.target
		5
		6	[Service]
		7	Type=simple
		8	ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c ~/.config/gnunet.conf
		9
		10	[Install]
		11	WantedBy=multi-user.target


diff --git a/contrib/services/systemd/gnunet.service b/contrib/services/systemd/gnunet.service index 1c458cea6..daa38a046 100644 --- a/contrib/services/systemd/gnunet.service +++ b/contrib/services/systemd/gnunet.service
@@ -1,15 +1,14 @@
1	# Copyright (C) 2019 GNUnet e.V.	1	# Typically placed into /usr/lib/systemd/system/gnunet.service
2	#
3	# Copying and distribution of this file, with or without modification,
4	# are permitted in any medium without royalty provided the copyright
5	# notice and this notice are preserved. This file is offered as-is,
6	# without any warranty.
7
8	[Unit]	2	[Unit]
9	Description=Service that runs a GNUnet for the user gnunet	3	Description=GNUnet system service
10	After=network.target	4	After=network.target
11		5
12	[Service]	6	[Service]
13	User=gnunet
14	Type=simple	7	Type=simple
		8	User=gnunet
15	ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf	9	ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
		10	StateDirectory=gnunet
		11	StateDirectoryMode=0700
		12
		13	[Install]
		14	WantedBy=multi-user.target


diff --git a/contrib/services/systemd/sysusers-gnunet.conf b/contrib/services/systemd/sysusers-gnunet.conf new file mode 100644 index 000000000..b7b8abeed --- /dev/null +++ b/contrib/services/systemd/sysusers-gnunet.conf
@@ -0,0 +1,4 @@
		1	# Typically placed into /usr/lib/sysusers.d/gnunet.conf
		2	g gnunet -
		3	u gnunet - "GNUnet system account" /var/lib/gnunet
		4	g gnunetdns -


diff --git a/contrib/services/systemd/tmpfiles-gnunet.conf b/contrib/services/systemd/tmpfiles-gnunet.conf new file mode 100644 index 000000000..ffffa3284 --- /dev/null +++ b/contrib/services/systemd/tmpfiles-gnunet.conf
@@ -0,0 +1,10 @@
		1	# Typically placed into /usr/lib/tmpfiles.d/gnunet.conf
		2	d /var/lib/gnunet 0700 gnunet gnunet - -
		3	z /usr/lib/gnunet/gnunet-helper-dns 4750 root gnunetdns - -
		4	z /usr/lib/gnunet/gnunet-service-dns 2750 gnunet gnunetdns - -
		5	z /usr/lib/gnunet/libexec/gnunet-helper-vpn 4750 root root - -
		6	z /usr/lib/gnunet/libexec/gnunet-helper-transport-wlan 4750 root root - -
		7	z /usr/lib/gnunet/libexec/gnunet-helper-transport-bluetooth 4750 root root - -
		8	z /usr/lib/gnunet/libexec/gnunet-helper-exit 4750 root root - -
		9	z /usr/lib/gnunet/libexec/gnunet-helper-nat-server 4750 root root - -
		10	z /usr/lib/gnunet/libexec/gnunet-helper-nat-client 4750 root root - -