diff options
Diffstat (limited to 'doc/chapters/installation.texi')
-rw-r--r-- | doc/chapters/installation.texi | 4205 |
1 files changed, 4205 insertions, 0 deletions
diff --git a/doc/chapters/installation.texi b/doc/chapters/installation.texi new file mode 100644 index 000000000..ea949cdc0 --- /dev/null +++ b/doc/chapters/installation.texi | |||
@@ -0,0 +1,4205 @@ | |||
1 | @node GNUnet Installation Handbook | ||
2 | @chapter GNUnet Installation Handbook | ||
3 | |||
4 | This handbook describes how to install (build setup, compilation) and setup | ||
5 | (configuration, start) GNUnet 0.10.x. After following these instructions you | ||
6 | should be able to install and then start user-interfaces to interact with the | ||
7 | network. | ||
8 | |||
9 | This manual is far from complete, and we welcome informed contributions, be it | ||
10 | in the form of new chapters or insightful comments. | ||
11 | |||
12 | |||
13 | |||
14 | @menu | ||
15 | * Dependencies:: | ||
16 | * Generic installation instructions:: | ||
17 | * Build instructions for Ubuntu 12.04 using Git:: | ||
18 | * Build Instructions for Microsoft Windows Platforms:: | ||
19 | * Build instructions for Debian 7.5:: | ||
20 | * Installing GNUnet from Git on Ubuntu 14.4:: | ||
21 | * Build instructions for Debian 8:: | ||
22 | * Outdated build instructions for previous revisions:: | ||
23 | * Portable GNUnet:: | ||
24 | * The grapical configuration interface:: | ||
25 | * How to start and stop a GNUnet peer:: | ||
26 | @end menu | ||
27 | |||
28 | @node Dependencies | ||
29 | @section Dependencies | ||
30 | @c %**end of header | ||
31 | |||
32 | This document lists the various known dependencies for GNUnet 0.10.x. | ||
33 | Suggestions for missing dependencies or wrong version numbers are welcome. | ||
34 | |||
35 | |||
36 | |||
37 | @menu | ||
38 | * External dependencies:: | ||
39 | * Fixing libgnurl build issues:: | ||
40 | * Internal dependencies:: | ||
41 | @end menu | ||
42 | |||
43 | @node External dependencies | ||
44 | @subsection External dependencies | ||
45 | @c %**end of header | ||
46 | |||
47 | These packages must be installed before a typical GNUnet installation | ||
48 | can be performed: | ||
49 | |||
50 | @table @asis | ||
51 | @item GNU libmicrohttpd | ||
52 | 0.9.30 or higher | ||
53 | @item GNU libextractor | ||
54 | 1.0 or higher | ||
55 | @item GNU libtool | ||
56 | 2.2 or higher | ||
57 | @item GNU libunistring | ||
58 | 0.9.1.1 or higher | ||
59 | @item GNU libidn | ||
60 | 1.0.0 or higher | ||
61 | @item @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, GNU libgcrypt} | ||
62 | @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2, 1.6.0} or | ||
63 | higher | ||
64 | @item GnuTLS | ||
65 | @uref{ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz, 3.2.7} or | ||
66 | higher, compile with libunbound for DANE support; GnuTLS also requires GNU | ||
67 | nettle 2.7 (update: GnuTLS 3.2.7 appears NOT to work against GNU nettle | ||
68 | > 2.7, due to some API updatings done by nettle. Thus it should be compiled | ||
69 | against nettle 2.7 and, in case you get some error on the reference to | ||
70 | `rpl_strerror' being undefined, follow the instructions on@ | ||
71 | @uref{http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html, this} | ||
72 | post (and the link inside it)). | ||
73 | @item libgnurl | ||
74 | 7.34.0 or higher (available from https://gnunet.org/gnurl), should be compiled | ||
75 | after @code{GnuTLS} | ||
76 | @item libglpk | ||
77 | 4.45 or higher | ||
78 | @item @uref{http://www.openssl.org/, OpenSSL} (binary) | ||
79 | 1.0 or higher | ||
80 | @item TeX Live | ||
81 | 2012 or higher, optional (for gnunet-bcd) | ||
82 | @item libpulse | ||
83 | 2.0 or higher, optional (for gnunet-conversation) | ||
84 | @item libopus | ||
85 | 1.0.1 or higher, optional (for gnunet-conversation) | ||
86 | @item libogg | ||
87 | 1.3.0 or higher, optional (for gnunet-conversation) | ||
88 | @item certool (binary) | ||
89 | optional for convenient installation of the GNS proxy | ||
90 | (available as part of Debian's libnss3-tools) | ||
91 | @item python-zbar | ||
92 | 0.10 or higher, optional (for gnunet-qr) | ||
93 | @item libsqlite | ||
94 | 3.8.0 or higher (note that the code will compile and often work with lower | ||
95 | version numbers, but you may get subtle bugs with respect to quota management | ||
96 | in certain rare cases); alternatively, MySQL or Postgres can also be installed, | ||
97 | but those databases will require more complex configurations (not recommended | ||
98 | for first-time users) | ||
99 | @item zlib | ||
100 | any version we tested worked | ||
101 | @item Gtk+ | ||
102 | 3.0 or higher, optional (for gnunet-gtk) | ||
103 | @item libgladeui | ||
104 | must match Gtk+ version, optional (for gnunet-gtk) | ||
105 | @item libqrencode | ||
106 | 3.0 or higher, optional (for gnunet-namestore-gtk) | ||
107 | @end table | ||
108 | |||
109 | |||
110 | @node Fixing libgnurl build issues | ||
111 | @subsection Fixing libgnurl build issues | ||
112 | |||
113 | If you have to compile libgnurl from source since the version included in your | ||
114 | distribution is to old you perhaps get an error message while running the | ||
115 | @code{configure} script: | ||
116 | |||
117 | @code{@ | ||
118 | $ configure@ | ||
119 | ...@ | ||
120 | checking for 64-bit curl_off_t data type... unknown@ | ||
121 | checking for 32-bit curl_off_t data type... unknown@ | ||
122 | checking for 16-bit curl_off_t data type... unknown@ | ||
123 | configure: error: cannot find data type for curl_off_t.@ | ||
124 | } | ||
125 | |||
126 | If you have to compile libgnurl from source since the version included in your | ||
127 | distribution is to old, you perhaps get an error message while running the | ||
128 | @code{configure} script: | ||
129 | |||
130 | @code{@ | ||
131 | $ configure@ | ||
132 | ...@ | ||
133 | checking for 64-bit curl_off_t data type... unknown@ | ||
134 | checking for 32-bit curl_off_t data type... unknown@ | ||
135 | checking for 16-bit curl_off_t data type... unknown@ | ||
136 | configure: error: cannot find data type for curl_off_t.@ | ||
137 | } | ||
138 | |||
139 | Solution: | ||
140 | |||
141 | Before running the configure script, set: | ||
142 | |||
143 | @code{CFLAGS="-I. -I$BUILD_ROOT/include" } | ||
144 | |||
145 | |||
146 | |||
147 | @node Internal dependencies | ||
148 | @subsection Internal dependencies | ||
149 | |||
150 | This section tries to give an overview of what processes a typical GNUnet peer | ||
151 | running a particular application would consist of. All of the processes listed | ||
152 | here should be automatically started by @code{gnunet-arm -s}. The list is given | ||
153 | as a rough first guide to users for failure diagnostics. Ideally, end-users | ||
154 | should never have to worry about these internal dependencies. | ||
155 | |||
156 | In terms of internal dependencies, a minimum file-sharing system consists of | ||
157 | the following GNUnet processes (in order of dependency): | ||
158 | |||
159 | @itemize @bullet | ||
160 | @item | ||
161 | gnunet-service-arm | ||
162 | @item | ||
163 | gnunet-service-resolver (required by all) | ||
164 | @item | ||
165 | gnunet-service-statistics (required by all) | ||
166 | @item | ||
167 | gnunet-service-peerinfo | ||
168 | @item | ||
169 | gnunet-service-transport (requires peerinfo) | ||
170 | @item | ||
171 | gnunet-service-core (requires transport) | ||
172 | @item | ||
173 | gnunet-daemon-hostlist (requires core) | ||
174 | @item | ||
175 | gnunet-daemon-topology (requires hostlist, peerinfo) | ||
176 | @item | ||
177 | gnunet-service-datastore | ||
178 | @item | ||
179 | gnunet-service-dht (requires core) | ||
180 | @item | ||
181 | gnunet-service-identity | ||
182 | @item | ||
183 | gnunet-service-fs (requires identity, mesh, dht, datastore, core) | ||
184 | @end itemize | ||
185 | |||
186 | |||
187 | A minimum VPN system consists of the following GNUnet processes (in order of | ||
188 | dependency): | ||
189 | |||
190 | @itemize @bullet | ||
191 | @item | ||
192 | gnunet-service-arm | ||
193 | |||
194 | @item | ||
195 | gnunet-service-resolver (required by all) | ||
196 | |||
197 | @item | ||
198 | gnunet-service-statistics (required by all) | ||
199 | |||
200 | @item | ||
201 | gnunet-service-peerinfo | ||
202 | |||
203 | @item | ||
204 | gnunet-service-transport (requires peerinfo) | ||
205 | |||
206 | @item | ||
207 | gnunet-service-core (requires transport) | ||
208 | |||
209 | @item | ||
210 | gnunet-daemon-hostlist (requires core) | ||
211 | |||
212 | @item | ||
213 | gnunet-service-dht (requires core) | ||
214 | |||
215 | @item | ||
216 | gnunet-service-mesh (requires dht, core) | ||
217 | |||
218 | @item | ||
219 | gnunet-service-dns (requires dht) | ||
220 | |||
221 | @item | ||
222 | gnunet-service-regex (requires dht) | ||
223 | |||
224 | @item | ||
225 | gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
226 | @end itemize | ||
227 | |||
228 | |||
229 | A minimum GNS system consists of the following GNUnet processes (in order of | ||
230 | dependency): | ||
231 | @itemize @bullet | ||
232 | |||
233 | @item | ||
234 | gnunet-service-arm | ||
235 | |||
236 | @item | ||
237 | gnunet-service-resolver (required by all) | ||
238 | |||
239 | @item | ||
240 | gnunet-service-statistics (required by all) | ||
241 | |||
242 | @item | ||
243 | gnunet-service-peerinfo | ||
244 | |||
245 | @item | ||
246 | gnunet-service-transport (requires peerinfo) | ||
247 | |||
248 | @item | ||
249 | gnunet-service-core (requires transport) | ||
250 | |||
251 | @item | ||
252 | gnunet-daemon-hostlist (requires core) | ||
253 | |||
254 | @item | ||
255 | gnunet-service-dht (requires core) | ||
256 | |||
257 | @item | ||
258 | gnunet-service-mesh (requires dht, core) | ||
259 | |||
260 | @item | ||
261 | gnunet-service-dns (requires dht) | ||
262 | |||
263 | @item | ||
264 | gnunet-service-regex (requires dht) | ||
265 | |||
266 | @item | ||
267 | gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
268 | |||
269 | @item | ||
270 | gnunet-service-identity | ||
271 | |||
272 | @item | ||
273 | gnunet-service-namestore (requires identity) | ||
274 | |||
275 | @item | ||
276 | gnunet-service-gns (requires vpn, dns, dht, namestore, identity) | ||
277 | @end itemize | ||
278 | |||
279 | @node Generic installation instructions | ||
280 | @section Generic installation instructions | ||
281 | |||
282 | First, in addition to the GNUnet sources you must download the latest version | ||
283 | of various dependencies. Most distributions do not include sufficiently recent | ||
284 | versions of these dependencies. Thus, a typically installation on a "modern" | ||
285 | GNU/Linux distribution requires you to install the following | ||
286 | dependencies (ideally in this order): | ||
287 | |||
288 | @itemize @bullet | ||
289 | |||
290 | @item | ||
291 | libgpgerror and libgcrypt | ||
292 | |||
293 | @item | ||
294 | libnettle and libunbound (possibly from distribution), GnuTLS | ||
295 | |||
296 | @item | ||
297 | libgnurl (read the README) | ||
298 | |||
299 | @item | ||
300 | GNU libmicrohttpd | ||
301 | |||
302 | @item | ||
303 | GNU libextractor (make sure to first install the various mandatory and optional | ||
304 | dependencies including development headers from your distribution) | ||
305 | @end itemize | ||
306 | |||
307 | Other dependencies that you should strongly consider to install is a | ||
308 | database (MySQL, sqlite or Postgres). The following instructions will assume | ||
309 | that you installed at least sqlite. For most distributions you should be able | ||
310 | to find pre-build packages for the database. Again, make sure to install the | ||
311 | client libraries and the respective development headers (if they are | ||
312 | packaged separately) as well. | ||
313 | |||
314 | You can find specific, detailed instructions for installing of the dependencies | ||
315 | (and possibly the rest of the GNUnet installation) in the platform-specific | ||
316 | descriptions, which are linked from the bottom of this page. Please consult | ||
317 | them now. If your distribution is not listed, please study the instructions for | ||
318 | Debian stable carefully as you try to install the dependencies for your own | ||
319 | distribution. Contributing additional instructions for further platforms is | ||
320 | always appreciated. | ||
321 | |||
322 | Before proceeding further, please double-check the dependency list. Note that | ||
323 | in addition to satisfying the dependencies, you might have to make sure that | ||
324 | development headers for the various libraries are also installed. There maybe | ||
325 | files for other distributions, or you might be able to find equivalent packages | ||
326 | for your distribution. | ||
327 | |||
328 | While it is possible to build and install GNUnet without having root access, | ||
329 | we will assume that you have full control over your system in these | ||
330 | instructions. First, you should create a system user "gnunet" and an additional | ||
331 | group "gnunetdns". On Debian and Ubuntu GNU/Linux, type:@ | ||
332 | @code{@ | ||
333 | # adduser --system --home /var/lib/gnunet --group --disabled-password gnunet@ | ||
334 | # addgroup --system gnunetdns@ | ||
335 | }@ | ||
336 | On other Unixes, this should have the same effect:@ | ||
337 | @code{@ | ||
338 | # useradd --system --groups gnunet --home-dir /var/lib/gnunet@ | ||
339 | # addgroup --system gnunetdns@ | ||
340 | }@ | ||
341 | Now compile and install GNUnet using:@ | ||
342 | @code{@ | ||
343 | $ tar xvf gnunet-0.10.?.tar.gz@ | ||
344 | $ cd gnunet-0.10.?@ | ||
345 | $ ./configure --with-sudo=sudo --with-nssdir=/lib@ | ||
346 | $ make@ | ||
347 | $ sudo make install@ | ||
348 | }@ | ||
349 | |||
350 | If you want to be able to enable DEBUG-level log messages, add | ||
351 | @code{--enable-logging=verbose} to the end of the ./configure command. | ||
352 | DEBUG-level log messages are in English-only and should only be useful for | ||
353 | developers (or for filing really detailed bug reports). | ||
354 | |||
355 | Finally, you probably want to compile gnunet-gtk, which includes gnunet-setup | ||
356 | (graphical tool for configuration) and gnunet-fs-gtk (graphical tool for | ||
357 | file-sharing):@ | ||
358 | |||
359 | @code{@ | ||
360 | $ tar xvf gnunet-gtk-0.10.?.tar.gz@ | ||
361 | $ cd gnunet-gtk-0.10.?@ | ||
362 | $ ./configure --with-gnunet=/usr/local/@ | ||
363 | $ make@ | ||
364 | $ sudo make install@ | ||
365 | $ cd ..@ | ||
366 | $ sudo ldconfig # just to be safe@ | ||
367 | }@ | ||
368 | Now, edit @code{/etc/gnunet.conf} to contain the following:@ | ||
369 | @code{@ | ||
370 | [arm]@ | ||
371 | SYSTEM_ONLY = YES@ | ||
372 | USER_ONLY = NO@ | ||
373 | }@ | ||
374 | You may need to update your ld.so cache to include files installed in | ||
375 | @file{/usr/local/lib}:@ | ||
376 | |||
377 | @code{@ | ||
378 | # ldconfig@ | ||
379 | }@ | ||
380 | |||
381 | Then, switch from user root to user gnunet to start the peer:@ | ||
382 | |||
383 | @code{@ | ||
384 | # su -s /bin/sh - gnunet@ | ||
385 | $ gnunet-arm -c /etc/gnunet.conf -s@ | ||
386 | }@ | ||
387 | |||
388 | You may also want to add the last line in the gnunet users @file{crontab} | ||
389 | prefixed with @code{@@reboot} so that it is executed whenever the system is | ||
390 | booted:@ | ||
391 | |||
392 | @code{@ | ||
393 | @@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s@ | ||
394 | }@ | ||
395 | |||
396 | This will only start the system-wide GNUnet services. Type exit to get back | ||
397 | your root shell. Now, you need to configure the per-user part. For each | ||
398 | $USER on the system, run:@ | ||
399 | |||
400 | @code{@ | ||
401 | # adduser $USER gnunet@ | ||
402 | }@ | ||
403 | |||
404 | to allow them to access the system-wide GNUnet services. Then, each user should | ||
405 | create a configuration file "~/.config/gnunet.conf" with the lines:@ | ||
406 | |||
407 | @code{@ | ||
408 | [arm]@ | ||
409 | SYSTEM_ONLY = NO@ | ||
410 | USER_ONLY = YES@ | ||
411 | DEFAULTSERVICES = gns@ | ||
412 | }@ | ||
413 | |||
414 | and start the per-user services using@ | ||
415 | |||
416 | @code{@ | ||
417 | $ gnunet-arm -c ~/.config/gnunet.conf -s@ | ||
418 | }@ | ||
419 | |||
420 | Again, adding a @file{crontab} entry to autostart the peer is advised:@ | ||
421 | @code{@ | ||
422 | @@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s@ | ||
423 | }@ | ||
424 | |||
425 | Note that some GNUnet services (such as SOCKS5 proxies) may need a system-wide | ||
426 | TCP port for each user. For those services, systems with more than one user may | ||
427 | require each user to specify a different port number in their personal | ||
428 | configuration file. | ||
429 | |||
430 | Finally, the user should perform the basic initial setup for the GNU Name | ||
431 | System. This is done by running two commands:@ | ||
432 | |||
433 | @example | ||
434 | $ gnunet-gns-import.sh@ | ||
435 | $ gnunet-gns-proxy-setup-ca@ | ||
436 | @end example | ||
437 | |||
438 | The first generates the default zones, wheras the second setups the GNS | ||
439 | Certificate Authority with the user's browser. Now, to actiave GNS in the | ||
440 | normal DNS resolution process, you need to edit your @file{/etc/nsswitch.conf} | ||
441 | where you should find a line like this: | ||
442 | @example | ||
443 | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
444 | @end example | ||
445 | |||
446 | |||
447 | The exact details may differ a bit, which is fine. Add the text | ||
448 | "gns [NOTFOUND=return]" after "files": | ||
449 | @example | ||
450 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
451 | @end example | ||
452 | |||
453 | |||
454 | You might want to make sure that @file{/lib/libnss_gns.so.2} exists on your | ||
455 | system, it should have been created during the installation. | ||
456 | |||
457 | |||
458 | |||
459 | @node Build instructions for Ubuntu 12.04 using Git | ||
460 | @section Build instructions for Ubuntu 12.04 using Git | ||
461 | |||
462 | |||
463 | @menu | ||
464 | * Install the required build tools:: | ||
465 | * Install libgcrypt 1.6 and libgpg-error:: | ||
466 | * Install gnutls with DANE support:: | ||
467 | * Install libgnurl:: | ||
468 | * Install libmicrohttpd from Git:: | ||
469 | * Install libextractor from Git:: | ||
470 | * Install GNUnet dependencies:: | ||
471 | * Build GNUnet:: | ||
472 | * Install the GNUnet-gtk user interface from Git:: | ||
473 | @end menu | ||
474 | |||
475 | @node Install the required build tools | ||
476 | @subsection Install the required build tools | ||
477 | |||
478 | First, make sure Git is installed on your system:@ | ||
479 | |||
480 | $ sudo apt-get install git@ | ||
481 | |||
482 | Install the essential buildtools:@ | ||
483 | |||
484 | $ sudo apt-get install automake autopoint autoconf libtool | ||
485 | |||
486 | @node Install libgcrypt 1.6 and libgpg-error | ||
487 | @subsection Install libgcrypt 1.6 and libgpg-error | ||
488 | |||
489 | $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2@ | ||
490 | $ tar xf libgpg-error-1.12.tar.bz2@ | ||
491 | $ cd libgpg-error-1.12@ | ||
492 | $ ./configure@ | ||
493 | $ sudo make install@ | ||
494 | $ cd ..@ | ||
495 | |||
496 | @node Install gnutls with DANE support | ||
497 | @subsection Install gnutls with DANE support | ||
498 | |||
499 | $ wget http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz@ | ||
500 | $ tar xf nettle-2.7.1.tar.gz@ | ||
501 | $ cd nettle-2.7.1@ | ||
502 | $ ./configure@ | ||
503 | $ sudo make install@ | ||
504 | $ cd .. | ||
505 | |||
506 | $ wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz@ | ||
507 | $ tar xf ldns-1.6.16.tar.gz@ | ||
508 | $ cd ldns-1.6.16@ | ||
509 | $ ./configure@ | ||
510 | $ sudo make install@ | ||
511 | $ cd .. | ||
512 | |||
513 | $ wget https://unbound.net/downloads/unbound-1.4.21.tar.gz@ | ||
514 | $ tar xf unbound-1.4.21.tar.gz@ | ||
515 | $ cd unbound-1.4.21@ | ||
516 | $ ./configure@ | ||
517 | $ sudo make install@ | ||
518 | $ cd .. | ||
519 | |||
520 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.17.tar.xz@ | ||
521 | $ tar xf gnutls-3.1.17.tar.xz@ | ||
522 | $ cd gnutls-3.1.17@ | ||
523 | $ ./configure@ | ||
524 | $ sudo make install@ | ||
525 | $ cd .. | ||
526 | |||
527 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2@ | ||
528 | $ tar xf libgcrypt-1.6.0.tar.bz2@ | ||
529 | $ cd libgcrypt-1.6.0@ | ||
530 | $ ./configure@ | ||
531 | $ sudo make install@ | ||
532 | $ cd ..@ | ||
533 | |||
534 | @node Install libgnurl | ||
535 | @subsection Install libgnurl | ||
536 | |||
537 | $ wget https://gnunet.org/sites/default/files/gnurl-7.34.0.tar.bz2@ | ||
538 | $ tar xf gnurl-7.34.0.tar.bz2@ | ||
539 | $ cd gnurl-7.34.0@ | ||
540 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
541 | --without-libmetalink --without-winidn --without-librtmp \ | ||
542 | --without-nghttp2 --without-nss --without-cyassl \ | ||
543 | --without-polarssl --without-ssl --without-winssl \ | ||
544 | --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
545 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet \ | ||
546 | --disable-tftp --disable-pop3 --disable-imap --disable-smtp \ | ||
547 | --disable-gopher --disable-file --disable-ftp@ | ||
548 | $ sudo make install@ | ||
549 | $ cd ..@ | ||
550 | |||
551 | @node Install libmicrohttpd from Git | ||
552 | @subsection Install libmicrohttpd from Git | ||
553 | |||
554 | $ git clone https://gnunet.org/git/libmicrohttpd@ | ||
555 | $ cd libmicrohttpd/@ | ||
556 | $ ./bootstrap@ | ||
557 | $ ./configure@ | ||
558 | $ sudo make install@ | ||
559 | $ cd ..@ | ||
560 | |||
561 | @node Install libextractor from Git | ||
562 | @subsection Install libextractor from Git | ||
563 | |||
564 | Install libextractor dependencies:@ | ||
565 | |||
566 | $ sudo apt-get install zlib1g-dev libgsf-1-dev libmpeg2-4-dev libpoppler-dev \ | ||
567 | libvorbis-dev libexiv2-dev libjpeg-dev libtiff-dev libgif-dev libvorbis-dev \ | ||
568 | libflac-dev libsmf-dev g++@ | ||
569 | |||
570 | Build libextractor:@ | ||
571 | |||
572 | $ git clone https://gnunet.org/git/libextractor@ | ||
573 | $ cd libextractor@ | ||
574 | $ ./bootstrap@ | ||
575 | $ ./configure@ | ||
576 | $ sudo make install@ | ||
577 | $ cd ..@ | ||
578 | |||
579 | @node Install GNUnet dependencies | ||
580 | @subsection Install GNUnet dependencies | ||
581 | |||
582 | $ sudo apt-get install libidn11-dev libunistring-dev libglpk-dev \ | ||
583 | libpulse-dev libbluetooth-dev libsqlite-dev@ | ||
584 | |||
585 | Install libopus@ | ||
586 | |||
587 | $ wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz@ | ||
588 | $ tar xf opus-1.1.tar.gz@ | ||
589 | $ cd opus-1.1/@ | ||
590 | $ ./configure@ | ||
591 | $ sudo make install@ | ||
592 | |||
593 | Choose one or more database backends@ | ||
594 | @itemize @bullet | ||
595 | |||
596 | @item | ||
597 | SQLite3 @code{$ sudo apt-get install libsqlite3-dev} | ||
598 | |||
599 | @item | ||
600 | MySQL @code{$ sudo apt-get install libmysqlclient-dev} | ||
601 | |||
602 | @item | ||
603 | PostgreSQL @code{$ sudo apt-get install libpq-dev postgresql} | ||
604 | |||
605 | @end itemize | ||
606 | |||
607 | |||
608 | |||
609 | @node Build GNUnet | ||
610 | @subsection Build GNUnet | ||
611 | |||
612 | |||
613 | |||
614 | @menu | ||
615 | * Configuring the installation path:: | ||
616 | * Configuring the system:: | ||
617 | * Installing components requiring sudo permission:: | ||
618 | * Build:: | ||
619 | @end menu | ||
620 | |||
621 | @node Configuring the installation path | ||
622 | @subsubsection Configuring the installation path | ||
623 | |||
624 | You can specify the location of the GNUnet installation by setting the prefix | ||
625 | when calling the configure script:@code{ --prefix=DIRECTORY} | ||
626 | |||
627 | @code{@ | ||
628 | $ export PATH=$PATH:DIRECTORY/bin@ | ||
629 | } | ||
630 | |||
631 | @node Configuring the system | ||
632 | @subsubsection Configuring the system | ||
633 | |||
634 | Please make sure NOW that you have created a user and group 'gnunet'@ | ||
635 | and additionally a group 'gnunetdns':@ | ||
636 | @code{@ | ||
637 | $ sudo addgroup gnunet@ | ||
638 | $ sudo addgroup gnunetdns@ | ||
639 | $ sudo adduser gnunet@ | ||
640 | } | ||
641 | |||
642 | Each GNUnet user should be added to the 'gnunet' group (may@ | ||
643 | require fresh login to come into effect): | ||
644 | @code{@ | ||
645 | $ sudo useradd -G gnunet@ | ||
646 | } | ||
647 | |||
648 | @node Installing components requiring sudo permission | ||
649 | @subsubsection Installing components requiring sudo permission | ||
650 | |||
651 | Some components, like the nss plugin required for GNS, may require root | ||
652 | permissions. To allow these few components to be installed use:@ | ||
653 | @code{@ | ||
654 | $ ./configure --with-sudo} | ||
655 | |||
656 | @node Build | ||
657 | @subsubsection Build | ||
658 | |||
659 | |||
660 | @code{@ | ||
661 | $ git clone https://gnunet.org/git/gnunet/@ | ||
662 | $ cd gnunet/@ | ||
663 | $ ./bootstrap@ | ||
664 | } | ||
665 | Use the required configure call including the optional installation prefix | ||
666 | PREFIX or the sudo permissions@ | ||
667 | @code{$ ./configure [ --with-sudo | --with-prefix=PREFIX ]}@ | ||
668 | @code{$ make; sudo make install} | ||
669 | |||
670 | After installing it, you need to create an empty configuration file:@ | ||
671 | @code{mkdir ~/.gnunet; touch ~/.gnunet/gnunet.conf} | ||
672 | |||
673 | And finally you can start GNUnet with@ | ||
674 | @code{$ gnunet-arm -s} | ||
675 | |||
676 | @node Install the GNUnet-gtk user interface from Git | ||
677 | @subsection Install the GNUnet-gtk user interface from Git | ||
678 | |||
679 | |||
680 | Install depencies:@ | ||
681 | @code{$ sudo apt-get install libgtk-3-dev libunique-3.0-dev libgladeui-dev libqrencode-dev} | ||
682 | |||
683 | To build GNUnet (with an optional prefix)and execute:@ | ||
684 | @code{@ | ||
685 | $ git clone https://gnunet.org/git/gnunet-gtk/@ | ||
686 | $ cd gnunet-gtk/@ | ||
687 | $ ./bootstrap@ | ||
688 | $ ./configure [--prefix=PREFIX] --with-gnunet=DIRECTORY@ | ||
689 | $ make; sudo make install@ | ||
690 | } | ||
691 | |||
692 | @node Build Instructions for Microsoft Windows Platforms | ||
693 | @section Build Instructions for Microsoft Windows Platforms | ||
694 | |||
695 | |||
696 | |||
697 | @menu | ||
698 | * Introduction to building on MS Windows:: | ||
699 | * Requirements:: | ||
700 | * Dependencies & Initial Setup:: | ||
701 | * GNUnet Installation:: | ||
702 | * Adjusting Windows for running and testing GNUnet:: | ||
703 | * Building the GNUnet Installer:: | ||
704 | * Using GNUnet with Netbeans on Windows:: | ||
705 | @end menu | ||
706 | |||
707 | @node Introduction to building on MS Windows | ||
708 | @subsection Introduction to building on MS Windows | ||
709 | |||
710 | |||
711 | This document is a guide to building GNUnet and its dependencies on Windows | ||
712 | platforms. GNUnet development is mostly done under Linux and especially SVN | ||
713 | checkouts may not build out of the box. We regret any inconvenience, and if you | ||
714 | have problems, please report them. | ||
715 | |||
716 | @node Requirements | ||
717 | @subsection Requirements | ||
718 | |||
719 | The Howto is based upon a @strong{Windows Server 2008 32bit@strong{ | ||
720 | Installation, @strong{sbuild} and thus a @uref{http://www.mingw.org/wiki/MSYS, | ||
721 | MSYS+MinGW} (W32-GCC-Compiler-Suite + Unix-like Userland) installation. sbuild | ||
722 | is a convenient set of scripts which creates a working msys/mingw installation | ||
723 | and installs most dependencies required for GNUnet. }} | ||
724 | |||
725 | As of the point of the creation of this Howto, GNUnet @strong{requires} a | ||
726 | Windows @strong{Server} 2003 or newer for full feature support. Windows Vista | ||
727 | and later will also work, but | ||
728 | @strong{non-server version can not run a VPN-Exit-Node} as the NAT features | ||
729 | have been removed as of Windows Vista. | ||
730 | |||
731 | @node Dependencies & Initial Setup | ||
732 | @subsection Dependencies & Initial Setup | ||
733 | |||
734 | |||
735 | @itemize @bullet | ||
736 | |||
737 | @item | ||
738 | Install a fresh version of @strong{Python 2.x}, even if you are using a x64-OS, | ||
739 | install a 32-bit version for use with sbuild. Python 3.0 currently is | ||
740 | incompatible. | ||
741 | |||
742 | @item | ||
743 | Install your favorite @uref{http://code.google.com/p/tortoisegit/, GIT} & | ||
744 | @uref{http://tortoisesvn.net/, SVN}-clients. | ||
745 | |||
746 | @item | ||
747 | You will also need some archive-manager like @uref{http://www.7-zip.org/, 7zip}. | ||
748 | |||
749 | @item | ||
750 | Pull a copy of sbuild to a directory of your choice, which will be used in the | ||
751 | remainder of this guide. For now, we will use @file{c:\gnunet\sbuild\} | ||
752 | |||
753 | @item | ||
754 | in @file{sbuild\src\mingw\mingw32-buildall.sh}, comment out the packages | ||
755 | @strong{gnunet-svn} and @strong{gnunet-gtk-svn}, as we don't want sbuild to | ||
756 | compile/install those for us. | ||
757 | |||
758 | @item | ||
759 | Follow LRN's sbuild installation instructions.- | ||
760 | @end itemize | ||
761 | |||
762 | Please note that sbuild may (or will most likely) fail during installation, | ||
763 | thus you really HAVE to @strong{check the logfiles} created during the | ||
764 | installation process. Certain packages may fail to build initially due to | ||
765 | missing dependencies, thus you may have to | ||
766 | @strong{substitute those with binary-versions initially}. Later on once | ||
767 | dependencies are satisfied you can re-build the newer package versions. | ||
768 | |||
769 | @strong{It is normal that you may have to repeat this step multiple times and | ||
770 | there is no uniform way to fix all compile-time issues, as the build-process | ||
771 | of many of the dependencies installed are rather unstable on win32 and certain | ||
772 | releases may not even compile at all.} | ||
773 | |||
774 | Most dependencies for GNUnet have been set up by sbuild, thus we now should add | ||
775 | the @file{bin/} directories in your new msys and mingw installations to PATH. | ||
776 | You will want to create a backup of your finished msys-environment by now. | ||
777 | |||
778 | @node GNUnet Installation | ||
779 | @subsection GNUnet Installation | ||
780 | |||
781 | First, we need to launch our msys-shell, you can do this via | ||
782 | |||
783 | @file{C:\gnunet\sbuild\msys\msys.bat} | ||
784 | |||
785 | You might wish to take a look at this file and adjust some login-parameters to | ||
786 | your msys environment. | ||
787 | |||
788 | Also, sbuild added two pointpoints to your msys-environment, though those | ||
789 | might remain invisible: | ||
790 | |||
791 | @itemize @bullet | ||
792 | |||
793 | @item | ||
794 | /mingw, which will mount your mingw-directory from sbuild/mingw and the other one is | ||
795 | |||
796 | @item | ||
797 | /src which contains all the installation sources sbuild just compiled. | ||
798 | @end itemize | ||
799 | |||
800 | Check out the current gnunet-sources (svn-head) from the gnunet-repository, | ||
801 | we will do this in your home directory: | ||
802 | |||
803 | @code{svn checkout https://gnunet.org/svn/gnunet/ ~/gnunet} | ||
804 | |||
805 | Now, we will first need to bootstrap the checked out installation and then | ||
806 | configure it accordingly. | ||
807 | |||
808 | @example | ||
809 | cd ~/gnunet@ | ||
810 | ./bootstrap@ | ||
811 | STRIP=true CPPFLAGS="-DUSE_IPV6=1 -DW32_VEH" CFLAGS="$CFLAGS -g -O2" ./configure --prefix=/ --docdir=/share/doc/gnunet --with-libiconv-prefix=/mingw --with-libintl-prefix=/mingw --with-libcurl=/mingw --with-extractor=/mingw --with-sqlite=/mingw --with-microhttpd=/mingw --with-plibc=/mingw --enable-benchmarks --enable-expensivetests --enable-experimental --with-qrencode=/mingw --enable-silent-rules --enable-experimental 2>&1 | tee -a ./configure.log | ||
812 | @end example | ||
813 | |||
814 | The parameters above will configure for a reasonable gnunet installation to the | ||
815 | your msys-root directory. Depending on which features your would like to build | ||
816 | or you may need to specify additional dependencies. Sbuild installed most libs | ||
817 | into the /mingw subdirectory, so remember to prefix library locations with | ||
818 | this path. | ||
819 | |||
820 | Like on a unixoid system, you might want to use your home directory as prefix | ||
821 | for your own gnunet installation for development, without tainting the | ||
822 | buildenvironment. Just change the "prefix" parameter to point towards | ||
823 | ~/ in this case. | ||
824 | |||
825 | Now it's time to compile gnunet as usual. Though this will take some time, so | ||
826 | you may fetch yourself a coffee or some Mate now... | ||
827 | |||
828 | @example | ||
829 | make@ | ||
830 | make install | ||
831 | @end example | ||
832 | |||
833 | @node Adjusting Windows for running and testing GNUnet | ||
834 | @subsection Adjusting Windows for running and testing GNUnet | ||
835 | |||
836 | Assuming the build succeeded and you | ||
837 | @strong{added the bin directory of your gnunet to PATH}, you can now use your | ||
838 | gnunet-installation as usual. Remember that UAC or the windows firewall may | ||
839 | popup initially, blocking further execution of gnunet until you acknowledge | ||
840 | them (duh!). | ||
841 | |||
842 | You will also have to take the usual steps to get p2p software running properly | ||
843 | (port forwarding, ...), and gnunet will require administrative permissions as | ||
844 | it may even install a device-driver (in case you are using gnunet-vpn and/or | ||
845 | gnunet-exit). | ||
846 | |||
847 | @node Building the GNUnet Installer | ||
848 | @subsection Building the GNUnet Installer | ||
849 | |||
850 | The GNUnet installer is made with @uref{http://nsis.sourceforge.net/, NSIS}@ | ||
851 | The installer script is located in @file{contrib\win} in the GNUnet source tree. | ||
852 | |||
853 | @node Using GNUnet with Netbeans on Windows | ||
854 | @subsection Using GNUnet with Netbeans on Windows | ||
855 | |||
856 | TODO | ||
857 | |||
858 | @node Build instructions for Debian 7.5 | ||
859 | @section Build instructions for Debian 7.5 | ||
860 | |||
861 | |||
862 | These are the installation instructions for Debian 7.5. They were tested using | ||
863 | a minimal, fresh Debian 7.5 AMD64 installation without non-free software | ||
864 | (no contrib or non-free). By "minimal", we mean that during installation, we | ||
865 | did not select any desktop environment, servers or system utilities during the | ||
866 | "tasksel" step. Note that the packages and the dependencies that we will | ||
867 | install during this chapter take about 1.5 GB of disk space. Combined with | ||
868 | GNUnet and space for objects during compilation, you should not even attempt | ||
869 | this unless you have about 2.5 GB free after the minimal Debian installation. | ||
870 | Using these instructions to build a VM image is likely to require a minimum of | ||
871 | 4-5 GB for the VM (as you will likely also want a desktop manager). | ||
872 | |||
873 | GNUnet's security model assumes that your @file{/home} directory is encrypted. | ||
874 | Thus, if possible, you should encrypt your home partition | ||
875 | (or per-user home directory). | ||
876 | |||
877 | Naturally, the exact details of the starting state for your installation | ||
878 | should not matter much. For example, if you selected any of those installation | ||
879 | groups you might simply already have some of the necessary packages installed. | ||
880 | We did this for testing, as this way we are less likely to forget to mention a | ||
881 | required package. Note that we will not install a desktop environment, but of | ||
882 | course you will need to install one to use GNUnet's graphical user interfaces. | ||
883 | Thus, it is suggested that you simply install the desktop environment of your | ||
884 | choice before beginning with the instructions. | ||
885 | |||
886 | |||
887 | |||
888 | @menu | ||
889 | * Update:: | ||
890 | * Stable? Hah!:: | ||
891 | * Update again:: | ||
892 | * Installing packages:: | ||
893 | * Installing dependencies from source:: | ||
894 | * Installing GNUnet from source:: | ||
895 | * But wait there is more!:: | ||
896 | @end menu | ||
897 | |||
898 | @node Update | ||
899 | @subsection Update | ||
900 | |||
901 | After any installation, you should begin by running | ||
902 | |||
903 | @example | ||
904 | # apt-get update@ | ||
905 | # apt-get upgrade@ | ||
906 | @end example | ||
907 | |||
908 | to ensure that all of your packages are up-to-date. Note that the "#" is used | ||
909 | to indicate that you need to type in this command as "root" | ||
910 | (or prefix with "sudo"), whereas "$" is used to indicate typing in a command | ||
911 | as a normal user. | ||
912 | |||
913 | @node Stable? Hah! | ||
914 | @subsection Stable? Hah! | ||
915 | |||
916 | Yes, we said we start with a Debian 7.5 "stable" system. However, to reduce the | ||
917 | amount of compilation by hand, we will begin by allowing the installation of | ||
918 | packages from the testing and unstable distributions as well. We will stick to | ||
919 | "stable" packages where possible, but some packages will be taken from the | ||
920 | other distributions. Start by modifying @file{/etc/apt/sources.list} to contain | ||
921 | the following (possibly adjusted to point to your mirror of choice): | ||
922 | @example | ||
923 | # These were there before: | ||
924 | deb http://ftp.de.debian.org/debian/ wheezy main | ||
925 | deb-src http://ftp.de.debian.org/debian/ wheezy main | ||
926 | deb http://security.debian.org/ wheezy/updates main | ||
927 | deb-src http://security.debian.org/ wheezy/updates main | ||
928 | deb http://ftp.de.debian.org/debian/ wheezy-updates main | ||
929 | deb-src http://ftp.de.debian.org/debian/ wheezy-updates main | ||
930 | |||
931 | # Add these lines (feel free to adjust the mirror): | ||
932 | deb http://ftp.de.debian.org/debian/ testing main | ||
933 | deb http://ftp.de.debian.org/debian/ unstable main | ||
934 | @end example | ||
935 | |||
936 | The next step is to create/edit your @file{/etc/apt/preferences} file to look | ||
937 | like this: | ||
938 | |||
939 | @example | ||
940 | Package: * | ||
941 | Pin: release a=stable,n=wheezy | ||
942 | Pin-Priority: 700 | ||
943 | |||
944 | Package: * | ||
945 | Pin: release o=Debian,a=testing | ||
946 | Pin-Priority: 650 | ||
947 | |||
948 | Package: * | ||
949 | Pin: release o=Debian,a=unstable | ||
950 | Pin-Priority: 600 | ||
951 | @end example | ||
952 | |||
953 | You can read more about Apt Preferences here and here. Note that other pinnings | ||
954 | are likely to also work for GNUnet, the key thing is that you need some | ||
955 | packages from unstable (as shown below). However, as unstable is unlikely to | ||
956 | be comprehensive (missing packages) or might be problematic (crashing packages), | ||
957 | you probably want others from stable and/or testing. | ||
958 | |||
959 | @node Update again | ||
960 | @subsection Update again | ||
961 | |||
962 | Now, run again@ | ||
963 | |||
964 | @example | ||
965 | # apt-get update@ | ||
966 | # apt-get upgrade@ | ||
967 | @end example | ||
968 | |||
969 | to ensure that all your new distribution indices are downloaded, and that your | ||
970 | pinning is correct: the upgrade step should cause no changes at all. | ||
971 | |||
972 | @node Installing packages | ||
973 | @subsection Installing packages | ||
974 | |||
975 | We begin by installing a few Debian packages from stable:@ | ||
976 | |||
977 | @example | ||
978 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
979 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev \ | ||
980 | texlive libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev \ | ||
981 | libbz2-dev libexiv2-dev libflac-dev libgif-dev libglib2.0-dev \ | ||
982 | libgtk-3-dev libmagic-dev libjpeg8-dev libmpeg2-4-dev libmp4v2-dev \ | ||
983 | librpm-dev libsmf-dev libtidy-dev libtiff5-dev libvorbis-dev \ | ||
984 | libogg-dev zlib1g-dev g++ gettext libgsf-1-dev libunbound-dev \ | ||
985 | libqrencode-dev libgladeui-dev nasm texlive-latex-extra \ | ||
986 | libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev | ||
987 | @end example | ||
988 | |||
989 | After that, we install a few more packages from unstable:@ | ||
990 | |||
991 | @example | ||
992 | # apt-get install -t unstable nettle-dev libgstreamer1.0-dev \ | ||
993 | gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
994 | libgstreamer-plugins-base1.0-dev | ||
995 | @end example | ||
996 | |||
997 | @node Installing dependencies from source | ||
998 | @subsection Installing dependencies from source | ||
999 | |||
1000 | Next, we need to install a few dependencies from source. You might want to do | ||
1001 | this as a "normal" user and only run the @code{make install} steps as root | ||
1002 | (hence the @code{sudo} in the commands below). Also, you do this from any | ||
1003 | directory. We begin by downloading all dependencies, then extracting the | ||
1004 | sources, and finally compiling and installing the libraries:@ | ||
1005 | |||
1006 | @example | ||
1007 | $ wget https://libav.org/releases/libav-9.10.tar.xz@ | ||
1008 | $ wget http://ftp.gnu.org/gnu/libextractor/libextractor-1.3.tar.gz@ | ||
1009 | $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2@ | ||
1010 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2@ | ||
1011 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz@ | ||
1012 | $ wget http://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.33.tar.gz@ | ||
1013 | $ wget https://gnunet.org/sites/default/files/gnurl-7.34.0.tar.bz2@ | ||
1014 | $ tar xvf libextractor-1.3.tar.gz@ | ||
1015 | $ tar xvf libgpg-error-1.12.tar.bz2@ | ||
1016 | $ tar xvf libgcrypt-1.6.0.tar.bz2@ | ||
1017 | $ tar xvf gnutls-3.2.7.tar.xz@ | ||
1018 | $ tar xvf libmicrohttpd-0.9.33.tar.gz@ | ||
1019 | $ tar xvf gnurl-7.34.0.tar.bz2@ | ||
1020 | $ cd libav-0.9 ; ./configure --enable-shared; make; sudo make install ; cd ..@ | ||
1021 | $ cd libextractor-1.3 ; ./configure; make ; sudo make install; cd ..@ | ||
1022 | $ cd libgpg-error-1.12; ./configure ; make ; sudo make install ; cd ..@ | ||
1023 | $ cd libgcrypt-1.6.0; ./configure --with-gpg-error-prefix=/usr/local; make ; sudo make install ; cd ..@ | ||
1024 | $ cd gnutls-3.2.7 ; ./configure ; make ; sudo make install ; cd ..@ | ||
1025 | $ cd libmicrohttpd-0.9.33; ./configure ; make ; sudo make install ; cd ..@ | ||
1026 | $ cd gnurl-7.34.0@ | ||
1027 | $ ./configure --enable-ipv6 --with-gnutls=/usr/local --without-libssh2 \ | ||
1028 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1029 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1030 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1031 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1032 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1033 | --disable-ftp@ | ||
1034 | $ make ; sudo make install; cd ..@ | ||
1035 | @end example | ||
1036 | |||
1037 | @node Installing GNUnet from source | ||
1038 | @subsection Installing GNUnet from source | ||
1039 | |||
1040 | |||
1041 | For this, simply follow the generic installation instructions from | ||
1042 | here. | ||
1043 | |||
1044 | @node But wait there is more! | ||
1045 | @subsection But wait there is more! | ||
1046 | |||
1047 | So far, we installed all of the packages and dependencies required to ensure | ||
1048 | that all of GNUnet would be built. However, while for example the plugins to | ||
1049 | interact with the MySQL or Postgres databases have been created, we did not | ||
1050 | actually install or configure those databases. Thus, you will need to install | ||
1051 | and configure those databases or stick with the default Sqlite database. | ||
1052 | Sqlite is usually fine for most applications, but MySQL can offer better | ||
1053 | performance and Postgres better resillience. | ||
1054 | |||
1055 | |||
1056 | @node Installing GNUnet from Git on Ubuntu 14.4 | ||
1057 | @section Installing GNUnet from Git on Ubuntu 14.4 | ||
1058 | |||
1059 | @strong{Install the required build tools:} | ||
1060 | @code{@ | ||
1061 | $ sudo apt-get install git automake autopoint autoconf@ | ||
1062 | } | ||
1063 | |||
1064 | @strong{Install the required dependencies} | ||
1065 | @example | ||
1066 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1067 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1068 | libmicrohttpd-dev libgnutls28-dev | ||
1069 | @end example | ||
1070 | |||
1071 | @strong{Choose one or more database backends}@ | ||
1072 | SQLite3@ | ||
1073 | @code{@ | ||
1074 | $ sudo apt-get install libsqlite3-dev@ | ||
1075 | }@ | ||
1076 | MySQL@ | ||
1077 | @code{@ | ||
1078 | $ sudo apt-get install libmysqlclient-dev@ | ||
1079 | }@ | ||
1080 | PostgreSQL@ | ||
1081 | @code{@ | ||
1082 | $ sudo apt-get install libpq-dev postgresql@ | ||
1083 | } | ||
1084 | |||
1085 | @strong{Install the optional dependencies for gnunet-conversation:}@ | ||
1086 | @code{@ | ||
1087 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev@ | ||
1088 | } | ||
1089 | |||
1090 | @strong{Install the libgrypt 1.6.1:}@ | ||
1091 | For Ubuntu 14.04:@ | ||
1092 | @code{$ sudo apt-get install libgcrypt20-dev}@ | ||
1093 | For Ubuntu older 14.04:@ | ||
1094 | @code{$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2@ | ||
1095 | $ tar xf libgcrypt-1.6.1.tar.bz2@ | ||
1096 | $ cd libgcrypt-1.6.1@ | ||
1097 | $ ./configure@ | ||
1098 | $ sudo make install@ | ||
1099 | $ cd ..}@ | ||
1100 | @strong{Install libgnurl}@ | ||
1101 | @example | ||
1102 | $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2@ | ||
1103 | $ tar xf gnurl-7.35.0.tar.bz2@ | ||
1104 | $ cd gnurl-7.35.0@ | ||
1105 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
1106 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1107 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1108 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1109 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1110 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1111 | --disable-ftp | ||
1112 | $ sudo make install@ | ||
1113 | $ cd ..@ | ||
1114 | @end example | ||
1115 | |||
1116 | @strong{Install GNUnet}@ | ||
1117 | @code{@ | ||
1118 | $ git clone https://gnunet.org/git/gnunet/@ | ||
1119 | $ cd gnunet/@ | ||
1120 | $ ./bootstrap@ | ||
1121 | } | ||
1122 | |||
1123 | If you want to: | ||
1124 | @itemize @bullet | ||
1125 | |||
1126 | |||
1127 | @item | ||
1128 | Install to a different directory:@ | ||
1129 | --prefix=PREFIX | ||
1130 | |||
1131 | @item | ||
1132 | Have sudo permission, but do not want to compile as root:@ | ||
1133 | --with-sudo | ||
1134 | |||
1135 | @item | ||
1136 | Want debug message enabled:@ | ||
1137 | -- enable-logging=verbose | ||
1138 | @end itemize | ||
1139 | |||
1140 | |||
1141 | @code{@ | ||
1142 | $ ./configure [ --with-sudo | --prefix=PREFIX | --- enable-logging=verbose]@ | ||
1143 | $ make; sudo make install@ | ||
1144 | } | ||
1145 | |||
1146 | After installing it, you need to create an empty configuration file:@ | ||
1147 | @code{touch ~/.config/gnunet.conf} | ||
1148 | |||
1149 | And finally you can start GNUnet with@ | ||
1150 | @code{$ gnunet-arm -s} | ||
1151 | |||
1152 | @node Build instructions for Debian 8 | ||
1153 | @section Build instructions for Debian 8 | ||
1154 | |||
1155 | These are the installation instructions for Debian 8. They were tested using a | ||
1156 | fresh Debian 8 AMD64 installation without non-free software (no contrib or | ||
1157 | non-free). During installation, I only selected "lxde" for the desktop | ||
1158 | environment. Note that the packages and the dependencies that we will install | ||
1159 | during this chapter take about 1.5 GB of disk space. Combined with GNUnet and | ||
1160 | space for objects during compilation, you should not even attempt this unless | ||
1161 | you have about 2.5 GB free after the Debian installation. Using these | ||
1162 | instructions to build a VM image is likely to require a minimum of 4-5 GB for | ||
1163 | the VM (as you will likely also want a desktop manager). | ||
1164 | |||
1165 | GNUnet's security model assumes that your @code{/home} directory is encrypted. | ||
1166 | Thus, if possible, you should encrypt your entire disk, or at least just your | ||
1167 | home partition (or per-user home directory). | ||
1168 | |||
1169 | Naturally, the exact details of the starting state for your installation should | ||
1170 | not matter much. For example, if you selected any of those installation groups | ||
1171 | you might simply already have some of the necessary packages installed. Thus, | ||
1172 | it is suggested that you simply install the desktop environment of your choice | ||
1173 | before beginning with the instructions. | ||
1174 | |||
1175 | |||
1176 | @menu | ||
1177 | * Update Debian:: | ||
1178 | * Installing Debian Packages:: | ||
1179 | * Installing Dependencies from Source2:: | ||
1180 | * Installing GNUnet from Source2:: | ||
1181 | * But wait (again) there is more!:: | ||
1182 | @end menu | ||
1183 | |||
1184 | @node Update Debian | ||
1185 | @subsection Update Debian | ||
1186 | |||
1187 | After any installation, you should begin by running@ | ||
1188 | @code{@ | ||
1189 | # apt-get update@ | ||
1190 | # apt-get upgrade@ | ||
1191 | }@ | ||
1192 | to ensure that all of your packages are up-to-date. Note that the "#" is used | ||
1193 | to indicate that you need to type in this command as "root" (or prefix with | ||
1194 | "sudo"), whereas "$" is used to indicate typing in a command as a normal | ||
1195 | user. | ||
1196 | |||
1197 | @node Installing Debian Packages | ||
1198 | @subsection Installing Debian Packages | ||
1199 | |||
1200 | We begin by installing a few Debian packages from stable:@ | ||
1201 | @example | ||
1202 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
1203 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev texlive \ | ||
1204 | libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev libbz2-dev \ | ||
1205 | libflac-dev libgif-dev libglib2.0-dev libgtk-3-dev libmpeg2-4-dev \ | ||
1206 | libtidy-dev libvorbis-dev libogg-dev zlib1g-dev g++ gettext libgsf-1-dev \ | ||
1207 | libunbound-dev libqrencode-dev libgladeui-dev nasm texlive-latex-extra \ | ||
1208 | libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev \ | ||
1209 | gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
1210 | libgstreamer-plugins-base1.0-dev nettle-dev libextractor-dev libgcrypt20-dev \ | ||
1211 | libmicrohttpd-dev | ||
1212 | @end example | ||
1213 | |||
1214 | @node Installing Dependencies from Source2 | ||
1215 | @subsection Installing Dependencies from Source2 | ||
1216 | |||
1217 | Yes, we said we start with a Debian 8 "stable" system, but because Debian | ||
1218 | linked GnuTLS without support for DANE, we need to compile a few things, in | ||
1219 | addition to GNUnet, still by hand. Yes, you can run GNUnet using the respective | ||
1220 | Debian packages, but then you will not get DANE support. | ||
1221 | |||
1222 | Next, we need to install a few dependencies from source. You might want to do | ||
1223 | this as a "normal" user and only run the @code{make install} steps as root | ||
1224 | (hence the @code{sudo} in the commands below). Also, you do this from any | ||
1225 | directory. We begin by downloading all dependencies, then extracting the | ||
1226 | sources, and finally compiling and installing the libraries:@ | ||
1227 | |||
1228 | @code{@ | ||
1229 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.12.tar.xz@ | ||
1230 | $ wget https://gnunet.org/sites/default/files/gnurl-7.40.0.tar.bz2@ | ||
1231 | $ tar xvf gnutls-3.3.12.tar.xz@ | ||
1232 | $ tar xvf gnurl-7.40.0.tar.bz2@ | ||
1233 | $ cd gnutls-3.3.12 ; ./configure ; make ; sudo make install ; cd ..@ | ||
1234 | $ cd gnurl-7.40.0@ | ||
1235 | $ ./configure --enable-ipv6 --with-gnutls=/usr/local --without-libssh2 \ | ||
1236 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1237 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1238 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1239 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1240 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1241 | --disable-ftp --disable-smb | ||
1242 | $ make ; sudo make install; cd ..@ | ||
1243 | } | ||
1244 | |||
1245 | @node Installing GNUnet from Source2 | ||
1246 | @subsection Installing GNUnet from Source2 | ||
1247 | |||
1248 | For this, simply follow the generic installation instructions from@ | ||
1249 | here. | ||
1250 | |||
1251 | @node But wait (again) there is more! | ||
1252 | @subsection But wait (again) there is more! | ||
1253 | |||
1254 | So far, we installed all of the packages and dependencies required to ensure | ||
1255 | that all of GNUnet would be built. However, while for example the plugins to | ||
1256 | interact with the MySQL or Postgres databases have been created, we did not | ||
1257 | actually install or configure those databases. Thus, you will need to install | ||
1258 | and configure those databases or stick with the default Sqlite database. Sqlite | ||
1259 | is usually fine for most applications, but MySQL can offer better performance | ||
1260 | and Postgres better resillience. | ||
1261 | |||
1262 | @node Outdated build instructions for previous revisions | ||
1263 | @section Outdated build instructions for previous revisions | ||
1264 | |||
1265 | This chapter contains a collection of outdated, older installation guides. They | ||
1266 | are mostly intended to serve as a starting point for writing up-to-date | ||
1267 | instructions and should not be expected to work for GNUnet 0.10.x. | ||
1268 | |||
1269 | |||
1270 | @menu | ||
1271 | * Installing GNUnet 0.10.1 on Ubuntu 14.04:: | ||
1272 | * Build instructions for FreeBSD 8:: | ||
1273 | * Basic installation for Mac OS X:: | ||
1274 | * Basic Installation for Fedora/PlanetLab nodes running Fedora 12:: | ||
1275 | * Basic Installation for Fedora/PlanetLab nodes running Fedora 8 .:: | ||
1276 | * Build instructions for Gentoo:: | ||
1277 | * Building GLPK for MinGW:: | ||
1278 | * Compiling libgnurl for GNUnet cannot find data type for curl_off_t.:: | ||
1279 | * GUI build instructions for Ubuntu 12.04 using Subversion:: | ||
1280 | * Installation with gnunet-update:: | ||
1281 | * Instructions for Microsoft Windows Platforms (Old):: | ||
1282 | @end menu | ||
1283 | |||
1284 | |||
1285 | @node Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1286 | @subsection Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1287 | |||
1288 | Install the required dependencies@ | ||
1289 | |||
1290 | @example | ||
1291 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1292 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1293 | libmicrohttpd-dev libgnutls28-dev | ||
1294 | @end example | ||
1295 | |||
1296 | Choose one or more database backends@ | ||
1297 | SQLite3@ | ||
1298 | @code{@ | ||
1299 | $ sudo apt-get install libsqlite3-dev@ | ||
1300 | }@ | ||
1301 | MySQL@ | ||
1302 | @code{@ | ||
1303 | $ sudo apt-get install libmysqlclient-dev@ | ||
1304 | }@ | ||
1305 | PostgreSQL@ | ||
1306 | @code{@ | ||
1307 | $ sudo apt-get install libpq-dev postgresql@ | ||
1308 | } | ||
1309 | |||
1310 | Install the optional dependencies for gnunet-conversation:@ | ||
1311 | @code{@ | ||
1312 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev@ | ||
1313 | } | ||
1314 | |||
1315 | Install the libgrypt 1.6:@ | ||
1316 | For Ubuntu 14.04:@ | ||
1317 | @code{$ sudo apt-get install libgcrypt20-dev}@ | ||
1318 | For Ubuntu older 14.04:@ | ||
1319 | @code{$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2@ | ||
1320 | $ tar xf libgcrypt-1.6.1.tar.bz2@ | ||
1321 | $ cd libgcrypt-1.6.1@ | ||
1322 | $ ./configure@ | ||
1323 | $ sudo make install@ | ||
1324 | $ cd ..} | ||
1325 | |||
1326 | Install libgnurl@ | ||
1327 | @example | ||
1328 | $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2@ | ||
1329 | $ tar xf gnurl-7.35.0.tar.bz2@ | ||
1330 | $ cd gnurl-7.35.0@ | ||
1331 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
1332 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1333 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1334 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1335 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1336 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1337 | --disable-ftp@ | ||
1338 | $ sudo make install@ | ||
1339 | $ cd ..@ | ||
1340 | @end example | ||
1341 | |||
1342 | Install GNUnet@ | ||
1343 | @code{@ | ||
1344 | $ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz@ | ||
1345 | $ tar xf gnunet-0.10.1.tar.gz@ | ||
1346 | $ cd gnunet-0.10.1@ | ||
1347 | } | ||
1348 | |||
1349 | If you want to: | ||
1350 | @itemize @bullet | ||
1351 | |||
1352 | @item | ||
1353 | Install to a different directory:@ | ||
1354 | --prefix=PREFIX | ||
1355 | |||
1356 | @item | ||
1357 | Have sudo permission, but do not want to compile as root:@ | ||
1358 | --with-sudo | ||
1359 | |||
1360 | @item | ||
1361 | Want debug message enabled:@ | ||
1362 | -- enable-logging=verbose | ||
1363 | @end itemize | ||
1364 | |||
1365 | @code{@ | ||
1366 | $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]@ | ||
1367 | $ make; sudo make install@ | ||
1368 | } | ||
1369 | |||
1370 | After installing it, you need to create an empty configuration file:@ | ||
1371 | @code{touch ~/.config/gnunet.conf} | ||
1372 | |||
1373 | And finally you can start GNUnet with@ | ||
1374 | @code{$ gnunet-arm -s} | ||
1375 | |||
1376 | |||
1377 | @node Build instructions for FreeBSD 8 | ||
1378 | @subsection Build instructions for FreeBSD 8 | ||
1379 | |||
1380 | To get GNUnet 0.9 to compile on FreeBSD (at least FreeBSD 8.0):@ in order to | ||
1381 | install the library @code{libiconv}, at first change the directory to your | ||
1382 | ports directory, e.g.@ | ||
1383 | @code{@ | ||
1384 | $ cd /usr/ports/@ | ||
1385 | }@ | ||
1386 | following that, go to the install file of @code{libiconv} and install it,@ | ||
1387 | @code{@ | ||
1388 | $ cd converters/libiconv,@ | ||
1389 | $ make install@ | ||
1390 | } | ||
1391 | |||
1392 | after that, change the directory to where you will check out | ||
1393 | @code{libextractor} and GNUnet, and install latest @code{libextractor},@ | ||
1394 | first of all, checkout @code{libextractor}, e.g.@ | ||
1395 | @code{@ | ||
1396 | $ svn co https://gnunet.org/svn/Extractor@ | ||
1397 | }@ | ||
1398 | then change the directory into which it was checked out, e.g.@ | ||
1399 | @code{@ | ||
1400 | $ cd Extractor@ | ||
1401 | }@ | ||
1402 | before the installation, you should do following steps,@ | ||
1403 | |||
1404 | @example | ||
1405 | $ ./bootstrap@ | ||
1406 | $ ./configure --with-ltdl-include=/usr/local/include \ | ||
1407 | --with-ltdl-lib=/usr/local/lib@ | ||
1408 | @end example | ||
1409 | |||
1410 | if these steps complete successfully, you can install the library,@ | ||
1411 | |||
1412 | @example | ||
1413 | $ make install@ | ||
1414 | @end example | ||
1415 | |||
1416 | to check out the GNUnet, you should do the similar steps as | ||
1417 | @code{libextractor}, firstly, change back to starting directory, e.g.@ | ||
1418 | @code{@ | ||
1419 | $ cd ../@ | ||
1420 | }@ | ||
1421 | Set the following environmental variables:@ | ||
1422 | @code{@ | ||
1423 | export CPPFLAGS="-I/usr/local/include"@ | ||
1424 | export LDFLAGS="-L/usr/local/lib"@ | ||
1425 | }@ | ||
1426 | next, checkout GNUnet using@ | ||
1427 | @code{@ | ||
1428 | $ svn co https://gnunet.org/svn/gnunet@ | ||
1429 | }@ | ||
1430 | then change directory into newly checked out directory,@ | ||
1431 | @code{@ | ||
1432 | $ cd gnunet@ | ||
1433 | }@ | ||
1434 | at last, start to install GNUnet,@ | ||
1435 | |||
1436 | @example | ||
1437 | $ ./bootstrap@ | ||
1438 | $ ./configure --with-ltdl-include=/usr/local/include \ | ||
1439 | --with-ltdl-lib=/usr/local/lib --with-extractor=/usr/local | ||
1440 | |||
1441 | ## NOTE: you may not need the --with-extractor option!@ | ||
1442 | |||
1443 | $ make install | ||
1444 | @end example | ||
1445 | |||
1446 | @node Basic installation for Mac OS X | ||
1447 | @subsection Basic installation for Mac OS X | ||
1448 | |||
1449 | This documentation may be outdated! | ||
1450 | |||
1451 | This page is providing guidelines for users trying to install GNUnet on Mac OS | ||
1452 | X.@ Mainly users trying to install GNUnet by building source code are the most | ||
1453 | welcome readers.@ The steps below are tested on an Intel Architecture running | ||
1454 | Mac OS X Tiger (10.4.11). Ideally they should work on other Mac boxes with | ||
1455 | different configurations as all the configuration done for it is dependent on | ||
1456 | @uref{http://www.macports.org/, MacPorts} | ||
1457 | |||
1458 | For having GNUnet installed successfully, some dependencies should be firstly | ||
1459 | resolved: | ||
1460 | |||
1461 | @itemize @bullet | ||
1462 | |||
1463 | @item | ||
1464 | Install/Update your @uref{http://developer.apple.com/tools/xcode/, Xcode} | ||
1465 | version 3.2.1 or later for Snow Leopard, 3.1.4 or later for Leopard, or 2.5 for | ||
1466 | Tiger. | ||
1467 | |||
1468 | @item | ||
1469 | Download and install @uref{http://www.macports.org/, MacPorts}.@ | ||
1470 | Now you are ready for installing GNunet dependencies. | ||
1471 | |||
1472 | @item | ||
1473 | First, you'd better make sure that: /opt/local/bin and /opt/local/sbin are | ||
1474 | available in your PATH. (For doing so, open a terminal and type:@ | ||
1475 | |||
1476 | @example | ||
1477 | $ echo $PATH | ||
1478 | @end example | ||
1479 | |||
1480 | and examine the output of it). If the paths are not available in your | ||
1481 | environment, you have to add them (You can add them by editing your .profile | ||
1482 | file in your home directory, append them to the PATH line). Then type: | ||
1483 | @example | ||
1484 | $ source ~/.profile | ||
1485 | @end example | ||
1486 | |||
1487 | and re-examine the echo command output. | ||
1488 | |||
1489 | @item | ||
1490 | Use MacPorts to download and install the dependencies:@ | ||
1491 | The libraries are: | ||
1492 | |||
1493 | @itemize @bullet | ||
1494 | |||
1495 | @item | ||
1496 | @uref{http://trac.macports.org/browser/trunk/dports/www/libmicrohttpd/Portfile, libmicrohttpd.} | ||
1497 | |||
1498 | @item | ||
1499 | @uref{http://trac.macports.org/browser/trunk/dports/devel/libgcrypt/Portfile, libgcrypt.} | ||
1500 | |||
1501 | @item | ||
1502 | @uref{http://trac.macports.org/browser/trunk/dports/net/curl/Portfile, libcurl.} | ||
1503 | |||
1504 | @item | ||
1505 | @uref{http://trac.macports.org/browser/trunk/dports/devel/libtool/Portfile, libltdl.} | ||
1506 | |||
1507 | @item | ||
1508 | @uref{http://trac.macports.org/browser/trunk/dports/databases/sqlite3/Portfile, SQlite.} | ||
1509 | |||
1510 | @item | ||
1511 | libunistring | ||
1512 | |||
1513 | @item | ||
1514 | glpk | ||
1515 | |||
1516 | @end itemize | ||
1517 | |||
1518 | The port command is as follows:@ | ||
1519 | @example | ||
1520 | port install libmicrohttpd libgcrypt curl libtool sqlite3 linunistring glpk | ||
1521 | @end example | ||
1522 | One of the dependencies, the libextractor, should be explicitly installed, | ||
1523 | since the version available from macports is outdated to work with GNUnet. To | ||
1524 | install the latest libextractor: | ||
1525 | @itemize @bullet | ||
1526 | |||
1527 | |||
1528 | @item | ||
1529 | Install the Subversion Client:@ | ||
1530 | For more information about Subversion visit: | ||
1531 | @uref{http://subversion.tigris.org/, http://subversion.tigris.org/} | ||
1532 | |||
1533 | @example | ||
1534 | # port install subversion | ||
1535 | @end example | ||
1536 | |||
1537 | |||
1538 | @item | ||
1539 | Use Subversion to download the latest Extractor: | ||
1540 | @example | ||
1541 | $ svn checkout https://gnunet.org/svn/Extractor | ||
1542 | @end example | ||
1543 | |||
1544 | |||
1545 | @item | ||
1546 | Go to the installation directory of the Extractor, compile and install it: | ||
1547 | @example | ||
1548 | $ ./bootstrap | ||
1549 | $ export CPPFLAGS="-I/opt/local/include" | ||
1550 | $ export LDFLAGS="-L/opt/local/lib" | ||
1551 | $ ./configure --prefix=/opt/local | ||
1552 | $ make | ||
1553 | # make install | ||
1554 | @end example | ||
1555 | |||
1556 | @end itemize | ||
1557 | |||
1558 | |||
1559 | @item | ||
1560 | Now, your system is ready to install GNunet. If you downloaded GNUnet by | ||
1561 | checking it out from svn, you should start by running the bootstrap script. | ||
1562 | Open a terminal pointing to the GNUnet directory and type:@ | ||
1563 | |||
1564 | @example | ||
1565 | $ ./bootstrap | ||
1566 | @end example | ||
1567 | |||
1568 | |||
1569 | @item | ||
1570 | Run the configure script: | ||
1571 | @example | ||
1572 | $ export CPPFLAGS="-I/opt/local/include" | ||
1573 | $ export LDFLAGS="-L/opt/local/lib" | ||
1574 | $ ./configure --prefix=/tmp/gnunet_build | ||
1575 | @end example | ||
1576 | |||
1577 | |||
1578 | GNUnet will be installed in the directory /tmp/gnunet_build (Of course that | ||
1579 | installation path can be changed).@ The CPPFLAGS and LDFLAGS are mentioned in | ||
1580 | order to inform the compiler and the linker to lookup headers and libraries in | ||
1581 | /opt/local/include and /opt/local/lib. | ||
1582 | |||
1583 | @item | ||
1584 | Compile@ | ||
1585 | |||
1586 | @example | ||
1587 | $ make | ||
1588 | @end example | ||
1589 | |||
1590 | |||
1591 | @item | ||
1592 | Install GNUnet | ||
1593 | @example | ||
1594 | # make install | ||
1595 | @end example | ||
1596 | |||
1597 | @end itemize | ||
1598 | |||
1599 | @node Basic Installation for Fedora/PlanetLab nodes running Fedora 12 | ||
1600 | @subsection Basic Installation for Fedora/PlanetLab nodes running Fedora 12 | ||
1601 | |||
1602 | |||
1603 | @strong{This documentation is outdated and not valid for GNUnet 0.10.0!}@ | ||
1604 | |||
1605 | GNUnet installation on Fedora 8/Planetlab nodes can be done as following: | ||
1606 | |||
1607 | 1. Install the build tools to build GNUnet@ | ||
1608 | @example | ||
1609 | sudo yum -y -t --nogpgcheck install gcc make autoconf gettext-devel \ | ||
1610 | texinfo subversion@ | ||
1611 | @end example | ||
1612 | |||
1613 | 2. Install the GNUnet dependencies@ | ||
1614 | @example | ||
1615 | sudo yum -y -t --nogpgcheck install libunistring-devel libunistring-devel \ | ||
1616 | libgcrypt-devel zlib-devel sqlite-devel postgresql-devel mysql-devel \ | ||
1617 | libgsf-devel libvorbis-devel@ | ||
1618 | @end example | ||
1619 | |||
1620 | 3. Install outdated dependencies from source@ | ||
1621 | libtool@ | ||
1622 | @example | ||
1623 | wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz@ | ||
1624 | tar xvfz libtool-2.4.2.tar.gz@ | ||
1625 | cd libtool-2.4.2@ | ||
1626 | ./configure@ | ||
1627 | sudo make install@ | ||
1628 | @end example | ||
1629 | |||
1630 | glpk@ | ||
1631 | @example | ||
1632 | wget http://ftp.gnu.org/gnu/glpk/glpk-4.47.tar.gz@ | ||
1633 | tar xvfz glpk-4.47.tar.gz@ | ||
1634 | cd glpk-4.47@ | ||
1635 | ./configure@ | ||
1636 | sudo make install@ | ||
1637 | @end example | ||
1638 | |||
1639 | libcurl@ | ||
1640 | @example | ||
1641 | wget http://curl.haxx.se/download/curl-7.26.0.tar.gz@ | ||
1642 | tar xvfz curl-7.26.0.tar.gz@ | ||
1643 | cd curl-7.26.0@ | ||
1644 | ./configure@ | ||
1645 | sudo make install@ | ||
1646 | @end example | ||
1647 | |||
1648 | 4. Install libextractor@ | ||
1649 | @example | ||
1650 | svn co https://gnunet.org/svn/libextractor@ | ||
1651 | cd libextractor@ | ||
1652 | libtoolize@ | ||
1653 | ./bootstrap@ | ||
1654 | ./configure@ | ||
1655 | sudo make install@ | ||
1656 | @end example | ||
1657 | |||
1658 | 5. Install libmicrohttpd@ | ||
1659 | @example | ||
1660 | svn co https://gnunet.org/svn/libmicrohttpd@ | ||
1661 | cd libmicrohttpd@ | ||
1662 | libtoolize@ | ||
1663 | ./bootstrap@ | ||
1664 | ./configure@ | ||
1665 | sudo make install@ | ||
1666 | @end example | ||
1667 | |||
1668 | 6. Set GNUnet prefix and add to PATH@ | ||
1669 | @example | ||
1670 | export GNUNET_PREFIX=@ | ||
1671 | export PATH=$PATH:$GNUNET_PREFIX/bin@ | ||
1672 | @end example | ||
1673 | |||
1674 | 7. Install GNUnet from svn@ | ||
1675 | @example | ||
1676 | export LD_LIBRARY_PATH=/usr/local/lib@ | ||
1677 | svn co https://gnunet.org/svn/gnunet@ | ||
1678 | cd gnunet@ | ||
1679 | libtoolize@ | ||
1680 | ./bootstrap@ | ||
1681 | ./configure --prefix=$GNUNET_PREFIX --with-extractor=/usr \ | ||
1682 | --with-mysql=/usr/lib/mysql --enable-logging=verbose@ | ||
1683 | make install@ | ||
1684 | @end example | ||
1685 | |||
1686 | Done! | ||
1687 | |||
1688 | @node Basic Installation for Fedora/PlanetLab nodes running Fedora 8 . | ||
1689 | @subsection Basic Installation for Fedora/PlanetLab nodes running Fedora 8 . | ||
1690 | @c %**end of header | ||
1691 | |||
1692 | @strong{This documentation is outdated and not valid for GNUnet 0.10.0!}@ | ||
1693 | GNUnet installation on Fedora 8/Planetlab nodes can be done as following: | ||
1694 | |||
1695 | 1. Install the build tools to build GNUnet@ | ||
1696 | @example | ||
1697 | sudo yum -y -t --nogpgcheck install gcc make automake autoconf gettext-devel \ | ||
1698 | texinfo zlib-devel subversion@ | ||
1699 | @end example | ||
1700 | |||
1701 | 2. Install the GNUnet dependencies@ | ||
1702 | @example | ||
1703 | sudo yum -y -t --nogpgcheck install gnutls-devel gnutls-devel libgcrypt-devel \ | ||
1704 | sqlite-devel postgresql-devel mysql-devel libgsf-devel libvorbis-devel \ | ||
1705 | libidn-devel | ||
1706 | @end example | ||
1707 | |||
1708 | 3. Install outdated dependencies from source@ | ||
1709 | libtool@ | ||
1710 | @code{@ | ||
1711 | wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz@ | ||
1712 | tar xvfz libtool-2.4.2.tar.gz@ | ||
1713 | cd libtool-2.4.2@ | ||
1714 | ./configure@ | ||
1715 | sudo make install@ | ||
1716 | } | ||
1717 | |||
1718 | libtool@ | ||
1719 | @code{@ | ||
1720 | wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz@ | ||
1721 | tar xvfz libtool-2.4.2.tar.gz@ | ||
1722 | cd libtool-2.4.2@ | ||
1723 | ./configure@ | ||
1724 | sudo make install@ | ||
1725 | } | ||
1726 | |||
1727 | glpk@ | ||
1728 | @code{@ | ||
1729 | wget http://ftp.gnu.org/gnu/glpk/glpk-4.47.tar.gz@ | ||
1730 | tar xvfz glpk-4.47.tar.gz@ | ||
1731 | cd glpk-4.47@ | ||
1732 | ./configure@ | ||
1733 | sudo make install@ | ||
1734 | } | ||
1735 | |||
1736 | libgpg-error@ | ||
1737 | @code{@ | ||
1738 | wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.10.tar.bz2@ | ||
1739 | tar xvfj libgpg-error-1.10.tar.bz2@ | ||
1740 | cd libgpg-error-1.10@ | ||
1741 | ./configure --prefix=/usr@ | ||
1742 | sudo make install@ | ||
1743 | } | ||
1744 | |||
1745 | libgcrypt@ | ||
1746 | @code{@ | ||
1747 | wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0.tar.bz2@ | ||
1748 | tar xvfj libgcrypt-1.5.0.tar.tar.bz2@ | ||
1749 | cd libgcrypt-1.5.0@ | ||
1750 | ./configure --prefix=/usr@ | ||
1751 | sudo make install@ | ||
1752 | } | ||
1753 | |||
1754 | libcurl@ | ||
1755 | @code{@ | ||
1756 | wget http://curl.haxx.se/download/curl-7.26.0.tar.gz@ | ||
1757 | tar xvfz curl-7.26.0.tar.gz@ | ||
1758 | cd curl-7.26.0@ | ||
1759 | ./configure@ | ||
1760 | sudo make install@ | ||
1761 | } | ||
1762 | |||
1763 | libunistring@ | ||
1764 | @code{@ | ||
1765 | wget http://ftp.gnu.org/gnu/libunistring/libunistring-0.9.3.tar.gz@ | ||
1766 | tar xvfz libunistring-0.9.3.tar.gz@ | ||
1767 | cd libunistring-0.9.3@ | ||
1768 | ./configure@ | ||
1769 | sudo make install@ | ||
1770 | } | ||
1771 | |||
1772 | 4. Remove conflicting packages@ | ||
1773 | @code{@ | ||
1774 | sudo rpm -e --nodeps libgcrypt libgpg-error@ | ||
1775 | } | ||
1776 | |||
1777 | 4. Install libextractor@ | ||
1778 | @code{@ | ||
1779 | wget ftp://ftp.gnu.org/gnu/libextractor/libextractor-0.6.3.tar.gz@ | ||
1780 | tar xvfz libextractor-0.6.3.tar.gz@ | ||
1781 | cd libextractor-0.6.3@ | ||
1782 | ./configure@ | ||
1783 | sudo make install@ | ||
1784 | } | ||
1785 | |||
1786 | 5. Install libmicrohttpd and dependencies | ||
1787 | |||
1788 | nettle@ | ||
1789 | @code{@ | ||
1790 | wget http://ftp.gnu.org/gnu/nettle/nettle-2.5.tar.gz@ | ||
1791 | tar xvfz nettle-2.5.tar.gz@ | ||
1792 | cd nettle-2.5@ | ||
1793 | ./configure@ | ||
1794 | sudo make install@ | ||
1795 | } | ||
1796 | |||
1797 | GnuTLS@ | ||
1798 | @code{@ | ||
1799 | wget http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.20.tar.bz2@ | ||
1800 | tar xvfj gnutls-2.12.20.tar.bz2@ | ||
1801 | cd gnutls-2.12.20@ | ||
1802 | ./configure --without-p11-kit@ | ||
1803 | sudo make install@ | ||
1804 | } | ||
1805 | |||
1806 | libmicrohttpd@ | ||
1807 | @code{@ | ||
1808 | wget ftp://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.21.tar.gz@ | ||
1809 | tar xvfz libmicrohttpd-0.9.21.tar.gz@ | ||
1810 | cd libmicrohttpd-0.9.21@ | ||
1811 | ./configure@ | ||
1812 | sudo make install@ | ||
1813 | } | ||
1814 | |||
1815 | 6. Set GNUnet prefix and add to PATH@ | ||
1816 | @code{@ | ||
1817 | export GNUNET_PREFIX=@ | ||
1818 | export PATH=$PATH:$GNUNET_PREFIX/bin@ | ||
1819 | } | ||
1820 | |||
1821 | 7. Install GNUnet from svn@ | ||
1822 | @example | ||
1823 | export LD_LIBRARY_PATH=/usr/local/lib@ | ||
1824 | svn co https://gnunet.org/svn/gnunet@ | ||
1825 | cd gnunet@ | ||
1826 | libtoolize@ | ||
1827 | ./bootstrap@ | ||
1828 | ./configure --prefix=$GNUNET_PREFIX --with-extractor=/usr/local \ | ||
1829 | --with-curl=/usr/local --with-mysql=/usr/lib/mysql --enable-logging=verbose@ | ||
1830 | make install@ | ||
1831 | @end example | ||
1832 | |||
1833 | Done! | ||
1834 | |||
1835 | @node Build instructions for Gentoo | ||
1836 | @subsection Build instructions for Gentoo | ||
1837 | |||
1838 | |||
1839 | This page describes how to install GNUnet 0.9 on Gentoo. | ||
1840 | |||
1841 | Since the GNUnet 0.9 ebuilds are not in the official portage tree yet, we need | ||
1842 | to add them to the local portage overlay. All the commands below should be | ||
1843 | executed as root. | ||
1844 | |||
1845 | Specify your local portage directory in the /etc/make.conf, for example:@ | ||
1846 | @code{$ echo 'PORTDIR_OVERLAY="/usr/local/portage"' >> /etc/make.conf} | ||
1847 | |||
1848 | Create directories for the ebuilds:@ | ||
1849 | @code{$ mkdir -p /usr/local/portage/media-libs/libextractor /usr/local/portage/net-p2p/gnunet/files} | ||
1850 | |||
1851 | Download the latest ebuilds, init and config files from here and put them into | ||
1852 | respective directories:@ | ||
1853 | @code{$ cp libextractor-0.6.2.ebuild /usr/local/portage/media-libs/libextractor@ | ||
1854 | $ cp gnunet-0.9.2.ebuild /usr/local/portage/net-p2p/gnunet@ | ||
1855 | $ cp gnunet-0.9.2.conf gnunet-0.9.2.confd gnunet-0.9.2.initd /usr/local/portage/net-p2p/gnunet/files} | ||
1856 | |||
1857 | Generate Manifest files for the ebuilds:@ | ||
1858 | @code{$ cd /usr/local/portage/net-p2p/gnunet@ | ||
1859 | $ ebuild gnunet-0.9.2.ebuild digest@ | ||
1860 | $ cd /usr/local/portage/media-libs/libextractor@ | ||
1861 | $ ebuild libextractor-0.6.2.ebuild digest} | ||
1862 | |||
1863 | Unmask GNUnet and dependencies in the /etc/portage/package.keywords. For | ||
1864 | example, if you use x86-64 architecture, add the following lines:@ | ||
1865 | @code{net-p2p/gnunet ~amd64@ | ||
1866 | media-libs/libextractor ~amd64@ | ||
1867 | net-libs/libmicrohttpd ~amd64@ | ||
1868 | net-misc/curl ~amd64} | ||
1869 | |||
1870 | Add either sqlite or mysql USE-flag in the /etc/portage/package.use:@ | ||
1871 | @code{net-p2p/gnunet sqlite} | ||
1872 | |||
1873 | Now everything is ready to install GNUnet:@ | ||
1874 | @code{$ emerge -av gnunet} | ||
1875 | |||
1876 | Use /etc/init.d/gnunet to start/stop GNUnet. | ||
1877 | |||
1878 | @node Building GLPK for MinGW | ||
1879 | @subsection Building GLPK for MinGW | ||
1880 | |||
1881 | GNUnet now requires the GNU Linear Programming Kit (GLPK). Since there's is no | ||
1882 | package you can install with @code{mingw-get} you have to compile it from | ||
1883 | source: | ||
1884 | |||
1885 | @itemize @bullet | ||
1886 | |||
1887 | @item | ||
1888 | Download the latest version from http://ftp.gnu.org/gnu/glpk/ | ||
1889 | |||
1890 | @item | ||
1891 | Unzip it using your favourite unzipper@ | ||
1892 | In the MSYS shell: | ||
1893 | |||
1894 | @item | ||
1895 | change to the respective directory | ||
1896 | |||
1897 | @item | ||
1898 | @code{./configure '--build=i686-pc-mingw32'} | ||
1899 | |||
1900 | @item | ||
1901 | run @code{make install check } | ||
1902 | |||
1903 | MinGW does not automatically detect the correct buildtype so you have to | ||
1904 | specify it manually | ||
1905 | @end itemize | ||
1906 | |||
1907 | |||
1908 | @node GUI build instructions for Ubuntu 12.04 using Subversion | ||
1909 | @subsection GUI build instructions for Ubuntu 12.04 using Subversion | ||
1910 | |||
1911 | After installing GNUnet you can continue installing the GNUnet GUI tools: | ||
1912 | |||
1913 | First, install the required dependencies: | ||
1914 | |||
1915 | @code{@ | ||
1916 | $ sudo apt-get install libgladeui-dev libqrencode-dev@ | ||
1917 | } | ||
1918 | |||
1919 | Please ensure that the GNUnet shared libraries can be found by the linker. If | ||
1920 | you installed GNUnet libraries in a non standard path (say | ||
1921 | GNUNET_PREFIX=/usr/local/lib/), you can | ||
1922 | @itemize @bullet | ||
1923 | |||
1924 | |||
1925 | @item | ||
1926 | set the environmental variable permanently to@ | ||
1927 | @code{LD_LIBRARY_PATH=$GNUNET_PREFIX} | ||
1928 | |||
1929 | @item | ||
1930 | or add @code{$GNUNET_PREFIX} to @code{/etc/ld.so.conf} | ||
1931 | @end itemize | ||
1932 | |||
1933 | |||
1934 | Now you can checkout and compile the GNUnet GUI tools@ | ||
1935 | @code{@ | ||
1936 | $ svn co https://gnunet.org/svn/gnunet-gtk@ | ||
1937 | $ cd gnunet-gtk@ | ||
1938 | $ ./bootstrap@ | ||
1939 | $ ./configure --prefix=$GNUNET_PREFIX/.. --with-gnunet=$GNUNET_PREFIX/..@ | ||
1940 | $ make install@ | ||
1941 | } | ||
1942 | |||
1943 | @node Installation with gnunet-update | ||
1944 | @subsection Installation with gnunet-update | ||
1945 | |||
1946 | gnunet-update project is an effort to introduce updates to GNUnet | ||
1947 | installations. An interesting to-be-implemented-feature of gnunet-update is | ||
1948 | that these updates are propagated through GNUnet's peer-to-peer network. More | ||
1949 | information about gnunet-update can be found at | ||
1950 | https://gnunet.org/svn/gnunet-update/README. | ||
1951 | |||
1952 | While the project is still under development, we have implemented the following | ||
1953 | features which we believe may be helpful for users and we would like them to be | ||
1954 | tested: | ||
1955 | |||
1956 | @itemize @bullet | ||
1957 | |||
1958 | @item | ||
1959 | Packaging GNUnet installation along with its run-time dependencies into update | ||
1960 | packages | ||
1961 | |||
1962 | @item | ||
1963 | Installing update packages into compatible hosts | ||
1964 | |||
1965 | @item | ||
1966 | Updating an existing installation (which had been installed by gnunet-update) | ||
1967 | to a newer one | ||
1968 | @end itemize | ||
1969 | |||
1970 | The above said features of gnunet-update are currently available for testing on | ||
1971 | GNU/Linux systems. | ||
1972 | |||
1973 | The following is a guide to help you get started with gnunet-update. It shows | ||
1974 | you how to install the testing binary packages of GNUnet 0.9.1 we have at | ||
1975 | https://gnunet.org/install/ | ||
1976 | |||
1977 | gnunet-update needs the following: | ||
1978 | |||
1979 | @itemize @bullet | ||
1980 | @item | ||
1981 | python ( 2.6 or above) | ||
1982 | |||
1983 | @item | ||
1984 | gnupg | ||
1985 | |||
1986 | @item | ||
1987 | python-gpgme | ||
1988 | @end itemize | ||
1989 | |||
1990 | |||
1991 | Checkout gnunet-update:@ | ||
1992 | @code{@ | ||
1993 | $ svn checkout -r24905 https://gnunet.org/svn/gnunet-update@ | ||
1994 | } | ||
1995 | |||
1996 | For security reasons, all packages released for gnunet-update from us are | ||
1997 | signed with the key at https://gnunet.org/install/key.txt You would need to | ||
1998 | import this key into your gpg key ring. gnunet-update uses this key to verify | ||
1999 | the integrity of the packages it installs@ | ||
2000 | @code{@ | ||
2001 | $ gpg --recv-keys 7C613D78@ | ||
2002 | } | ||
2003 | |||
2004 | Download the packages relevant to your architecture (currently I have access to | ||
2005 | GNU/Linux machines on x86_64 and i686, so only two for now, hopefully more | ||
2006 | later) from https://gnunet.org/install/. | ||
2007 | |||
2008 | To install the downloaded package into the directory /foo: | ||
2009 | |||
2010 | @code{@ | ||
2011 | gnunet-update/bin/gnunet-update install downloaded/package /foo@ | ||
2012 | } | ||
2013 | |||
2014 | The installer reports the directories into which shared libraries and | ||
2015 | dependencies have been installed. You may need to add the reported shared | ||
2016 | library installation paths to LD_LIBRARY_PATH before you start running any | ||
2017 | installed binaries. | ||
2018 | |||
2019 | Please report bugs at https://gnunet.org/bugs/ under the project | ||
2020 | 'gnunet-update'. | ||
2021 | |||
2022 | @node Instructions for Microsoft Windows Platforms (Old) | ||
2023 | @subsection Instructions for Microsoft Windows Platforms (Old) | ||
2024 | |||
2025 | This document is a DEPRECATED installation guide for gnunet on windows. It will | ||
2026 | not work for recent gnunet versions, but maybe it will be of some use if | ||
2027 | problems arise. | ||
2028 | |||
2029 | The Windows build uses a UNIX emulator for Windows, | ||
2030 | @uref{http://www.mingw.org/, MinGW}, to build the executable modules. These | ||
2031 | modules run natively on Windows and do not require additional emulation | ||
2032 | software besides the usual dependencies. | ||
2033 | |||
2034 | GNUnet development is mostly done under Linux and especially SVN checkouts may | ||
2035 | not build out of the box. We regret any inconvenience, and if you have | ||
2036 | problems, please report them. | ||
2037 | |||
2038 | |||
2039 | |||
2040 | @menu | ||
2041 | * Hardware and OS requirements:: | ||
2042 | * Software installation:: | ||
2043 | * Building libextractor and GNUnet:: | ||
2044 | * Installer:: | ||
2045 | * Source:: | ||
2046 | @end menu | ||
2047 | |||
2048 | @node Hardware and OS requirements | ||
2049 | @subsubsection Hardware and OS requirements | ||
2050 | |||
2051 | @itemize @bullet | ||
2052 | |||
2053 | @item | ||
2054 | Pentium II or equivalent processor, 350 MHz or better | ||
2055 | |||
2056 | @item | ||
2057 | 128 MB RAM | ||
2058 | |||
2059 | @item | ||
2060 | 600 MB free disk space | ||
2061 | |||
2062 | @item | ||
2063 | Windows 2000 or Windows XP are recommended | ||
2064 | @end itemize | ||
2065 | |||
2066 | @node Software installation | ||
2067 | @subsubsection Software installation | ||
2068 | |||
2069 | @itemize @bullet | ||
2070 | |||
2071 | @item | ||
2072 | @strong{Compression software}@ | ||
2073 | @ | ||
2074 | The software packages GNUnet depends on are usually compressed using UNIX | ||
2075 | tools like tar, gzip and bzip2.@ If you do not already have an utility that is | ||
2076 | able to extract such archives, get @uref{http://www.7-zip.org/, 7-Zip}. | ||
2077 | |||
2078 | @item | ||
2079 | @strong{UNIX environment}@ | ||
2080 | @ | ||
2081 | The MinGW project provides the compiler toolchain that is used to build | ||
2082 | GNUnet.@ Get the following packages from | ||
2083 | @uref{http://sourceforge.net/projects/mingw/files/, the MinGW project}: | ||
2084 | @itemize @bullet | ||
2085 | |||
2086 | |||
2087 | @item | ||
2088 | GCC core | ||
2089 | |||
2090 | @item | ||
2091 | GCC g++ | ||
2092 | |||
2093 | @item | ||
2094 | MSYS | ||
2095 | |||
2096 | @item | ||
2097 | MSYS Developer Tool Kit (msysDTK) | ||
2098 | |||
2099 | @item | ||
2100 | MSYS Developer Tool Kit - msys-autoconf (bin) | ||
2101 | |||
2102 | @item | ||
2103 | MSYS Developer Tool Kit - msys-automake (bin) | ||
2104 | |||
2105 | @item | ||
2106 | MinGW Runtime | ||
2107 | |||
2108 | @item | ||
2109 | MinGW Utilities | ||
2110 | |||
2111 | @item | ||
2112 | Windows API | ||
2113 | |||
2114 | @item | ||
2115 | Binutils | ||
2116 | |||
2117 | @item | ||
2118 | make | ||
2119 | |||
2120 | @item | ||
2121 | pdcurses | ||
2122 | |||
2123 | @item | ||
2124 | GDB (snapshot) | ||
2125 | @end itemize | ||
2126 | |||
2127 | @itemize @bullet | ||
2128 | |||
2129 | |||
2130 | @item | ||
2131 | Install MSYS (to c:\mingw, for example.)@ | ||
2132 | Do @strong{not} use spaces in the pathname (c:\program files\mingw). | ||
2133 | |||
2134 | @item | ||
2135 | Install MinGW runtime, utilities and GCC to a subdirectory (to c:\mingw\mingw, | ||
2136 | for example) | ||
2137 | |||
2138 | @item | ||
2139 | Install the Development Kit to the MSYS directory (c:\mingw) | ||
2140 | |||
2141 | @item | ||
2142 | Create a batch file bash.bat in your MSYS directory with the files:@ | ||
2143 | |||
2144 | @example | ||
2145 | bin\sh.exe --login | ||
2146 | @end example | ||
2147 | |||
2148 | |||
2149 | This batch file opens a shell which is used to invoke the build processes..@ | ||
2150 | MinGW's standard shell (msys.bat) is not suitable because it opens a separate | ||
2151 | console window@ On Vista, bash.bat needs to be run as administrator. | ||
2152 | |||
2153 | @item | ||
2154 | Start bash.sh and rename (c:\mingw\mingw\)lib\libstdc++.la to avoid problems:@ | ||
2155 | |||
2156 | @example | ||
2157 | mv /usr/mingw/lib/libstdc++.la /usr/mingw/lib/libstdc++.la.broken | ||
2158 | @end example | ||
2159 | |||
2160 | |||
2161 | @item | ||
2162 | Unpack the Windows API to the MinGW directory (c:\mingw\mingw\) and remove the | ||
2163 | declaration of DATADIR from (c:\mingw\mingw\)include\objidl.h (lines 55-58) | ||
2164 | |||
2165 | @item | ||
2166 | Unpack autoconf, automake to the MSYS directory (c:\mingw) | ||
2167 | |||
2168 | @item | ||
2169 | Install all other packages to the MinGW directory (c:\mingw\mingw\) | ||
2170 | @end itemize | ||
2171 | |||
2172 | |||
2173 | @item | ||
2174 | @strong{GNU Libtool}@ | ||
2175 | @ | ||
2176 | GNU Libtool is required to use shared libraries.@ | ||
2177 | @ | ||
2178 | Get the prebuilt package from here and unpack it to the MinGW directory | ||
2179 | (c:\mingw) | ||
2180 | |||
2181 | @item | ||
2182 | @strong{Pthreads}@ | ||
2183 | @ | ||
2184 | GNUnet uses the portable POSIX thread library for multi-threading..@ | ||
2185 | |||
2186 | @itemize @bullet | ||
2187 | |||
2188 | |||
2189 | @item | ||
2190 | Save @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/libpthreadGC2.a, libpthreadGC2.a} (x86) or @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/libpthreadGC2.a, libpthreadGC2.a} (x64) as libpthread.a into the lib directory (c:\mingw\mingw\lib\libpthread.a) | ||
2191 | |||
2192 | @item | ||
2193 | Save @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/pthreadGC2.dll, pthreadGC2.dll} (x86) or @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/pthreadGC2.dll, libpthreadGC2.a} (x64) into the MinGW bin directory (c:\mingw\mingw\bin) | ||
2194 | |||
2195 | @item | ||
2196 | Download all header files from @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/include/, include/} to the include directory (c:\mingw\mingw\include) | ||
2197 | @end itemize | ||
2198 | |||
2199 | |||
2200 | @item | ||
2201 | @strong{GNU MP@ | ||
2202 | }@ | ||
2203 | @ | ||
2204 | GNUnet uses the GNU Multiple Precision library for special cryptographic operations.@ | ||
2205 | @ | ||
2206 | Get the GMP binary package from the @uref{http://sourceforge.net/projects/mingwrep/, MinGW repository} and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2207 | |||
2208 | @item | ||
2209 | @strong{GNU Gettext}@ | ||
2210 | @ | ||
2211 | GNU gettext is used to provide national language support.@ | ||
2212 | @ | ||
2213 | Get the prebuilt package from hereand unpack it to the MinGW directory (c:\mingw\mingw) | ||
2214 | |||
2215 | @item | ||
2216 | @strong{GNU iconv}@ | ||
2217 | @ | ||
2218 | GNU Libiconv is used for character encoding conversion.@ | ||
2219 | @ | ||
2220 | Get the prebuilt package from here and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2221 | |||
2222 | @item | ||
2223 | @strong{SQLite}@ | ||
2224 | @ | ||
2225 | GNUnet uses the SQLite database to store data.@ | ||
2226 | @ | ||
2227 | Get the prebuilt binary from here and unpack it to your MinGW directory. | ||
2228 | |||
2229 | @item | ||
2230 | @strong{MySQL}@ | ||
2231 | @ | ||
2232 | As an alternative to SQLite, GNUnet also supports MySQL. | ||
2233 | @itemize @bullet | ||
2234 | |||
2235 | |||
2236 | @item | ||
2237 | Get the binary installer from the @uref{http://dev.mysql.com/downloads/mysql/4.1.html#Windows, MySQL project} (version 4.1),@ | ||
2238 | install it and follow the instructions in README.mysql. | ||
2239 | |||
2240 | @item | ||
2241 | Create a temporary build directory (c:\mysql) | ||
2242 | |||
2243 | @item | ||
2244 | Copy the directories include\ and lib\ from the MySQL directory to the new directory | ||
2245 | |||
2246 | @item | ||
2247 | Get the patches from @uref{http://bugs.mysql.com/bug.php?id=8906&files=1, Bug #8906} and @uref{http://bugs.mysql.com/bug.php?id=8872&files=1, Bug #8872} (the latter is only required for MySQL | ||
2248 | @example | ||
2249 | patch -p 0 | ||
2250 | @end example | ||
2251 | |||
2252 | |||
2253 | @item | ||
2254 | Move lib\opt\libmysql.dll to lib\libmysql.dll | ||
2255 | |||
2256 | @item | ||
2257 | Change to lib\ and create an import library:@ | ||
2258 | |||
2259 | @example | ||
2260 | dlltool --input-def ../include/libmySQL.def --dllname libmysql.dll | ||
2261 | --output-lib libmysqlclient.a -k | ||
2262 | @end example | ||
2263 | |||
2264 | |||
2265 | @item | ||
2266 | Copy include\* to include\mysql\ | ||
2267 | |||
2268 | @item | ||
2269 | Pass "--with-mysql=/c/mysql" to ./configure and copy libmysql.dll to your PATH or GNUnet′s bin\ directory | ||
2270 | @end itemize | ||
2271 | |||
2272 | |||
2273 | @item | ||
2274 | @strong{GTK+}@ | ||
2275 | @ | ||
2276 | gnunet-gtk and libextractor depend on GTK.@ | ||
2277 | @ | ||
2278 | Get the the binary and developer packages of atk, glib, gtk, iconv, gettext-runtime, pango from @uref{ftp://ftp.gtk.org/pub/gtk/v2.6/win32, gtk.org} and unpack it to the MinGW directory (c:\mingw\mingw)@ | ||
2279 | @ | ||
2280 | Get @uref{http://www.gtk.org/download/win32.php, pkg-config} and libpng and unpack them to the MinGW directory (c:\mingw\mingw)@ | ||
2281 | @ | ||
2282 | Here is an all-in-one package for @uref{http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+/2.24/gtk+-bundle_2.24.10-20120208_win32.zip, gtk+dependencies}. Do not overwrite any existing files! | ||
2283 | |||
2284 | @item | ||
2285 | @strong{Glade}@ | ||
2286 | @ | ||
2287 | gnunet-gtk and and gnunet-setup were created using this interface builder@ | ||
2288 | |||
2289 | @itemize @bullet | ||
2290 | |||
2291 | |||
2292 | @item | ||
2293 | Get the Glade and libglade (-bin and -devel) packages (without GTK!) from @uref{http://gladewin32.sourceforge.net/, GladeWin32} and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2294 | |||
2295 | @item | ||
2296 | Get libxml from here and unpack it to the MinGW directory (c:\mingw\mingw). | ||
2297 | @end itemize | ||
2298 | |||
2299 | |||
2300 | @item | ||
2301 | @strong{zLib}@ | ||
2302 | @ | ||
2303 | libextractor requires zLib to decompress some file formats. GNUnet uses it to (de)compress meta-data.@ | ||
2304 | @ | ||
2305 | Get zLib from here (Signature) and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2306 | |||
2307 | @item | ||
2308 | @strong{Bzip2}@ | ||
2309 | @ | ||
2310 | libextractor also requires Bzip2 to decompress some file formats.@ | ||
2311 | @ | ||
2312 | Get Bzip2 (binary and developer package) from @uref{http://gnuwin32.sourceforge.net/packages/bzip2.htm, GnuWin32} and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2313 | |||
2314 | @item | ||
2315 | @strong{Libgcrypt}@ | ||
2316 | @ | ||
2317 | Libgcrypt provides the cryptographic functions used by GNUnet@ | ||
2318 | @ | ||
2319 | Get Libgcrypt from @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, here}, compile and place it in the MinGW directory (c:\mingw\mingw). Currently you need at least version 1.4.2 to compile gnunet. | ||
2320 | |||
2321 | @item | ||
2322 | @strong{PlibC}@ | ||
2323 | @ | ||
2324 | PlibC emulates Unix functions under Windows.@ | ||
2325 | @ | ||
2326 | Get PlibC from here and unpack it to the MinGW directory (c:\mingw\mingw) | ||
2327 | |||
2328 | @item | ||
2329 | @strong{OGG Vorbis}@ | ||
2330 | @ | ||
2331 | OGG Vorbis is used to extract meta-data from .ogg files@ | ||
2332 | @ | ||
2333 | Get the packages @uref{http://www.gnunet.org/libextractor/download/win/libogg-1.1.4.zip, libogg} and @uref{http://www.gnunet.org/libextractor/download/win/libvorbis-1.2.3.zip, libvorbis} from the @uref{http://ftp.gnu.org/gnu/libextractor/libextractor-w32-1.0.0.zip, libextractor win32 build} and unpack them to the MinGW directory (c:\mingw\mingw) | ||
2334 | |||
2335 | @item | ||
2336 | @strong{Exiv2}@ | ||
2337 | @ | ||
2338 | (lib)Exiv2 is used to extract meta-data from files with Exiv2 meta-data@ | ||
2339 | @ | ||
2340 | Download @uref{http://www.gnunet.org/libextractor/download/win/exiv2-0.18.2.zip, Exiv2} and unpack it to the MSYS directory (c:\mingw) | ||
2341 | @end itemize | ||
2342 | |||
2343 | @node Building libextractor and GNUnet | ||
2344 | @subsubsection Building libextractor and GNUnet | ||
2345 | |||
2346 | Before you compile libextractor or GNUnet, be sure to set@ | ||
2347 | PKG_CONFIG_PATH: | ||
2348 | @example | ||
2349 | export PKG_CONFIG_PATH=/mingw/lib/pkgconfig | ||
2350 | @end example | ||
2351 | |||
2352 | |||
2353 | See Installation for basic instructions on building libextractor and GNUnet. | ||
2354 | |||
2355 | By default, all modules that are created in this way contain debug information and are quite large.@ | ||
2356 | To compile release versions (small and fast) set the variable CFLAGS: | ||
2357 | @example | ||
2358 | export CFLAGS='-O2 -march=pentium -fomit-frame-pointer' | ||
2359 | ./configure --prefix=$HOME --with-extractor=$HOME | ||
2360 | @end example | ||
2361 | |||
2362 | @node Installer | ||
2363 | @subsubsection Installer | ||
2364 | |||
2365 | The GNUnet installer is made with @uref{http://nsis.sourceforge.net/, NSIS}@ | ||
2366 | The installer script is located in contrib\win in the GNUnet source tree. | ||
2367 | |||
2368 | @node Source | ||
2369 | @subsubsection Source | ||
2370 | |||
2371 | The sources of all dependencies are available here. | ||
2372 | |||
2373 | @node Portable GNUnet | ||
2374 | @section Portable GNUnet | ||
2375 | |||
2376 | Quick instructions on how to use the most recent GNUnet on most GNU/Linux | ||
2377 | distributions | ||
2378 | |||
2379 | Currently this has only been tested on Ubuntu 12.04, 12.10, 13.04, Debian and | ||
2380 | CentOS 6, but it should work on almost any GNU/Linux distribution. More | ||
2381 | in-detail information can be found in the handbook. | ||
2382 | |||
2383 | |||
2384 | |||
2385 | @menu | ||
2386 | * Prerequisites:: | ||
2387 | * Download & set up gnunet-update:: | ||
2388 | * Install GNUnet:: | ||
2389 | @end menu | ||
2390 | |||
2391 | @node Prerequisites | ||
2392 | @subsection Prerequisites | ||
2393 | |||
2394 | Open a terminal and paste this line into it to install all required tools | ||
2395 | needed:@ | ||
2396 | @code{sudo apt-get install python-gpgme subversion} | ||
2397 | |||
2398 | @node Download & set up gnunet-update | ||
2399 | @subsection Download & set up gnunet-update | ||
2400 | |||
2401 | The following command will download a working version of gnunet-update with the | ||
2402 | subversion tool and import the public key which is needed for authentication:@ | ||
2403 | |||
2404 | @example | ||
2405 | svn checkout -r24905 https://gnunet.org/svn/gnunet-update ~/gnunet-update && | ||
2406 | cd ~/gnunet-update | ||
2407 | gpg --keyserver "hkp://keys.gnupg.net" --recv-keys 7C613D78 | ||
2408 | @end example | ||
2409 | |||
2410 | @node Install GNUnet | ||
2411 | @subsection Install GNUnet | ||
2412 | |||
2413 | Download and install GNUnet binaries which can be found here and set library | ||
2414 | paths:@ | ||
2415 | @code{@ | ||
2416 | wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-`uname -m`.tgz@ | ||
2417 | ./bin/gnunet-update install /tmp/gnunet-0.9*.tgz ~@ | ||
2418 | echo "PATH DEFAULT=$@{PATH@}:$HOME/bin" >> ~/.pam_environment@ | ||
2419 | echo -e "$@{HOME@}/lib\n$@{HOME@}/lib/gnunet-deps" | sudo tee /etc/ld.so.conf.d/gnunet.conf > /dev/null@ | ||
2420 | sudo ldconfig@ | ||
2421 | }@ | ||
2422 | |||
2423 | You may need to re-login once after executing these last commands | ||
2424 | |||
2425 | That's it, GNUnet is installed in your home directory now. GNUnet can be | ||
2426 | configured and afterwards started by executing@ | ||
2427 | @code{gnunet-arm -s} | ||
2428 | |||
2429 | @node The graphical configuration interface | ||
2430 | @section The graphical configuration interface | ||
2431 | |||
2432 | If you also would like to use gnunet-gtk and gnunet-setup (highly recommended | ||
2433 | for beginners), do: | ||
2434 | |||
2435 | @example | ||
2436 | wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-gtk-0.9.4-`uname -m`.tgz@ | ||
2437 | sh ~/gnunet-update/bin/gnunet-update install /tmp/gnunet-*gtk*.tgz ~@ | ||
2438 | sudo ldconfig | ||
2439 | @end example | ||
2440 | Now you can run @code{gnunet-setup} for easy configuration of your GNUnet peer. | ||
2441 | |||
2442 | |||
2443 | @menu | ||
2444 | * Configuring your peer:: | ||
2445 | * Configuring the Friend-to-Friend (F2F) mode:: | ||
2446 | * Configuring the hostlist to bootstrap:: | ||
2447 | * Configuration of the HOSTLIST proxy settings:: | ||
2448 | * Configuring your peer to provide a hostlist :: | ||
2449 | * Configuring the datastore:: | ||
2450 | * Configuring the MySQL database:: | ||
2451 | * Reasons for using MySQL:: | ||
2452 | * Reasons for not using MySQL:: | ||
2453 | * Setup Instructions:: | ||
2454 | * Testing:: | ||
2455 | * Performance Tuning:: | ||
2456 | * Setup for running Testcases:: | ||
2457 | * Configuring the Postgres database:: | ||
2458 | * Reasons to use Postgres:: | ||
2459 | * Reasons not to use Postgres:: | ||
2460 | * Manual setup instructions:: | ||
2461 | * Testing the setup manually:: | ||
2462 | * Configuring the datacache:: | ||
2463 | * Configuring the file-sharing service:: | ||
2464 | * Configuring logging:: | ||
2465 | * Configuring the transport service and plugins:: | ||
2466 | * Configuring the wlan transport plugin:: | ||
2467 | * Configuring HTTP(S) reverse proxy functionality using Apache or nginx:: | ||
2468 | * Blacklisting peers:: | ||
2469 | * Configuration of the HTTP and HTTPS transport plugins:: | ||
2470 | * Configuring the GNU Name System:: | ||
2471 | * Configuring the GNUnet VPN:: | ||
2472 | * Bandwidth Configuration:: | ||
2473 | * Configuring NAT:: | ||
2474 | * Peer configuration for distributions:: | ||
2475 | @end menu | ||
2476 | |||
2477 | @node Configuring your peer | ||
2478 | @subsection Configuring your peer | ||
2479 | |||
2480 | This chapter will describe the various configuration options in GNUnet. | ||
2481 | |||
2482 | The easiest way to configure your peer is to use the gnunet-setup tool. | ||
2483 | gnunet-setup is part of the gnunet-gtk download. You might have to install it | ||
2484 | separately. | ||
2485 | |||
2486 | Many of the specific sections from this chapter actually are linked from within | ||
2487 | gnunet-setup to help you while using the setup tool. | ||
2488 | |||
2489 | While you can also configure your peer by editing the configuration file by | ||
2490 | hand, this is not recommended for anyone except for developers. | ||
2491 | |||
2492 | |||
2493 | |||
2494 | |||
2495 | |||
2496 | @node Configuring the Friend-to-Friend (F2F) mode | ||
2497 | @subsection Configuring the Friend-to-Friend (F2F) mode | ||
2498 | |||
2499 | GNUnet knows three basic modes of operation. In standard "peer-to-peer" mode, | ||
2500 | your peer will connect to any peer. In the pure "friend-to-friend" mode, your | ||
2501 | peer will ONLY connect to peers from a list of friends specified in the | ||
2502 | configuration. Finally, in mixed mode, GNUnet will only connect to arbitrary | ||
2503 | peers if it has at least a specified number of connections to friends. | ||
2504 | |||
2505 | When configuring any of the F2F modes, you first need to create a file with the | ||
2506 | peer identities of your friends. Ask your friends to run | ||
2507 | |||
2508 | $ gnunet-peerinfo -sq | ||
2509 | |||
2510 | The output of this command needs to be added to your friends file, which is | ||
2511 | simply a plain text file with one line per friend with the output from the | ||
2512 | above command. | ||
2513 | |||
2514 | You then specify the location of your friends file in the "FRIENDS" option of | ||
2515 | the "topology" section. | ||
2516 | |||
2517 | Once you have created the friends file, you can tell GNUnet to only connect to | ||
2518 | your friends by setting the "FRIENDS-ONLY" option (again in the "topology" | ||
2519 | section) to YES. | ||
2520 | |||
2521 | If you want to run in mixed-mode, set "FRIENDS-ONLY" to NO and configure a | ||
2522 | minimum number of friends to have (before connecting to arbitrary peers) under | ||
2523 | the "MINIMUM-FRIENDS" option. | ||
2524 | |||
2525 | If you want to operate in normal P2P-only mode, simply set "MINIMUM-FRIENDS" to | ||
2526 | zero and "FRIENDS_ONLY" to NO. This is the default. | ||
2527 | |||
2528 | @node Configuring the hostlist to bootstrap | ||
2529 | @subsection Configuring the hostlist to bootstrap | ||
2530 | |||
2531 | After installing the software you need to get connected to the GNUnet network. | ||
2532 | The configuration file included in your download is already configured to | ||
2533 | connect you to the GNUnet network. In this section the relevant configuration | ||
2534 | settings are explained. | ||
2535 | |||
2536 | To get an initial connection to the GNUnet network and to get to know peers | ||
2537 | already connected to the network you can use the so called bootstrap servers. | ||
2538 | These servers can give you a list of peers connected to the network. To use | ||
2539 | these bootstrap servers you have to configure the hostlist daemon to activate | ||
2540 | bootstrapping. | ||
2541 | |||
2542 | To activate bootstrapping edit your configuration file and edit the | ||
2543 | @code{[hostlist]}-section. You have to set the argument "-b" in the options | ||
2544 | line: | ||
2545 | @example | ||
2546 | [hostlist] | ||
2547 | OPTIONS = -b | ||
2548 | @end example | ||
2549 | |||
2550 | Additionally you have to specify which server you want to use. The default | ||
2551 | bootstrapping server is "@uref{http://v10.gnunet.org/hostlist, | ||
2552 | http://v10.gnunet.org/hostlist}". [^] To set the server you have to edit the | ||
2553 | line "SERVERS" in the hostlist section. To use the default server you should | ||
2554 | set the lines to | ||
2555 | @example | ||
2556 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2557 | @end example | ||
2558 | |||
2559 | |||
2560 | To use bootstrapping your configuration file should include these lines: | ||
2561 | @example | ||
2562 | [hostlist] | ||
2563 | OPTIONS = -b | ||
2564 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2565 | @end example | ||
2566 | |||
2567 | |||
2568 | Besides using bootstrap servers you can configure your GNUnet peer to recieve | ||
2569 | hostlist advertisements. Peers offering hostlists to other peers can send | ||
2570 | advertisement messages to peers that connect to them. If you configure your | ||
2571 | peer to receive these messages, your peer can download these lists and connect | ||
2572 | to the peers included. These lists are persistent, which means that they are | ||
2573 | saved to your hard disk regularly and are loaded during startup. | ||
2574 | |||
2575 | To activate hostlist learning you have to add the "-e" switch to the OPTIONS | ||
2576 | line in the hostlist section: | ||
2577 | @example | ||
2578 | [hostlist] | ||
2579 | OPTIONS = -b -e | ||
2580 | @end example | ||
2581 | |||
2582 | |||
2583 | Furthermore you can specify in which file the lists are saved. To save the | ||
2584 | lists in the file "hostlists.file" just add the line: | ||
2585 | @example | ||
2586 | HOSTLISTFILE = hostlists.file | ||
2587 | @end example | ||
2588 | |||
2589 | |||
2590 | Best practice is to activate both bootstrapping and hostlist learning. So your | ||
2591 | configuration file should include these lines: | ||
2592 | @example | ||
2593 | [hostlist] | ||
2594 | OPTIONS = -b -e | ||
2595 | HTTPPORT = 8080 | ||
2596 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2597 | HOSTLISTFILE = $SERVICEHOME/hostlists.file | ||
2598 | @end example | ||
2599 | |||
2600 | @node Configuration of the HOSTLIST proxy settings | ||
2601 | @subsection Configuration of the HOSTLIST proxy settings | ||
2602 | |||
2603 | The hostlist client can be configured to use a proxy to connect to the hostlist | ||
2604 | server. This functionality can be configured in the configuration file directly | ||
2605 | or using the gnunet-setup tool. | ||
2606 | |||
2607 | The hostlist client supports the following proxy types at the moment: | ||
2608 | @itemize @bullet | ||
2609 | |||
2610 | |||
2611 | @item | ||
2612 | HTTP and HTTP 1.0 only proxy | ||
2613 | |||
2614 | @item | ||
2615 | SOCKS 4/4a/5/5 with hostname | ||
2616 | @end itemize | ||
2617 | |||
2618 | |||
2619 | In addition authentication at the proxy with username and password can be | ||
2620 | configured. | ||
2621 | |||
2622 | To configure proxy support for the hostlist client in the gnunet-setup tool, | ||
2623 | select the "hostlist" tab and select the appropriate proxy type. The hostname | ||
2624 | or IP address (including port if required) has to be entered in the "Proxy | ||
2625 | hostname" textbox. If required, enter username and password in the "Proxy | ||
2626 | username" and "Proxy password" boxes. Be aware that these information will be | ||
2627 | stored in the configuration in plain text. | ||
2628 | |||
2629 | To configure these options directly in the configuration, you can configure the | ||
2630 | following settings in the @code{[hostlist]} section of the configuration:@ | ||
2631 | @example | ||
2632 | # Type of proxy server,@ | ||
2633 | # Valid values: HTTP, HTTP_1_0, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME@ | ||
2634 | # Default: HTTP@ | ||
2635 | # PROXY_TYPE = HTTP | ||
2636 | |||
2637 | # Hostname or IP of proxy server@ | ||
2638 | # PROXY =@ | ||
2639 | # User name for proxy server@ | ||
2640 | # PROXY_USERNAME =@ | ||
2641 | # User password for proxy server@ | ||
2642 | # PROXY_PASSWORD =@ | ||
2643 | @end example | ||
2644 | |||
2645 | @node Configuring your peer to provide a hostlist | ||
2646 | @subsection Configuring your peer to provide a hostlist | ||
2647 | |||
2648 | If you operate a peer permanently connected to GNUnet you can configure your | ||
2649 | peer to act as a hostlist server, providing other peers the list of peers known | ||
2650 | to him. | ||
2651 | |||
2652 | Yor server can act as a bootstrap server and peers needing to obtain a list of | ||
2653 | peers can contact him to download this list. To download this hostlist the peer | ||
2654 | uses HTTP. For this reason you have to build your peer with libcurl and | ||
2655 | microhttpd support. How you build your peer with this options can be found | ||
2656 | here: https://gnunet.org/generic_installation | ||
2657 | |||
2658 | To configure your peer to act as a bootstrap server you have to add the "-p" | ||
2659 | option to OPTIONS in the [hostlist] section of your configuration file. Besides | ||
2660 | that you have to specify a port number for the http server. In conclusion you | ||
2661 | have to add the following lines: | ||
2662 | |||
2663 | @example | ||
2664 | [hostlist] | ||
2665 | HTTPPORT = 12980 | ||
2666 | OPTIONS = -p | ||
2667 | @end example | ||
2668 | |||
2669 | |||
2670 | If your peer acts as a bootstrap server other peers should know about that. You | ||
2671 | can advertise the hostlist your are providing to other peers. Peers connecting | ||
2672 | to your peer will get a message containing an advertisement for your hostlist | ||
2673 | and the URL where it can be downloaded. If this peer is in learning mode, it | ||
2674 | will test the hostlist and, in the case it can obtain the list successfully, it | ||
2675 | will save it for bootstrapping. | ||
2676 | |||
2677 | To activate hostlist advertisement on your peer, you have to set the following | ||
2678 | lines in your configuration file: | ||
2679 | @example | ||
2680 | [hostlist] | ||
2681 | EXTERNAL_DNS_NAME = example.org | ||
2682 | HTTPPORT = 12981 | ||
2683 | OPTIONS = -p -a | ||
2684 | @end example | ||
2685 | |||
2686 | |||
2687 | With this configuration your peer will a act as a bootstrap server and | ||
2688 | advertise this hostlist to other peers connecting to him. The URL used to | ||
2689 | download the list will be @code{@uref{http://example.org:12981/, | ||
2690 | http://example.org:12981/}}. | ||
2691 | |||
2692 | Please notice: | ||
2693 | @itemize @bullet | ||
2694 | |||
2695 | |||
2696 | @item | ||
2697 | The hostlist is not human readable, so you should not try to download it using | ||
2698 | your webbrowser. Just point your GNUnet peer to the address! | ||
2699 | |||
2700 | @item | ||
2701 | Advertising without providing a hostlist does not make sense and will not work. | ||
2702 | @end itemize | ||
2703 | |||
2704 | @node Configuring the datastore | ||
2705 | @subsection Configuring the datastore | ||
2706 | |||
2707 | The datastore is what GNUnet uses to for long-term storage of file-sharing | ||
2708 | data. Note that long-term does not mean 'forever' since content does have an | ||
2709 | expiration date, and of course storage space is finite (and hence sometimes | ||
2710 | content may have to be discarded). | ||
2711 | |||
2712 | Use the "QUOTA" option to specify how many bytes of storage space you are | ||
2713 | willing to dedicate to GNUnet. | ||
2714 | |||
2715 | In addition to specifying the maximum space GNUnet is allowed to use for the | ||
2716 | datastore, you need to specify which database GNUnet should use to do so. | ||
2717 | Currently, you have the choice between sqLite, MySQL and Postgres. | ||
2718 | |||
2719 | @node Configuring the MySQL database | ||
2720 | @subsection Configuring the MySQL database | ||
2721 | |||
2722 | This section describes how to setup the MySQL database for GNUnet. | ||
2723 | |||
2724 | Note that the mysql plugin does NOT work with mysql before 4.1 since we need | ||
2725 | prepared statements. We are generally testing the code against MySQL 5.1 at | ||
2726 | this point. | ||
2727 | |||
2728 | @node Reasons for using MySQL | ||
2729 | @subsection Reasons for using MySQL | ||
2730 | |||
2731 | @itemize @bullet | ||
2732 | |||
2733 | @item | ||
2734 | On up-to-date hardware where mysql can be used comfortably, this module will | ||
2735 | have better performance than the other database choices (according to our | ||
2736 | tests). | ||
2737 | |||
2738 | @item Its often possible to recover the mysql database from internal | ||
2739 | inconsistencies. Some of the other databases do not support repair. | ||
2740 | @end itemize | ||
2741 | |||
2742 | @node Reasons for not using MySQL | ||
2743 | @subsection Reasons for not using MySQL | ||
2744 | |||
2745 | @itemize @bullet | ||
2746 | |||
2747 | @item | ||
2748 | Memory usage (likely not an issue if you have more than 1 GB) | ||
2749 | |||
2750 | @item | ||
2751 | Complex manual setup | ||
2752 | @end itemize | ||
2753 | |||
2754 | @node Setup Instructions | ||
2755 | @subsection Setup Instructions | ||
2756 | |||
2757 | @itemize @bullet | ||
2758 | |||
2759 | @item | ||
2760 | In @code{gnunet.conf} set in section "DATASTORE" the value for "DATABASE" to | ||
2761 | "mysql". | ||
2762 | |||
2763 | @item | ||
2764 | Access mysql as root:@ | ||
2765 | |||
2766 | @example | ||
2767 | $ mysql -u root -p | ||
2768 | @end example | ||
2769 | |||
2770 | |||
2771 | and issue the following commands, replacing $USER with the username@ | ||
2772 | that will be running gnunet-arm (so typically "gnunet"): | ||
2773 | @example | ||
2774 | CREATE DATABASE gnunet; | ||
2775 | GRANT select,insert,update,delete,create,alter,drop,create temporary tables | ||
2776 | ON gnunet.* TO $USER@@localhost; | ||
2777 | SET PASSWORD FOR $USER@@localhost=PASSWORD('$the_password_you_like'); | ||
2778 | FLUSH PRIVILEGES; | ||
2779 | @end example | ||
2780 | |||
2781 | |||
2782 | @item | ||
2783 | In the $HOME directory of $USER, create a ".my.cnf" file with the following lines@ | ||
2784 | |||
2785 | @example | ||
2786 | [client] | ||
2787 | user=$USER | ||
2788 | password=$the_password_you_like | ||
2789 | @end example | ||
2790 | |||
2791 | @end itemize | ||
2792 | |||
2793 | |||
2794 | Thats it. Note that @code{.my.cnf} file is a slight security risk unless its | ||
2795 | on@ a safe partition. The $HOME/.my.cnf can of course be a symbolic@ link. | ||
2796 | Luckily $USER has only priviledges to mess up GNUnet's tables, which should be | ||
2797 | pretty harmless. | ||
2798 | @node Testing | ||
2799 | @subsection Testing | ||
2800 | |||
2801 | You should briefly try if the database connection works. First, login as $USER. | ||
2802 | Then use: | ||
2803 | @example | ||
2804 | $ mysql -u $USER | ||
2805 | mysql> use gnunet; | ||
2806 | @end example | ||
2807 | |||
2808 | |||
2809 | If you get the message "Database changed" it probably works. | ||
2810 | |||
2811 | If you get "ERROR 2002: Can't connect to local MySQL server@ | ||
2812 | through socket '/tmp/mysql.sock' (2)" it may be resolvable by@ | ||
2813 | "ln -s /var/run/mysqld/mysqld.sock /tmp/mysql.sock"@ | ||
2814 | so there may be some additional trouble depending on your mysql setup. | ||
2815 | @node Performance Tuning | ||
2816 | @subsection Performance Tuning | ||
2817 | |||
2818 | For GNUnet, you probably want to set the option | ||
2819 | @example | ||
2820 | innodb_flush_log_at_trx_commit = 0 | ||
2821 | @end example | ||
2822 | |||
2823 | for a rather dramatic boost in MySQL performance. However, this reduces the | ||
2824 | "safety" of your database as with this options you may loose transactions | ||
2825 | during a power outage. While this is totally harmless for GNUnet, the option | ||
2826 | applies to all applications using MySQL. So you should set it if (and only if) | ||
2827 | GNUnet is the only application on your system using MySQL. | ||
2828 | |||
2829 | @node Setup for running Testcases | ||
2830 | @subsection Setup for running Testcases | ||
2831 | |||
2832 | If you want to run the testcases, you must create a second database | ||
2833 | "gnunetcheck" with the same username and password. This database will then be | ||
2834 | used for testing ("make check"). | ||
2835 | |||
2836 | @node Configuring the Postgres database | ||
2837 | @subsection Configuring the Postgres database | ||
2838 | |||
2839 | This text describes how to setup the Postgres database for GNUnet. | ||
2840 | |||
2841 | This Postgres plugin was developed for Postgres 8.3 but might work for earlier | ||
2842 | versions as well. | ||
2843 | |||
2844 | @node Reasons to use Postgres | ||
2845 | @subsection Reasons to use Postgres | ||
2846 | |||
2847 | @itemize @bullet | ||
2848 | @item | ||
2849 | Easier to setup than MySQL | ||
2850 | @item | ||
2851 | Real database | ||
2852 | @end itemize | ||
2853 | |||
2854 | @node Reasons not to use Postgres | ||
2855 | @subsection Reasons not to use Postgres | ||
2856 | |||
2857 | @itemize @bullet | ||
2858 | @item | ||
2859 | Quite slow | ||
2860 | @item | ||
2861 | Still some manual setup required | ||
2862 | @end itemize | ||
2863 | |||
2864 | @node Manual setup instructions | ||
2865 | @subsection Manual setup instructions | ||
2866 | |||
2867 | @itemize @bullet | ||
2868 | |||
2869 | @item | ||
2870 | In @code{gnunet.conf} set in section "DATASTORE" the value for@ | ||
2871 | "DATABASE" to "postgres". | ||
2872 | @item | ||
2873 | Access Postgres to create a user:@ | ||
2874 | |||
2875 | @table @asis | ||
2876 | |||
2877 | @item with Postgres 8.x, use: | ||
2878 | |||
2879 | @example | ||
2880 | # su - postgres | ||
2881 | $ createuser | ||
2882 | @end example | ||
2883 | |||
2884 | and enter the name of the user running GNUnet for the role interactively. | ||
2885 | Then, when prompted, do not set it to superuser, allow the creation of | ||
2886 | databases, and do not allow the creation of new roles.@ | ||
2887 | |||
2888 | @item with Postgres 9.x, use: | ||
2889 | |||
2890 | @example | ||
2891 | # su - postgres | ||
2892 | $ createuser -d $GNUNET_USER | ||
2893 | @end example | ||
2894 | |||
2895 | |||
2896 | where $GNUNET_USER is the name of the user running GNUnet.@ | ||
2897 | |||
2898 | @end table | ||
2899 | |||
2900 | |||
2901 | @item | ||
2902 | As that user (so typically as user "gnunet"), create a database (or two):@ | ||
2903 | |||
2904 | @example | ||
2905 | $ createdb gnunet | ||
2906 | $ createdb gnunetcheck # this way you can run "make check" | ||
2907 | @end example | ||
2908 | |||
2909 | @end itemize | ||
2910 | |||
2911 | |||
2912 | Now you should be able to start @code{gnunet-arm}. | ||
2913 | |||
2914 | @node Testing the setup manually | ||
2915 | @subsection Testing the setup manually | ||
2916 | |||
2917 | You may want to try if the database connection works. First, again login as | ||
2918 | the user who will run gnunet-arm. Then use, | ||
2919 | @example | ||
2920 | $ psql gnunet # or gnunetcheck | ||
2921 | gnunet=> \dt | ||
2922 | @end example | ||
2923 | |||
2924 | |||
2925 | If, after you have started gnunet-arm at least once, you get a @code{gn090} | ||
2926 | table here, it probably works. | ||
2927 | |||
2928 | @node Configuring the datacache | ||
2929 | @subsection Configuring the datacache | ||
2930 | @c %**end of header | ||
2931 | |||
2932 | The datacache is what GNUnet uses for storing temporary data. This data is | ||
2933 | expected to be wiped completely each time GNUnet is restarted (or the system | ||
2934 | is rebooted). | ||
2935 | |||
2936 | You need to specify how many bytes GNUnet is allowed to use for the datacache | ||
2937 | using the "QUOTA" option in the section "dhtcache". Furthermore, you need to | ||
2938 | specify which database backend should be used to store the data. Currently, | ||
2939 | you have the choice between sqLite, MySQL and Postgres. | ||
2940 | |||
2941 | @node Configuring the file-sharing service | ||
2942 | @subsection Configuring the file-sharing service | ||
2943 | |||
2944 | In order to use GNUnet for file-sharing, you first need to make sure that the | ||
2945 | file-sharing service is loaded. This is done by setting the AUTOSTART option in | ||
2946 | section "fs" to "YES". Alternatively, you can run | ||
2947 | @example | ||
2948 | $ gnunet-arm -i fs | ||
2949 | @end example | ||
2950 | |||
2951 | to start the file-sharing service by hand. | ||
2952 | |||
2953 | Except for configuring the database and the datacache the only important option | ||
2954 | for file-sharing is content migration. | ||
2955 | |||
2956 | Content migration allows your peer to cache content from other peers as well as | ||
2957 | send out content stored on your system without explicit requests. This content | ||
2958 | replication has positive and negative impacts on both system performance an | ||
2959 | privacy. | ||
2960 | |||
2961 | FIXME: discuss the trade-offs. Here is some older text about it... | ||
2962 | |||
2963 | Setting this option to YES allows gnunetd to migrate data to the local machine. | ||
2964 | Setting this option to YES is highly recommended for efficiency. Its also the | ||
2965 | default. If you set this value to YES, GNUnet will store content on your | ||
2966 | machine that you cannot decrypt. While this may protect you from liability if | ||
2967 | the judge is sane, it may not (IANAL). If you put illegal content on your | ||
2968 | machine yourself, setting this option to YES will probably increase your chances | ||
2969 | to get away with it since you can plausibly deny that you inserted the content. | ||
2970 | Note that in either case, your anonymity would have to be broken first (which | ||
2971 | may be possible depending on the size of the GNUnet network and the strength of | ||
2972 | the adversary). | ||
2973 | |||
2974 | @node Configuring logging | ||
2975 | @subsection Configuring logging | ||
2976 | |||
2977 | Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options. | ||
2978 | Using "-L", a log level can be specified. With log level "ERROR" only serious | ||
2979 | errors are logged. The default log level is "WARNING" which causes anything of | ||
2980 | concern to be logged. Log level "INFO" can be used to log anything that might | ||
2981 | be interesting information whereas "DEBUG" can be used by developers to log | ||
2982 | debugging messages (but you need to run configure with | ||
2983 | @code{--enable-logging=verbose} to get them compiled). The "-l" option is used | ||
2984 | to specify the log file. | ||
2985 | |||
2986 | Since most GNUnet services are managed by @code{gnunet-arm}, using the "-l" or | ||
2987 | "-L" options directly is not possible. Instead, they can be specified using the | ||
2988 | "OPTIONS" configuration value in the respective section for the respective | ||
2989 | service. In order to enable logging globally without editing the "OPTIONS" | ||
2990 | values for each service, @code{gnunet-arm} supports a "GLOBAL_POSTFIX" option. | ||
2991 | The value specified here is given as an extra option to all services for which | ||
2992 | the configuration does contain a service-specific "OPTIONS" field. | ||
2993 | |||
2994 | "GLOBAL_POSTFIX" can contain the special sequence "@{@}" which is replaced by | ||
2995 | the name of the service that is being started. Furthermore, | ||
2996 | @code{GLOBAL_POSTFIX} is special in that sequences starting with "$" anywhere | ||
2997 | in the string are expanded (according to options in "PATHS"); this expansion | ||
2998 | otherwise is only happening for filenames and then the "$" must be the first | ||
2999 | character in the option. Both of these restrictions do not apply to | ||
3000 | "GLOBAL_POSTFIX". Note that specifying @code{%} anywhere in the "GLOBAL_POSTFIX" | ||
3001 | disables both of these features. | ||
3002 | |||
3003 | In summary, in order to get all services to log at level "INFO" to log-files | ||
3004 | called @code{SERVICENAME-logs}, the following global prefix should be used: | ||
3005 | @example | ||
3006 | GLOBAL_POSTFIX = -l $SERVICEHOME/@{@}-logs -L INFO | ||
3007 | @end example | ||
3008 | |||
3009 | @node Configuring the transport service and plugins | ||
3010 | @subsection Configuring the transport service and plugins | ||
3011 | |||
3012 | The transport service in GNUnet is responsible to maintain basic connectivity | ||
3013 | to other peers. Besides initiating and keeping connections alive it is also | ||
3014 | responsible for address validation. | ||
3015 | |||
3016 | The GNUnet transport supports more than one transport protocol. These protocols | ||
3017 | are configured together with the transport service. | ||
3018 | |||
3019 | The configuration section for the transport service itself is quite similar to | ||
3020 | all the other services | ||
3021 | |||
3022 | @code{@ | ||
3023 | AUTOSTART = YES@ | ||
3024 | @@UNIXONLY@@ PORT = 2091@ | ||
3025 | HOSTNAME = localhost@ | ||
3026 | HOME = $SERVICEHOME@ | ||
3027 | CONFIG = $DEFAULTCONFIG@ | ||
3028 | BINARY = gnunet-service-transport@ | ||
3029 | #PREFIX = valgrind@ | ||
3030 | NEIGHBOUR_LIMIT = 50@ | ||
3031 | ACCEPT_FROM = 127.0.0.1;@ | ||
3032 | ACCEPT_FROM6 = ::1;@ | ||
3033 | PLUGINS = tcp udp@ | ||
3034 | UNIXPATH = /tmp/gnunet-service-transport.sock@ | ||
3035 | } | ||
3036 | |||
3037 | Different are the settings for the plugins to load @code{PLUGINS}. The first | ||
3038 | setting specifies which transport plugins to load. | ||
3039 | @itemize @bullet | ||
3040 | |||
3041 | |||
3042 | @item | ||
3043 | transport-unix | ||
3044 | |||
3045 | A plugin for local only communication with UNIX domain sockets. Used for | ||
3046 | testing and available on unix systems only. Just set the port | ||
3047 | |||
3048 | @code{@ | ||
3049 | [transport-unix]@ | ||
3050 | PORT = 22086@ | ||
3051 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3052 | } | ||
3053 | |||
3054 | @item | ||
3055 | transport-tcp | ||
3056 | |||
3057 | A plugin for communication with TCP. Set port to 0 for client mode with | ||
3058 | outbound only connections | ||
3059 | |||
3060 | @code{@ | ||
3061 | [transport-tcp]@ | ||
3062 | # Use 0 to ONLY advertise as a peer behind NAT (no port binding)@ | ||
3063 | PORT = 2086@ | ||
3064 | ADVERTISED_PORT = 2086@ | ||
3065 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3066 | # Maximum number of open TCP connections allowed@ | ||
3067 | MAX_CONNECTIONS = 128@ | ||
3068 | } | ||
3069 | |||
3070 | @item | ||
3071 | transport-udp | ||
3072 | |||
3073 | A plugin for communication with UDP. Supports peer discovery using broadcasts.@ | ||
3074 | @code{@ | ||
3075 | [transport-udp]@ | ||
3076 | PORT = 2086@ | ||
3077 | BROADCAST = YES@ | ||
3078 | BROADCAST_INTERVAL = 30 s@ | ||
3079 | MAX_BPS = 1000000@ | ||
3080 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3081 | } | ||
3082 | |||
3083 | @item | ||
3084 | transport-http | ||
3085 | |||
3086 | HTTP and HTTPS support is split in two part: a client plugin initiating | ||
3087 | outbound connections and a server part accepting connections from the client. | ||
3088 | The client plugin just takes the maximum number of connections as an argument.@ | ||
3089 | @code{@ | ||
3090 | [transport-http_client]@ | ||
3091 | MAX_CONNECTIONS = 128@ | ||
3092 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3093 | }@ | ||
3094 | @code{@ | ||
3095 | [transport-https_client]@ | ||
3096 | MAX_CONNECTIONS = 128@ | ||
3097 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3098 | } | ||
3099 | |||
3100 | The server has a port configured and the maximum nunber of connections.@ | ||
3101 | The HTTPS part has two files with the certificate key and the certificate file. | ||
3102 | |||
3103 | The server plugin supports reverse proxies, so a external hostname can be set | ||
3104 | using@ | ||
3105 | the @code{EXTERNAL_HOSTNAME} setting. The webserver under this address should | ||
3106 | forward the request to the peer and the configure port. | ||
3107 | |||
3108 | @code{@ | ||
3109 | [transport-http_server]@ | ||
3110 | EXTERNAL_HOSTNAME = fulcrum.net.in.tum.de/gnunet@ | ||
3111 | PORT = 1080@ | ||
3112 | MAX_CONNECTIONS = 128@ | ||
3113 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3114 | }@ | ||
3115 | @code{@ | ||
3116 | [transport-https_server]@ | ||
3117 | PORT = 4433@ | ||
3118 | CRYPTO_INIT = NORMAL@ | ||
3119 | KEY_FILE = https.key@ | ||
3120 | CERT_FILE = https.cert@ | ||
3121 | MAX_CONNECTIONS = 128@ | ||
3122 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3123 | } | ||
3124 | |||
3125 | @item | ||
3126 | transport-wlan | ||
3127 | |||
3128 | There is a special article how to setup the WLAN plugin, so here only the | ||
3129 | settings. Just specify the interface to use:@ | ||
3130 | @code{@ | ||
3131 | [transport-wlan]@ | ||
3132 | # Name of the interface in monitor mode (typically monX)@ | ||
3133 | INTERFACE = mon0@ | ||
3134 | # Real hardware, no testing@ | ||
3135 | TESTMODE = 0@ | ||
3136 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
3137 | } | ||
3138 | @end itemize | ||
3139 | |||
3140 | @node Configuring the wlan transport plugin | ||
3141 | @subsection Configuring the wlan transport plugin | ||
3142 | |||
3143 | |||
3144 | The wlan transport plugin enables GNUnet to send and to receive data on a wlan | ||
3145 | interface. It has not to be connected to a wlan network as long as sender and | ||
3146 | receiver are on the same channel. This enables you to get connection to the | ||
3147 | GNUnet where no internet access is possible, for example while catastrophes or | ||
3148 | when censorship cuts you off the internet. | ||
3149 | |||
3150 | |||
3151 | @menu | ||
3152 | * Requirements for the WLAN plugin:: | ||
3153 | * Configuration:: | ||
3154 | * Before starting GNUnet:: | ||
3155 | * Limitations and known bugs:: | ||
3156 | @end menu | ||
3157 | |||
3158 | |||
3159 | @node Requirements for the WLAN plugin | ||
3160 | @subsubsection Requirements for the WLAN plugin | ||
3161 | |||
3162 | @itemize @bullet | ||
3163 | |||
3164 | @item | ||
3165 | wlan network card with monitor support and packet injection | ||
3166 | (see @uref{http://www.aircrack-ng.org/, aircrack-ng.org}) | ||
3167 | |||
3168 | @item | ||
3169 | Linux kernel with mac80211 stack, introduced in 2.6.22, tested with 2.6.35 | ||
3170 | and 2.6.38 | ||
3171 | |||
3172 | @item | ||
3173 | Wlantools to create the a monitor interface, tested with airmon-ng of the | ||
3174 | aircrack-ng package | ||
3175 | @end itemize | ||
3176 | |||
3177 | @node Configuration | ||
3178 | @subsubsection Configuration | ||
3179 | |||
3180 | There are the following options for the wlan plugin (they should be like this | ||
3181 | in your default config file, you only need to adjust them if the values are | ||
3182 | incorrect for your system)@ | ||
3183 | @code{@ | ||
3184 | # section for the wlan transport plugin@ | ||
3185 | [transport-wlan]@ | ||
3186 | # interface to use, more information in the | ||
3187 | # "Before starting GNUnet" section of the handbook. | ||
3188 | INTERFACE = mon0@ | ||
3189 | # testmode for developers:@ | ||
3190 | # 0 use wlan interface,@ | ||
3191 | #1 or 2 use loopback driver for tests 1 = server, 2 = client@ | ||
3192 | TESTMODE = 0@ | ||
3193 | } | ||
3194 | |||
3195 | @node Before starting GNUnet | ||
3196 | @subsubsection Before starting GNUnet | ||
3197 | |||
3198 | Before starting GNUnet, you have to make sure that your wlan interface is in | ||
3199 | monitor mode. One way to put the wlan interface into monitor mode (if your | ||
3200 | interface name is wlan0) is by executing:@ | ||
3201 | @code{@ | ||
3202 | sudo airmon-ng start wlan0@ | ||
3203 | } | ||
3204 | |||
3205 | Here is an example what the result should look like:@ | ||
3206 | @code{@ | ||
3207 | Interface Chipset Driver@ | ||
3208 | wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0]@ | ||
3209 | (monitor mode enabled on mon0)@ | ||
3210 | }@ | ||
3211 | The monitor interface is mon0 is the one that you have to put into the | ||
3212 | configuration file. | ||
3213 | |||
3214 | @node Limitations and known bugs | ||
3215 | @subsubsection Limitations and known bugs | ||
3216 | |||
3217 | Wlan speed is at the maximum of 1 Mbit/s because support for choosing the wlan | ||
3218 | speed with packet injection was removed in newer kernels. Please pester the | ||
3219 | kernel developers about fixing this. | ||
3220 | |||
3221 | The interface channel depends on the wlan network that the card is connected | ||
3222 | to. If no connection has been made since the start of the computer, it is | ||
3223 | usually the first channel of the card. Peers will only find each other and | ||
3224 | communicate if they are on the same channel. Channels must be set manually | ||
3225 | (i.e. using @code{iwconfig wlan0 channel 1}). | ||
3226 | |||
3227 | |||
3228 | @node Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
3229 | @subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
3230 | |||
3231 | The HTTP plugin supports data transfer using reverse proxies. A reverse proxy | ||
3232 | forwards the HTTP request he receives with a certain URL to another webserver, | ||
3233 | here a GNUnet peer. | ||
3234 | |||
3235 | So if you have a running Apache or nginx webserver you can configure it to be a | ||
3236 | GNUnet reverse proxy. Especially if you have a well-known webiste this improves | ||
3237 | censorship resistance since it looks as normal surfing behaviour. | ||
3238 | |||
3239 | To do so, you have to do two things: | ||
3240 | |||
3241 | @itemize @bullet | ||
3242 | |||
3243 | @item | ||
3244 | Configure your webserver to forward the GNUnet HTTP traffic | ||
3245 | |||
3246 | @item | ||
3247 | Configure your GNUnet peer to announce the respective address | ||
3248 | @end itemize | ||
3249 | |||
3250 | As an example we want to use GNUnet peer running: | ||
3251 | |||
3252 | @itemize @bullet | ||
3253 | |||
3254 | @item | ||
3255 | HTTP server plugin on @code{gnunet.foo.org:1080} | ||
3256 | |||
3257 | @item | ||
3258 | HTTPS server plugin on @code{gnunet.foo.org:4433} | ||
3259 | |||
3260 | @item | ||
3261 | A apache or nginx webserver on @uref{http://www.foo.org/, http://www.foo.org:80/} | ||
3262 | |||
3263 | @item | ||
3264 | A apache or nginx webserver on https://www.foo.org:443/ | ||
3265 | @end itemize | ||
3266 | |||
3267 | And we want the webserver to accept GNUnet traffic under | ||
3268 | @code{http://www.foo.org/bar/}. The required steps are described here: | ||
3269 | |||
3270 | @strong{Configure your Apache2 HTTP webserver} | ||
3271 | |||
3272 | First of all you need mod_proxy installed. | ||
3273 | |||
3274 | Edit your webserver configuration. Edit @code{/etc/apache2/apache2.conf} or | ||
3275 | the site-specific configuration file. | ||
3276 | |||
3277 | In the respective @code{server config},@code{virtual host} or | ||
3278 | @code{directory} section add the following lines:@ | ||
3279 | @code{@ | ||
3280 | ProxyTimeout 300@ | ||
3281 | ProxyRequests Off@ | ||
3282 | <Location /bar/ >@ | ||
3283 | ProxyPass http://gnunet.foo.org:1080/@ | ||
3284 | ProxyPassReverse http://gnunet.foo.org:1080/@ | ||
3285 | </Location>@ | ||
3286 | } | ||
3287 | |||
3288 | @strong{Configure your Apache2 HTTPS webserver} | ||
3289 | |||
3290 | We assume that you already have an HTTPS server running, if not please check | ||
3291 | how to configure a HTTPS host. An easy to use example is the | ||
3292 | @file{apache2/sites-available/default-ssl} example configuration file. | ||
3293 | |||
3294 | In the respective HTTPS @code{server config},@code{virtual host} or | ||
3295 | @code{directory} section add the following lines:@ | ||
3296 | @code{@ | ||
3297 | SSLProxyEngine On@ | ||
3298 | ProxyTimeout 300@ | ||
3299 | ProxyRequests Off@ | ||
3300 | <Location /bar/ >@ | ||
3301 | ProxyPass https://gnunet.foo.org:4433/@ | ||
3302 | ProxyPassReverse https://gnunet.foo.org:4433/@ | ||
3303 | </Location>@ | ||
3304 | } | ||
3305 | |||
3306 | More information about the apache mod_proxy configuration can be found unter:@ | ||
3307 | @uref{http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass, http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass} | ||
3308 | |||
3309 | @strong{Configure your nginx HTTPS webserver} | ||
3310 | |||
3311 | Since nginx does not support chunked encoding, you first of all have to | ||
3312 | install @code{chunkin}:@ | ||
3313 | @uref{http://wiki.nginx.org/HttpChunkinModule, http://wiki.nginx.org/HttpChunkinModule} | ||
3314 | |||
3315 | To enable chunkin add:@ | ||
3316 | @code{@ | ||
3317 | chunkin on;@ | ||
3318 | error_page 411 = @@my_411_error;@ | ||
3319 | location @@my_411_error @{@ | ||
3320 | chunkin_resume;@ | ||
3321 | @}@ | ||
3322 | } | ||
3323 | |||
3324 | Edit your webserver configuration. Edit @code{/etc/nginx/nginx.conf} or the | ||
3325 | site-specific configuration file. | ||
3326 | |||
3327 | In the @code{server} section add:@ | ||
3328 | @code{@ | ||
3329 | location /bar/@ | ||
3330 | @{@ | ||
3331 | proxy_pass http://gnunet.foo.org:1080/;@ | ||
3332 | proxy_buffering off;@ | ||
3333 | proxy_connect_timeout 5; # more than http_server@ | ||
3334 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout@ | ||
3335 | proxy_http_version 1.1; # 1.0 default@ | ||
3336 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;@ | ||
3337 | @}@ | ||
3338 | @code{}} | ||
3339 | |||
3340 | @strong{Configure your nginx HTTPS webserver} | ||
3341 | |||
3342 | Edit your webserver configuration. Edit @code{/etc/nginx/nginx.conf} or the | ||
3343 | site-specific configuration file. | ||
3344 | |||
3345 | In the @code{server} section add:@ | ||
3346 | @code{@ | ||
3347 | ssl_session_timeout 6m;@ | ||
3348 | location /bar/@ | ||
3349 | @{@ | ||
3350 | proxy_pass https://gnunet.foo.org:4433/;@ | ||
3351 | proxy_buffering off;@ | ||
3352 | proxy_connect_timeout 5; # more than http_server@ | ||
3353 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout@ | ||
3354 | proxy_http_version 1.1; # 1.0 default@ | ||
3355 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;@ | ||
3356 | @}@ | ||
3357 | @code{}} | ||
3358 | |||
3359 | @strong{Configure your GNUnet peer} | ||
3360 | |||
3361 | To have your GNUnet peer announce the address, you have to specify the | ||
3362 | |||
3363 | @code{EXTERNAL_HOSTNAME} option in the @code{[transport-http_server]} section:@ | ||
3364 | @code{@ | ||
3365 | [transport-http_server]@ | ||
3366 | EXTERNAL_HOSTNAME = http://www.foo.org/bar/@ | ||
3367 | }@ | ||
3368 | and/or@ | ||
3369 | @code{[transport-https_server]} section:@ | ||
3370 | @code{@ | ||
3371 | [transport-https_server]@ | ||
3372 | EXTERNAL_HOSTNAME = https://www.foo.org/bar/@ | ||
3373 | } | ||
3374 | |||
3375 | Now restart your webserver and your peer... | ||
3376 | |||
3377 | @node Blacklisting peers | ||
3378 | @subsection Blacklisting peers | ||
3379 | |||
3380 | Transport service supports to deny connecting to a specific peer of to a | ||
3381 | specific peer with a specific transport plugin using te blacklisting component | ||
3382 | of transport service. With@ blacklisting it is possible to deny connections to | ||
3383 | specific peers of@ to use a specific plugin to a specific peer. Peers can be | ||
3384 | blacklisted using@ the configuration or a blacklist client can be asked. | ||
3385 | |||
3386 | To blacklist peers using the configuration you have to add a section to your@ | ||
3387 | configuration containing the peer id of the peer to blacklist and the plugin@ | ||
3388 | if required. | ||
3389 | |||
3390 | Example:@ | ||
3391 | To blacklist connections to P565... on peer AG2P... using tcp add:@ | ||
3392 | @code{@ | ||
3393 | [transport-blacklist AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]@ | ||
3394 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp@ | ||
3395 | }@ | ||
3396 | To blacklist connections to P565... on peer AG2P... using all plugins add:@ | ||
3397 | @code{@ | ||
3398 | [transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]@ | ||
3399 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G =@ | ||
3400 | } | ||
3401 | |||
3402 | You can also add a blacklist client usign the blacklist api. On a blacklist@ | ||
3403 | check, blacklisting first checks internally if the peer is blacklisted and@ | ||
3404 | if not, it asks the blacklisting clients. Clients are asked if it is OK to@ | ||
3405 | connect to a peer ID, the plugin is omitted. | ||
3406 | |||
3407 | On blacklist check for (peer, plugin) | ||
3408 | @itemize @bullet | ||
3409 | @item Do we have a local blacklist entry for this peer and this plugin?@ | ||
3410 | @item YES: disallow connection@ | ||
3411 | @item Do we have a local blacklist entry for this peer and all plugins?@ | ||
3412 | @item YES: disallow connection@ | ||
3413 | @item Does one of the clients disallow?@ | ||
3414 | @item YES: disallow connection | ||
3415 | @end itemize | ||
3416 | |||
3417 | @node Configuration of the HTTP and HTTPS transport plugins | ||
3418 | @subsection Configuration of the HTTP and HTTPS transport plugins | ||
3419 | |||
3420 | The client part of the http and https transport plugins can be configured to | ||
3421 | use a proxy to connect to the hostlist server. This functionality can be | ||
3422 | configured in the configuration file directly or using the gnunet-setup tool. | ||
3423 | |||
3424 | The both the HTTP and HTTPS clients support the following proxy types at the | ||
3425 | moment: | ||
3426 | |||
3427 | @itemize @bullet | ||
3428 | @item HTTP 1.1 proxy | ||
3429 | @item SOCKS 4/4a/5/5 with hostname | ||
3430 | @end itemize | ||
3431 | |||
3432 | In addition authentication at the proxy with username and password can be | ||
3433 | configured. | ||
3434 | |||
3435 | To configure proxy support for the clients in the gnunet-setup tool, select the | ||
3436 | "transport" tab and activate the respective plugin. Now you can select the | ||
3437 | appropriate proxy type. The hostname or IP address (including port if required) | ||
3438 | has to be entered in the "Proxy hostname" textbox. If required, enter username | ||
3439 | and password in the "Proxy username" and "Proxy password" boxes. Be aware that | ||
3440 | these information will be stored in the configuration in plain text. | ||
3441 | |||
3442 | To configure these options directly in the configuration, you can configure the | ||
3443 | following settings in the [transport-http_client] and [transport-https_client] | ||
3444 | section of the configuration: | ||
3445 | |||
3446 | @example | ||
3447 | # Type of proxy server,@ | ||
3448 | # Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME@ | ||
3449 | # Default: HTTP@ | ||
3450 | # PROXY_TYPE = HTTP | ||
3451 | |||
3452 | # Hostname or IP of proxy server@ | ||
3453 | # PROXY =@ | ||
3454 | # User name for proxy server@ | ||
3455 | # PROXY_USERNAME =@ | ||
3456 | # User password for proxy server@ | ||
3457 | # PROXY_PASSWORD = | ||
3458 | @end example | ||
3459 | |||
3460 | @node Configuring the GNU Name System | ||
3461 | @subsection Configuring the GNU Name System | ||
3462 | |||
3463 | @menu | ||
3464 | * Configuring system-wide DNS interception:: | ||
3465 | * Configuring the GNS nsswitch plugin:: | ||
3466 | * Configuring GNS on W32:: | ||
3467 | * GNS Proxy Setup:: | ||
3468 | * Setup of the GNS CA:: | ||
3469 | * Testing the GNS setup:: | ||
3470 | * Automatic Shortening in the GNU Name System:: | ||
3471 | @end menu | ||
3472 | |||
3473 | |||
3474 | @node Configuring system-wide DNS interception | ||
3475 | @subsubsection Configuring system-wide DNS interception | ||
3476 | |||
3477 | Before you install GNUnet, make sure you have a user and group 'gnunet' as well | ||
3478 | as an empty group 'gnunetdns'. | ||
3479 | |||
3480 | When using GNUnet with system-wide DNS interception, it is absolutely necessary | ||
3481 | for all GNUnet service processes to be started by @code{gnunet-service-arm} as | ||
3482 | user and group 'gnunet'. You also need to be sure to run @code{make install} as | ||
3483 | root (or use the @code{sudo} option to configure) to grant GNUnet sufficient | ||
3484 | privileges. | ||
3485 | |||
3486 | With this setup, all that is required for enabling system-wide DNS interception | ||
3487 | is for some GNUnet component (VPN or GNS) to request it. The | ||
3488 | @code{gnunet-service-dns} will then start helper programs that will make the | ||
3489 | necessary changes to your firewall (@code{iptables}) rules. | ||
3490 | |||
3491 | Note that this will NOT work if your system sends out DNS traffic to a | ||
3492 | link-local IPv6 address, as in this case GNUnet can intercept the traffic, but | ||
3493 | not inject the responses from the link-local IPv6 address. Hence you cannot use | ||
3494 | system-wide DNS interception in conjunction with link-local IPv6-based DNS | ||
3495 | servers. If such a DNS server is used, it will bypass GNUnet's DNS traffic | ||
3496 | interception. | ||
3497 | |||
3498 | |||
3499 | |||
3500 | Using the GNU Name System (GNS) requires two different configuration steps. | ||
3501 | First of all, GNS needs to be integrated with the operating system. Most of | ||
3502 | this section is about the operating system level integration. | ||
3503 | |||
3504 | Additionally, each individual user who wants to use the system must also | ||
3505 | initialize his GNS zones. This can be done by running (after starting GNUnet)@ | ||
3506 | @code{@ | ||
3507 | $ gnunet-gns-import.sh@ | ||
3508 | }@ | ||
3509 | after the local GNUnet peer has been started. Note that the namestore (in | ||
3510 | particular the namestore database backend) should not be reconfigured | ||
3511 | afterwards (as records are not automatically migrated between backends). | ||
3512 | |||
3513 | The remainder of this chapter will detail the various methods for configuring | ||
3514 | the use of GNS with your operating system. | ||
3515 | |||
3516 | At this point in time you have different options depending on your OS: | ||
3517 | @table @asis | ||
3518 | |||
3519 | @item Use the gnunet-gns-proxy This approach works for all operating systems | ||
3520 | and is likely the easiest. However, it enables GNS only for browsers, not for | ||
3521 | other applications that might be using DNS, such as SSH. Still, using the proxy | ||
3522 | is required for using HTTP with GNS and is thus recommended for all users. To | ||
3523 | do this, you simply have to run the @code{gnunet-gns-proxy-setup-ca} script as | ||
3524 | the user who will run the browser (this will create a GNS certificate authority | ||
3525 | (CA) on your system and import its key into your browser), then start | ||
3526 | @code{gnunet-gns-proxy} and inform your browser to use the Socks5 proxy which | ||
3527 | @code{gnunet-gns-proxy} makes available by default on port 7777. | ||
3528 | @item Use a | ||
3529 | nsswitch plugin (recommended on GNU systems) This approach has the advantage of | ||
3530 | offering fully personalized resolution even on multi-user systems. A potential | ||
3531 | disadvantage is that some applications might be able to bypass GNS. | ||
3532 | @item Use | ||
3533 | a W32 resolver plugin (recommended on W32) This is currently the only option on | ||
3534 | W32 systems. | ||
3535 | @item Use system-wide DNS packet interception This approach is | ||
3536 | recommended for the GNUnet VPN. It can be used to handle GNS at the same time; | ||
3537 | however, if you only use this method, you will only get one root zone per | ||
3538 | machine (not so great for multi-user systems). | ||
3539 | @end table | ||
3540 | |||
3541 | |||
3542 | You can combine system-wide DNS packet interception with the nsswitch plugin.@ | ||
3543 | The setup of the system-wide DNS interception is described here. All of the | ||
3544 | other GNS-specific configuration steps are described in the following sections. | ||
3545 | |||
3546 | @node Configuring the GNS nsswitch plugin | ||
3547 | @subsubsection Configuring the GNS nsswitch plugin | ||
3548 | |||
3549 | The Name Service Switch (NSS) is a facility in Unix-like operating systems that | ||
3550 | provides a variety of sources for common configuration databases and name | ||
3551 | resolution mechanisms. A system administrator usually configures the operating | ||
3552 | system's name services using the file /etc/nsswitch.conf. | ||
3553 | |||
3554 | GNS provides a NSS plugin to integrate GNS name resolution with the operating | ||
3555 | system's name resolution process. To use the GNS NSS plugin you have to either | ||
3556 | |||
3557 | @itemize @bullet | ||
3558 | |||
3559 | @item | ||
3560 | install GNUnet as root or | ||
3561 | |||
3562 | @item | ||
3563 | compile GNUnet with the @code{--with-sudo=yes} switch. | ||
3564 | @end itemize | ||
3565 | |||
3566 | Name resolution is controlled by the @emph{hosts} section in the NSS | ||
3567 | configuration. By default this section first performs a lookup in the | ||
3568 | /etc/hosts file and then in DNS. The nsswitch file should contain a line | ||
3569 | similar to:@ | ||
3570 | @code{@ | ||
3571 | hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4@ | ||
3572 | } | ||
3573 | |||
3574 | Here the GNS NSS plugin can be added to perform a GNS lookup before performing | ||
3575 | a DNS lookup. The GNS NSS plugin has to be added to the "hosts" section in | ||
3576 | /etc/nsswitch.conf file before DNS related plugins:@ | ||
3577 | @code{@ | ||
3578 | ...@ | ||
3579 | hosts: files gns [NOTFOUND=return] dns mdns4_minimal mdns4@ | ||
3580 | ...@ | ||
3581 | } | ||
3582 | |||
3583 | The @code{NOTFOUND=return} will ensure that if a @code{.gnu} name is not found | ||
3584 | in GNS it will not be queried in DNS. | ||
3585 | |||
3586 | @node Configuring GNS on W32 | ||
3587 | @subsubsection Configuring GNS on W32 | ||
3588 | |||
3589 | This document is a guide to configuring GNU Name System on W32-compatible | ||
3590 | platforms. | ||
3591 | |||
3592 | After GNUnet is installed, run the w32nsp-install tool: | ||
3593 | @example | ||
3594 | w32nsp-install.exe libw32nsp-0.dll | ||
3595 | @end example | ||
3596 | |||
3597 | |||
3598 | ('0' is the library version of W32 NSP; it might increase in the future, | ||
3599 | change the invocation accordingly). | ||
3600 | |||
3601 | This will install GNS namespace provider into the system and allow other | ||
3602 | applications to resolve names that end in '@strong{gnu}' and '@strong{zkey}'. | ||
3603 | Note that namespace provider requires gnunet-gns-helper-service-w32 to be | ||
3604 | running, as well as gns service itself (and its usual dependencies). | ||
3605 | |||
3606 | Namespace provider is hardcoded to connect to @strong{127.0.0.1:5353}, and this | ||
3607 | is where gnunet-gns-helper-service-w32 should be listening to (and is | ||
3608 | configured to listen to by default). | ||
3609 | |||
3610 | To uninstall the provider, run: | ||
3611 | @example | ||
3612 | w32nsp-uninstall.exe | ||
3613 | @end example | ||
3614 | |||
3615 | |||
3616 | (uses provider GUID to uninstall it, does not need a dll name). | ||
3617 | |||
3618 | Note that while MSDN claims that other applications will only be able to use | ||
3619 | the new namespace provider after re-starting, in reality they might stat to use | ||
3620 | it without that. Conversely, they might stop using the provider after it's been | ||
3621 | uninstalled, even if they were not re-started. W32 will not permit namespace | ||
3622 | provider library to be deleted or overwritten while the provider is installed, | ||
3623 | and while there is at least one process still using it (even after it was | ||
3624 | uninstalled). | ||
3625 | |||
3626 | @node GNS Proxy Setup | ||
3627 | @subsubsection GNS Proxy Setup | ||
3628 | |||
3629 | When using the GNU Name System (GNS) to browse the WWW, there are several | ||
3630 | issues that can be solved by adding the GNS Proxy to your setup: | ||
3631 | @itemize @bullet | ||
3632 | |||
3633 | |||
3634 | @item If the target website does not support GNS, it might assume that it is | ||
3635 | operating under some name in the legacy DNS system (such as example.com). It | ||
3636 | may then attempt to set cookies for that domain, and the web server might | ||
3637 | expect a @code{Host: example.com} header in the request from your browser. | ||
3638 | However, your browser might be using @code{example.gnu} for the @code{Host} | ||
3639 | header and might only accept (and send) cookies for @code{example.gnu}. The GNS | ||
3640 | Proxy will perform the necessary translations of the hostnames for cookies and | ||
3641 | HTTP headers (using the LEHO record for the target domain as the desired | ||
3642 | substitute). | ||
3643 | |||
3644 | @item If using HTTPS, the target site might include an SSL certificate which is | ||
3645 | either only valid for the LEHO domain or might match a TLSA record in GNS. | ||
3646 | However, your browser would expect a valid certificate for @code{example.gnu}, | ||
3647 | not for some legacy domain name. The proxy will validate the certificate | ||
3648 | (either against LEHO or TLSA) and then on-the-fly produce a valid certificate | ||
3649 | for the exchange, signed by your own CA. Assuming you installed the CA of your | ||
3650 | proxy in your browser's certificate authority list, your browser will then | ||
3651 | trust the HTTPS/SSL/TLS connection, as the hostname mismatch is hidden by the | ||
3652 | proxy. | ||
3653 | |||
3654 | @item Finally, the proxy will in the future indicate to the server that it | ||
3655 | speaks GNS, which will enable server operators to deliver GNS-enabled web sites | ||
3656 | to your browser (and continue to deliver legacy links to legacy browsers) | ||
3657 | @end itemize | ||
3658 | |||
3659 | @node Setup of the GNS CA | ||
3660 | @subsubsection Setup of the GNS CA | ||
3661 | |||
3662 | First you need to create a CA certificate that the proxy can use. To do so use | ||
3663 | the provided script gnunet-gns-proxy-ca:@ | ||
3664 | @code{@ | ||
3665 | $ gnunet-gns-proxy-setup-ca@ | ||
3666 | } | ||
3667 | |||
3668 | This will create a personal certification authority for you and add this | ||
3669 | authority to the firefox and chrome database. The proxy will use the this CA | ||
3670 | certificate to generate @code{*.gnu} client certificates on the fly. | ||
3671 | |||
3672 | Note that the proxy uses libcurl. Make sure your version of libcurl uses GnuTLS | ||
3673 | and NOT OpenSSL. The proxy will not work with libcurl compiled against | ||
3674 | OpenSSL. | ||
3675 | |||
3676 | @node Testing the GNS setup | ||
3677 | @subsubsection Testing the GNS setup | ||
3678 | |||
3679 | Now for testing purposes we can create some records in our zone to test the SSL | ||
3680 | functionality of the proxy:@ | ||
3681 | @code{@ | ||
3682 | $ gnunet-namestore -a -e "1 d" -n "homepage" -t A -V 131.159.74.67@ | ||
3683 | $ gnunet-namestore -a -e "1 d" -n "homepage" -t LEHO -V "gnunet.org"@ | ||
3684 | } | ||
3685 | |||
3686 | At this point we can start the proxy. Simply execute@ | ||
3687 | @code{@ | ||
3688 | $ gnunet-gns-proxy@ | ||
3689 | } | ||
3690 | |||
3691 | Configure your browser to use this SOCKSv5 proxy on port 7777 and visit this | ||
3692 | link.@ If you use firefox you also have to go to about:config and set the key | ||
3693 | @code{network.proxy.socks_remote_dns} to @code{true}. | ||
3694 | |||
3695 | When you visit @code{https://homepage.gnu/}, you should get to the | ||
3696 | @code{https://gnunet.org/} frontpage and the browser (with the correctly | ||
3697 | configured proxy) should give you a valid SSL certificate for | ||
3698 | @code{homepage.gnu} and no warnings. It should look like this@ | ||
3699 | |||
3700 | |||
3701 | |||
3702 | @table @asis | ||
3703 | @item Attachment | ||
3704 | Size | ||
3705 | @item gnunethpgns.png | ||
3706 | 64.19 KB | ||
3707 | @end table | ||
3708 | |||
3709 | @node Automatic Shortening in the GNU Name System | ||
3710 | @subsubsection Automatic Shortening in the GNU Name System | ||
3711 | |||
3712 | This page describes a possible option for 'automatic name shortening', which | ||
3713 | you can choose to enable with the GNU Name System. | ||
3714 | |||
3715 | When GNS encounters a name for the first time, it can use the 'NICK' record of | ||
3716 | the originating zone to automatically generate a name for the zone. If | ||
3717 | automatic shortening is enabled, those auto-generated names will be placed (as | ||
3718 | private records) into your personal 'shorten' zone (to prevent confusion with | ||
3719 | manually selected names). Then, in the future, if the same name is encountered | ||
3720 | again, GNS will display the shortened name instead (the first time, the long | ||
3721 | name will still be used as shortening typically happens asynchronously as | ||
3722 | looking up the 'NICK' record takes some time). Using this feature can be a | ||
3723 | convenient way to avoid very long @code{.gnu} names; however, note that names | ||
3724 | from the shorten-zone are assigned on a first-come-first-serve basis and should | ||
3725 | not be trusted. Furthermore, if you enable this feature, you will no longer see | ||
3726 | the full delegation chain for zones once shortening has been applied. | ||
3727 | |||
3728 | @node Configuring the GNUnet VPN | ||
3729 | @subsection Configuring the GNUnet VPN | ||
3730 | |||
3731 | @menu | ||
3732 | * IPv4 address for interface:: | ||
3733 | * IPv6 address for interface:: | ||
3734 | * Configuring the GNUnet VPN DNS:: | ||
3735 | * Configuring the GNUnet VPN Exit Service:: | ||
3736 | * IP Address of external DNS resolver:: | ||
3737 | * IPv4 address for Exit interface:: | ||
3738 | * IPv6 address for Exit interface:: | ||
3739 | @end menu | ||
3740 | |||
3741 | Before configuring the GNUnet VPN, please make sure that system-wide DNS | ||
3742 | interception is configured properly as described in the section on the GNUnet | ||
3743 | DNS setup. | ||
3744 | |||
3745 | The default-options for the GNUnet VPN are usually sufficient to use GNUnet as | ||
3746 | a Layer 2 for your Internet connection. However, what you always have to | ||
3747 | specify is which IP protocol you want to tunnel: IPv4, IPv6 or both. | ||
3748 | Furthermore, if you tunnel both, you most likely should also tunnel all of your | ||
3749 | DNS requests. You theoretically can tunnel "only" your DNS traffic, but that | ||
3750 | usually makes little sense. | ||
3751 | |||
3752 | The other options as shown on the gnunet-setup tool are: | ||
3753 | |||
3754 | @node IPv4 address for interface | ||
3755 | @subsubsection IPv4 address for interface | ||
3756 | |||
3757 | This is the IPv4 address the VPN interface will get. You should pick an | ||
3758 | 'private' IPv4 network that is not yet in use for you system. For example, if | ||
3759 | you use 10.0.0.1/255.255.0.0 already, you might use 10.1.0.1/255.255.0.0. If | ||
3760 | you use 10.0.0.1/255.0.0.0 already, then you might use 192.168.0.1/255.255.0.0. | ||
3761 | If your system is not in a private IP-network, using any of the above will work | ||
3762 | fine.@ You should try to make the mask of the address big enough (255.255.0.0 | ||
3763 | or, even better, 255.0.0.0) to allow more mappings of remote IP Addresses into | ||
3764 | this range. However, even a 255.255.255.0-mask will suffice for most users. | ||
3765 | |||
3766 | @node IPv6 address for interface | ||
3767 | @subsubsection IPv6 address for interface | ||
3768 | |||
3769 | The IPv6 address the VPN interface will get. Here you can specify any | ||
3770 | non-link-local address (the address should not begin with "fe80:"). A subnet | ||
3771 | Unique Local Unicast (fd00::/8-prefix) that you are currently not using would | ||
3772 | be a good choice. | ||
3773 | |||
3774 | @node Configuring the GNUnet VPN DNS | ||
3775 | @subsubsection Configuring the GNUnet VPN DNS | ||
3776 | |||
3777 | To resolve names for remote nodes, activate the DNS exit option. | ||
3778 | |||
3779 | @node Configuring the GNUnet VPN Exit Service | ||
3780 | @subsubsection Configuring the GNUnet VPN Exit Service | ||
3781 | |||
3782 | If you want to allow other users to share your Internet connection (yes, this | ||
3783 | may be dangerous, just as running a Tor exit node) or want to provide access to | ||
3784 | services on your host (this should be less dangerous, as long as those services | ||
3785 | are secure), you have to enable the GNUnet exit daemon. | ||
3786 | |||
3787 | You then get to specify which exit functions you want to provide. By enabling | ||
3788 | the exit daemon, you will always automatically provide exit functions for | ||
3789 | manually configured local services (this component of the system is under | ||
3790 | development and not documented further at this time). As for those services you | ||
3791 | explicitly specify the target IP address and port, there is no significant | ||
3792 | security risk in doing so. | ||
3793 | |||
3794 | Furthermore, you can serve as a DNS, IPv4 or IPv6 exit to the Internet. Being a | ||
3795 | DNS exit is usually pretty harmless. However, enabling IPv4 or IPv6-exit | ||
3796 | without further precautions may enable adversaries to access your local | ||
3797 | network, send spam, attack other systems from your Internet connection and to | ||
3798 | other mischief that will appear to come from your machine. This may or may not | ||
3799 | get you into legal trouble. If you want to allow IPv4 or IPv6-exit | ||
3800 | functionality, you should strongly consider adding additional firewall rules | ||
3801 | manually to protect your local network and to restrict outgoing TCP traffic | ||
3802 | (i.e. by not allowing access to port 25). While we plan to improve | ||
3803 | exit-filtering in the future, you're currently on your own here. Essentially, | ||
3804 | be prepared for any kind of IP-traffic to exit the respective TUN interface | ||
3805 | (and GNUnet will enable IP-forwarding and NAT for the interface automatically). | ||
3806 | |||
3807 | Additional configuration options of the exit as shown by the gnunet-setup tool | ||
3808 | are: | ||
3809 | |||
3810 | @node IP Address of external DNS resolver | ||
3811 | @subsubsection IP Address of external DNS resolver | ||
3812 | |||
3813 | If DNS traffic is to exit your machine, it will be send to this DNS resolver. | ||
3814 | You can specify an IPv4 or IPv6 address. | ||
3815 | |||
3816 | @node IPv4 address for Exit interface | ||
3817 | @subsubsection IPv4 address for Exit interface | ||
3818 | |||
3819 | This is the IPv4 address the Interface will get. Make the mask of the address | ||
3820 | big enough (255.255.0.0 or, even better, 255.0.0.0) to allow more mappings of | ||
3821 | IP addresses into this range. As for the VPN interface, any unused, private | ||
3822 | IPv4 address range will do. | ||
3823 | |||
3824 | @node IPv6 address for Exit interface | ||
3825 | @subsubsection IPv6 address for Exit interface | ||
3826 | |||
3827 | The public IPv6 address the interface will get. If your kernel is not a very | ||
3828 | recent kernel and you are willing to manually enable IPv6-NAT, the IPv6 address | ||
3829 | you specify here must be a globally routed IPv6 address of your host. | ||
3830 | |||
3831 | Suppose your host has the address @code{2001:4ca0::1234/64}, then using@ | ||
3832 | @code{2001:4ca0::1:0/112} would be fine (keep the first 64 bits, then change at | ||
3833 | least one bit in the range before the bitmask, in the example above we changed | ||
3834 | bit 111 from 0 to 1). | ||
3835 | |||
3836 | You may also have to configure your router to route traffic for the entire | ||
3837 | subnet (@code{2001:4ca0::1:0/112} for example) through your computer (this | ||
3838 | should be automatic with IPv6, but obviously anything can be | ||
3839 | disabled). | ||
3840 | |||
3841 | @node Bandwidth Configuration | ||
3842 | @subsection Bandwidth Configuration | ||
3843 | |||
3844 | You can specify how many bandwidth GNUnet is allowed to use to receive and send | ||
3845 | data. This is important for users with limited bandwidth or traffic volume. | ||
3846 | |||
3847 | @node Configuring NAT | ||
3848 | @subsection Configuring NAT | ||
3849 | |||
3850 | Most hosts today do not have a normal global IP address but instead are behind | ||
3851 | a router performing Network Address Translation (NAT) which assigns each host | ||
3852 | in the local network a private IP address. As a result, these machines cannot | ||
3853 | trivially receive inbound connections from the Internet. GNUnet supports NAT | ||
3854 | traversal to enable these machines to receive incoming connections from other | ||
3855 | peers despite their limitations. | ||
3856 | |||
3857 | In an ideal world, you can press the "Attempt automatic configuration" button | ||
3858 | in gnunet-setup to automatically configure your peer correctly. Alternatively, | ||
3859 | your distribution might have already triggered this automatic configuration | ||
3860 | during the installation process. However, automatic configuration can fail to | ||
3861 | determine the optimal settings, resulting in your peer either not receiving as | ||
3862 | many connections as possible, or in the worst case it not connecting to the | ||
3863 | network at all. | ||
3864 | |||
3865 | To manually configure the peer, you need to know a few things about your | ||
3866 | network setup. First, determine if you are behind a NAT in the first place. | ||
3867 | This is always the case if your IP address starts with "10.*" or "192.168.*". | ||
3868 | Next, if you have control over your NAT router, you may choose to manually | ||
3869 | configure it to allow GNUnet traffic to your host. If you have configured your | ||
3870 | NAT to forward traffic on ports 2086 (and possibly 1080) to your host, you can | ||
3871 | check the "NAT ports have been opened manually" option, which corresponds to | ||
3872 | the "PUNCHED_NAT" option in the configuration file. If you did not punch your | ||
3873 | NAT box, it may still be configured to support UPnP, which allows GNUnet to | ||
3874 | automatically configure it. In that case, you need to install the "upnpc" | ||
3875 | command, enable UPnP (or PMP) on your NAT box and set the "Enable NAT traversal | ||
3876 | via UPnP or PMP" option (corresponding to "ENABLE_UPNP" in the configuration | ||
3877 | file). | ||
3878 | |||
3879 | Some NAT boxes can be traversed using the autonomous NAT traversal method. This | ||
3880 | requires certain GNUnet components to be installed with "SUID" prividledges on | ||
3881 | your system (so if you're installing on a system you do not have administrative | ||
3882 | rights to, this will not work). If you installed as 'root', you can enable | ||
3883 | autonomous NAT traversal by checking the "Enable NAT traversal using ICMP | ||
3884 | method". The ICMP method requires a way to determine your NAT's external | ||
3885 | (global) IP address. This can be done using either UPnP, DynDNS, or by manual | ||
3886 | configuration. If you have a DynDNS name or know your external IP address, you | ||
3887 | should enter that name under "External (public) IPv4 address" (which | ||
3888 | corresponds to the "EXTERNAL_ADDRESS" option in the configuration file). If you | ||
3889 | leave the option empty, GNUnet will try to determine your external IP address | ||
3890 | automatically (which may fail, in which case autonomous NAT traversal will then | ||
3891 | not work). | ||
3892 | |||
3893 | Finally, if you yourself are not behind NAT but want to be able to connect to | ||
3894 | NATed peers using autonomous NAT traversal, you need to check the "Enable | ||
3895 | connecting to NATed peers using ICMP method" box. | ||
3896 | |||
3897 | |||
3898 | @node Peer configuration for distributions | ||
3899 | @subsubsection Peer configuration for distributions | ||
3900 | |||
3901 | The "GNUNET_DATA_HOME" in "[path]" in /etc/gnunet.conf should be manually set | ||
3902 | to "/var/lib/gnunet/data/" as the default "~/.local/share/gnunet/" is probably | ||
3903 | not that appropriate in this case. Similarly, distributions may consider | ||
3904 | pointing "GNUNET_RUNTIME_DIR" to "/var/run/gnunet/" and "GNUNET_HOME" to | ||
3905 | "/var/lib/gnunet/". Also, should a distribution decide to override system | ||
3906 | defaults, all of these changes should be done in a custom "/etc/gnunet.conf" | ||
3907 | and not in the files in the "config.d/" directory. | ||
3908 | |||
3909 | Given the proposed access permissions, the "gnunet-setup" tool must be run as | ||
3910 | use "gnunet" (and with option "-c /etc/gnunet.conf" so that it modifies the | ||
3911 | system configuration). As always, gnunet-setup should be run after the GNUnet | ||
3912 | peer was stopped using "gnunet-arm -e". Distributions might want to include a | ||
3913 | wrapper for gnunet-setup that allows the desktop-user to "sudo" (i.e. using | ||
3914 | gtksudo) to the "gnunet" user account and then runs "gnunet-arm -e", | ||
3915 | "gnunet-setup" and "gnunet-arm -s" in sequence. | ||
3916 | |||
3917 | |||
3918 | |||
3919 | @node How to start and stop a GNUnet peer | ||
3920 | @section How to start and stop a GNUnet peer | ||
3921 | |||
3922 | This section describes how to start a GNUnet peer. It assumes that you have | ||
3923 | already compiled and installed GNUnet and its' dependencies. Before you start a | ||
3924 | GNUnet peer, you may want to create a configuration file using gnunet-setup | ||
3925 | (but you do not have to). Sane defaults should exist in your | ||
3926 | @code{GNUNET_PREFIX/share/gnunet/config.d/} directory, so in practice you could | ||
3927 | simply start without any configuration. If you want to configure your peer | ||
3928 | later, you need to stop it before invoking the @code{gnunet-setup} tool to | ||
3929 | customize further and to test your configuration (@code{gnunet-setup} has | ||
3930 | build-in test functions). | ||
3931 | |||
3932 | The most important option you might have to still set by hand is in [PATHS]. | ||
3933 | Here, you use the option "GNUNET_HOME" to specify the path where GNUnet should | ||
3934 | store its data. It defaults to @code{$HOME/}, which again should work for most | ||
3935 | users. Make sure that the directory specified as GNUNET_HOME is writable to | ||
3936 | the user that you will use to run GNUnet (note that you can run frontends | ||
3937 | using other users, GNUNET_HOME must only be accessible to the user used to run | ||
3938 | the background processes). | ||
3939 | |||
3940 | You will also need to make one central decision: should all of GNUnet be run | ||
3941 | under your normal UID, or do you want distinguish between system-wide | ||
3942 | (user-independent) GNUnet services and personal GNUnet services. The multi-user | ||
3943 | setup is slightly more complicated, but also more secure and generally | ||
3944 | recommended. | ||
3945 | |||
3946 | @menu | ||
3947 | * The Single-User Setup:: | ||
3948 | * The Multi-User Setup:: | ||
3949 | * Killing GNUnet services:: | ||
3950 | * Access Control for GNUnet:: | ||
3951 | @end menu | ||
3952 | |||
3953 | @node The Single-User Setup | ||
3954 | @subsection The Single-User Setup | ||
3955 | |||
3956 | For the single-user setup, you do not need to do anything special and can just | ||
3957 | start the GNUnet background processes using @code{gnunet-arm}. By default, | ||
3958 | GNUnet looks in @code{~/.config/gnunet.conf} for a configuration (or | ||
3959 | $XDG_CONFIG_HOME/gnunet.conf if@ $XDG_CONFIG_HOME is defined). If your | ||
3960 | configuration lives elsewhere, you need to pass the @code{-c FILENAME} option | ||
3961 | to all GNUnet commands. | ||
3962 | |||
3963 | Assuming the configuration file is called @code{~/.config/gnunet.conf}, you | ||
3964 | start your peer using the @code{gnunet-arm} command (say as user | ||
3965 | @code{gnunet}) using: | ||
3966 | @example | ||
3967 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3968 | @end example | ||
3969 | |||
3970 | The "-s" option here is for "start". The command should return almost | ||
3971 | instantly. If you want to stop GNUnet, you can use: | ||
3972 | @example | ||
3973 | gnunet-arm -c ~/.config/gnunet.conf -e | ||
3974 | @end example | ||
3975 | |||
3976 | The "-e" option here is for "end". | ||
3977 | |||
3978 | Note that this will only start the basic peer, no actual applications will be | ||
3979 | available. If you want to start the file-sharing service, use (after starting | ||
3980 | GNUnet): | ||
3981 | @example | ||
3982 | gnunet-arm -c ~/.config/gnunet.conf -i fs | ||
3983 | @end example | ||
3984 | |||
3985 | The "-i fs" option here is for "initialize" the "fs" (file-sharing) | ||
3986 | application. You can also selectively kill only file-sharing support using | ||
3987 | @example | ||
3988 | gnunet-arm -c ~/.config/gnunet.conf -k fs | ||
3989 | @end example | ||
3990 | |||
3991 | Assuming that you want certain services (like file-sharing) to be always | ||
3992 | automatically started whenever you start GNUnet, you can activate them by | ||
3993 | setting "FORCESTART=YES" in the respective section of the configuration file | ||
3994 | (for example, "[fs]"). Then GNUnet with file-sharing support would be started | ||
3995 | whenever you@ enter: | ||
3996 | @example | ||
3997 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3998 | @end example | ||
3999 | |||
4000 | Alternatively, you can combine the two options: | ||
4001 | @example | ||
4002 | gnunet-arm -c ~/.config/gnunet.conf -s -i fs | ||
4003 | @end example | ||
4004 | |||
4005 | |||
4006 | Using @code{gnunet-arm} is also the preferred method for initializing GNUnet | ||
4007 | from @code{init}. | ||
4008 | |||
4009 | Finally, you should edit your @code{crontab} (using the @code{crontab} command) | ||
4010 | and insert a line@ | ||
4011 | @code{@ | ||
4012 | @@reboot gnunet-arm -c ~/.config/gnunet.conf -s@ | ||
4013 | }@ | ||
4014 | to automatically start your peer whenever your system boots. | ||
4015 | |||
4016 | @node The Multi-User Setup | ||
4017 | @subsection The Multi-User Setup | ||
4018 | |||
4019 | This requires you to create a user @code{gnunet} and an additional group | ||
4020 | @code{gnunetdns}, prior to running @code{make install} during installation. | ||
4021 | Then, you create a configuration file @code{/etc/gnunet.conf} which should | ||
4022 | contain the lines:@ | ||
4023 | @code{@ | ||
4024 | [arm]@ | ||
4025 | SYSTEM_ONLY = YES@ | ||
4026 | USER_ONLY = NO@ | ||
4027 | }@ | ||
4028 | Then, perform the same steps to run GNUnet as in the per-user configuration, | ||
4029 | except as user @code{gnunet} (including the @code{crontab} installation). You | ||
4030 | may also want to run @code{gnunet-setup} to configure your peer (databases, | ||
4031 | etc.). Make sure to pass @code{-c /etc/gnunet.conf} to all commands. If you | ||
4032 | run @code{gnunet-setup} as user @code{gnunet}, you might need to change | ||
4033 | permissions on @code{/etc/gnunet.conf} so that the @code{gnunet} user can | ||
4034 | write to the file (during setup). | ||
4035 | |||
4036 | Afterwards, you need to perform another setup step for each normal user account | ||
4037 | from which you want to access GNUnet. First, grant the normal user | ||
4038 | (@code{$USER}) permission to the group gnunet:@ | ||
4039 | @code{@ | ||
4040 | # adduser $USER gnunet@ | ||
4041 | }@ | ||
4042 | Then, create a configuration file in @code{~/.config/gnunet.conf} for the $USER | ||
4043 | with the lines:@ | ||
4044 | @code{@ | ||
4045 | [arm]@ | ||
4046 | SYSTEM_ONLY = NO@ | ||
4047 | USER_ONLY = YES@ | ||
4048 | }@ | ||
4049 | This will ensure that @code{gnunet-arm} when started by the normal user will | ||
4050 | only run services that are per-user, and otherwise rely on the system-wide | ||
4051 | services. Note that the normal user may run gnunet-setup, but the | ||
4052 | configuration would be ineffective as the system-wide services will use | ||
4053 | @code{/etc/gnunet.conf} and ignore options set by individual users. | ||
4054 | |||
4055 | Again, each user should then start the peer using @code{gnunet-arm -s} --- and | ||
4056 | strongly consider adding logic to start the peer automatically to their | ||
4057 | crontab. | ||
4058 | |||
4059 | Afterwards, you should see two (or more, if you have more than one USER) | ||
4060 | @code{gnunet-service-arm} processes running in your system. | ||
4061 | |||
4062 | @node Killing GNUnet services | ||
4063 | @subsection Killing GNUnet services | ||
4064 | |||
4065 | It is not necessary to stop GNUnet services explicitly when shutting down your | ||
4066 | computer. | ||
4067 | |||
4068 | It should be noted that manually killing "most" of the @code{gnunet-service} | ||
4069 | processes is generally not a successful method for stopping a peer (since | ||
4070 | @code{gnunet-service-arm} will instantly restart them). The best way to | ||
4071 | explicitly stop a peer is using @code{gnunet-arm -e}; note that the per-user | ||
4072 | services may need to be terminated before the system-wide services will | ||
4073 | terminate normally. | ||
4074 | |||
4075 | @node Access Control for GNUnet | ||
4076 | @subsection Access Control for GNUnet | ||
4077 | |||
4078 | This chapter documents how we plan to make access control work within the | ||
4079 | GNUnet system for a typical peer. It should be read as a best-practice | ||
4080 | installation guide for advanced users and builders of binary distributions. The | ||
4081 | recommendations in this guide apply to POSIX-systems with full support for UNIX | ||
4082 | domain sockets only. | ||
4083 | |||
4084 | Note that this is an advanced topic. The discussion presumes a very good | ||
4085 | understanding of users, groups and file permissions. Normal users on hosts with | ||
4086 | just a single user can just install GNUnet under their own account (and | ||
4087 | possibly allow the installer to use SUDO to grant additional permissions for | ||
4088 | special GNUnet tools that need additional rights). The discussion below largely | ||
4089 | applies to installations where multiple users share a system and to | ||
4090 | installations where the best possible security is paramount. | ||
4091 | |||
4092 | A typical GNUnet system consists of components that fall into four categories: | ||
4093 | |||
4094 | @table @asis | ||
4095 | |||
4096 | @item User interfaces | ||
4097 | User interfaces are not security sensitive and are supposed to be run and used | ||
4098 | by normal system users. The GTK GUIs and most command-line programs fall into | ||
4099 | this category. Some command-line tools (like gnunet-transport) should be | ||
4100 | excluded as they offer low-level access that normal users should not need. | ||
4101 | @item System services and support tools | ||
4102 | System services should always run and offer services that can then be accessed | ||
4103 | by the normal users. System services do not require special permissions, but as | ||
4104 | they are not specific to a particular user, they probably should not run as a | ||
4105 | particular user. Also, there should typically only be one GNUnet peer per host. | ||
4106 | System services include the gnunet-service and gnunet-daemon programs; support | ||
4107 | tools include command-line programs such as gnunet-arm. | ||
4108 | @item Priviledged helpers | ||
4109 | Some GNUnet components require root rights to open raw sockets or perform other | ||
4110 | special operations. These gnunet-helper binaries are typically installed SUID | ||
4111 | and run from services or daemons. | ||
4112 | @item Critical services | ||
4113 | Some GNUnet services (such as the DNS service) can manipulate the service in | ||
4114 | deep and possibly highly security sensitive ways. For example, the DNS service | ||
4115 | can be used to intercept and alter any DNS query originating from the local | ||
4116 | machine. Access to the APIs of these critical services and their priviledged | ||
4117 | helpers must be tightly controlled. | ||
4118 | @end table | ||
4119 | |||
4120 | @menu | ||
4121 | * Recommendation: Disable access to services via TCP:: | ||
4122 | * Recommendation: Run most services as system user "gnunet":: | ||
4123 | * Recommendation: Control access to services using group "gnunet":: | ||
4124 | * Recommendation: Limit access to certain SUID binaries by group "gnunet":: | ||
4125 | * Recommendation: Limit access to critical gnunet-helper-dns to group "gnunetdns":: | ||
4126 | * Differences between "make install" and these recommendations:: | ||
4127 | @end menu | ||
4128 | |||
4129 | @node Recommendation: Disable access to services via TCP | ||
4130 | @subsubsection Recommendation: Disable access to services via TCP | ||
4131 | |||
4132 | GNUnet services allow two types of access: via TCP socket or via UNIX domain | ||
4133 | socket. If the service is available via TCP, access control can only be | ||
4134 | implemented by restricting connections to a particular range of IP addresses. | ||
4135 | This is acceptable for non-critical services that are supposed to be available | ||
4136 | to all users on the local system or local network. However, as TCP is generally | ||
4137 | less efficient and it is rarely the case that a single GNUnet peer is supposed | ||
4138 | to serve an entire local network, the default configuration should disable TCP | ||
4139 | access to all GNUnet services on systems with support for UNIX domain sockets. | ||
4140 | As of GNUnet 0.9.2, configuration files with TCP access disabled should be | ||
4141 | generated by default. Users can re-enable TCP access to particular services | ||
4142 | simply by specifying a non-zero port number in the section of the respective | ||
4143 | service. | ||
4144 | |||
4145 | |||
4146 | @node Recommendation: Run most services as system user "gnunet" | ||
4147 | @subsubsection Recommendation: Run most services as system user "gnunet" | ||
4148 | |||
4149 | GNUnet's main services should be run as a separate user "gnunet" in a special | ||
4150 | group "gnunet". The user "gnunet" should start the peer using "gnunet-arm -s" | ||
4151 | during system startup. The home directory for this user should be | ||
4152 | "/var/lib/gnunet" and the configuration file should be "/etc/gnunet.conf". Only | ||
4153 | the "gnunet" user should have the right to access "/var/lib/gnunet" (mode: | ||
4154 | 700). | ||
4155 | |||
4156 | @node Recommendation: Control access to services using group "gnunet" | ||
4157 | @subsubsection Recommendation: Control access to services using group "gnunet" | ||
4158 | |||
4159 | Users that should be allowed to use the GNUnet peer should be added to the | ||
4160 | group "gnunet". Using GNUnet's access control mechanism for UNIX domain | ||
4161 | sockets, those services that are considered useful to ordinary users should be | ||
4162 | made available by setting "UNIX_MATCH_GID=YES" for those services. Again, as | ||
4163 | shipped, GNUnet provides reasonable defaults. Permissions to access the | ||
4164 | transport and core subsystems might additionally be granted without necessarily | ||
4165 | causing security concerns. Some services, such as DNS, must NOT be made | ||
4166 | accessible to the "gnunet" group (and should thus only be accessible to the | ||
4167 | "gnunet" user and services running with this UID). | ||
4168 | |||
4169 | @node Recommendation: Limit access to certain SUID binaries by group "gnunet" | ||
4170 | @subsubsection Recommendation: Limit access to certain SUID binaries by group "gnunet" | ||
4171 | |||
4172 | Most of GNUnet's SUID binaries should be safe even if executed by normal users. | ||
4173 | However, it is possible to reduce the risk a little bit more by making these | ||
4174 | binaries owned by the group "gnunet" and restricting their execution to user of | ||
4175 | the group "gnunet" as well (4750). | ||
4176 | |||
4177 | @node Recommendation: Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
4178 | @subsubsection Recommendation: Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
4179 | |||
4180 | A special group "gnunetdns" should be created for controlling access to the | ||
4181 | "gnunet-helper-dns". The binary should then be owned by root and be in group | ||
4182 | "gnunetdns" and be installed SUID and only be group-executable (2750). Note | ||
4183 | that the group "gnunetdns" should have no users in it at all, ever. The | ||
4184 | "gnunet-service-dns" program should be executed by user "gnunet" (via | ||
4185 | gnunet-service-arm) with the binary owned by the user "root" and the group | ||
4186 | "gnunetdns" and be SGID (2700). This way, @strong{only} "gnunet-service-dns" | ||
4187 | can change its group to "gnunetdns" and execute the helper, and the helper can | ||
4188 | then run as root (as per SUID). Access to the API offered by | ||
4189 | "gnunet-service-dns" is in turn restricted to the user "gnunet" (not the | ||
4190 | group!), which means that only "benign" services can manipulate DNS queries | ||
4191 | using "gnunet-service-dns". | ||
4192 | |||
4193 | @node Differences between "make install" and these recommendations | ||
4194 | @subsubsection Differences between "make install" and these recommendations | ||
4195 | |||
4196 | The current build system does not set all permissions automatically based on | ||
4197 | the recommendations above. In particular, it does not use the group "gnunet" at | ||
4198 | all (so setting gnunet-helpers other than the gnunet-helper-dns to be owned by | ||
4199 | group "gnunet" must be done manually). Furthermore, 'make install' will | ||
4200 | silently fail to set the DNS binaries to be owned by group "gnunetdns" unless | ||
4201 | that group already exists (!). An alternative name for the "gnunetdns" group | ||
4202 | can be specified using the "--with-gnunetdns=GRPNAME" configure | ||
4203 | option. | ||
4204 | |||
4205 | |||