21 files changed, 3516 insertions, 3360 deletions
diff --git a/doc/documentation/.gitignore b/doc/documentation/.gitignore
index 2e914d9c9..f490c3412 100644
--- a/doc/documentation/.gitignore
+++ b/doc/documentation/.gitignore
@@ -1,2 +1,9 @@
 stamp-1
 version2.texi
+manual
+*.fn
+*.fns
+*.ky
+*.pg
+*.tp
+*.vr
diff --git a/doc/documentation/Makefile.am b/doc/documentation/Makefile.am
index 991b1926b..b6c666c4d 100644
--- a/doc/documentation/Makefile.am
+++ b/doc/documentation/Makefile.am
@@ -19,7 +19,6 @@ dist_infoimage_DATA =                           		\
        images/gnunet-0-10-peerinfo.png                         \
        images/gnunet-gtk-0-10-identity.png                     \
        images/gnunet-fs-gtk-0-10-star-tab.png                  \
-        images/gnunet-gtk-0-10.png                              \
        images/gnunet-gtk-0-10-download-area.png                \
        images/gnunet-gtk-0-10-search-selected.png              \
        images/gnunet-gtk-0-10-fs-menu.png                      \
@@ -44,7 +43,8 @@ dist_infoimage_DATA =                           		\
        images/daemon_lego_block.svg                            \
        images/lego_stack.svg                                   \
        images/service_lego_block.svg                           \
-        images/structure.dot
+        images/structure.dot                                    \
+        images/gns.dot
 #       images/$(wildcard *.png)                                                \
 #       images/$(wildcard *.svg)
@@ -112,9 +112,9 @@ info_TEXINFOS = 						\
 gnunet_TEXINFOS =                                               \
        chapters/developer.texi                                 \
-        chapters/terminology.texi                               \
+        chapters/preface.texi                           \
-        chapters/installation.texi                              \
        chapters/philosophy.texi                                \
+        chapters/installation.texi                              \
        chapters/user.texi                                      \
        chapters/vocabulary.texi                                \
        chapters/configuration.texi                             \
@@ -144,6 +144,7 @@ DISTCLEANFILES = 						\
        chapters/terminology.cps                                \
        chapters/vocabulary.cps                                 \
        fdl-1.3.cps                                             \
+        agpl-3.0.cps                                            \
        gpl-3.0.cps
 # if HAVE_EXTENDED_DOCUMENTATION_BUILDING
@@ -166,8 +167,8 @@ lego_stack.png: images/lego_stack.svg
 #       echo "@set EDITION $(PACKAGE_VERSION)" >> $@
 #       echo "@set VERSION $(PACKAGE_VERSION)" >> $@
-# Workaround for makeinfo error. Whcih in turn introduces more
+# Workaround for makeinfo error. Which in turn introduces more
-# date-related 'warnings'. Well.
+# date-related 'warnings' for GNUism. Well.
 version2.texi:
        echo "@set UPDATED $(date +'%d %B %Y')" > $@
        echo "@set UPDATED-MONTH $(date +'%B %Y')" >> $@
diff --git a/doc/documentation/README.txt b/doc/documentation/README.txt
deleted file mode 100644
index 9e76394c3..000000000
--- a/doc/documentation/README.txt
+++ /dev/null
@@ -1,63 +0,0 @@
-* Completion Levels:
-** chapters/philosophy: around 100% fixed after initial export.
-* What's left to do
- Which Texlive modules are needed? Decrease the size.
-  - distro specific, or can we set requirements?
- Update the content of gnunet documentation.
- XXX: images are only generated for the html documentation
-  with gendoc.sh … FIXME!
- XXX: png,dot, and svg images MUST be converted to eps by the
-  build system. Right now they aren't, as a result: No images.
-* How to use (hack) on this
-** with guix
-Adjust accordingly, ie read the Guix Documentation:
-setenv GUIX_PACKAGE_PATH "gnunet/contrib/packages/guix/packages"
-guix environment gnunet-doc
-and
-guix build -f contrib/packages/guix/gnunet-doc.scm
-** without guix
-You need to have Texinfo and Texlive in your path.
-sh bootstrap
-./configure --enable-documentation
-cd doc
-make (format you want)
-for example: make html, make info, make pdf
-* structure (relations)
-** gnunet.texi
- -> chapters/developer.texi
- -> chapters/installation.texi
- -> chapters/philosophy.texi
- -> chapters/user.texi
- -> chapters/vocabulary.texi
- -> images/*
- -> gpl-3.0.texi
- -> fdl-1.3.texi
-** gnunet-c-tutorial.texi
- -> figs/Service.pdf
- -> figs/System.pdf
- -> tutorial-examples/*.c
- -> gpl-3.0.texi
- -> fdl-1.3.texi
- gnunet-c-tutorial-v1.pdf: original LaTeX "gnunet-c-tutorial.pdf".
- man folder: the man pages.
- doxygen folder
- outdated-and-old-installation-instructions.txt: self described within the file.
-Use `gendocs', add to the manual/ directory of the web site.
-  $ cd doc
-  $ gendocs.sh gnunet "GNUnet 0.10.X Reference Manual"
diff --git a/doc/documentation/TODO b/doc/documentation/TODO
new file mode 100644
index 000000000..fa1ce7a23
--- /dev/null
+++ b/doc/documentation/TODO
@@ -0,0 +1,106 @@
+-*- mode: org -*-
+TODO - or: the Documentation Masterplan.
+To some extent this duplicates the Mantis tickets on this topic.
+* Motivation
+My motivation is to read into good documentations and create a self-contained collection of books,
+which can be understood without expecting too much background knowledge in every topic.
+** User Handbook:
+The content of the User book should be mostly concerned with our current and future graphical (gtk
+as well as terminal user interface) applications. After reading Preface and maybe Philosophy, the
+person reading the User Handbook should understand with the least possible strugle the application
+they intend to use. Examples should be given and concepts explained.
+** Installation Handbook:
+As seen with requests on the mailinglist, we will have to pick up people where they are, similar
+to the User Handbook. People already used to compiling and installing should have the chance to
+skip to the end, everyone else should: have step-by-step instructions, which will either already
+include OS specific notes or will be followed by OS specific instructions. It is up for discussion
+if configuring GNUnet is 'User Handbook' or 'Installation Handbook', the current mixture in
+the Installation Handbook is not good.
+** Contributors Handbook:
+This chapter could either be reduced to a couple of sections following the theme of 'contributing
+to GNUnet' or the chapter could be extended. If we extend it, we should explain a range of topics
+that can be useful for contributors. It can be understood as a recommended reading in addition to
+the Developer Handbook then, and the Developer Handbook could simply become a better commented
+reference for the code-base.
+** Developer Handbook:
+As outlined in the last sentences, the Developer Handbook could be reduced to the necessary bits
+with enough comments to be understood without reading into the papers published over the years.
+* DONE 1. Drupal books export to LaTeX.
+* DONE 2. LaTeX conversion to Texinfo.
+* DONE 3. (initial) Fixup of syntax errors introduced in conversion chain.
+* TODO 4. Update content.
+* TODO 5. Create API Reference or similar
+* TODO 6. Create Concept Index
+* TODO 7. Create Procedure Index
+* TODO 8. Create Type Index
+* TODO 9. Create Functions Index
+* TODO 10. Properly address concerns and criticism people had/have on the old and current documentation.
+* TODO 11. Reorder structure
+* TODO more TODO.
+* Status Progress / Completion Levels
+** chapters/philosophy: around 100% fixed after initial export.
+* System Integration Tasks
+* Which Texlive modules are needed for every output we generate?
+* Generate the images from their dot sources.
+* How to use (hack) on this
+This section will find its way into the documentation sooner or later.
+Potentially outdated or inaccurate bits.
+** with guix
+Adjust accordingly, ie read the Guix Documentation:
+guix environment gnunet-doc
+and
+guix build -f contrib/packages/guix/gnunet-doc.scm
+** without guix
+You need to have Texinfo and Texlive in your path.
+sh bootstrap
+./configure --enable-documentation
+cd doc
+make (format you want)
+for example: make html, make info, make pdf
+* structure (relations) (old!)
+** gnunet.texi
+ -> chapters/developer.texi
+ -> chapters/installation.texi
+ -> chapters/philosophy.texi
+ -> chapters/user.texi
+ -> chapters/vocabulary.texi
+ -> images/*
+ -> gpl-3.0.texi
+ -> fdl-1.3.texi
+** gnunet-c-tutorial.texi
+ -> figs/Service.pdf
+ -> figs/System.pdf
+ -> tutorial-examples/*.c
+ -> gpl-3.0.texi
+ -> fdl-1.3.texi
+- gnunet-c-tutorial-v1.pdf: original LaTeX "gnunet-c-tutorial.pdf".
+- man folder: the man pages.
+- doxygen folder
+- outdated-and-old-installation-instructions.txt: self described within the file.
+Use `gendocs', add to the manual/ directory of the web site.
+  $ cd doc
+  $ gendocs.sh gnunet "GNUnet 0.10.X Reference Manual"
diff --git a/doc/documentation/agpl-3.0.texi b/doc/documentation/agpl-3.0.texi
new file mode 100644
index 000000000..eabb0c6df
--- /dev/null
+++ b/doc/documentation/agpl-3.0.texi
@@ -0,0 +1,698 @@
+@c The GNU Affero General Public License.
+@center Version 3, 19 November 2007
+@c This file is intended to be included within another document,
+@c hence no sectioning command or @node.
+@display
+Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{https://fsf.org/}
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+@end display
+@heading Preamble
+The GNU Affero General Public License is a free, copyleft license
+for software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+The licenses for most software and other practical works are
+designed to take away your freedom to share and change the works.  By
+contrast, our General Public Licenses are intended to guarantee your
+freedom to share and change all versions of a program--to make sure it
+remains free software for all its users.
+When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+The precise terms and conditions for copying, distribution and
+modification follow.
+@heading TERMS AND CONDITIONS
+@enumerate 0
+@item Definitions.
+``This License'' refers to version 3 of the GNU Affero General Public License.
+``Copyright'' also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+``The Program'' refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as ``you''.  ``Licensees'' and
+``recipients'' may be individuals or organizations.
+To ``modify'' a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy.  The resulting work is called a ``modified version'' of
+the earlier work or a work ``based on'' the earlier work.
+A ``covered work'' means either the unmodified Program or a work based
+on the Program.
+To ``propagate'' a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+To ``convey'' a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+An interactive user interface displays ``Appropriate Legal Notices'' to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+@item Source Code.
+The ``source code'' for a work means the preferred form of the work for
+making modifications to it.  ``Object code'' means any non-source form
+of a work.
+A ``Standard Interface'' means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+The ``System Libraries'' of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+``Major Component'', in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+The ``Corresponding Source'' for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+The Corresponding Source for a work in source code form is that same
+work.
+@item Basic Permissions.
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright.  Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+Conveying under any other circumstances is permitted solely under the
+conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+@item Protecting Users' Legal Rights From Anti-Circumvention Law.
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+@item Conveying Verbatim Copies.
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+@item Conveying Modified Source Versions.
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+@enumerate a
+@item
+The work must carry prominent notices stating that you modified it,
+and giving a relevant date.
+@item
+The work must carry prominent notices stating that it is released
+under this License and any conditions added under section 7.  This
+requirement modifies the requirement in section 4 to ``keep intact all
+notices''.
+@item
+You must license the entire work, as a whole, under this License to
+anyone who comes into possession of a copy.  This License will
+therefore apply, along with any applicable section 7 additional terms,
+to the whole of the work, and all its parts, regardless of how they
+are packaged.  This License gives no permission to license the work in
+any other way, but it does not invalidate such permission if you have
+separately received it.
+@item
+If the work has interactive user interfaces, each must display
+Appropriate Legal Notices; however, if the Program has interactive
+interfaces that do not display Appropriate Legal Notices, your work
+need not make them do so.
+@end enumerate
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+``aggregate'' if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+@item  Conveying Non-Source Forms.
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+@enumerate a
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by the
+Corresponding Source fixed on a durable physical medium customarily
+used for software interchange.
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by a written
+offer, valid for at least three years and valid for as long as you
+offer spare parts or customer support for that product model, to give
+anyone who possesses the object code either (1) a copy of the
+Corresponding Source for all the software in the product that is
+covered by this License, on a durable physical medium customarily used
+for software interchange, for a price no more than your reasonable
+cost of physically performing this conveying of source, or (2) access
+to copy the Corresponding Source from a network server at no charge.
+@item
+Convey individual copies of the object code with a copy of the written
+offer to provide the Corresponding Source.  This alternative is
+allowed only occasionally and noncommercially, and only if you
+received the object code with such an offer, in accord with subsection
+6b.
+@item
+Convey the object code by offering access from a designated place
+(gratis or for a charge), and offer equivalent access to the
+Corresponding Source in the same way through the same place at no
+further charge.  You need not require recipients to copy the
+Corresponding Source along with the object code.  If the place to copy
+the object code is a network server, the Corresponding Source may be
+on a different server (operated by you or a third party) that supports
+equivalent copying facilities, provided you maintain clear directions
+next to the object code saying where to find the Corresponding Source.
+Regardless of what server hosts the Corresponding Source, you remain
+obligated to ensure that it is available for as long as needed to
+satisfy these requirements.
+@item
+Convey the object code using peer-to-peer transmission, provided you
+inform other peers where the object code and Corresponding Source of
+the work are being offered to the general public at no charge under
+subsection 6d.
+@end enumerate
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+A ``User Product'' is either (1) a ``consumer product'', which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling.  In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage.  For a particular product received by a particular user,
+``normally used'' refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product.  A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+``Installation Information'' for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source.  The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed.  Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+@item Additional Terms.
+``Additional permissions'' are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+@enumerate a
+@item
+Disclaiming warranty or limiting liability differently from the terms
+of sections 15 and 16 of this License; or
+@item
+Requiring preservation of specified reasonable legal notices or author
+attributions in that material or in the Appropriate Legal Notices
+displayed by works containing it; or
+@item
+Prohibiting misrepresentation of the origin of that material, or
+requiring that modified versions of such material be marked in
+reasonable ways as different from the original version; or
+@item
+Limiting the use for publicity purposes of names of licensors or
+authors of the material; or
+@item
+Declining to grant rights under trademark law for use of some trade
+names, trademarks, or service marks; or
+@item
+Requiring indemnification of licensors and authors of that material by
+anyone who conveys the material (or modified versions of it) with
+contractual assumptions of liability to the recipient, for any
+liability that these contractual assumptions directly impose on those
+licensors and authors.
+@end enumerate
+All other non-permissive additional terms are considered ``further
+restrictions'' within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+@item Termination.
+You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+@item Acceptance Not Required for Having Copies.
+You are not required to accept this License in order to receive or run
+a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+@item Automatic Licensing of Downstream Recipients.
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+An ``entity transaction'' is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+@item Patents.
+A ``contributor'' is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's ``contributor version''.
+A contributor's ``essential patent claims'' are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, ``control'' includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+In the following three paragraphs, a ``patent license'' is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To ``grant'' such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  ``Knowingly relying'' means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+A patent license is ``discriminatory'' if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License.  You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+@item No Surrender of Others' Freedom.
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey
+a covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all.  For example, if you agree
+to terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+@item Remote Network Interaction; Use with the GNU General Public License.
+Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users interacting
+with it remotely through a computer network (if your version supports such
+interaction) an opportunity to receive the Corresponding Source of your
+version by providing access to the Corresponding Source from a network
+server at no charge, through some standard or customary means of
+facilitating copying of software.  This Corresponding Source shall include
+the Corresponding Source for any work covered by version 3 of the GNU
+General Public License that is incorporated pursuant to the following
+paragraph.
+Notwithstanding any other provision of this License, you have permission to
+link or combine any covered work with a work licensed under version 3 of
+the GNU General Public License into a single combined work, and to convey
+the resulting work.  The terms of this License will continue to apply to
+the part which is the covered work, but the work with which it is combined
+will remain governed by version 3 of the GNU General Public License.
+@item Revised Versions of this License.
+The Free Software Foundation may publish revised and/or new versions
+of the GNU Affero General Public License from time to time.  Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+Each version is given a distinguishing version number.  If the Program
+specifies that a certain numbered version of the GNU Affero General Public
+License ``or any later version'' applies to it, you have the option of
+following the terms and conditions either of that numbered version or
+of any later version published by the Free Software Foundation.  If
+the Program does not specify a version number of the GNU Affero General
+Public License, you may choose any version ever published by the Free
+Software Foundation.
+If the Program specifies that a proxy can decide which future versions
+of the GNU Affero General Public License can be used, that proxy's public
+statement of acceptance of a version permanently authorizes you to
+choose that version for the Program.
+Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+@item Disclaimer of Warranty.
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+@item Limitation of Liability.
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+@item Interpretation of Sections 15 and 16.
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+@end enumerate
+@heading END OF TERMS AND CONDITIONS
+@heading How to Apply These Terms to Your New Programs
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the ``copyright'' line and a pointer to where the full notice is found.
+@smallexample
+@var{one line to give the program's name and a brief idea of what it does.}
+Copyright (C) @var{year} @var{name of author}
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or (at
+your option) any later version.
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Affero General Public License for more details.
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see @url{https://www.gnu.org/licenses/}.
+@end smallexample
+Also add information on how to contact you by electronic and paper mail.
+If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a ``Source'' link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+You should also get your employer (if you work as a programmer) or school,
+if any, to sign a ``copyright disclaimer'' for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+@url{https://www.gnu.org/licenses/}.
diff --git a/doc/documentation/chapters/contributing.texi b/doc/documentation/chapters/contributing.texi
index 745acca77..a92df45c3 100644
--- a/doc/documentation/chapters/contributing.texi
+++ b/doc/documentation/chapters/contributing.texi
@@ -6,17 +6,20 @@
 * Licenses of contributions::
 * Copyright Assignment::
 * Contributing to the Reference Manual::
+* Contributing testcases::
 @end menu
 @node Contributing to GNUnet
 @section Contributing to GNUnet
+@cindex licenses
+@cindex licenses of contributions
 @node Licenses of contributions
 @section Licenses of contributions
 GNUnet is a @uref{https://www.gnu.org/, GNU} package.
 All code contributions must thus be put under the
-@uref{https://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}.
+@uref{https://www.gnu.org/licenses/agpl.html, GNU Affero Public License (AGPL)}.
 All documentation should be put under FSF approved licenses
 (see @uref{https://www.gnu.org/copyleft/fdl.html, fdl}).
@@ -40,7 +43,7 @@ rights, and in particular is allowed to dual-license the code. You
 retain non-exclusive rights to your contributions, so you can also
 share your contributions freely with other projects.
-GNUnet e.V. will publish all accepted contributions under the GPLv3
+GNUnet e.V. will publish all accepted contributions under the AGPLv3
 or any later version. The association may decide to publish
 contributions under additional licenses (dual-licensing).
@@ -88,3 +91,21 @@ In a 200+ pages handbook it's better to have footnotes accessible
 without having to skip over to the end.
 @end itemize
+@node Contributing testcases
+@section Contributing testcases
+In the core of gnunet, we restrict new testcases to a small subset
+of languages, in order of preference:
+@enumerate
+@item C
+@item Bash (preferable portable without too much specifics to Bash)
+@item Python (@geq{}3.6)
+@end enumerate
+We welcome efforts to remove our existing python-2.7 scripts to
+replace them either with Bash or, at your choice, python-3.6+.
+If you contribute new python based testcases, we advise you to
+not repeat our past misfortunes and write the tests in a standard
+test framework like for example pytest.
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi
index e95355302..e82e32b59 100644
--- a/doc/documentation/chapters/developer.texi
+++ b/doc/documentation/chapters/developer.texi
@@ -11,7 +11,7 @@ For developers, GNUnet is:
 @itemize @bullet
 @item developed by a community that believes in the GNU philosophy
 @item Free Software (Free as in Freedom), licensed under the
-GNU General Public License@footnote{@uref{https://www.gnu.org/licenses/licenses.html#GPL, https://www.gnu.org/licenses/licenses.html#GPL}}
+GNU Affero General Public License@footnote{@uref{https://www.gnu.org/licenses/licenses.html#AGPL, https://www.gnu.org/licenses/licenses.html#AGPL}}
 @item A set of standards, including coding conventions and
 architectural rules
 @item A set of layered protocols, both specifying the communication
@@ -40,6 +40,7 @@ new chapters, sections or insightful comments.
 @menu
 * Developer Introduction::
+* Internal dependencies::
 * Code overview::
 * System Architecture::
 * Subsystem stability::
@@ -47,6 +48,7 @@ new chapters, sections or insightful comments.
 * Build-system::
 * Developing extensions for GNUnet using the gnunet-ext template::
 * Writing testcases::
+* Building GNUnet and its dependencies::
 * TESTING library::
 * Performance regression analysis with Gauger::
 * TESTBED Subsystem::
@@ -212,9 +214,7 @@ Installation and update tool
 Template for starting 'external' GNUnet projects
 @item @command{gnunet-java}
 Java APIs for writing GNUnet services and applications
-@c ** FIXME: Point to new website repository once we have it:
+@item @command{gnunet-java-ext}
-@c ** @item svn/gnunet-www/ Code and media helping drive the GNUnet
-@c website
 @item @command{eclectic}
 Code to run GNUnet nodes on testbeds for research, development,
 testing and evaluation
@@ -225,6 +225,8 @@ Qt-based GNUnet GUI (is it deprecated?)
 cocoa-based GNUnet GUI (is it deprecated?)
 @item @command{gnunet-guile}
 Guile bindings for GNUnet
+@item @command{gnunet-python}
+Python bindings for GNUnet
 @end table
@@ -244,6 +246,13 @@ Tool for automated debugging of distributed systems
 Library for accessing satellite connection quality reports
 @item @command{libgnurl}
 gnURL (feature-restricted variant of cURL/libcurl)
+@item @command{www}
+work in progress of the new gnunet.org website (Jinja2 framework based to
+replace our current Drupal website)
+@item @command{bibliography}
+Our collected bibliography, papers, references, and so forth
+@item @command{gnunet-videos-}
+Videos about and around gnunet activities
 @end table
 Finally, there are various external projects (see links for a list of
@@ -251,6 +260,77 @@ those that have a public website) which build on top of the GNUnet
 framework.
 @c ***********************************************************************
+@node Internal dependencies
+@section Internal dependencies
+This section tries to give an overview of what processes a typical GNUnet
+peer running a particular application would consist of. All of the
+processes listed here should be automatically started by
+@command{gnunet-arm -s}.
+The list is given as a rough first guide to users for failure diagnostics.
+Ideally, end-users should never have to worry about these internal
+dependencies.
+In terms of internal dependencies, a minimum file-sharing system consists
+of the following GNUnet processes (in order of dependency):
+@itemize @bullet
+@item gnunet-service-arm
+@item gnunet-service-resolver (required by all)
+@item gnunet-service-statistics (required by all)
+@item gnunet-service-peerinfo
+@item gnunet-service-transport (requires peerinfo)
+@item gnunet-service-core (requires transport)
+@item gnunet-daemon-hostlist (requires core)
+@item gnunet-daemon-topology (requires hostlist, peerinfo)
+@item gnunet-service-datastore
+@item gnunet-service-dht (requires core)
+@item gnunet-service-identity
+@item gnunet-service-fs (requires identity, mesh, dht, datastore, core)
+@end itemize
+@noindent
+A minimum VPN system consists of the following GNUnet processes (in
+order of dependency):
+@itemize @bullet
+@item gnunet-service-arm
+@item gnunet-service-resolver (required by all)
+@item gnunet-service-statistics (required by all)
+@item gnunet-service-peerinfo
+@item gnunet-service-transport (requires peerinfo)
+@item gnunet-service-core (requires transport)
+@item gnunet-daemon-hostlist (requires core)
+@item gnunet-service-dht (requires core)
+@item gnunet-service-mesh (requires dht, core)
+@item gnunet-service-dns (requires dht)
+@item gnunet-service-regex (requires dht)
+@item gnunet-service-vpn (requires regex, dns, mesh, dht)
+@end itemize
+@noindent
+A minimum GNS system consists of the following GNUnet processes (in
+order of dependency):
+@itemize @bullet
+@item gnunet-service-arm
+@item gnunet-service-resolver (required by all)
+@item gnunet-service-statistics (required by all)
+@item gnunet-service-peerinfo
+@item gnunet-service-transport (requires peerinfo)
+@item gnunet-service-core (requires transport)
+@item gnunet-daemon-hostlist (requires core)
+@item gnunet-service-dht (requires core)
+@item gnunet-service-mesh (requires dht, core)
+@item gnunet-service-dns (requires dht)
+@item gnunet-service-regex (requires dht)
+@item gnunet-service-vpn (requires regex, dns, mesh, dht)
+@item gnunet-service-identity
+@item gnunet-service-namestore (requires identity)
+@item gnunet-service-gns (requires vpn, dns, dht, namestore, identity)
+@end itemize
+@c ***********************************************************************
 @node Code overview
 @section Code overview
@@ -279,7 +359,7 @@ The DHT and other components of GNUnet
 store information in units called 'blocks'. Each block has a type and the
 type defines a particular format and how that binary format is to be
 linked to a hash code (the key for the DHT and for databases). The block
-library is a wapper around block plugins which provide the necessary
+library is a wrapper around block plugins which provide the necessary
 functions for each block type.
 @item @file{statistics/} --- statistics service
 The statistics service enables associating
@@ -327,7 +407,7 @@ external service to test the local configuration.
 Some transports (UDP and WLAN, mostly) have restrictions on the maximum
 transfer unit (MTU) for packets. The fragmentation library can be used to
 break larger packets into chunks of at most 1k and transmit the resulting
-fragments reliabily (with acknowledgement, retransmission, timeouts,
+fragments reliably (with acknowledgment, retransmission, timeouts,
 etc.).
 @item @file{transport/} --- transport service
 The transport service is responsible for managing the
@@ -352,8 +432,8 @@ the foundation for the testbed service
 @item @file{testbed/} --- testbed service
 The testbed service is used for creating small or large scale deployments
 of GNUnet peers for evaluation of protocols.
-It facilitates peer depolyments on multiple
+It facilitates peer deployments on multiple
-hosts (for example, in a cluster) and establishing varous network
+hosts (for example, in a cluster) and establishing various network
 topologies (both underlay and overlay).
 @item @file{nse/} --- Network Size Estimation
 The network size estimation (NSE) service
@@ -965,7 +1045,7 @@ if (0 == bar && x != y)
 @end example
 @noindent
-Note that splitting the @code{if} statement above is debateable as the
+Note that splitting the @code{if} statement above is debatable as the
 @code{return x} is a very trivial statement. However, once the logic after
 the branch becomes more complicated (and is still identical), the "or"
 formulation should be used for sure.
@@ -1089,6 +1169,313 @@ typically necessary to run @code{make install} before running any
 testcases. Thus the canonical command @code{make check install} has to be
 changed to @code{make install check} for GNUnet.
+@c ***********************************************************************
+@cindex Building GNUnet
+@node Building GNUnet and its dependencies
+@section Building GNUnet and its dependencies
+In the following section we will outline how to build GNUnet and
+some of its dependencies. We will assume a fair amount of knowledge
+for building applications under UNIX-like systems. Furthermore we
+assume that the build environment is sane and that you are aware of
+any implications actions in this process could have.
+Instructions here can be seen as notes for developers (an extension to
+the 'HACKING' section in README) as well as package maintainers.
+@b{Users should rely on the available binary packages.}
+We will use Debian as an example Operating System environment. Substitute
+accordingly with your own Operating System environment.
+For the full list of dependencies, consult the appropriate, up-to-date
+section in the @file{README} file.
+First, we need to build or install (depending on your OS) the following
+packages. If you build them from source, build them in this exact order:
+@example
+libgpgerror, libgcrypt, libnettle, libunbound, GnuTLS (with libunbound
+support)
+@end example
+After we have build and installed those packages, we continue with
+packages closer to GNUnet in this step: libgnurl (our libcurl fork),
+GNU libmicrohttpd, and GNU libextractor. Again, if your package manager
+provides one of these packages, use the packages provided from it
+unless you have good reasons (package version too old, conflicts, etc).
+We advise against compiling widely used packages such as GnuTLS
+yourself if your OS provides a variant already unless you take care
+of maintenance of the packages then.
+In the optimistic case, this command will give you all the dependencies:
+@example
+sudo apt-get install libgnurl libmicrohttpd libextractor
+@end example
+From experience we know that at the very least libgnurl is not
+available in some environments. You could substitute libgnurl
+with libcurl, but we recommend to install libgnurl, as it gives
+you a predefined libcurl with the small set GNUnet requires. In
+the past namespaces of libcurl and libgnurl were shared, which
+caused problems when you wanted to integrate both of them in one
+Operating System. This has been resolved, and they can be installed
+side by side now.
+@cindex libgnurl
+@cindex compiling libgnurl
+GNUnet and some of its function depend on a limited subset of cURL/libcurl.
+Rather than trying to enforce a certain configuration on the world, we
+opted to maintain a microfork of it that ensures we can link against the
+right set of features. We called this specialized set of libcurl
+``libgnurl''. It is fully ABI compatible with libcurl and currently used
+by GNUnet and some of its dependencies.
+We download libgnurl and its digital signature from the GNU fileserver,
+assuming @env{TMPDIR} exists@footnote{It might be @file{/tmp}, @env{TMPDIR}, @env{TMP} or any other location. For consistency we assume @env{TMPDIR} points to @file{/tmp} for the remainder of this section.}
+@example
+cd \$TMPDIR
+wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.60.0.tar.Z
+wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.60.0.tar.Z.sig
+@end example
+Next, verify the digital signature of the file:
+@example
+gpg --verify gnurl-7.60.0.tar.Z.sig
+@end example
+If gpg fails, you might try with @command{gpg2} on your OS. If the error
+states that ``the key can not be found'' or it is unknown, you have to
+retrieve the key (A88C8ADD129828D7EAC02E52E22F9BBFEE348588) from a
+keyserver first:
+@example
+gpg --keyserver pgp.mit.edu --recv-keys A88C8ADD129828D7EAC02E52E22F9BBFEE348588
+@end example
+and rerun the verification command.
+libgnurl will require the following packages to be present at runtime:
+gnutls (with DANE support / libunbound), libidn, zlib and at compile time:
+libtool, groff, perl, pkg-config, and python 2.7.
+Once you have verified that all the required packages are present on your
+system, we can proceed to compile libgnurl:
+@example
+tar -xvf gnurl-7.60.0.tar.Z
+cd gnurl-7.60.0
+sh configure --disable-ntlm-wb
+make
+make -C tests test
+sudo make install
+@end example
+After you've compiled and installed libgnurl, we can proceed to building
+GNUnet.
+First, in addition to the GNUnet sources you might require downloading the
+latest version of various dependencies, depending on how recent the
+software versions in your distribution of GNU/Linux are.
+Most distributions do not include sufficiently recent versions of these
+dependencies.
+Thus, a typically installation on a "modern" GNU/Linux distribution
+requires you to install the following dependencies (ideally in this
+order):
+@itemize @bullet
+@item libgpgerror and libgcrypt
+@item libnettle and libunbound (possibly from distribution), GnuTLS
+@item libgnurl (read the README)
+@item GNU libmicrohttpd
+@item GNU libextractor
+@end itemize
+Make sure to first install the various mandatory and optional
+dependencies including development headers from your distribution.
+Other dependencies that you should strongly consider to install is a
+database (MySQL, sqlite or Postgres).
+The following instructions will assume that you installed at least sqlite.
+For most distributions you should be able to find pre-build packages for
+the database. Again, make sure to install the client libraries @b{and} the
+respective development headers (if they are packaged separately) as well.
+You can find specific, detailed instructions for installing of the
+dependencies (and possibly the rest of the GNUnet installation) in the
+platform-specific descriptions, which can be found in the Index.
+Please consult them now.
+If your distribution is not listed, please study the build
+instructions for Debian stable, carefully as you try to install the
+dependencies for your own distribution.
+Contributing additional instructions for further platforms is always
+appreciated.
+Please take in mind that operating system development tends to move at
+a rather fast speed. Due to this you should be aware that some of
+the instructions could be outdated by the time you are reading this.
+If you find a mistake, please tell us about it (or even better: send
+a patch to the documentation to fix it!).
+Before proceeding further, please double-check the dependency list.
+Note that in addition to satisfying the dependencies, you might have to
+make sure that development headers for the various libraries are also
+installed.
+There maybe files for other distributions, or you might be able to find
+equivalent packages for your distribution.
+While it is possible to build and install GNUnet without having root
+access, we will assume that you have full control over your system in
+these instructions.
+First, you should create a system user @emph{gnunet} and an additional
+group @emph{gnunetdns}. On the GNU/Linux distributions Debian and Ubuntu,
+type:
+@example
+sudo adduser --system --home /var/lib/gnunet --group \
+--disabled-password gnunet
+sudo addgroup --system gnunetdns
+@end example
+@noindent
+On other Unixes and GNU systems, this should have the same effect:
+@example
+sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet
+sudo addgroup --system gnunetdns
+@end example
+Now compile and install GNUnet using:
+@example
+tar xvf gnunet-@value{VERSION}.tar.gz
+cd gnunet-@value{VERSION}
+./configure --with-sudo=sudo --with-nssdir=/lib
+make
+sudo make install
+@end example
+If you want to be able to enable DEBUG-level log messages, add
+@code{--enable-logging=verbose} to the end of the
+@command{./configure} command.
+@code{DEBUG}-level log messages are in English only and
+should only be useful for developers (or for filing
+really detailed bug reports).
+@noindent
+Next, edit the file @file{/etc/gnunet.conf} to contain the following:
+@example
+[arm]
+START_SYSTEM_SERVICES = YES
+START_USER_SERVICES = NO
+@end example
+@noindent
+You may need to update your @code{ld.so} cache to include
+files installed in @file{/usr/local/lib}:
+@example
+# ldconfig
+@end example
+@noindent
+Then, switch from user @code{root} to user @code{gnunet} to start
+the peer:
+@example
+# su -s /bin/sh - gnunet
+$ gnunet-arm -c /etc/gnunet.conf -s
+@end example
+You may also want to add the last line in the gnunet user's @file{crontab}
+prefixed with @code{@@reboot} so that it is executed whenever the system
+is booted:
+@example
+@@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s
+@end example
+@noindent
+This will only start the system-wide GNUnet services.
+Type @command{exit} to get back your root shell.
+Now, you need to configure the per-user part. For each
+user that should get access to GNUnet on the system, run
+(replace alice with your username):
+@example
+sudo adduser alice gnunet
+@end example
+@noindent
+to allow them to access the system-wide GNUnet services. Then, each
+user should create a configuration file @file{~/.config/gnunet.conf}
+with the lines:
+@example
+[arm]
+START_SYSTEM_SERVICES = NO
+START_USER_SERVICES = YES
+DEFAULTSERVICES = gns
+@end example
+@noindent
+and start the per-user services using
+@example
+$ gnunet-arm -c ~/.config/gnunet.conf -s
+@end example
+@noindent
+Again, adding a @code{crontab} entry to autostart the peer is advised:
+@example
+@@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s
+@end example
+@noindent
+Note that some GNUnet services (such as SOCKS5 proxies) may need a
+system-wide TCP port for each user.
+For those services, systems with more than one user may require each user
+to specify a different port number in their personal configuration file.
+Finally, the user should perform the basic initial setup for the GNU Name
+System (GNS) certificate authority. This is done by running:
+@example
+$ gnunet-gns-proxy-setup-ca
+@end example
+@noindent
+The first generates the default zones, whereas the second setups the GNS
+Certificate Authority with the user's browser. Now, to activate GNS in the
+normal DNS resolution process, you need to edit your
+@file{/etc/nsswitch.conf} where you should find a line like this:
+@example
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+@end example
+@noindent
+The exact details may differ a bit, which is fine. Add the text
+@emph{"gns [NOTFOUND=return]"} after @emph{"files"}.
+Keep in mind that we included a backslash ("\") here just for
+markup reasons. You should write the text below on @b{one line}
+and @b{without} the "\":
+@example
+hosts: files gns [NOTFOUND=return] mdns4_minimal \
+[NOTFOUND=return] dns mdns4
+@end example
+@c FIXME: Document new behavior.
+You might want to make sure that @file{/lib/libnss_gns.so.2} exists on
+your system, it should have been created during the installation.
+@c **********************************************************************
 @cindex TESTING library
 @node TESTING library
 @section TESTING library
@@ -1156,7 +1543,7 @@ This range can be customised with the function
 similar to @code{GNUNET_TESTING_system_create()} except that it take 2
 additional parameters --- the start and end of the port range to use.
-A TESTING system is destroyed with the funciton
+A TESTING system is destroyed with the function
 @code{GNUNET_TESTING_system_destory()}. This function takes the handle of
 the system and a flag to remove the files created in the directory used
 to generate configurations.
@@ -1165,7 +1552,7 @@ A peer is created with the function
 @code{GNUNET_TESTING_peer_configure()}. This functions takes the system
 handle, a configuration template from which the configuration for the peer
 is auto-generated and the index from where the hostkey for the peer has to
-be copied from. When successfull, this function returs a handle to the
+be copied from. When successful, this function returns a handle to the
 peer which can be used to start and stop it and to obtain the identity of
 the peer. If unsuccessful, a NULL pointer is returned with an error
 message. This function handles the generated configuration to have
@@ -1199,7 +1586,7 @@ to the handle to the peer to stop. The callback function is called with
 the given closure when the peer is stopped. Using this function
 eliminates blocking while waiting for the peer to terminate.
-An asynchronous peer stop can be cancelled by calling the function
+An asynchronous peer stop can be canceled by calling the function
 @code{GNUNET_TESTING_peer_stop_async_cancel()}. Note that calling this
 function does not prevent the peer from terminating if the termination
 signal has already been sent to it. It does, however, cancels the
@@ -1280,12 +1667,12 @@ simply load the plugin directly.
 To help avoid performance regressions, GNUnet uses Gauger. Gauger is a
 simple logging tool that allows remote hosts to send performance data to
 a central server, where this data can be analyzed and visualized. Gauger
-shows graphs of the repository revisions and the performace data recorded
+shows graphs of the repository revisions and the performance data recorded
 for each revision, so sudden performance peaks or drops can be identified
 and linked to a specific revision number.
 In the case of GNUnet, the buildbots log the performance data obtained
-during the tests after each build. The data can be accesed on GNUnet's
+during the tests after each build. The data can be accessed on GNUnet's
 Gauger page.
 The menu on the left allows to select either the results of just one
@@ -1298,7 +1685,7 @@ performance evolution across all hosts.
 Using Gauger in GNUnet and having the performance of a module tracked over
 time is very easy. First of course, the testcase must generate some
 consistent metric, which makes sense to have logged. Highly volatile or
-random dependant metrics probably are not ideal candidates for meaningful
+random dependent metrics probably are not ideal candidates for meaningful
 regression detection.
 To start logging any value, just include @code{gauger.h} in your testcase
@@ -1510,7 +1897,7 @@ random links are to be given
 @item @code{GNUNET_TESTBED_TOPOLOGY_SCALE_FREE}: Connects peers in a
 topology where peer connectivity follows power law - new peers are
-connected with high probabililty to well connected peers.
+connected with high probability to well connected peers.
 @footnote{See Emergence of Scaling in Random Networks. Science 286,
 509-512, 1999
 (@uref{https://gnunet.org/git/bibliography.git/plain/docs/emergence_of_scaling_in_random_networks__barabasi_albert_science_286__1999.pdf, pdf})}
@@ -1551,7 +1938,7 @@ ignored for the rest of the topologies.
 Topology @code{SCALE_FREE} requires the options
 @code{SCALE_FREE_TOPOLOGY_CAP} to be set to the maximum number of peers
 which can connect to a peer and @code{SCALE_FREE_TOPOLOGY_M} to be set to
-how many peers a peer should be atleast connected to.
+how many peers a peer should be at least connected to.
 Similarly, the topology @code{FROM_FILE} requires the option
 @code{OVERLAY_TOPOLOGY_FILE} to contain the path of the file containing
@@ -1597,7 +1984,7 @@ A topology file describes how peers are to be connected. It should adhere
 to the following format for testbed to parse it correctly.
 Each line should begin with the target peer id. This should be followed by
-a colon(`:') and origin peer ids seperated by `|'. All spaces except for
+a colon(`:') and origin peer ids separated by `|'. All spaces except for
 newline characters are ignored. The API will then try to connect each
 origin peer to the target peer.
@@ -1623,9 +2010,9 @@ deemed as crossed after all the peers waiting on it are notified.
 The barriers API provides the following functions:
 @itemize @bullet
 @item @strong{@code{GNUNET_TESTBED_barrier_init()}:} function to
-initialse a barrier in the experiment
+initialize a barrier in the experiment
 @item @strong{@code{GNUNET_TESTBED_barrier_cancel()}:} function to cancel
-a barrier which has been initialised before
+a barrier which has been initialized before
 @item @strong{@code{GNUNET_TESTBED_barrier_wait()}:} function to signal
 barrier service that the caller has reached a barrier and is waiting for
 it to be crossed
@@ -1742,7 +2129,7 @@ the large-scale deployment. We provide you a set of scripts you can use
 to deploy GNUnet on a set of nodes and manage your installation.
 Please also check @uref{https://gnunet.org/installation-fedora8-svn} and
-@uref{https://gnunet.org/installation-fedora12-svn} to find detailled
+@uref{https://gnunet.org/installation-fedora12-svn} to find detailed
 instructions how to install GNUnet on a PlanetLab node.
@@ -1768,7 +2155,7 @@ image, installing the buildslave software is quite some pain. For our
 PlanetLab testbed we figured out how to install the buildslave software
 best.
-@c This is a vvery terrible way to suggest installing software.
+@c This is a very terrible way to suggest installing software.
 @c FIXME: Is there an official, safer way instead of blind-piping a
 @c script?
 @c FIXME: Use newer pypi URLs below.
@@ -1917,15 +2304,15 @@ is to set
 @example
 [core]
-FORCESTART = YES
+IMMEDIATE_START = YES
 @end example
 @noindent
 in the configuration file.
 Alternatively, having any service that directly or indirectly depends on
-@code{CORE} being started with @code{FORCESTART} will also do.
+@code{CORE} being started with @code{IMMEDIATE_START} will also do.
 This issue largely arises if users try to over-optimize by not
-starting any services with @code{FORCESTART}.
+starting any services with @code{IMMEDIATE_START}.
 @c ***********************************************************************
 @node ATS must want the connections
@@ -1974,7 +2361,7 @@ for new developers):
 @item CPS-style scheduling (scheduler.c)
 @item Program initialization (program.c)
 @item Networking (network.c, client.c, server*.c, service.c)
-@item message queueing (mq.c)
+@item message queuing (mq.c)
 @item bandwidth calculations (bandwidth.c)
 @item Other OS-related (os*.c, plugin.c, signal.c)
 @item Pseudonym management (pseudonym.c)
@@ -2045,7 +2432,7 @@ level to "loglevel". Thus it is possible to run some processes
 with -L DEBUG, for example, and others with -L ERROR to enable specific
 settings to diagnose problems with a particular process.
 @item Configuration files.  Because GNUnet
-service and deamon processes are usually launched by gnunet-arm, it is not
+service and daemon processes are usually launched by gnunet-arm, it is not
 possible to pass different custom command line options directly to every
 one of them. The options passed to @code{gnunet-arm} only affect
 gnunet-arm and not the rest of GNUnet. However, one can specify a
@@ -2337,7 +2724,7 @@ will have
 no effect. Other messages (ERROR, WARNING, INFO, etc) will be included.
 @item If @code{--enable-logging} is set to @code{verbose}, or
 @code{veryverbose} the binary will contain DEBUG messages (still, it will
-be neccessary to run with @command{-L DEBUG} or set the DEBUG config option
+be necessary to run with @command{-L DEBUG} or set the DEBUG config option
 to show
 them).
 @end itemize
@@ -2348,7 +2735,7 @@ If you are a developer:
 @item please make sure that you @code{./configure
 --enable-logging=@{verbose,veryverbose@}}, so you can see DEBUG messages.
 @item please remove the @code{#if} statements around @code{GNUNET_log
-(GNUNET_ERROR_TYPE_DEBUG, ...)} lines, to improve the readibility of your
+(GNUNET_ERROR_TYPE_DEBUG, ...)} lines, to improve the readability of your
 code.
 @end itemize
@@ -2361,7 +2748,7 @@ A suitable configuration could be:
 $ export GNUNET_FORCE_LOG="^YOUR_SUBSYSTEM$;;;;DEBUG/;;;;WARNING"
 @end example
-Which will behave almost like enabling DEBUG in that subsytem before the
+Which will behave almost like enabling DEBUG in that subsystem before the
 change. Of course you can adapt it to your particular needs, this is only
 a quick example.
@@ -2572,7 +2959,7 @@ function, which is set to @code{NULL} in most cases, and the last
 parameter is the expected size of the message of this type, usually we
 set it to 0 to accept variable size, for special cases the exact size of
 the specified message also can be set. In addition, the terminator sign
-depicted as @code{@{NULL, NULL, 0, 0@}} is set in the last aera.
+depicted as @code{@{NULL, NULL, 0, 0@}} is set in the last area.
 @c ***********************************************************************
 @node Server - Process request message
@@ -2622,7 +3009,7 @@ understand the request message, and the processing of this request would
 be terminated.
 In comparison to the aforementioned situation, when the argument is equal
-to @code{GNUNET_OK}, the service would continue to process the requst
+to @code{GNUNET_OK}, the service would continue to process the request
 message.
 @c ***********************************************************************
@@ -2771,7 +3158,7 @@ GNUnet uses SHA-512 for computing one-way hash codes. The API provides
 functions to compute a hash over a block in memory or over a file on disk.
 The crypto API also provides functions for randomizing a block of memory,
-obtaining a single random number and for generating a permuation of the
+obtaining a single random number and for generating a permutation of the
 numbers 0 to n-1. Random number generation distinguishes between WEAK and
 STRONG random number quality; WEAK random numbers are pseudo-random
 whereas STRONG random numbers use entropy gathered from the operating
@@ -2850,7 +3237,7 @@ message.
 Consider the following simple message, with the body consisting of a
 single number value.
-@c why the empy code function?
+@c why the empty code function?
 @code{}
 @example
@@ -3125,7 +3512,7 @@ or in some other transient data structure and thus having the hash map
 keep a pointer to @code{key} would not work. Only the key inside of
 @code{val} has the same lifetime as the entry in the map (this must of
 course be checked as well). Naturally, @code{val->key} must be
-intiialized before the @code{put} call. Once all @code{put} calls have
+initialized before the @code{put} call. Once all @code{put} calls have
 been converted and double-checked, you can change the call to create the
 hash map from
@@ -3322,10 +3709,10 @@ running a service with "valgrind" or "gdb"
 @item DEBUG Run in debug mode (much verbosity).
-@item AUTOSTART ARM will listen to UNIX domain socket and/or TCP port of
+@item START_ON_DEMAND ARM will listen to UNIX domain socket and/or TCP port of
 the service and start the service on-demand.
-@item FORCESTART ARM will always start this service when the peer
+@item IMMEDIATE_START ARM will always start this service when the peer
 is started.
 @item ACCEPT_FROM IPv4 addresses the service accepts connections from.
@@ -3336,7 +3723,7 @@ is started.
 Options that impact the operation of ARM overall are in the "[arm]"
-section. ARM is a normal service and has (except for AUTOSTART) all of the
+section. ARM is a normal service and has (except for START_ON_DEMAND) all of the
 options that other services do. In addition, ARM has the
 following options:
@@ -3513,7 +3900,7 @@ The goal of transport-level address validation is to minimize the chances
 of a successful man-in-the-middle attack against GNUnet peers on the
 transport level. Such an attack would not allow the adversary to decrypt
 the P2P transmissions, but a successful attacker could at least measure
-traffic volumes and latencies (raising the adversaries capablities by
+traffic volumes and latencies (raising the adversaries capabilities by
 those of a global passive adversary in the worst case). The scenarios we
 are concerned about is an attacker, Mallory, giving a @code{HELLO} to
 Alice that claims to be for Bob, but contains Mallory's IP address
@@ -3639,7 +4026,7 @@ connected peers, but they are sent about other knowns peers within the
 to each other about their appropriate other neighbors. They also gossip
 about the newly connected peer to previously
 connected neighbors. In order to keep the routing tables up to date,
-disconnect notifications are propogated as gossip as well (because
+disconnect notifications are propagated as gossip as well (because
 disconnects may not be sent/received, timeouts are also used remove
 stagnant routing table entries).
@@ -3830,7 +4217,7 @@ to send and receive messages.
 We have measured the performance of the UDP, TCP and SMTP transport layer
 directly and when used from an application using the GNUnet core.
-Measureing just the transport layer gives the better view of the actual
+Measuring just the transport layer gives the better view of the actual
 overhead of the protocol, whereas evaluating the transport from the
 application puts the overhead into perspective from a practical point of
 view.
@@ -3850,7 +4237,7 @@ wire have no impact on the timings. n messages were sent sequentially over
 the transport layer, sending message i+1 after the i-th message was
 received. All messages were sent over the same connection and the time to
 establish the connection was not taken into account since this overhead is
-miniscule in practice --- as long as a connection is used for a
+minuscule in practice --- as long as a connection is used for a
 significant number of messages.
 @multitable @columnfractions .20 .15 .15 .15 .15 .15
@@ -3881,9 +4268,9 @@ given time-bounds. For this benchmark we report the message loss after
 allowing t time for sending m messages. If messages were not sent (or
 received) after an overall timeout of t, they were considered lost. The
 benchmark was performed using two Xeon 2 GHZ machines running RedHat 8.0
-with sendmail. The machines were connected with a direct 100 MBit ethernet
+with sendmail. The machines were connected with a direct 100 MBit Ethernet
 connection.@ Figures udp1200, tcp1200 and smtp-MTUs show that the
-throughput for messages of size 1,200 octects is 2,343 kbps, 3,310 kbps
+throughput for messages of size 1,200 octets is 2,343 kbps, 3,310 kbps
 and 6 kbps for UDP, TCP and SMTP respectively. The high per-message
 overhead of SMTP can be improved by increasing the MTU, for example, an
 MTU of 12,000 octets improves the throughput to 13 kbps as figure
@@ -3928,7 +4315,7 @@ installed).
 For instructions about how to install the libraries you should
 check out the BlueZ site
 (@uref{http://www.bluez.org/, http://www.bluez.org}). If you don't know if
-you have the necesarry libraries, don't worry, just run the GNUnet
+you have the necessary libraries, don't worry, just run the GNUnet
 configure script and you will be able to see a notification at the end
 which will warn you if you don't have the necessary libraries.
@@ -3956,7 +4343,7 @@ helper binary used on GNU/Linux:
 @itemize @bullet
 @item it verifies if the name corresponds to a Bluetooth interface name
-@item it verifies if the iterface is up (if it is not, it tries to bring
+@item it verifies if the interface is up (if it is not, it tries to bring
 it up)
 @item it tries to enable the page and inquiry scan in order to make the
 device discoverable and to accept incoming connection requests
@@ -3997,12 +4384,12 @@ Bluetooth address has the form 00:00:00:00:00:00 it means that there is
 something wrong with the D-Bus daemon or with the Bluetooth daemon. Use
 @code{bluetoothd} tool to see the logs
-@item @code{sdptool} can be used to control and interogate SDP servers.
+@item @code{sdptool} can be used to control and interrogate SDP servers.
 If you encounter problems regarding the SDP server (like the SDP server is
 down) you should check out if the D-Bus daemon is running correctly and to
 see if the Bluetooth daemon started correctly(use @code{bluetoothd} tool).
 Also, sometimes the SDP service could work but somehow the device couldn't
-register his service. Use @code{sdptool browse [dev-address]} to see if
+register its service. Use @code{sdptool browse [dev-address]} to see if
 the service is registered. There should be a service with the name of the
 interface and GNUnet as provider.
@@ -4084,11 +4471,11 @@ then start sending data for benchmarking.
 On Windows you cannot test the plugin functionality using two Bluetooth
 devices from the same machine because after you install the drivers there
 will occur some conflicts between the Bluetooth stacks. (At least that is
-what happend on my machine : I wasn't able to use the Bluesoleil stack and
+what happened on my machine : I wasn't able to use the Bluesoleil stack and
 the WINDCOMM one in the same time).
 If you have two different machines and your configuration files are good
-you can use the same scenario presented on the begining of this section.
+you can use the same scenario presented on the beginning of this section.
 Another way to test the plugin functionality is to create your own
 application which will use the GNUnet framework with the Bluetooth
@@ -4103,8 +4490,8 @@ This page describes the implementation of the Bluetooth transport plugin.
 First I want to remind you that the Bluetooth transport plugin uses
 virtually the same code as the WLAN plugin and only the helper binary is
 different. Also the scope of the helper binary from the Bluetooth
-transport plugin is the same as the one used for the wlan transport
+transport plugin is the same as the one used for the WLAN transport
-plugin: it acceses the interface and then it forwards traffic in both
+plugin: it accesses the interface and then it forwards traffic in both
 directions between the Bluetooth interface and stdin/stdout of the
 process involved.
@@ -4145,8 +4532,8 @@ Bluetooth interface) and is separated in two stages:
 @subsubsection THE INITIALIZATION
 @itemize @bullet
-@item first, it checks if we have root privilegies
+@item first, it checks if we have root privileges
-(@emph{Remember that we need to have root privilegies in order to be able
+(@emph{Remember that we need to have root privileges in order to be able
 to bring the interface up if it is down or to change its state.}).
 @item second, it verifies if the interface with the given name exists.
@@ -4171,7 +4558,7 @@ discoverable
 devices to get the port on which this device is listening on)
 @end itemize
-@item drops the root privilegies
+@item drops the root privileges
 @strong{If the interface is not a Bluetooth interface the helper exits
 with a suitable error}
@@ -4216,7 +4603,7 @@ the STDOUT file descriptor, then we write to STDOUT the message from the
 @emph{write_std} buffer.
 To find out on which port a device is listening on we connect to the local
-SDP server and searche the registered service for that device.
+SDP server and search the registered service for that device.
 @emph{You should be aware of the fact that if the device fails to connect
 to another one when trying to send a message it will attempt one more
@@ -4279,17 +4666,17 @@ For Windows I decided to use the Microsoft Bluetooth stack which has the
 advantage of coming standard from Windows XP SP2. The main disadvantage is
 that it only supports the RFCOMM protocol so we will not be able to have
 a low level control over the Bluetooth device. Therefore it is the user
-responsability to check if the device is up and in the discoverable mode.
+responsibility to check if the device is up and in the discoverable mode.
 Also there are no tools which could be used for debugging in order to read
 the data coming from and going to a Bluetooth device, which obviously
 hindered my work. Another thing that slowed down the implementation of the
-plugin (besides that I wasn't too accomodated with the win32 API) was that
+plugin (besides that I wasn't too accommodated with the win32 API) was that
 there were some bugs on MinGW regarding the Bluetooth. Now they are solved
 but you should keep in mind that you should have the latest updates
 (especially the @emph{ws2bth} header).
 Besides the fact that it uses the Windows Sockets, the Windows
-implemenation follows the same principles as the GNU/Linux one:
+implementation follows the same principles as the GNU/Linux one:
 @itemize @bullet
 @item It has a initalization part where it initializes the
@@ -4334,7 +4721,7 @@ broadcast messages. When it receives a broadcast message it will skip it.
 @item Implement the broadcast functionality on Windows @emph{(currently
 working on)}
 @item Implement a testcase for the helper :@ @emph{The testcase
-consists of a program which emaluates the plugin and uses the helper. It
+consists of a program which emulates the plugin and uses the helper. It
 will simulate connections, disconnections and data transfers.}
 @end itemize
@@ -4522,7 +4909,7 @@ peers connecting, peers disconnecting and incoming messages) and send
 messages to connected peers using
 @code{GNUNET_CORE_notify_transmit_ready}. Note that applications must
 cancel pending transmission requests if they receive a disconnect event
-for a peer that had a transmission pending; furthermore, queueing more
+for a peer that had a transmission pending; furthermore, queuing more
 than one transmission request per peer per application using the
 service is not permitted.
@@ -4817,11 +5204,11 @@ The API is heavily base on the CORE API.
 CADET delivers messages to other peers in "channels".
 A channel is a permanent connection defined by a destination peer
 (identified by its public key) and a port number.
-Internally, CADET tunnels all channels towards a destiantion peer
+Internally, CADET tunnels all channels towards a destination peer
 using one session key and relays the data on multiple "connections",
 independent from the channels.
-Each channel has optional paramenters, the most important being the
+Each channel has optional parameters, the most important being the
 reliability flag.
 Should a message get lost on TRANSPORT/CORE level, if a channel is
 created with as reliable, CADET will retransmit the lost message and
@@ -4862,15 +5249,15 @@ case. To be alerted when a channel is online, a client can call
 @code{GNUNET_CADET_notify_transmit_ready} immediately after
 @code{GNUNET_CADET_create_channel}. When the callback is activated, it
 means that the channel is online. The callback can give 0 bytes to CADET
-if no message is to be sent, this is ok.
+if no message is to be sent, this is OK.
 If a transmission was requested but before the callback fires it is no
-longer needed, it can be cancelled with
+longer needed, it can be canceled with
 @code{GNUNET_CADET_notify_transmit_ready_cancel}, which uses the handle
 given back by @code{GNUNET_CADET_notify_transmit_ready}.
 As in the case of CORE, only one message can be requested at a time: a
 client must not call @code{GNUNET_CADET_notify_transmit_ready} again until
-the callback is called or the request is cancelled.
+the callback is called or the request is canceled.
 When a channel is no longer needed, a client can call
 @code{GNUNET_CADET_channel_destroy} to get rid of it.
@@ -4918,10 +5305,10 @@ all of the details can be found in this technical report.
 @subsection Motivation
-Some subsytems, like DHT, need to know the size of the GNUnet network to
+Some subsystems, like DHT, need to know the size of the GNUnet network to
 optimize some parameters of their own protocol. The decentralized nature
 of GNUnet makes efficient and securely counting the exact number of peers
-infeasable. Although there are several decentralized algorithms to count
+infeasible. Although there are several decentralized algorithms to count
 the number of peers in a system, so far there is none to do so securely.
 Other protocols may allow any malicious peer to manipulate the final
 result or to take advantage of the system to perform
@@ -4943,7 +5330,7 @@ GNUnet's NSE protocol avoids these drawbacks.
 The NSE subsystem is designed to be resilient against these attacks.
 It uses @uref{http://en.wikipedia.org/wiki/Proof-of-work_system, proofs of work}
 to prevent one peer from impersonating a large number of participants,
-which would otherwise allow an adversary to artifically inflate the
+which would otherwise allow an adversary to artificially inflate the
 estimate.
 The DoS protection comes from the time-based nature of the protocol:
 the estimates are calculated periodically and out-of-time traffic is
@@ -5005,7 +5392,7 @@ to all the other peers, who will calculate the estimate from it.
 The target value itself is generated by hashing the current time, rounded
 down to an agreed value. If the rounding amount is 1h (default) and the
 time is 12:34:56, the time to hash would be 12:00:00. The process is
-repeated each rouning amount (in this example would be every hour).
+repeated each rounding amount (in this example would be every hour).
 Every repetition is called a round.
 @node Timing
@@ -5017,12 +5404,12 @@ its ID all at one. Once each peer has the target random value, it
 compares its own ID to the target and calculates the hypothetical size of
 the network if that peer were to be the closest.
 Then it compares the hypothetical size with the estimate from the previous
-rounds. For each value there is an assiciated point in the period,
+rounds. For each value there is an associated point in the period,
 let's call it "broadcast time". If its own hypothetical estimate
 is the same as the previous global estimate, its "broadcast time" will be
 in the middle of the round. If its bigger it will be earlier and if its
 smaller (the most likely case) it will be later. This ensures that the
-peers closests to the target value start broadcasting their ID the first.
+peers closest to the target value start broadcasting their ID the first.
 @node Controlled Flooding
 @subsubsection Controlled Flooding
@@ -5035,7 +5422,7 @@ with a message containing the better value. Then it checks a proof of
 work that must be included in the incoming message, to ensure that the
 other peer's ID is not made up (otherwise a malicious peer could claim to
 have an ID of exactly the target value every round). Once validated, it
-compares the brodcast time of the received value with the current time
+compares the broadcast time of the received value with the current time
 and if it's not too early, sends the received value to its neighbors.
 Otherwise it stores the value until the correct broadcast time comes.
 This prevents unnecessary traffic of sub-optimal values, since a better
@@ -5049,7 +5436,7 @@ to the neighbors.
 @c %**end of header
 Once the closest ID has been spread across the network each peer gets the
-exact distance betweed this ID and the target value of the round and
+exact distance between this ID and the target value of the round and
 calculates the estimate with a mathematical formula described in the tech
 report. The estimate generated with this method for a single round is not
 very precise. Remember the case of the example, where the only peer is the
@@ -5073,7 +5460,7 @@ calls: @code{GNUNET_NSE_connect} and @code{GNUNET_NSE_disconnect}.
 The connect call gets a callback function as a parameter and this function
 is called each time the network agrees on an estimate. This usually is
 once per round, with some exceptions: if the closest peer has a late
-local clock and starts spreading his ID after everyone else agreed on a
+local clock and starts spreading its ID after everyone else agreed on a
 value, the callback might be activated twice in a round, the second value
 being always bigger than the first. The default round time is set to
 1 hour.
@@ -5123,7 +5510,7 @@ size is between one third and three times the estimate. This can of
 course vary with network conditions.
 Thus, applications may want to also consider the provided standard
 deviation value, not only the average (in particular, if the standard
-veriation is very high, the average maybe meaningless: the network size is
+variation is very high, the average maybe meaningless: the network size is
 changing rapidly).
 @node libgnunetnse - Examples
@@ -5199,12 +5586,12 @@ is what we are flooding the network with right now.
 At the beginning of each round the peer does the following:
 @itemize @bullet
-@item calculates his own distance to the target value
+@item calculates its own distance to the target value
 @item creates, signs and stores the message for the current round (unless
 it has a better message in the "next round" slot which came early in the
 previous round)
 @item calculates, based on the stored round message (own or received) when
-to stard flooding it to its neighbors
+to start flooding it to its neighbors
 @end itemize
 Upon receiving a message the peer checks the validity of the message
@@ -5705,7 +6092,7 @@ convenience API to do just that. Use @code{GNUNET_IDENTITY_ego_lookup} to
 lookup a single ego by name. Note that this is the user's name for the
 ego, not the service function. The resulting ego will be returned via a
 callback and will only be valid during that callback. The operation can
-be cancelled via @code{GNUNET_IDENTITY_ego_lookup_cancel}
+be canceled via @code{GNUNET_IDENTITY_ego_lookup_cancel}
 (cancellation is only legal before the callback is invoked).
 @node Associating egos with service functions
@@ -5835,8 +6222,8 @@ So a client has first to retrieve records, merge with existing records
 and then store the result.
 To perform a lookup operation, the client uses the
-@code{GNUNET_NAMESTORE_records_store} function. Here he has to pass the
+@code{GNUNET_NAMESTORE_records_store} function. Here it has to pass the
-namestore handle, the private key of the zone and the label. He also has
+namestore handle, the private key of the zone and the label. It also has
 to provide a callback function which will be called with the result of
 the lookup operation:
 the zone for the records, the label, and the records including the
@@ -5859,7 +6246,7 @@ by NAMESTORE.
 Here a client uses the @code{GNUNET_NAMESTORE_zone_iteration_start}
 function and passes the namestore handle, the zone to iterate over and a
 callback function to call with the result.
-If the client wants to iterate over all the, he passes NULL for the zone.
+If the client wants to iterate over all the WHAT!? FIXME, it passes NULL for the zone.
 A @code{GNUNET_NAMESTORE_ZoneIterator} handle is returned to be used to
 continue iteration.
@@ -6278,7 +6665,7 @@ The size of an element's data is limited to around 62 KB.
 Sets created by a local client can be modified and reused for multiple
 operations. As each set operation requires potentially expensive special
-auxilliary data to be computed for each element of a set, a set can only
+auxiliary data to be computed for each element of a set, a set can only
 participate in one type of set operation (i.e. union or intersection).
 The type of a set is determined upon its creation.
 If a the elements of a set are needed for an operation of a different
@@ -6398,7 +6785,7 @@ until the client calls @code{GNUNET_SET_commit}
 @c %**end of header
 To create symmetry between the two ways of starting a set operation
-(accepting and nitiating it), the operation handles returned by
+(accepting and initiating it), the operation handles returned by
 @code{GNUNET_SET_accept} and @code{GNUNET_SET_prepare} do not yet have a
 set to operate on, thus they can not do any work yet.
@@ -6555,10 +6942,10 @@ number of iterations).
 The receiver of the message removes all elements from its local set that
 do not pass the Bloom filter test.
 It then checks if the set size of the sender and the XOR over the keys
-match what is left of his own set. If they do, he sends a
+match what is left of its own set. If they do, it sends a
 @code{GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_DONE} back to indicate
 that the latest set is the final result.
-Otherwise, the receiver starts another Bloom fitler exchange, except
+Otherwise, the receiver starts another Bloom filter exchange, except
 this time as the sender.
 @node Salt
@@ -6566,7 +6953,7 @@ this time as the sender.
 @c %**end of header
-Bloomfilter operations are probablistic: With some non-zero probability
+Bloomfilter operations are probabilistic: With some non-zero probability
 the test may incorrectly say an element is in the set, even though it is
 not.
@@ -6619,7 +7006,7 @@ message. If the IBF fully decodes, the peer responds with a
 GNUNET_MESSAGE_TYPE_SET_UNION_P2P_DONE message instead of another
 GNUNET_MESSAGE_TYPE_SET_UNION_P2P_IBF.
-All Bloom filter operations use a salt to mingle keys before hasing them
+All Bloom filter operations use a salt to mingle keys before hashing them
 into buckets, such that future iterations have a fresh chance of
 succeeding if they failed due to collisions before.
@@ -7177,7 +7564,7 @@ already knows more than about a thousand blocks may need to send
 several of these messages. Naturally, the client should transmit these
 messages as quickly as possible after the original GET request such that
 the DHT can filter those results in the network early on. Naturally, as
-these messages are sent after the original request, it is conceivalbe
+these messages are sent after the original request, it is conceivable
 that the DHT service may return blocks that match those already known
 to the client anyway.
@@ -7290,7 +7677,7 @@ duplicate results) and when they obtain a matching, non-filtered response
 a @code{struct PeerResultMessage} of type
 @code{GNUNET_MESSAGE_TYPE_DHT_P2P_RESULT} is forwarded to the previous
 hop.
-Whenver a result is forwarded, the block plugin is used to update the
+Whenever a result is forwarded, the block plugin is used to update the
 Bloom filter accordingly, to ensure that the same result is never
 forwarded more than once.
 The DHT service may also cache forwarded results locally if the
@@ -7357,7 +7744,7 @@ record types.
 @c %**end of header
-The GNS API itself is extremely simple. Clients first connec to the
+The GNS API itself is extremely simple. Clients first connect to the
 GNS service using @code{GNUNET_GNS_connect}.
 They can then perform lookups using @code{GNUNET_GNS_lookup} or cancel
 pending lookups using @code{GNUNET_GNS_lookup_cancel}.
@@ -7406,9 +7793,9 @@ their respective zones can automatically be learned and added to the
 the shorten zone. If NULL is passed, shortening is disabled.
 @item proc This argument identifies
 the function to call with the result. It is given proc_cls, the number of
-records found (possilby zero) and the array of the records as arguments.
+records found (possibly zero) and the array of the records as arguments.
 proc will only be called once. After proc,> has been called, the lookup
-must no longer be cancelled.
+must no longer be canceled.
 @item proc_cls The closure for proc.
 @end table
@@ -7563,7 +7950,7 @@ This is merely one method for how we can obtain GNS queries.
 It is also possible to change @code{resolv.conf} to point to a machine
 running @code{gnunet-dns2gns} or to modify libc's name system switch
 (NSS) configuration to include a GNS resolution plugin.
-The method described in this chaper is more of a last-ditch catch-all
+The method described in this chapter is more of a last-ditch catch-all
 approach.
 @code{gnunet-service-dns} enables intercepting DNS traffic using policy
@@ -7731,8 +8118,8 @@ This returns the handle required for all other operations on the
 NAMECACHE. Using @code{GNUNET_NAMECACHE_block_cache} clients can insert a
 block into the cache.
 @code{GNUNET_NAMECACHE_lookup_block} can be used to lookup blocks that
-were stored in the NAMECACHE. Both operations can be cancelled using
+were stored in the NAMECACHE. Both operations can be canceled using
-@code{GNUNET_NAMECACHE_cancel}. Note that cancelling a
+@code{GNUNET_NAMECACHE_cancel}. Note that canceling a
 @code{GNUNET_NAMECACHE_block_cache} operation can result in the block
 being stored in the NAMECACHE --- or not. Cancellation primarily ensures
 that the continuation function with the result of the operation will no
@@ -7859,7 +8246,7 @@ When a revocation is performed, the revocation is first of all
 disseminated by flooding the overlay network.
 The goal is to reach every peer, so that when a peer needs to check if a
 key has been revoked, this will be purely a local operation where the
-peer looks at his local revocation list. Flooding the network is also the
+peer looks at its local revocation list. Flooding the network is also the
 most robust form of key revocation --- an adversary would have to control
 a separator of the overlay graph to restrict the propagation of the
 revocation message. Flooding is also very easy to implement --- peers that
@@ -7919,7 +8306,7 @@ revocations.
 @code{GNUNET_REVOCATION_query} is used to check if a given ECDSA public
 key has been revoked.
 The given callback will be invoked with the result of the check.
-The query can be cancelled using @code{GNUNET_REVOCATION_query_cancel} on
+The query can be canceled using @code{GNUNET_REVOCATION_query_cancel} on
 the return value.
 @node Preparing revocations
@@ -8097,7 +8484,7 @@ metadata describing the content of the namespace.
 Instead of the name of the identifier for a potential update, it contains
 the identifier for the root of the namespace.
 The URI should always be empty. The @code{SBlock} is signed with the
-content provder's RSA private key (just like any other SBlock). Peers
+content provider's RSA private key (just like any other SBlock). Peers
 can search for @code{SBlock}s in order to find out more about a namespace.
 @node KSBlocks
@@ -8262,11 +8649,11 @@ In the following paragraph the important details are highlighted.
 Announcing of the regular expressions is done by the
 gnunet-daemon-regexprofiler, therefore you have to make sure it is
-started, by adding it to the AUTOSTART set of ARM:
+started, by adding it to the START_ON_DEMAND set of ARM:
 @example
 [regexprofiler]
-AUTOSTART = YES
+START_ON_DEMAND = YES
 @end example
 @noindent
@@ -8381,7 +8768,7 @@ The REST service will automatically load all REST plugins on startup.
 @strong{Configuration}
-The rest service can be configured in various ways.
+The REST service can be configured in various ways.
 The reference config file can be found in 
 @file{src/rest/rest.conf}:
 @example
@@ -8392,8 +8779,11 @@ REST_ALLOW_ORIGIN=*
 REST_ALLOW_CREDENTIALS=true
 @end example
-The port as well as Cross-origin resource sharing (CORS) headers that
+The port as well as
-are supposed to be advertised by the rest service are configurable.
+@deffn{cross-origin resource sharing} (CORS)
+@end deffn
+headers that are supposed to be advertised by the rest service are
+configurable.
 @menu
 * Namespace considerations::
@@ -8403,19 +8793,19 @@ are supposed to be advertised by the rest service are configurable.
 @node Namespace considerations
 @subsection Namespace considerations
-The gnunet-rest-service will load all plugins that are installed.
+The @command{gnunet-rest-service} will load all plugins that are installed.
 As such it is important that the endpoint namespaces do not clash.
-For example, plugin X might expose the endpoint ``/xxx'' while plugin Y exposes
-endpoint ``/xxx/yyy''.
+For example, plugin X might expose the endpoint ``/xxx'' while plugin Y
-This is a problem if plugins X is also supposed to handle a call to 
+exposes endpoint ``/xxx/yyy''.
-``/xxx/yyy''.
+This is a problem if plugin X is also supposed to handle a call
-Currently, the REST service will not complain or warn about such clashes so
+to ``/xxx/yyy''.
-please make sure that endpoints are unambiguous.
+Currently the REST service will not complain or warn about such clashes,
+so please make sure that endpoints are unambiguous.
 @node Endpoint documentation
 @subsection Endpoint documentation
 This is WIP. Endpoints should be documented appropriately.
-Perferably using annotations.
+Preferably using annotations.
diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi
index 3a76fb162..559a97f96 100644
--- a/doc/documentation/chapters/installation.texi
+++ b/doc/documentation/chapters/installation.texi
@@ -1,2185 +1,317 @@
-@node GNUnet Installation Handbook
+@node Installing GNUnet
-@chapter GNUnet Installation Handbook
+@chapter Installing GNUnet
-This handbook describes how to install (build, setup, compile) and
+This guide is intended for those who want to install Gnunet from
-setup (configure, start) GNUnet @value{VERSION}. After following these
+source. For instructions on how to install GNUnet as a binary package
-instructions you should be able to install and then start user-interfaces
+please refer to the official documentation of your operating system or
-to interact with the network.
+package manager.
-Note: This manual is far from complete, and we welcome contributions, be
-it in the form of new chapters or insightful comments.
-@menu
-* Dependencies::
-* Pre-installation notes::
-* Generic installation instructions::
-* Build instructions for Ubuntu 12.04 using Git::
-* Build instructions for software builds from source::
-* Build Instructions for Microsoft Windows Platforms::
-* Build instructions for Debian 7.5::
-* Installing GNUnet from Git on Ubuntu 14.4::
-* Build instructions for Debian 8::
-@c * Build instructions for OpenBSD 6.2::
-* Outdated build instructions for previous revisions::
-@c * Portable GNUnet::
-* The graphical configuration interface::
-* How to start and stop a GNUnet peer::
-@end menu
-@node Dependencies
-@section Dependencies
-@c %**end of header
-This section lists the various known dependencies for
-GNUnet @value{EDITION}.
-Suggestions for missing dependencies or wrong version numbers are welcome.
 @menu
-* External dependencies::
+* Installing dependencies::
-* Optional dependencies::
+* Getting the Source Code::
-* Internal dependencies::
+* Create @code{gnunet} user and group::
+* Preparing and Compiling the Source Code::
+* Installation::
+* MOVED FROM USER Checking the Installation::
+* MOVED FROM USER The graphical configuration interface::
+* MOVED FROM USER Config Leftovers::
 @end menu
-@node External dependencies
+@c -----------------------------------------------------------------------
-@subsection External dependencies
+@node Installing dependencies
-@c %**end of header
+@section Installing dependencies
+GNUnet needs few libraries and applications for being able to run and
-These packages must be installed before a typical GNUnet installation
+another few optional ones for using certain features. Preferably they
-can be performed:
+should be installed with a package manager. Just in case we include a
+link to the project websites.
+The mandatory libraries and applications are
 @itemize @bullet
-@item autoconf
+@item libtool
-@item automake
+@item autoconf @geq{}2.59
+@item automake @geq{}1.11.1
 @item pkg-config
-@item libltdl
+@item libgcrypt @geq{}1.6
-@item gstreamer
+@item libextractor
-@item gst-plugins-base
+@item libidn
-@item perl
+@item libmicrohttpd @geq{}0.9.52
-@item python (only 2.7 supported)@footnote{tests and gnunet-qr}
+@item libnss 
-@item jansson
+@item libunistring
-@item nss
-@item glib
-@item gmp
-@item bluez
-@item miniupnpc
 @item gettext
-@item which
+@item glibc
-@item texinfo @geq{} 5.2
+@item libgmp
-@item GNU libmicrohttpd @geq{} 0.9.30 @footnote{We recommend to build it
+@item gnutls
-with a GnuTLS version that was configured with libunbound}
+@item libcurl (has to be linked to GnuTLS) or libgnurl
-@item GNU libextractor @geq{} 1.0
-@item GNU libtool @geq{} 2.2
-@item GNU libunistring @geq{} 0.9.1.1
-@item GNU libidn @geq{} 1.0.0
-@item @uref{https://gnupg.org/software/libgcrypt/, GNU libgcrypt} @geq{}
-@uref{https://gnupg.org/ftp/gcrypt/libgcrypt/, 1.6.0}
-@item @uref{https://gnutls.org/, GnuTLS} @geq{} 3.2.7
-@footnote{We recommend to compile with libunbound for DANE support;
-GnuTLS also requires GNU nettle 2.7 (update: GnuTLS 3.2.7 appears NOT
-to work against GNU nettle > 2.7, due to some API updatings done by
-nettle. Thus it should be compiled against nettle 2.7
-and, in case you get some error on the reference to `rpl_strerror' being
-undefined, follow the instructions on
-@uref{http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html, this}
-post (and the link inside it)).}
-@item @uref{https://gnunet.org/gnurl, gnURL} libgnurl @geq{} 7.34.0
-@footnote{must be compiled after @code{GnuTLS}}
-@item libglpk @geq{} 4.45
-@item @uref{http://www.openssl.org/, OpenSSL} @geq{} 1.0
-@item TeX Live @geq{} 2012, optional (for gnunet-bcd)
-@item Texinfo @geq{} 5.2 (for documentation)
-@item libsqlite @geq{} 3.8.0 @footnote{(note that the code will
-compile and often work with lower version numbers, but you may get subtle
-bugs with respect to quota management in certain rare cases);
-alternatively, MySQL or Postgres can also be installed, but those
-databases will require more complex configurations (not
-recommended for first-time users)}
 @item zlib
 @end itemize
-@node Optional dependencies
+In addition GNUnet needs one of of these three databases
-@subsection Optional dependencies
-These applications must be installed for various experimental or otherwise
-optional features such as @command{gnunet-conversation},
-and @command{gnunet-gtk} (most of these features are only build if you
-configure GNUnet with @command{--enable-experimental}):
-@itemize @bullet
-@item libpulse @geq{} 2.0,
-optional (for @command{gnunet-conversation})
-@item libopus @geq{} 1.0.1,
-optional (for @command{gnunet-conversation})
-@item libogg @geq{} 1.3.0,
-optional (for @command{gnunet-conversation})
-@item libnss contained @command{certool} binary,
-optional for convenient installation of
-the GNS proxy.
-@item python-zbar @geq{} 0.10,
-optional (for @command{gnunet-qr})
-@item Gtk+ @geq{} 3.0,
-optional (for @command{gnunet-gtk})
-@item libgladeui (must match Gtk+ version),
-optional (for @command{gnunet-gtk})
-@item libqrencode @geq{} 3.0,
-optional (for @command{gnunet-namestore-gtk})
-@item libpbc @geq{} 0.5.14, optional for Attribute-Based Encryption and Identity Provider functionality
-@item libgabe (https://github.com/schanzen/libgabe), optional for Attribute-Based Encryption and Identity Provider functionality
-@end itemize
-@node Internal dependencies
-@subsection Internal dependencies
-This section tries to give an overview of what processes a typical GNUnet
-peer running a particular application would consist of. All of the
-processes listed here should be automatically started by
-@command{gnunet-arm -s}.
-The list is given as a rough first guide to users for failure diagnostics.
-Ideally, end-users should never have to worry about these internal
-dependencies.
-In terms of internal dependencies, a minimum file-sharing system consists
-of the following GNUnet processes (in order of dependency):
-@itemize @bullet
-@item gnunet-service-arm
-@item gnunet-service-resolver (required by all)
-@item gnunet-service-statistics (required by all)
-@item gnunet-service-peerinfo
-@item gnunet-service-transport (requires peerinfo)
-@item gnunet-service-core (requires transport)
-@item gnunet-daemon-hostlist (requires core)
-@item gnunet-daemon-topology (requires hostlist, peerinfo)
-@item gnunet-service-datastore
-@item gnunet-service-dht (requires core)
-@item gnunet-service-identity
-@item gnunet-service-fs (requires identity, mesh, dht, datastore, core)
-@end itemize
-@noindent
-A minimum VPN system consists of the following GNUnet processes (in
-order of dependency):
-@itemize @bullet
-@item gnunet-service-arm
-@item gnunet-service-resolver (required by all)
-@item gnunet-service-statistics (required by all)
-@item gnunet-service-peerinfo
-@item gnunet-service-transport (requires peerinfo)
-@item gnunet-service-core (requires transport)
-@item gnunet-daemon-hostlist (requires core)
-@item gnunet-service-dht (requires core)
-@item gnunet-service-mesh (requires dht, core)
-@item gnunet-service-dns (requires dht)
-@item gnunet-service-regex (requires dht)
-@item gnunet-service-vpn (requires regex, dns, mesh, dht)
-@end itemize
-@noindent
-A minimum GNS system consists of the following GNUnet processes (in
-order of dependency):
-@itemize @bullet
-@item gnunet-service-arm
-@item gnunet-service-resolver (required by all)
-@item gnunet-service-statistics (required by all)
-@item gnunet-service-peerinfo
-@item gnunet-service-transport (requires peerinfo)
-@item gnunet-service-core (requires transport)
-@item gnunet-daemon-hostlist (requires core)
-@item gnunet-service-dht (requires core)
-@item gnunet-service-mesh (requires dht, core)
-@item gnunet-service-dns (requires dht)
-@item gnunet-service-regex (requires dht)
-@item gnunet-service-vpn (requires regex, dns, mesh, dht)
-@item gnunet-service-identity
-@item gnunet-service-namestore (requires identity)
-@item gnunet-service-gns (requires vpn, dns, dht, namestore, identity)
-@end itemize
-@node Pre-installation notes
-@section Pre-installation notes
-Please note that in the code instructions for the installation,
-@emph{#} indicates commands run as privileged root user and
-@emph{$} shows commands run as unprivileged ("normal") system user.
-@node Generic installation instructions
-@section Generic installation instructions
-First, in addition to the GNUnet sources you might require downloading the
-latest version of various dependencies, depending on how recent the
-software versions in your distribution of GNU/Linux are.
-Most distributions do not include sufficiently recent versions of these
-dependencies.
-Thus, a typically installation on a "modern" GNU/Linux distribution
-requires you to install the following dependencies (ideally in this
-order):
-@itemize @bullet
-@item libgpgerror and libgcrypt
-@item libnettle and libunbound (possibly from distribution), GnuTLS
-@item libgnurl (read the README)
-@item GNU libmicrohttpd
-@item GNU libextractor
-@end itemize
-Make sure to first install the various mandatory and optional
-dependencies including development headers from your distribution.
-Other dependencies that you should strongly consider to install is a
-database (MySQL, sqlite or Postgres).
-The following instructions will assume that you installed at least sqlite.
-For most distributions you should be able to find pre-build packages for
-the database. Again, make sure to install the client libraries @b{and} the
-respective development headers (if they are packaged separately) as well.
-You can find specific, detailed instructions for installing of the
-dependencies (and possibly the rest of the GNUnet installation) in the
-platform-specific descriptions, which can be found in the Index.
-Please consult them now.
-If your distribution is not listed, please study
-@ref{Build instructions for Debian 8}, the build instructions for
-Debian stable, carefully as you try to install the dependencies for your
-own distribution.
-Contributing additional instructions for further platforms is always
-appreciated.
-Please take in mind that operating system development tends to move at
-a rather fast speed. Due to this you should be aware that some of
-the instructions could be outdated by the time you are reading this.
-If you find a mistake, please tell us about it (or even better: send
-a patch to the documentation to fix it!).
-Before proceeding further, please double-check the dependency list.
-Note that in addition to satisfying the dependencies, you might have to
-make sure that development headers for the various libraries are also
-installed.
-There maybe files for other distributions, or you might be able to find
-equivalent packages for your distribution.
-While it is possible to build and install GNUnet without having root
-access, we will assume that you have full control over your system in
-these instructions.
-First, you should create a system user @emph{gnunet} and an additional
-group @emph{gnunetdns}. On the GNU/Linux distributions Debian and Ubuntu,
-type:
-@example
-# adduser --system --home /var/lib/gnunet --group \
--disabled-password gnunet
-# addgroup --system gnunetdns
-@end example
-@noindent
-On other Unixes and GNU systems, this should have the same effect:
-@example
-# useradd --system --groups gnunet --home-dir /var/lib/gnunet
-# addgroup --system gnunetdns
-@end example
-Now compile and install GNUnet using:
-@example
-$ tar xvf gnunet-@value{VERSION}.tar.gz
-$ cd gnunet-@value{VERSION}
-$ ./configure --with-sudo=sudo --with-nssdir=/lib
-$ make
-$ sudo make install
-@end example
-If you want to be able to enable DEBUG-level log messages, add
-@code{--enable-logging=verbose} to the end of the
-@command{./configure} command.
-@code{DEBUG}-level log messages are in English only and
-should only be useful for developers (or for filing
-really detailed bug reports).
-Finally, you probably want to compile @command{gnunet-gtk}, which
-includes @command{gnunet-setup} (a graphical tool for
-GNUnet configuration) and @command{gnunet-fs-gtk} (a graphical tool for
-GNUnet file-sharing):
-@example
-$ tar xvf gnunet-gtk-@value{VERSION}.tar.gz
-$ cd gnunet-gtk-@value{VERSION}
-$ ./configure --with-gnunet=/usr/local/
-$ make
-$ sudo make install
-$ cd ..
-# just to be safe run this:
-$ sudo ldconfig
-@end example
-@noindent
-Next, edit the file @file{/etc/gnunet.conf} to contain the following:
-@example
-[arm]
-SYSTEM_ONLY = YES
-USER_ONLY = NO
-@end example
-@noindent
-You may need to update your @code{ld.so} cache to include
-files installed in @file{/usr/local/lib}:
-@example
-# ldconfig
-@end example
-@noindent
-Then, switch from user @code{root} to user @code{gnunet} to start
-the peer:
-@example
-# su -s /bin/sh - gnunet
-$ gnunet-arm -c /etc/gnunet.conf -s
-@end example
-You may also want to add the last line in the gnunet user's @file{crontab}
-prefixed with @code{@@reboot} so that it is executed whenever the system
-is booted:
-@example
-@@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s
-@end example
-@noindent
-This will only start the system-wide GNUnet services.
-Type exit to get back your root shell.
-Now, you need to configure the per-user part. For each
-$USER that should get access to GNUnet on the system, run:
-@example
-# adduser $USER gnunet
-@end example
-@noindent
-to allow them to access the system-wide GNUnet services. Then, each
-user should create a configuration file @file{~/.config/gnunet.conf}
-with the lines:
-@example
-[arm]
-SYSTEM_ONLY = NO
-USER_ONLY = YES
-DEFAULTSERVICES = gns
-@end example
-@noindent
-and start the per-user services using
-@example
-$ gnunet-arm -c ~/.config/gnunet.conf -s
-@end example
-@noindent
-Again, adding a @code{crontab} entry to autostart the peer is advised:
-@example
-@@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s
-@end example
-@noindent
-Note that some GNUnet services (such as SOCKS5 proxies) may need a
-system-wide TCP port for each user.
-For those services, systems with more than one user may require each user
-to specify a different port number in their personal configuration file.
-Finally, the user should perform the basic initial setup for the GNU Name
-System (GNS) certificate authority. This is done by running:
-@example
-$ gnunet-gns-proxy-setup-ca
-@end example
-@noindent
-The first generates the default zones, wheras the second setups the GNS
-Certificate Authority with the user's browser. Now, to activate GNS in the
-normal DNS resolution process, you need to edit your
-@file{/etc/nsswitch.conf} where you should find a line like this:
-@example
-hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
-@end example
-@noindent
-The exact details may differ a bit, which is fine. Add the text
-@emph{"gns [NOTFOUND=return]"} after @emph{"files"}.
-Keep in mind that we included a backslash ("\") here just for
-markup reasons. You should write the text below on @b{one line}
-and @b{without} the "\":
-@example
-hosts: files gns [NOTFOUND=return] mdns4_minimal \
-[NOTFOUND=return] dns mdns4
-@end example
-@c FIXME: Document new behavior.
-You might want to make sure that @file{/lib/libnss_gns.so.2} exists on
-your system, it should have been created during the installation.
-@node Build instructions for Ubuntu 12.04 using Git
-@section Build instructions for Ubuntu 12.04 using Git
-@menu
-* Install the required build tools::
-* Install libgcrypt 1.6 and libgpg-error::
-* Install gnutls with DANE support::
-* Install libgnurl::
-* Install libmicrohttpd from Git::
-* Install libextractor from Git::
-* Install GNUnet dependencies::
-* Build GNUnet::
-* Install the GNUnet-gtk user interface from Git::
-@end menu
-@node  Install the required build tools
-@subsection  Install the required build tools
-First, make sure Git is installed on your system:
-@example
-$ sudo apt-get install git
-@end example
-Install the essential buildtools:
-@example
-$ sudo apt-get install automake autopoint autoconf libtool
-@end example
-@node Install libgcrypt 1.6 and libgpg-error
-@subsection Install libgcrypt 1.6 and libgpg-error
-@ref{generic source installation - libgpg-error}
-@node Install gnutls with DANE support
-@subsection Install gnutls with DANE support
-@itemize @bullet
-@item @ref{generic source installation - nettle}
-@item @ref{generic source installation - ldns}
-@item @ref{generic source installation - libunbound/unbound}
-@item @ref{generic source installation - gnutls}
-@item @ref{generic source installation - libgcrypt}
-@end itemize
-@node Install libgnurl
-@subsection Install libgnurl
-Follow the @ref{generic source installation - libgnurl}.
-@node Install libmicrohttpd from Git
-@subsection Install libmicrohttpd from Git
-@example
-$ git clone https://gnunet.org/git/libmicrohttpd
-$ cd libmicrohttpd/
-$ ./bootstrap
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-@node  Install libextractor from Git
-@subsection  Install libextractor from Git
-Install libextractor dependencies:
-@example
-$ sudo apt-get install zlib1g-dev libgsf-1-dev libmpeg2-4-dev \
- libpoppler-dev libvorbis-dev libexiv2-dev libjpeg-dev \
- libtiff-dev libgif-dev libvorbis-dev libflac-dev libsmf-dev \
- g++
-@end example
-Build libextractor:
-@example
-$ git clone https://gnunet.org/git/libextractor
-$ cd libextractor
-$ ./bootstrap
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-@node Install GNUnet dependencies
-@subsection Install GNUnet dependencies
-@example
-$ sudo apt-get install libidn11-dev libunistring-dev libglpk-dev \
- libpulse-dev libbluetooth-dev libsqlite-dev
-@end example
-Install libopus:
-@example
-$ wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz
-$ tar xf opus-1.1.tar.gz
-$ cd opus-1.1/
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-Choose one or more database backends:
-SQLite3:
-@example
-$ sudo apt-get install libsqlite3-dev
-@end example
-MySQL:
-@example
-$ sudo apt-get install libmysqlclient-dev
-@end example
-PostgreSQL:
-@example
-$ sudo apt-get install libpq-dev postgresql
-@end example
-@node Build GNUnet
-@subsection Build GNUnet
-@menu
-* Configuring the installation path::
-* Configuring the system::
-* Installing components requiring sudo permission::
-* Build::
-@end menu
-@node Configuring the installation path
-@subsubsection Configuring the installation path
-You can specify the location of the GNUnet installation by setting the
-prefix when calling the configure script with @code{--prefix=DIRECTORY}
-@example
-$ export PATH=$PATH:DIRECTORY/bin
-@end example
-@node Configuring the system
-@subsubsection Configuring the system
-Please make sure NOW that you have created a user and group 'gnunet'
-and additionally a group 'gnunetdns':
-@example
-$ sudo addgroup gnunet
-$ sudo addgroup gnunetdns
-$ sudo adduser gnunet
-@end example
-Each GNUnet user should be added to the 'gnunet' group (may
-require fresh login to come into effect):
-@example
-$ sudo useradd -G  gnunet
-@end example
-@node Installing components requiring sudo permission
-@subsubsection Installing components requiring sudo permission
-Some components, like the nss plugin required for GNS, may require root
-permissions. To allow these few components to be installed use:
-@example
-$ ./configure --with-sudo
-@end example
-@node Build
-@subsubsection Build
-@example
-$ git clone https://gnunet.org/git/gnunet/
-$ cd gnunet/
-$ ./bootstrap
-@end example
-Use the required configure call including the optional installation prefix
-@code{PREFIX} or the sudo permissions:
-@example
-$ ./configure [ --with-sudo | --with-prefix=PREFIX ]
-@end example
-@example
-$ make; sudo make install
-@end example
-After installing it, you need to create an empty configuration file:
-@example
-mkdir ~/.gnunet; touch ~/.gnunet/gnunet.conf
-@end example
-And finally you can start GNUnet with:
-@example
-$ gnunet-arm -s
-@end example
-@node Install the GNUnet-gtk user interface from Git
-@subsection Install the GNUnet-gtk user interface from Git
-Install depencies:
-@example
-$ sudo apt-get install libgtk-3-dev libunique-3.0-dev libgladeui-dev \
- libqrencode-dev
-@end example
-Build GNUnet (with an optional prefix) and execute:
-@example
-$ git clone https://gnunet.org/git/gnunet-gtk/
-$ cd gnunet-gtk/
-$ ./bootstrap
-$ ./configure [--prefix=PREFIX] --with-gnunet=DIRECTORY
-$ make; sudo make install
-@end example
-@node Build instructions for software builds from source
-@section Build instructions for software builds from source
-This section describes software builds in case your operating
-system lacks binary substitutes / binary builds for some dependencies
-of GNUnet.
-It is assumed that you have installed common build dependencies
-and that these instructions are treated as generic without any
-debugging help.
-It is furthermore assumed that you use the release tarballs of
-the software, installation from the respective version control
-sources might differ in ways that are only minimal different
-(for example a dependency on autotools etc).
-@menu
-* generic source installation - nettle::
-* generic source installation - ldns::
-* generic source installation - libunbound/unbound::
-* generic source installation - libav::
-* generic source installation - libextractor::
-* generic source installation - libgpg-error::
-* generic source installation - libgcrypt::
-* generic source installation - gnutls::
-* generic source installation - libmicrohttpd::
-* generic source installation - libgnurl::
-@end menu
-@node generic source installation - nettle
-@subsection generic source installation - nettle
-@example
-$ wget http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz
-$ tar xf nettle-2.7.1.tar.gz
-$ cd nettle-2.7.1
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-@node generic source installation - ldns
-@subsection generic source installation - ldns
-@example
-$ wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz
-$ tar xf ldns-1.6.16.tar.gz
-$ cd ldns-1.6.16
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-@node generic source installation - libunbound/unbound
-@subsection generic source installation - libunbound/unbound
-@example
-$ wget https://unbound.net/downloads/unbound-1.4.21.tar.gz
-$ tar xf unbound-1.4.21.tar.gz
-$ cd unbound-1.4.21
-$ ./configure
-$ sudo make install ; cd ..
-@end example
-@node generic source installation - libav
-@subsection generic source installation - libav
-@example
-$ wget https://libav.org/releases/libav-9.10.tar.xz
-$ cd libav-0.9 ; ./configure --enable-shared;
-$ make; sudo make install; cd ..
-@end example
-@node generic source installation - libextractor
-@subsection generic source installation - libextractor
-@example
-$ wget https://ftp.gnu.org/gnu/libextractor/libextractor-1.3.tar.gz
-$ tar xvf libextractor-1.3.tar.gz
-$ cd libextractor-1.3 ; ./configure;
-$ make ; sudo make install; cd ..
-@end example
-@node generic source installation - libgpg-error
-@subsection generic source installation - libgpg-error
-@example
-$ wget https://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2
-$ tar xvf libgpg-error-1.12.tar.bz2
-$ cd libgpg-error-1.12; ./configure;
-$ make ; sudo make install; cd ..
-@end example
-@node generic source installation - libgcrypt
-@subsection generic source installation - libgcrypt
-@example
-$ wget https://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2
-$ tar xvf libgcrypt-1.6.0.tar.bz2
-$ cd libgcrypt-1.6.0; ./configure --with-gpg-error-prefix=/usr/local;
-$ make ; sudo make install ; cd ..
-@end example
-@node generic source installation - gnutls
-@subsection generic source installation - gnutls
-@example
-$ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz
-$ tar xvf gnutls-3.2.7.tar.xz
-$ cd gnutls-3.2.7
-@end example
-@noindent
-If you want a GnuTLS with DANE functionality (recommended for GNUnet),
-you have to compile it against libunbound. Assuming that libunbound
-is installed on your system:
-@example
-$ ./configure --enable-libdane
-@end example
-@noindent
-Note that the build system of GnuTLS should pick up libunbound without
-the explicit mention of @code{--enable-libdane}.
-If you don't want libdane support you should pass @code{--disable-libdane}
-instead.
-@example
-$ ./configure
-$ make ; sudo make install ; cd ..
-@end example
-@node generic source installation - libmicrohttpd
-@subsection generic source installation - libmicrohttpd
-@example
-$ wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.33.tar.gz
-$ tar xvf libmicrohttpd-0.9.33.tar.gz
-$ cd libmicrohttpd-0.9.33; ./configure;
-$ make ; sudo make install ; cd ..
-@end example
-@node generic source installation - libgnurl
-@subsection generic source installation - libgnurl
-Example installation of libgnurl version 7.57.0 from source.
-@example
-$ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz
-$ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz.sig
-$ gpg --verify gnurl-7.57.0.tar.xz.sig
-@end example
-@noindent
-If that command fails because you do not have the required public key,
-then run this command to import it:
-@example
-$ gpg --keyserver pgp.mit.edu --recv-keys A88C8ADD129828D7EAC02E52E22F9BBFEE348588
-@end example
-@noindent
-and rerun the gpg --verify command.
-@example
-$ tar xvf gnurl-7.57.0.tar.xz
-$ cd gnurl-7.57.0
-$ ./configure --disable-ntlm-wb
-$ make ; sudo make install; cd ..
-@end example
-You have now build and installed libgnurl from source.
-@menu
-* Fixing libgnurl build issues::
-@end menu
-@node Fixing libgnurl build issues
-@subsubsection Fixing libgnurl build issues
-@c FIXME: Obviously this subsection should be evaluated and
-@c if still necessary moved into gnURL itself (README) or
-@c into a separate section which deals with gnURL.
-If you have to compile libgnurl from source (for example if the version
-included in your distribution is too old or it's not included at all)
-you perhaps might get an error message while running the
-@command{configure} script:
-@example
-$ configure
-...
-checking for 64-bit curl_off_t data type... unknown
-checking for 32-bit curl_off_t data type... unknown
-checking for 16-bit curl_off_t data type... unknown
-configure: error: cannot find data type for curl_off_t.
-@end example
-@noindent
-Solution:
-Before running the @command{configure} script, set:
-@example
-CFLAGS="-I. -I$BUILD_ROOT/include"
-@end example
-@node Build Instructions for Microsoft Windows Platforms
-@section Build Instructions for Microsoft Windows Platforms
-@menu
-* Introduction to building on MS Windows::
-* Requirements::
-* Dependencies & Initial Setup::
-* GNUnet Installation::
-* Adjusting Windows for running and testing GNUnet::
-* Building the GNUnet Installer::
-* Using GNUnet with Netbeans on Windows::
-@end menu
-@node Introduction to building on MS Windows
-@subsection Introduction to building on MS Windows
-This document is a guide to building GNUnet and its dependencies on
-Windows platforms. GNUnet development is mostly done under GNU/Linux and
-especially git checkouts may not build out of the box.
-We regret any inconvenience, and if you have problems, please report
-them.
-@node Requirements
-@subsection Requirements
-The Howto is based upon a @strong{Windows Server 2008 32bit}
-@strong{Installation}, @strong{sbuild} and thus a
-@uref{http://www.mingw.org/wiki/MSYS, MSYS+MinGW}
-(W32-GCC-Compiler-Suite + Unix-like Userland) installation. sbuild
-is a convenient set of scripts which creates a working msys/mingw
-installation and installs most dependencies required for GNUnet.
-As of the point of the creation of these instructions,
-GNUnet @strong{requires} a Windows @strong{Server} 2003 or
-newer for full feature support.
-Windows Vista and later will also work, but
-@strong{non-server version can not run a VPN-Exit-Node} as the NAT
-features have been removed as of Windows Vista.
-@c TODO: We should document Windows 10!
-@c It seems like the situation hasn't changed with W10
-@node Dependencies & Initial Setup
-@subsection Dependencies & Initial Setup
-@itemize @bullet
-@item
-Install a fresh version of @strong{Python 2.x}, even if you are using a
-x64-OS, install a 32-bit version for use with sbuild.
-Python 3.0 is currently incompatible.
-@item
-Install your favorite @uref{http://code.google.com/p/tortoisegit/, git} &
-@uref{http://tortoisesvn.net/, subversion}-clients.
-@item
-You will also need some archive-manager like
-@uref{http://www.7-zip.org/, 7zip}.
-@item
-Pull a copy of sbuild to a directory of your choice, which will be used
-in the remainder of this guide. For now, we will use
-@file{c:\gnunet\sbuild\}
-@item
-in @file{sbuild\src\mingw\mingw32-buildall.sh}, comment out the packages
-@strong{gnunet-svn} and @strong{gnunet-gtk-svn}, as we don't want sbuild
-to compile/install those for us.
-@item
-Follow LRN's sbuild installation instructions.-
-@end itemize
-Please note that sbuild may (or will most likely) fail during
-installation, thus you really HAVE to @strong{check the logfiles} created
-during the installation process.
-Certain packages may fail to build initially due to missing dependencies,
-thus you may have to
-@strong{substitute those with binary-versions initially}. Later on once
-dependencies are satisfied you can re-build the newer package versions.
-@strong{It is normal that you may have to repeat this step multiple times
-and there is no uniform way to fix all compile-time issues, as the
-build-process of many of the dependencies installed are rather unstable
-on win32 and certain releases may not even compile at all.}
-Most dependencies for GNUnet have been set up by sbuild, thus we now
-should add the @file{bin/} directories in your new msys and mingw
-installations to PATH. You will want to create a backup of your finished
-msys-environment by now.
-@node GNUnet Installation
-@subsection GNUnet Installation
-First, we need to launch our msys-shell, you can do this via
-@file{C:\gnunet\sbuild\msys\msys.bat}
-You might wish to take a look at this file and adjust some
-login-parameters to your msys environment.
-Also, sbuild added two pointpoints to your msys-environment, though those
-might remain invisible:
 @itemize @bullet
+@item sqlite + libsqlite (the default, requires no further configuration)
-@item
+@item postgres + libpq
-/mingw, which will mount your mingw-directory from sbuild/mingw and the
+@item mysql + libmysqlclient
-other one is
-@item
-/src which contains all the installation sources sbuild just compiled.
 @end itemize
-Check out the current GNUnet sources (git HEAD) from the
+These are the dependencies only required for certain features
-GNUnet repository "gnunet.git", we will do this in your home directory:
-@code{git clone https://gnunet.org/git/gnunet/ ~/gnunet}
-Now, we will first need to bootstrap the checked out installation and then
-configure it accordingly.
-@example
-cd ~/gnunet
-./bootstrap
-STRIP=true CPPFLAGS="-DUSE_IPV6=1 -DW32_VEH" CFLAGS="$CFLAGS -g -O2" \
-./configure --prefix=/ --docdir=/share/doc/gnunet \
--with-libiconv-prefix=/mingw --with-libintl-prefix=/mingw \
--with-libcurl=/mingw --with-extractor=/mingw --with-sqlite=/mingw \
--with-microhttpd=/mingw --with-plibc=/mingw --enable-benchmarks \
--enable-expensivetests --enable-experimental --with-qrencode=/mingw \
--enable-silent-rules --enable-experimental 2>&1 | tee -a ./configure.log
-@end example
-The parameters above will configure for a reasonable GNUnet installation
-to the your msys-root directory.
-Depending on which features your would like to build or you may need to
-specify additional dependencies. Sbuild installed most libs into
-the /mingw subdirectory, so remember to prefix library locations with
-this path.
-Like on a unixoid system, you might want to use your home directory as
-prefix for your own GNUnet installation for development, without tainting
-the buildenvironment. Just change the "prefix" parameter to point towards
-~/ in this case.
-Now it's time to compile GNUnet as usual. Though this will take some time,
-so you may fetch yourself a coffee or some Mate now...
-@example
-make ; make install
-@end example
-@node Adjusting Windows for running and testing GNUnet
-@subsection Adjusting Windows for running and testing GNUnet
-Assuming the build succeeded and you
-@strong{added the bin directory of your GNUnet to PATH}, you can now use
-your gnunet-installation as usual.
-Remember that UAC or the windows firewall may popup initially, blocking
-further execution of gnunet until you acknowledge them.
-You will also have to take the usual steps to get peer-to-peer (p2p)
-software running properly (port forwarding, ...),
-and GNUnet will require administrative permissions as it may even
-install a device-driver (in case you are using gnunet-vpn and/or
-gnunet-exit).
-@node Building the GNUnet Installer
-@subsection Building the GNUnet Installer
-The GNUnet installer is made with
-@uref{http://nsis.sourceforge.net/, NSIS}.
-The installer script is located in @file{contrib\win} in the
-GNUnet source tree.
-@node Using GNUnet with Netbeans on Windows
-@subsection Using GNUnet with Netbeans on Windows
-TODO
-@node Build instructions for Debian 7.5
-@section Build instructions for Debian 7.5
-These are the installation instructions for Debian 7.5. They were tested
-using a minimal, fresh Debian 7.5 AMD64 installation without non-free
-software (no contrib or non-free).
-By "minimal", we mean that during installation, we did not select any
-desktop environment, servers or system utilities during the "tasksel"
-step. Note that the packages and the dependencies that we will install
-during this chapter take about 1.5 GB of disk space.
-Combined with GNUnet and space for objects during compilation, you should
-not even attempt this unless you have about 2.5 GB free after the minimal
-Debian installation.
-Using these instructions to build a VM image is likely to require a
-minimum of 4-5 GB for the VM (as you will likely also want a desktop
-manager).
-GNUnet's security model assumes that your @file{/home} directory is
-encrypted. Thus, if possible, you should encrypt your home partition
-(or per-user home directory).
-Naturally, the exact details of the starting state for your installation
-should not matter much. For example, if you selected any of those
-installation groups you might simply already have some of the necessary
-packages installed.
-We did this for testing, as this way we are less likely to forget to
-mention a required package.
-Note that we will not install a desktop environment, but of course you
-will need to install one to use GNUnet's graphical user interfaces.
-Thus, it is suggested that you simply install the desktop environment of
-your choice before beginning with the instructions.
-@menu
-* Update::
-* Stable? Hah!::
-* Update again::
-* Installing packages::
-* Installing dependencies from source::
-* Installing GNUnet from source::
-* But wait there is more!::
-@end menu
-@node Update
-@subsection Update
-After any installation, you should begin by running
-@example
-# apt-get update ; apt-get upgrade
-@end example
-to ensure that all of your packages are up-to-date. Note that the "#" is
-used to indicate that you need to type in this command as "root"
-(or prefix with "sudo"), whereas "$" is used to indicate typing in a
-command as a normal user.
-@node Stable? Hah!
-@subsection Stable? Hah!
-Yes, we said we start with a Debian 7.5 "stable" system. However, to
-reduce the amount of compilation by hand, we will begin by allowing the
-installation of packages from the testing and unstable distributions as
-well.
-We will stick to "stable" packages where possible, but some packages will
-be taken from the other distributions.
-Start by modifying @file{/etc/apt/sources.list} to contain the
-following (possibly adjusted to point to your mirror of choice):
-@example
-# These were there before:
-deb http://ftp.de.debian.org/debian/ wheezy main
-deb-src http://ftp.de.debian.org/debian/ wheezy main
-deb http://security.debian.org/ wheezy/updates main
-deb-src http://security.debian.org/ wheezy/updates main
-deb http://ftp.de.debian.org/debian/ wheezy-updates main
-deb-src http://ftp.de.debian.org/debian/ wheezy-updates main
-# Add these lines (feel free to adjust the mirror):
-deb http://ftp.de.debian.org/debian/ testing main
-deb http://ftp.de.debian.org/debian/ unstable main
-@end example
-The next step is to create/edit your @file{/etc/apt/preferences}
-file to look like this:
-@example
-Package: *
-Pin: release a=stable,n=wheezy
-Pin-Priority: 700
-Package: *
-Pin: release o=Debian,a=testing
-Pin-Priority: 650
-Package: *
-Pin: release o=Debian,a=unstable
-Pin-Priority: 600
-@end example
-You can read more about Apt Preferences here and here.
-Note that other pinnings are likely to also work for GNUnet, the key
-thing is that you need some packages from unstable (as shown below).
-However, as unstable is unlikely to be comprehensive (missing packages)
-or might be problematic (crashing packages), you probably want others
-from stable and/or testing.
-@node Update again
-@subsection Update again
-Now, run again@
-@example
-# apt-get update@
-# apt-get upgrade@
-@end example
-to ensure that all your new distribution indices are downloaded, and
-that your pinning is correct: the upgrade step should cause no changes
-at all.
-@node Installing packages
-@subsection Installing packages
-We begin by installing a few Debian packages from stable:@
-@example
-# apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \
-  libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev \
-  texlive libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev \
-  libbz2-dev libexiv2-dev libflac-dev libgif-dev libglib2.0-dev \
-  libgtk-3-dev libmagic-dev libjpeg8-dev libmpeg2-4-dev libmp4v2-dev \
-  librpm-dev libsmf-dev libtidy-dev libtiff5-dev libvorbis-dev \
-  libogg-dev zlib1g-dev g++ gettext libgsf-1-dev libunbound-dev \
-  libqrencode-dev libgladeui-dev nasm texlive-latex-extra \
-  libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev
-@end example
-After that, we install a few more packages from unstable:@
-@example
-# apt-get install -t unstable nettle-dev libgstreamer1.0-dev \
-  gstreamer1.0-plugins-base gstreamer1.0-plugins-good \
-  libgstreamer-plugins-base1.0-dev
-@end example
-@node Installing dependencies from source
-@subsection Installing dependencies from source
-Next, we need to install a few dependencies from source.
-You might want to do this as a "normal" user and only run the
-@code{make install} steps as root (hence the @code{sudo} in the
-commands below). Also, you do this from any
-directory. We begin by downloading all dependencies, then extracting the
-sources, and finally compiling and installing the libraries.
-For these steps, follow the instructions given in the
-installation from source instruction in this order:
 @itemize @bullet
-@item @ref{generic source installation - libav}
+@item Texinfo (for building the documentation)
-@item @ref{generic source installation - libextractor}
+@item Texlive (for building the documentation)
-@item @ref{generic source installation - libgpg-error}
+@item miniupnpc (for traversing NAT boxes more reliably)
-@item @ref{generic source installation - libgcrypt}
+@item libopus (for running the GNUnet conversation telephony application)
-@item @ref{generic source installation - gnutls}
+@item libpulse (for running the GNUnet conversation telephony application)
-@item @ref{generic source installation - libmicrohttpd}
+@item libogg (for running the GNUnet conversation telephony application)
-@item @ref{generic source installation - libgnurl}
+@item bluez (for bluetooth support)
+@item libpbc
+(for attribute-based encryption and the identity provider subsystem)
+@item libgabe
+(for attribute-based encryption and the identity provider subsystem)
 @end itemize
-@node Installing GNUnet from source
+@c -----------------------------------------------------------------------
-@subsection Installing GNUnet from source
+@node Getting the Source Code
+@section Getting the Source Code
+You can either download the source code using git (you obviously need
-For this, simply follow the generic installation instructions from
+git installed) or as an archive.
-here.
-@node But wait there is more!
-@subsection But wait there is more!
-So far, we installed all of the packages and dependencies required to
-ensure that all of GNUnet would be built.
-However, while for example the plugins to interact with the MySQL or
-Postgres databases have been created, we did not actually install or
-configure those databases. Thus, you will need to install
-and configure those databases or stick with the default Sqlite database.
-Sqlite is usually fine for most applications, but MySQL can offer better
-performance and Postgres better resillience.
-@node Installing GNUnet from Git on Ubuntu 14.4
-@section Installing GNUnet from Git on Ubuntu 14.4
-@strong{Install the required build tools:}
+Using git type
 @example
-$ sudo apt-get install git automake autopoint autoconf
+git clone https://gnunet.org/git/gnunet.git
 @end example
-@strong{Install the required dependencies}
+The archive can be found at
+@uref{https://gnunet.org/downloads}. Extract it using a graphical
+archive tool or @code{tar}:
 @example
-$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
+tar xzvf gnunet-0.11.0pre66.tar.gz
- libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
- libmicrohttpd-dev libgnutls28-dev
 @end example
-@strong{Choose one or more database backends}
+In the next chapter we will assume that the source code is available
+in the home directory at @code{~/gnunet}.
-@itemize @bullet
-@item SQLite3:
+@c -----------------------------------------------------------------------
+@node Create @code{gnunet} user and group
+@section Create @code{gnunet} user and group
+The GNUnet services should be run as a dedicated user called
+@code{gnunet}. For using them a user should be in the same group as
+this system user.
+Create user @code{gnunet} who is member of the group @code{gnunet} and
+specify a home directory where the GNUnet services will store
+persistant data such as information about peers.
 @example
-$ sudo apt-get install libsqlite3-dev
+$ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet
 @end example
-@item MySQL:
+Now add your own user to the @code{gnunet} group.
 @example
-$ sudo apt-get install libmysqlclient-dev
+$ sudo adduser alice gnunet
 @end example
-@item PostgreSQL:
+@c -----------------------------------------------------------------------
+@node Preparing and Compiling the Source Code
-@example
+@section Preparing and Compiling the Source Code
-$ sudo apt-get install libpq-dev postgresql
+For preparing the source code for compilation a bootstrap script and
-@end example
+@code{configure} has to be run from the source code directory. When
+running @code{configure} the following options can be specified to
-@end itemize
+customize the compilation and installation process:
-@strong{Install the optional dependencies for gnunet-conversation:}
-@example
-$ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev
-@end example
-@strong{Install the libgrypt 1.6.1:}
 @itemize @bullet
+@item @code{--disable-documentation} - don't build the configuration documents
-@item For Ubuntu 14.04:
+@item @code{--enable-looging=[LOGLEVEL]} - choose a loglevel (@code{debug}, @code{info}, @code{warning} or @code{error})
+@item @code{--prefix=[PATH]} - the directory where the GNUnet libraries and binaries will be installed
-@example
+@item @code{--with-extractor=[PATH]} - the path to libextractor
-$ sudo apt-get install libgcrypt20-dev
+@item @code{--with-libidn=[PATH]} - the path to libidn
-@end example
+@item @code{--with-microhttpd=[PATH]} - the path to libmicrohttpd
+@item @code{--with-sqlite=[PATH]} - the path to libsqlite
-@item For Ubuntu older 14.04:
+@item @code{--with-zlib=[PATH]} - the path to zlib
+@item @code{--with-sudo=[PATH]} - path to the sudo binary (no need to run @code{make install} as root if specified)
-@example
-$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2
-$ tar xf libgcrypt-1.6.1.tar.bz2
-$ cd libgcrypt-1.6.1
-$ ./configure
-$ sudo make install
-$ cd ..
-@end example
 @end itemize
-@strong{Install libgnurl}
+The following example configures the installation prefix
+@code{/usr/lib} and disables building the documentation
-@example
-$ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2
-$ tar xf gnurl-7.35.0.tar.bz2
-$ cd gnurl-7.35.0
-$ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \
- --without-libmetalink --without-winidn --without-librtmp \
- --without-nghttp2 --without-nss --without-cyassl --without-polarssl \
- --without-ssl --without-winssl --without-darwinssl --disable-sspi \
- --disable-ntlm-wb --disable-ldap --disable-rtsp --disable-dict \
- --disable-telnet --disable-tftp --disable-pop3 --disable-imap \
- --disable-smtp --disable-gopher --disable-file --disable-ftp
-$ sudo make install
-$ cd ..
-@end example
-@strong{Install GNUnet}
 @example
-$ git clone https://gnunet.org/git/gnunet/
+$ cd ~/gnunet
-$ cd gnunet/
 $ ./bootstrap
+$ configure --prefix=/usr/lib --disable-configuration
 @end example
-If you want to:
+After running the bootstrap script and @code{configure} successfully
+the source code can be compiled with make. Here @code{-j5} specifies
-@itemize @bullet
+that 5 threads should be used.
-@item Install to a different directory:
-@example
--prefix=PREFIX
-@end example
-@item
-Have sudo permission, but do not want to compile as root:
-@example
--with-sudo
-@end example
-@item
-Want debug message enabled:
-@example
--enable-logging=verbose
-@end example
-@end itemize
-@example
-$ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]
-$ make; sudo make install
-@end example
-After installing it, you need to create an empty configuration file:
-@example
-touch ~/.config/gnunet.conf
-@end example
-And finally you can start GNUnet with
-@example
-$ gnunet-arm -s
-@end example
-@node Build instructions for Debian 8
-@section Build instructions for Debian 8
-@c FIXME: I -> we
-These are the installation instructions for Debian 8. They were tested
-sing a fresh Debian 8 AMD64 installation without non-free software (no
-contrib or non-free). During installation, I only selected "lxde" for the
-desktop environment.
-Note that the packages and the dependencies that we will install during
-this chapter take about 1.5 GB of disk space. Combined with GNUnet and
-space for objects during compilation, you should not even attempt this
-unless you have about 2.5 GB free after the Debian installation.
-Using these instructions to build a VM image is likely to require a
-minimum of 4-5 GB for the VM (as you will likely also want a desktop
-manager).
-GNUnet's security model assumes that your @code{/home} directory is
-encrypted.
-Thus, if possible, you should encrypt your entire disk, or at least just
-your home partition (or per-user home directory).
-Naturally, the exact details of the starting state for your installation
-should not matter much.
-For example, if you selected any of those installation groups you might
-simply already have some of the necessary packages installed. Thus, it is
-suggested that you simply install the desktop environment of your choice
-before beginning with the instructions.
-@menu
-* Update Debian::
-* Installing Debian Packages::
-* Installing Dependencies from Source2::
-* Installing GNUnet from Source2::
-* But wait (again) there is more!::
-@end menu
-@node Update Debian
-@subsection Update Debian
-After any installation, you should begin by running
-@example
-# apt-get update
-# apt-get upgrade
-@end example
-to ensure that all of your packages are up-to-date. Note that the "#" is
-used to indicate that you need to type in this command as "root" (or
-prefix with "sudo"), whereas "$" is used to indicate typing in a command
-as a normal user.
-@node Installing Debian Packages
-@subsection Installing Debian Packages
-We begin by installing a few Debian packages from stable:
 @example
-# apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \
+$ make -j5
-libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev texlive \
-libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev libbz2-dev \
-libflac-dev libgif-dev libglib2.0-dev libgtk-3-dev libmpeg2-4-dev \
-libtidy-dev libvorbis-dev libogg-dev zlib1g-dev g++ gettext \
-libgsf-1-dev libunbound-dev libqrencode-dev libgladeui-dev nasm \
-texlive-latex-extra libunique-3.0-dev gawk miniupnpc libfuse-dev \
-libbluetooth-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good \
-libgstreamer-plugins-base1.0-dev nettle-dev libextractor-dev \
-libgcrypt20-dev libmicrohttpd-dev
 @end example
-@node Installing Dependencies from Source2
+@c -----------------------------------------------------------------------
-@subsection Installing Dependencies from Source2
+@node Installation
+@section Installation
-Yes, we said we start with a Debian 8 "stable" system, but because Debian
+The compiled binaries can be installed using @code{make install}. It
-linked GnuTLS without support for DANE, we need to compile a few things,
+needs to be run as root (or with sudo) because some binaries need the
-in addition to GNUnet, still by hand. Yes, you can run GNUnet using the
+@code{suid} bit set. Without that some GNUnet subsystems (such as VPN)
-respective Debian packages, but then you will not get DANE support.
+will not work.
-Next, we need to install a few dependencies from source. You might want
-to do this as a "normal" user and only run the @code{make install} steps
-as root (hence the @code{sudo} in the commands below). Also, you do this
-from any directory. We begin by downloading all dependencies, then
-extracting the sources, and finally compiling and installing the
-libraries:
-@example
-$ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.12.tar.xz
-$ tar xvf gnutls-3.3.12.tar.xz
-$ cd gnutls-3.3.12 ; ./configure ; make ; sudo make install ; cd ..
-@end example
-For the installation and compilation of libgnurl/gnURL refer to
-the generic installation section,
-@xref{generic source installation - libgnurl}.
-@node Installing GNUnet from Source2
-@subsection Installing GNUnet from Source2
-For this, simply follow the generic installation instructions from@
-here.
-@node But wait (again) there is more!
-@subsection But wait (again) there is more!
-So far, we installed all of the packages and dependencies required to
-ensure that all of GNUnet would be built. However, while for example the
-plugins to interact with the MySQL or Postgres databases have been
-created, we did not actually install or configure those databases.
-Thus, you will need to install and configure those databases or stick
-with the default Sqlite database. Sqlite is usually fine for most
-applications, but MySQL can offer better performance and Postgres better
-resillience.
-@c @node Build instructions for OpenBSD 6.2
-@c @section Build instructions for OpenBSD 6.2
-@node Outdated build instructions for previous revisions
-@section Outdated build instructions for previous revisions
-This chapter contains a collection of outdated, older installation guides.
-They are mostly intended to serve as a starting point for writing
-up-to-date instructions and should not be expected to work for
-GNUnet 0.10.x.
-A set of older installation instructions can also be found in the
-file @file{doc/outdated-and-old-installation-instructions.txt} in the
-source tree of GNUnet.
-This file covers old instructions which no longer receive security
-updates or any kind of support.
-@menu
-* Installing GNUnet 0.10.1 on Ubuntu 14.04::
-* Building GLPK for MinGW::
-* GUI build instructions for Ubuntu 12.04 using Subversion::
-@c * Installation with gnunet-update::
-* Instructions for Microsoft Windows Platforms (Old)::
-@end menu
-@node Installing GNUnet 0.10.1 on Ubuntu 14.04
-@subsection Installing GNUnet 0.10.1 on Ubuntu 14.04
-Install the required dependencies:
-@example
-$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
- libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
- libmicrohttpd-dev libgnutls28-dev
-@end example
-Choose one or more database backends:
-@itemize @bullet
-@item SQLite3
-@example
- $ sudo apt-get install libsqlite3-dev@
-@end example
-@item MySQL
-@example
-$ sudo apt-get install libmysqlclient-dev@
-@end example
-@item PostgreSQL
-@example
- $ sudo apt-get install libpq-dev postgresql@
-@end example
-@end itemize
-Install the optional dependencies for gnunet-conversation:
-@example
- $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev
-@end example
-Install libgcrypt 1.6:
-@itemize @bullet
-@item For Ubuntu 14.04:
-@example
-$ sudo apt-get install libgcrypt20-dev
-@end example
-@item For Ubuntu older than 14.04:
 @example
-wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2
-$ tar xf libgcrypt-1.6.1.tar.bz2
-$ cd libgcrypt-1.6.1
-$ ./configure
 $ sudo make install
-$ cd ..
-@end example
-@end itemize
-Install libgnurl:
-@pxref{generic source installation - libgnurl}.
-Install GNUnet:
-@example
-$ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz
-$ tar xf gnunet-0.10.1.tar.gz
-$ cd gnunet-0.10.1
-@end example
-If you want to:
-@itemize @bullet
-@item
-Install to a different directory:
-@example
--prefix=PREFIX
 @end example
-@item
+One important library is the GNS plugin for NSS (the name services
-Have sudo permission, but do not want to compile as root:
+switch) which allows using GNS (the GNU name system) in the normal DNS
+resolution process. Unfortunately NSS expects it in a specific
-@example
+location (probably @code{/lib}) which may differ from the installation
--with-sudo
+prefix (see @code{--prefix} option in the previous section). This is
-@end example
+why the pugin has to be installed manually.
-@item
-Want debug message enabled:
-@example
--enable-logging=verbose
-@end example
-@end itemize
-@example
-$ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]
-$ make; sudo make install
-@end example
-After installing it, you need to create an empty configuration file:
+Find the directory where nss plugins are installed on your system, e.g.
 @example
-touch ~/.config/gnunet.conf
+$ ls -l /lib/libnss_*
+/lib/libnss_mymachines.so.2
+/lib/libnss_resolve.so.2
+/lib/libnss_myhostname.so.2
+/lib/libnss_systemd.so.2
 @end example
-And finally you can start GNUnet with
+Copy the GNS NSS plugin to that directory:
 @example
-$ gnunet-arm -s
+cp ~/gnunet/src/gns/nss/libnss_gns.so.2 /lib
 @end example
-@node Building GLPK for MinGW
+Now, to activate the plugin, you need to edit your
-@subsection Building GLPK for MinGW
+@code{/etc/nsswitch.conf} where you should find a line like this:
-GNUnet now requires the GNU Linear Programming Kit (GLPK).
-Since there's is no package you can install with @code{mingw-get} you
-have to compile it from source:
-@itemize @bullet
-@item Download the latest version from
-@uref{http://ftp.gnu.org/gnu/glpk/}
-@item Unzip the downloaded source tarball using your favourite
-unzipper application In the MSYS shell
-@item change to the respective directory
-@item Configure glpk for "i686-pc-mingw32":
 @example
-./configure '--build=i686-pc-mingw32'
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
-@item run
+The exact details may differ a bit, which is fine. Add the text
+@code{"gns [NOTFOUND=return]"} after @code{"files"}.
 @example
-make install check
+hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
-@end itemize
+Optionally, if GNS shall be used with a browser, execute the GNS
+CA-setup script. It will isetup the GNS Certificate Authority with the
-MinGW does not automatically detect the correct buildtype so you have to
+user's browser.
-specify it manually.
-@node GUI build instructions for Ubuntu 12.04 using Subversion
-@subsection GUI build instructions for Ubuntu 12.04 using Subversion
-After installing GNUnet you can continue installing the GNUnet GUI tools:
-First, install the required dependencies:
 @example
-$ sudo apt-get install libgladeui-dev libqrencode-dev
+$ gnunet-gns-proxy-setup-ca
 @end example
-Please ensure that the GNUnet shared libraries can be found by the linker.
+Finally install a configuration file in
-If you installed GNUnet libraries in a non standard path
+@code{~/.gnunet/gnunet.conf}. Below you find an example config which
-(say GNUNET_PREFIX=/usr/local/lib/), you can
+allows you to start GNUnet.
-@itemize @bullet
-@item set the environmental variable permanently to:
 @example
-LD_LIBRARY_PATH=$GNUNET_PREFIX
+[arm]
-@end example
+SYSTEM_ONLY = NO
+USER_ONLY = NO
-@item or add @code{$GNUNET_PREFIX} to @file{/etc/ld.so.conf}
-@end itemize
-Now you can checkout and compile the GNUnet GUI tools:
-@example
+[transport]
-$ git clone https://gnunet.org/git/gnunet-gtk
+PLUGINS = tcp
-$ cd gnunet-gtk
-$ ./bootstrap
-$ ./configure --prefix=$GNUNET_PREFIX/.. --with-gnunet=$GNUNET_PREFIX/..
-$ make install
 @end example
-@c @node Installation with gnunet-update
-@c @subsection Installation with gnunet-update
-@c gnunet-update project is an effort to introduce updates to GNUnet
-@c installations. An interesting to-be-implemented-feature of gnunet-update
-@c is that these updates are propagated through GNUnet's peer-to-peer
-@c network. More information about gnunet-update can be found at
-@c @c FIXME: Use correct cgit URL
-@c @uref{https://gnunet.org/git/gnunet-update.git/tree/plain/README}.
-@c While the project is still under development, we have implemented the
-@c following features which we believe may be helpful for users and we
-@c would like them to be tested:
-@c @itemize @bullet
-@c @item
-@c Packaging GNUnet installation along with its run-time dependencies into
-@c update packages
-@c @item
-@c Installing update packages into compatible hosts
-@c @item
-@c Updating an existing installation (which had been installed by
-@c gnunet-update) to a newer one
-@c @end itemize
-@c The above said features of gnunet-update are currently available for
-@c testing on GNU/Linux systems.
-@c The following is a guide to help you get started with gnunet-update.
-@c It shows you how to install the testing binary packages of GNUnet
-@c 0.9.1 we have at @uref{https://gnunet.org/install/}.
-@c gnunet-update needs the following dependencies:
-@c @itemize @bullet
-@c @item
-@c python @geq{} 2.6
-@c @item
-@c gnupg
-@c @item
-@c python-gpgme
-@c @end itemize
-@c Checkout gnunet-update:
-@c @c FIXME: git!
-@c @example
-@c $ svn checkout -r24905 https://gnunet.org/svn/gnunet-update@
-@c @end example
-@c For security reasons, all packages released for gnunet-update from us are
-@c signed with the key at @uref{https://gnunet.org/install/key.txt}.
-@c You would need to import this key into your gpg key ring.
-@c gnunet-update uses this key to verify the integrity of the packages it
-@c installs:
-@c @example
-@c $ gpg --recv-keys 7C613D78@
-@c @end example
-@c Download the packages relevant to your architecture (currently I have
-@c access to GNU/Linux machines on x86_64 and i686, so only two for now,
-@c hopefully more later) from https://gnunet.org/install/.
-@c To install the downloaded package into the directory /foo:
+@node MOVED FROM USER Checking the Installation
+@section MOVED FROM USER Checking the Installation
-@c @example
+@c %**end of header
-@c gnunet-update/bin/gnunet-update install downloaded/package /foo
-@c @end example
-@c The installer reports the directories into which shared libraries and
-@c dependencies have been installed. You may need to add the reported shared
-@c library installation paths to LD_LIBRARY_PATH before you start running any
-@c installed binaries.
-@c Please report bugs at https://gnunet.org/bugs/ under the project
-@c 'gnunet-update'.
-@node Instructions for Microsoft Windows Platforms (Old)
-@subsection Instructions for Microsoft Windows Platforms (Old)
-This document is a @b{DEPRECATED} installation guide for GNUnet on
-Windows.
-It will not work for recent GNUnet versions, but maybe it will be of
-some use if problems arise.
-The Windows build uses a UNIX emulator for Windows,
+This section describes a quick, casual way to check if your GNUnet
-@uref{http://www.mingw.org/, MinGW}, to build the executable modules.
+installation works. However, if it does not, we do not cover
-These modules run natively on Windows and do not require additional
+steps for recovery --- for this, please study the instructions
-emulation software besides the usual dependencies.
+provided in the developer handbook as well as the system-specific
+instruction in the source code repository@footnote{The system specific
+instructions are not provided as part of this handbook!}.
-GNUnet development is mostly done under GNU/Linux and especially git
-checkouts may not build out of the box.
-We regret any inconvenience, and if you have problems, please report them.
 @menu
-* Hardware and OS requirements::
+* gnunet-gtk::
-* Software installation::
+* Statistics::
-* Building libextractor and GNUnet::
+* Peer Information::
-* Installer::
-* Source::
 @end menu
-@node Hardware and OS requirements
+@cindex GNUnet GTK
-@subsubsection Hardware and OS requirements
+@cindex GTK
+@cindex GTK user interface
-@itemize @bullet
+@node gnunet-gtk
+@subsection gnunet-gtk
-@item Pentium II or equivalent processor, @geq{} 350 MHz
+@c %**end of header
-@item 128 MB RAM
-@item 600 MB free disk space
-@item Windows 2000 or Windows XP are recommended
-@end itemize
-@node Software installation
-@subsubsection Software installation
-@itemize @bullet
-@item
-@strong{Compression software}@
-The software packages GNUnet depends on are usually compressed using UNIX
-tools like @command{tar}, @command{gzip}, @command{xzip} and
-@command{bzip2}.
-If you do not already have an utility that is able to extract such
-archives, get @uref{http://www.7-zip.org/, 7-Zip}.
-@item
-@strong{UNIX environment}@
-The MinGW project provides the compiler toolchain that is used to build
-GNUnet.
-Get the following packages from the
-@uref{http://sourceforge.net/projects/mingw/files/, MinGW} project:
-@itemize @bullet
-@item GCC core
-@item GCC g++
-@item MSYS
-@item MSYS Developer Tool Kit (msysDTK)
-@item MSYS Developer Tool Kit - msys-autoconf (bin)
-@item MSYS Developer Tool Kit - msys-automake (bin)
-@item MinGW Runtime
-@item MinGW Utilities
-@item Windows API
-@item Binutils
-@item make
-@item pdcurses
-@item GDB (snapshot)
-@end itemize
-@itemize @bullet
-@item Install MSYS (to c:\mingw, for example.)@
-Do @strong{not} use spaces in the pathname.
-For example, avoid a location such as @file{c:\program files\mingw}.
-@item Install MinGW runtime, utilities and GCC to a subdirectory
-(to @file{c:\mingw\mingw}, for example)
-@item Install the Development Kit to the MSYS directory
-(@file{c:\mingw})
-@item Create a batch file bash.bat in your MSYS directory with
-the files:
-@example
-bin\sh.exe --login
-@end example
-This batch file opens a shell which is used to invoke the build
-processes.
-MinGW's standard shell (@command{msys.bat}) is not suitable
-because it opens a separate console window.
-On Vista, @command{bash.bat} needs to be run as Administrator.
-@item
-Start @command{bash.sh} and rename
-@file{c:\mingw\mingw\lib\libstdc++.la} to avoid problems:
-@example
-mv /usr/mingw/lib/libstdc++.la /usr/mingw/lib/libstdc++.la.broken
-@end example
-@item
-Unpack the Windows API to the MinGW directory (@file{c:\mingw\mingw\}) and
-remove the declaration of DATADIR from
-(@file{c:\mingw\mingw\include\objidl.h} (lines 55-58)
-@item
-Unpack autoconf, automake to the MSYS directory (@file{c:\mingw})
-@item
-Install all other packages to the MinGW directory (@file{c:\mingw\mingw\})
-@end itemize
-@item @strong{GNU Libtool}@
-GNU Libtool is required to use shared libraries.
-Get the prebuilt package from here and unpack it to the
-MinGW directory (@file{c:\mingw})
-@item @strong{Pthreads}@
+The @command{gnunet-gtk} package contains several graphical
-GNUnet uses the portable POSIX thread library for multi-threading:
+user interfaces for the respective GNUnet applications.
+Currently these interfaces cover:
 @itemize @bullet
+@item Statistics
-@item Save
+@item Peer Information
-@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/libpthreadGC2.a, libpthreadGC2.a}
+@item GNU Name System
-(x86) or
+@item File Sharing
-@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/libpthreadGC2.a, libpthreadGC2.a}
+@item Identity Management
-(x64) as libpthread.a into the @file{lib}
+@item Conversation
-directory (@file{c:\mingw\mingw\lib\libpthread.a}).
-@item Save
-@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/pthreadGC2.dll, pthreadGC2.dll}
-(x86) or
-@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/pthreadGC2.dll, libpthreadGC2.a}
-(x64) into the MinGW @file{bin} directory (@file{c:\mingw\mingw\bin}).
-@item Download all header files from
-@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/include/, include/}
-to the @file{include} directory (@file{c:\mingw\mingw\include}).
 @end itemize
+@node Statistics
+@subsection Statistics
+@c %**end of header
-@item @strong{GNU MP}@
+First, you should launch GNUnet gtk@footnote{Obviously you should also
-GNUnet uses the GNU Multiple Precision library for special cryptographic
+start gnunet, via gnunet-arm or the system provided method}.
-operations. Get the GMP binary package from the
+You can do this from the command-line by typing
-@uref{http://sourceforge.net/projects/mingwrep/, MinGW repository} and
-unpack it to the MinGW directory (@file{c:\mingw\mingw})
-@item @strong{GNU Gettext}@
-GNU gettext is used to provide national language support.
-Get the prebuilt package from hereand unpack it to the MinGW
-directory (@file{c:\mingw\mingw})
-@item @strong{GNU iconv}@
-GNU Libiconv is used for character encoding conversion.
-Get the prebuilt package from here and unpack it to the MinGW
-directory (@file{c:\mingw\mingw}).
-@item @strong{SQLite}@
-GNUnet uses the SQLite database to store data.
-Get the prebuilt binary from here and unpack it to your MinGW directory.
-@item @strong{MySQL}@
-As an alternative to SQLite, GNUnet also supports MySQL.
-@itemize @bullet
-@item Get the binary installer from the
-@uref{http://dev.mysql.com/downloads/mysql/4.1.html#Windows, MySQL project}
-(version 4.1), install it and follow the instructions in
-@file{README.mysql}.
-@item  Create a temporary build directory (@file{c:\mysql})
-@item Copy the directories @file{include\} and @file{lib\} from the
-MySQL directory to the new directory
-@item Get the patches from
-@uref{http://bugs.mysql.com/bug.php?id=8906&files=1, Bug #8906} and
-@uref{http://bugs.mysql.com/bug.php?id=8872&files=1, Bug #8872} (the
-latter is only required for MySQL
-@example
-patch -p 0
-@end example
-@item Move @file{lib\opt\libmysql.dll} to @file{lib\libmysql.dll}
-@item  Change to @file{lib\} and create an import library:
 @example
-dlltool --input-def ../include/libmySQL.def \
+gnunet-statistics-gtk
--dllname libmysql.dll \
--output-lib libmysqlclient.a -k
 @end example
-@item  Copy include\* to include\mysql\
+If your peer@footnote{The term ``peer'' is a common word used in
+federated and distributed networks to describe a participating device
-@item  Pass @code{--with-mysql=/c/mysql} to
+which is connected to the network. Thus, your Personal Computer or
-@command{./configure} and copy @file{libmysql.dll}
+whatever it is you are looking at the Gtk+ interface describes a
-to your PATH or GNUnet's @file{bin} directory
+``Peer'' or a ``Node''.}  is running correctly, you should see a bunch
-@end itemize
+of lines, all of which should be ``significantly'' above zero (at
+least if your peer has been running for more than a few seconds). The
+lines indicate how many other peers your peer is connected to (via
-@item @strong{GTK+}@
+different mechanisms) and how large the entire overlay network is
-@command{gnunet-gtk} and @command{libextractor} depend on GTK.
+currently estimated to be. The X-axis represents time (in seconds
-Get the the binary and developer packages of @command{atk},
+since the start of @command{gnunet-gtk}).
-@command{glib}, @command{gtk}, @command{iconv},
-@command{gettext-runtime}, @command{pango} from
-@uref{ftp://ftp.gtk.org/pub/gtk/v2.6/win32, gtk.org} and unpack them
-to the MinGW directory (@file{c:\mingw\mingw}).
-@c FIXME: The URL below for pkg-config seems wrong.
-Get @uref{http://www.gtk.org/download/win32.php, pkg-config} and
-@command{libpng} and unpack them to the MinGW directory
-(@file{c:\mingw\mingw}).
-Here is an all-in-one package for the
-@uref{http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+/2.24/gtk+-bundle_2.24.10-20120208_win32.zip, gtk+dependencies}
-. Do not overwrite any existing files!
-@item @strong{Glade}@
-@command{gnunet-gtk} and @command{gnunet-setup} were created using
-this interface builder
-@itemize @bullet
+You can click on "Traffic" to see information about the amount of
+bandwidth your peer has consumed, and on "Storage" to check the amount
-@item Get the Glade and libglade (-bin and -devel) packages
+of storage available and used by your peer. Note that "Traffic" is
-(without GTK!) from
+plotted cumulatively, so you should see a strict upwards trend in the
-@uref{http://gladewin32.sourceforge.net/, GladeWin32} and unpack them to
+traffic.
-the MinGW directory (@file{c:\mingw\mingw}).
-@item Get @command{libxml} from here and unpack it to the MinGW
-directory (@file{c:\mingw\mingw}).
-@end itemize
-@c FIXME: URLs
-@item @strong{zLib}@
-@command{libextractor} requires @command{zLib} to decompress some file
-formats. GNUnet uses it to (de)compress meta-data.
-Get zLib from here (Signature) and unpack it to the MinGW directory
-(@file{c:\mingw\mingw}).
-@item @strong{Bzip2}@
-@command{libextractor} also requires @command{Bzip2} to
-decompress some file formats.
-Get the Bzip2 (binary and developer package) from
-@uref{http://gnuwin32.sourceforge.net/packages/bzip2.htm, GnuWin32} and
-unpack it to the MinGW directory (@file{c:\mingw\mingw}).
-@item @strong{Libgcrypt}@
-@command{Libgcrypt} provides the cryptographic functions used by GNUnet.
-Get Libgcrypt from @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, here},
-compile and place it in the MinGW directory
-(@file{c:\mingw\mingw}). Currently libgcrypt @geq{} 1.4.2 is required to
-compile GNUnet.
-@item @strong{PlibC}@
-PlibC emulates Unix functions under Windows. Get PlibC from here and
-unpack it to the MinGW directory (c:\mingw\mingw)
-@item @strong{OGG Vorbis}@
-@command{OGG Vorbis} is used to extract meta-data from @file{.ogg} files.
-Get the packages
-@uref{http://www.gnunet.org/libextractor/download/win/libogg-1.1.4.zip, libogg}
-and
-@uref{http://www.gnunet.org/libextractor/download/win/libvorbis-1.2.3.zip, libvorbis}
-from the
-@uref{http://ftp.gnu.org/gnu/libextractor/libextractor-w32-1.0.0.zip, libextractor win32 build}
-and unpack them to the MinGW directory (c:\mingw\mingw).
-@item @strong{Exiv2}@
-(lib)Exiv2 is used to extract meta-data from files with Exiv2 meta-data.
-Download
-@uref{http://www.gnunet.org/libextractor/download/win/exiv2-0.18.2.zip, Exiv2}
-and unpack it to the MSYS directory (c:\mingw).
-@end itemize
-@node Building libextractor and GNUnet
+@node Peer Information
-@subsubsection Building libextractor and GNUnet
+@subsection Peer Information
+@c %**end of header
-Before you compile @command{libextractor} or @command{GNUnet},
-be sure to set @code{PKG_CONFIG_PATH}:
-@example
-export PKG_CONFIG_PATH=/mingw/lib/pkgconfig
-@end example
-@noindent
+First, you should launch the graphical user interface.  You can do
-@xref{GNUnet Installation Handbook}, for basic instructions on building
+this from the command-line by typing
-@command{libextractor} and @command{GNUnet}.
-By default, all modules that are created in this way contain
-debug information and are quite large. To compile release versions
-(small and fast) set the variable @code{CFLAGS}:
 @example
-export CFLAGS='-O2 -march=pentium -fomit-frame-pointer'
+$ gnunet-peerinfo-gtk
-./configure --prefix=$HOME --with-extractor=$HOME
 @end example
-@node Installer
+Once you have done this, you will see a list of known peers (by the
-@subsubsection Installer
+first four characters of their public key), their friend status (all
+should be marked as not-friends initially), their connectivity (green
-The GNUnet installer is made with
+is connected, red is disconnected), assigned bandwidth, country of
-@uref{http://nsis.sourceforge.net/, NSIS}. The installer script is
+origin (if determined) and address information. If hardly any peers
-located in @file{contrib\win} in the GNUnet source tree.
+are listed and/or if there are very few peers with a green light for
+connectivity, there is likely a problem with your network
-@node Source
+configuration.
-@subsubsection Source
-@c FIXME: URL
-The sources of all dependencies are available here.
-@c @node Portable GNUnet
-@c @section Portable GNUnet
-@c Quick instructions on how to use the most recent GNUnet on most GNU/Linux
-@c distributions
-@c Currently this has only been tested on Ubuntu 12.04, 12.10, 13.04, Debian
+@c NOTE: Inserted from Installation Handbook in original ``order'':
-@c and CentOS 6, but it should work on almost any GNU/Linux distribution.
+@c FIXME: Move this to User Handbook.
-@c More in-detail information can be found in the handbook.
+@node MOVED FROM USER The graphical configuration interface
+@section MOVED FROM USER The graphical configuration interface
-@c Note 2017-10: Currently this section assumes the old SVN repo of GNUnet
-@c which no longer exists.
-@c @menu
-@c * Prerequisites::
-@c * Download & set up gnunet-update::
-@c * Install GNUnet::
-@c @end menu
-@c @node Prerequisites
-@c @subsection Prerequisites
-@c Open a terminal and paste this line into it to install all required tools
-@c needed:
-@c @example
-@c sudo apt-get install python-gpgme subversion
-@c @end example
-@c @node Download & set up gnunet-update
-@c @subsection Download & set up gnunet-update
-@c The following command will download a working version of gnunet-update
-@c with the subversion tool and import the public key which is needed for
-@c authentication:
-@c @example
-@c svn checkout -r24905 https://gnunet.org/svn/gnunet-update ~/gnunet-update
-@c cd ~/gnunet-update
-@c gpg --keyserver "hkp://keys.gnupg.net" --recv-keys 7C613D78
-@c @end example
-@c @node Install GNUnet
-@c @subsection Install GNUnet
-@c Download and install GNUnet binaries which can be found here and set
-@c library paths:
-@c @example
-@c wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-`uname -m`.tgz
-@c ./bin/gnunet-update install /tmp/gnunet-0.9*.tgz ~
-@c echo "PATH DEFAULT=$@{PATH@}:$HOME/bin" >> ~/.pam_environment
-@c echo -e "$@{HOME@}/lib\n$@{HOME@}/lib/gnunet-deps" | sudo tee \
-@c  /etc/ld.so.conf.d/gnunet.conf > /dev/null
-@c sudo ldconfig
-@c @end example
-@c You may need to re-login once after executing these last commands
-@c That's it, GNUnet is installed in your home directory now. GNUnet can be
-@c configured and afterwards started by executing:
-@c @example
-@c gnunet-arm -s
-@c @end example
-@node The graphical configuration interface
-@section The graphical configuration interface
 If you also would like to use @command{gnunet-gtk} and
 @command{gnunet-setup} (highly recommended for beginners), do:
-@example
-wget -P /tmp \
-https://gnunet.org/install/packs/gnunet-0.9.4-gtk-0.9.4-`uname -m`.tgz
-sh ~/gnunet-update/bin/gnunet-update install /tmp/gnunet-*gtk*.tgz ~
-sudo ldconfig
-@end example
-Now you can run @command{gnunet-setup} for easy configuration of your
-GNUnet peer.
 @menu
 * Configuring your peer::
 * Configuring the Friend-to-Friend (F2F) mode::
@@ -2203,7 +335,7 @@ GNUnet peer.
 * Configuring the file-sharing service::
 * Configuring logging::
 * Configuring the transport service and plugins::
-* Configuring the wlan transport plugin::
+* Configuring the WLAN transport plugin::
 * Configuring HTTP(S) reverse proxy functionality using Apache or nginx::
 * Blacklisting peers::
 * Configuration of the HTTP and HTTPS transport plugins::
@@ -2320,7 +452,7 @@ SERVERS = http://v10.gnunet.org/hostlist [^]
 @noindent
 Besides using bootstrap servers you can configure your GNUnet peer to
-recieve hostlist advertisements.
+receive hostlist advertisements.
 Peers offering hostlists to other peers can send advertisement messages
 to peers that connect to them. If you configure your peer to receive these
 messages, your peer can download these lists and connect to the peers
@@ -2413,8 +545,6 @@ list of peers can contact it to download this list.
 To download this hostlist the peer uses HTTP.
 For this reason you have to build your peer with libgnurl (or libcurl)
 and microhttpd support.
-How you build your peer with these options can be found here:
-@xref{Generic installation instructions}.
 To configure your peer to act as a bootstrap server you have to add the
 @command{-p} option to @code{OPTIONS} in the @code{[hostlist]} section
@@ -2547,10 +677,10 @@ password=$the_password_you_like
 @end itemize
-Thats it. Note that @file{.my.cnf} file is a slight security risk unless
+That's it. Note that @file{.my.cnf} file is a slight security risk unless
 its on a safe partition. The @file{$HOME/.my.cnf} can of course be
 a symbolic link.
-Luckily $USER has only priviledges to mess up GNUnet's tables,
+Luckily $USER has only privileges to mess up GNUnet's tables,
 which should be pretty harmless.
 @node Testing
@@ -2720,7 +850,7 @@ sqLite, MySQL and Postgres.
 In order to use GNUnet for file-sharing, you first need to make sure
 that the file-sharing service is loaded.
-This is done by setting the @code{AUTOSTART} option in
+This is done by setting the @code{START_ON_DEMAND} option in
 section @code{[fs]} to "YES". Alternatively, you can run
 @example
@@ -2812,7 +942,7 @@ The configuration section for the transport service itself is quite
 similar to all the other services
 @example
-AUTOSTART = YES
+START_ON_DEMAND = YES
 @@UNIXONLY@@ PORT = 2091
 HOSTNAME = localhost
 HOME = $SERVICEHOME
@@ -2886,7 +1016,7 @@ TESTING_IGNORE_KEYS = ACCEPT_FROM;
 @end example
 @noindent
-The server has a port configured and the maximum nunber of connections.
+The server has a port configured and the maximum number of connections.
 The HTTPS part has two files with the certificate key and the certificate
 file.
@@ -2928,8 +1058,8 @@ TESTING_IGNORE_KEYS = ACCEPT_FROM;
 @end example
 @end itemize
-@node Configuring the wlan transport plugin
+@node Configuring the WLAN transport plugin
-@subsection Configuring the wlan transport plugin
+@subsection Configuring the WLAN transport plugin
 The wlan transport plugin enables GNUnet to send and to receive data on a
 wlan interface.
@@ -3290,7 +1420,6 @@ and @code{[transport-https_client]} section of the configuration:
 * GNS Proxy Setup::
 * Setup of the GNS CA::
 * Testing the GNS setup::
-* Automatic Shortening in the GNU Name System::
 @end menu
@@ -3526,8 +1655,11 @@ Now for testing purposes we can create some records in our zone to test
 the SSL functionality of the proxy:
 @example
-$ gnunet-namestore -a -e "1 d" -n "homepage" -t A -V 131.159.74.67
+$ gnunet-identity -C test
-$ gnunet-namestore -a -e "1 d" -n "homepage" -t LEHO -V "gnunet.org"
+$ gnunet-namestore -a -e "1 d" -n "homepage" \
+  -t A -V 131.159.74.67 -z test
+$ gnunet-namestore -a -e "1 d" -n "homepage" \
+  -t LEHO -V "gnunet.org" -z test
 @end example
 @noindent
@@ -3540,11 +1672,11 @@ $ gnunet-gns-proxy
 @noindent
 Configure your browser to use this SOCKSv5 proxy on port 7777 and visit
 this link.
-If you use @command{Firefox} (or one of its deriviates/forks such as
+If you use @command{Firefox} (or one of its derivatives/forks such as
 Icecat) you also have to go to @code{about:config} and set the key
 @code{network.proxy.socks_remote_dns} to @code{true}.
-When you visit @code{https://homepage.gnu/}, you should get to the
+When you visit @code{https://homepage.test/}, you should get to the
 @code{https://gnunet.org/} frontpage and the browser (with the correctly
 configured proxy) should give you a valid SSL certificate for
 @code{homepage.gnu} and no warnings. It should look like this:
@@ -3552,26 +1684,6 @@ configured proxy) should give you a valid SSL certificate for
 @c FIXME: Image does not exist, create it or save it from Drupal?
 @c @image{images/gnunethpgns.png,5in,, picture of homepage.gnu in Webbrowser}
-@node Automatic Shortening in the GNU Name System
-@subsubsection Automatic Shortening in the GNU Name System
-This page describes a possible option for 'automatic name shortening',
-which you can choose to enable with the GNU Name System.
-When GNS encounters a name for the first time, it can use the 'NICK'
-record of the originating zone to automatically generate a name for the
-zone. If automatic shortening is enabled, those auto-generated names will
-be placed (as private records) into your personal 'shorten' zone (to
-prevent confusion with manually selected names).
-Then, in the future, if the same name is encountered again, GNS will
-display the shortened name instead (the first time, the long name will
-still be used as shortening typically happens asynchronously as looking up
-the 'NICK' record takes some time). Using this feature can be a convenient
-way to avoid very long @code{.gnu} names; however, note that names from
-the shorten-zone are assigned on a first-come-first-serve basis and should
-not be trusted. Furthermore, if you enable this feature, you will no
-longer see the full delegation chain for zones once shortening has been
-applied.
 @node Configuring the GNUnet VPN
 @subsection Configuring the GNUnet VPN
@@ -3742,7 +1854,7 @@ configuration file).
 Some NAT boxes can be traversed using the autonomous NAT traversal method.
 This requires certain GNUnet components to be installed with "SUID"
-prividledges on your system (so if you're installing on a system you do
+privileges on your system (so if you're installing on a system you do
 not have administrative rights to, this will not work).
 If you installed as 'root', you can enable autonomous NAT traversal by
 checking the "Enable NAT traversal using ICMP method".
@@ -3781,8 +1893,8 @@ desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account
 and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in
 sequence.
-@node How to start and stop a GNUnet peer
+@node MOVED FROM USER Config Leftovers
-@section How to start and stop a GNUnet peer
+@section MOVED FROM USER Config Leftovers
 This section describes how to start a GNUnet peer. It assumes that you
 have already compiled and installed GNUnet and its' dependencies.
@@ -3867,7 +1979,7 @@ gnunet-arm -c ~/.config/gnunet.conf -k fs
 @noindent
 Assuming that you want certain services (like file-sharing) to be always
 automatically started whenever you start GNUnet, you can activate them by
-setting "FORCESTART=YES" in the respective section of the configuration
+setting "IMMEDIATE_START=YES" in the respective section of the configuration
 file (for example, "[fs]"). Then GNUnet with file-sharing support would
 be started whenever you@ enter:
@@ -3906,8 +2018,8 @@ contain the lines:@
 @example
 [arm]
-SYSTEM_ONLY = YES
+START_SYSTEM_SERVICES = YES
-USER_ONLY = NO
+START_USER_SERVICES = NO
 @end example
 @noindent
@@ -3935,8 +2047,8 @@ $USER with the lines:
 @example
 [arm]
-SYSTEM_ONLY = NO
+START_SYSTEM_SERVICES = NO
-USER_ONLY = YES
+START_USER_SERVICES = YES
 @end example
 @noindent
@@ -4004,7 +2116,7 @@ specific to a particular user, they probably should not run as a
 particular user. Also, there should typically only be one GNUnet peer per
 host. System services include the gnunet-service and gnunet-daemon
 programs; support tools include command-line programs such as gnunet-arm.
-@item Priviledged helpers
+@item Privileged helpers
 Some GNUnet components require root rights to open raw sockets or perform
 other special operations. These gnunet-helper binaries are typically
 installed SUID and run from services or daemons.
@@ -4013,7 +2125,7 @@ Some GNUnet services (such as the DNS service) can manipulate the service
 in deep and possibly highly security sensitive ways. For example, the DNS
 service can be used to intercept and alter any DNS query originating from
 the local machine. Access to the APIs of these critical services and their
-priviledged helpers must be tightly controlled.
+privileged helpers must be tightly controlled.
 @end table
 @c FIXME: The titles of these chapters are too long in the index.
@@ -4111,3 +2223,4 @@ Furthermore, 'make install' will silently fail to set the DNS binaries to
 be owned by group "gnunetdns" unless that group already exists (!).
 An alternative name for the "gnunetdns" group can be specified using the
 @code{--with-gnunetdns=GRPNAME} configure option.
diff --git a/doc/documentation/chapters/keyconcepts.texi b/doc/documentation/chapters/keyconcepts.texi
new file mode 100644
index 000000000..55f79f1c7
--- /dev/null
+++ b/doc/documentation/chapters/keyconcepts.texi
@@ -0,0 +1,308 @@
+@cindex Key Concepts
+@node Key Concepts
+@chapter Key Concepts
+In this section, the fundamental concepts of GNUnet are explained.
+@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
+@c once we have the new bibliography + subdomain setup.
+Most of them are also described in our research papers.
+First, some of the concepts used in the GNUnet framework are detailed.
+The second part describes concepts specific to anonymous file-sharing.
+@menu
+* Authentication::
+* Accounting to Encourage Resource Sharing::
+* Confidentiality::
+* Anonymity::
+* Deniability::                       
+* Peer Identities::
+* Zones in the GNU Name System (GNS Zones)::
+* Egos::
+@end menu
+@cindex Authentication
+@node Authentication
+@section Authentication
+Almost all peer-to-peer communications in GNUnet are between mutually
+authenticated peers. The authentication works by using ECDHE, that is a
+DH (Diffie---Hellman) key exchange using ephemeral elliptic curve
+cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are
+signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
+The shared secret from ECDHE is used to create a pair of session keys
+@c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc.
+(using HKDF) which are then used to encrypt the communication between the
+two peers using both 256-bit AES (Advanced Encryption Standard)
+and 256-bit Twofish (with independently derived secret keys).
+As only the two participating hosts know the shared secret, this
+authenticates each packet
+without requiring signatures each time. GNUnet uses SHA-512
+(Secure Hash Algorithm) hash codes to verify the integrity of messages.
+@c FIXME: A while back I got the feedback that I should try and integrate
+@c explanation boxes in the long-run. So we could explain
+@c "man-in-the-middle" and "man-in-the-middle attacks" and other words
+@c which are not common knowledge. MITM is not common knowledge. To be
+@c selfcontained, we should be able to explain words and concepts used in
+@c a chapter or paragraph without hinting at Wikipedia and other online
+@c sources which might not be available or accessible to everyone.
+@c On the other hand we could write an introductionary chapter or book
+@c that we could then reference in each chapter, which sound like it
+@c could be more reusable.
+In GNUnet, the identity of a host is its public key. For that reason,
+man-in-the-middle attacks will not break the authentication or accounting
+goals. Essentially, for GNUnet, the IP of the host has nothing to do with
+the identity of the host. As the public key is the only thing that truly
+matters, faking an IP, a port or any other property of the underlying
+transport protocol is irrelevant. In fact, GNUnet peers can use
+multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
+IP protocol at all (by running directly on layer 2).
+@c FIXME: "IP protocol" feels wrong, but could be what people expect, as
+@c IP is "the number" and "IP protocol" the protocol itself in general
+@c knowledge?
+@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
+GNUnet uses a special type of message to communicate a binding between
+public (ECC) keys to their current network address. These messages are
+commonly called @code{HELLO}s or @code{peer advertisements}.
+They contain the public key of the peer and its current network
+addresses for various transport services.
+A transport service is a special kind of shared library that
+provides (possibly unreliable, out-of-order) message delivery between
+peers.
+For the UDP and TCP transport services, a network address is an IP and a
+port.
+GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
+various other forms of addresses. Note that any node can have many
+different active transport services at the same time,
+and each of these can have a different addresses.
+Binding messages expire after at most a week (the timeout can be
+shorter if the user configures the node appropriately).
+This expiration ensures that the network will eventually get rid of
+outdated advertisements.
+@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
+A Transport Layer Abstraction for Peer-to-Peer Networks
+Proceedings of the 3rd International Symposium on Cluster Computing
+and the Grid (GRID 2003), 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
+@cindex Accounting to Encourage Resource Sharing
+@node Accounting to Encourage Resource Sharing
+@section Accounting to Encourage Resource Sharing
+Most distributed P2P networks suffer from a lack of defenses or
+precautions against attacks in the form of freeloading.
+While the intentions of an attacker and a freeloader are different, their
+effect on the network is the same; they both render it useless.
+Most simple attacks on networks such as @command{Gnutella}
+involve flooding the network with traffic, particularly
+with queries that are, in the worst case, multiplied by the network.
+In order to ensure that freeloaders or attackers have a minimal impact
+on the network, GNUnet's file-sharing implementation (@code{FS} tries
+to distinguish good (contributing) nodes from malicious (freeloading)
+nodes. In GNUnet, every file-sharing node keeps track of the behavior
+of every other node it has been in contact with. Many requests
+(depending on the application) are transmitted with a priority (or
+importance) level.  That priority is used to establish how important
+the sender believes this request is. If a peer responds to an
+important request, the recipient will increase its trust in the
+responder: the responder contributed resources.  If a peer is too busy
+to answer all requests, it needs to prioritize.  For that, peers do
+not take the priorities of the requests received at face value.
+First, they check how much they trust the sender, and depending on
+that amount of trust they assign the request a (possibly lower)
+effective priority. Then, they drop the requests with the lowest
+effective priority to satisfy their resource constraints. This way,
+GNUnet's economic model ensures that nodes that are not currently
+considered to have a surplus in contributions will not be served if
+the network load is high.
+@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
+Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
+@c 2009?
+@cindex Confidentiality
+@node Confidentiality
+@section Confidentiality
+Adversaries (malicious, bad actors) outside of GNUnet are not supposed
+to know what kind of actions a peer is involved in. Only the specific
+neighbor of a peer that is the corresponding sender or recipient of a
+message may know its contents, and even then application protocols may
+place further restrictions on that knowledge.  In order to ensure
+confidentiality, GNUnet uses link encryption, that is each message
+exchanged between two peers is encrypted using a pair of keys only
+known to these two peers.  Encrypting traffic like this makes any kind
+of traffic analysis much harder. Naturally, for some applications, it
+may still be desirable if even neighbors cannot determine the concrete
+contents of a message.  In GNUnet, this problem is addressed by the
+specific application-level protocols. See for example the following
+sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity},
+and @pxref{Deniability}.
+@cindex Anonymity
+@node Anonymity
+@section Anonymity
+@menu
+* How file-sharing achieves Anonymity::
+@end menu
+Providing anonymity for users is the central goal for the anonymous
+file-sharing application. Many other design decisions follow in the
+footsteps of this requirement.
+Anonymity is never absolute. While there are various
+scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
+and Bart Preneel. Towards measuring anonymity.
+2002.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
+that can help quantify the level of anonymity that a given mechanism
+provides, there is no such thing as "complete anonymity".
+GNUnet's file-sharing implementation allows users to select for each
+operation (publish, search, download) the desired level of anonymity.
+The metric used is the amount of cover traffic available to hide the
+request.
+While this metric is not as good as, for example, the theoretical metric
+given in scientific metrics@footnote{likewise},
+it is probably the best metric available to a peer with a purely local
+view of the world that does not rely on unreliable external information.
+The default anonymity level is @code{1}, which uses anonymous routing but
+imposes no minimal requirements on cover traffic. It is possible
+to forego anonymity when this is not required. The anonymity level of
+@code{0} allows GNUnet to use more efficient, non-anonymous routing.
+@cindex How file-sharing achieves Anonymity
+@node How file-sharing achieves Anonymity
+@subsection How file-sharing achieves Anonymity
+Contrary to other designs, we do not believe that users achieve strong
+anonymity just because their requests are obfuscated by a couple of
+indirections. This is not sufficient if the adversary uses traffic
+analysis.
+The threat model used for anonymous file sharing in GNUnet assumes that
+the adversary is quite powerful.
+In particular, we assume that the adversary can see all the traffic on
+the Internet. And while we assume that the adversary
+can not break our encryption, we assume that the adversary has many
+participating nodes in the network and that it can thus see many of the
+node-to-node interactions since it controls some of the nodes. 
+The system tries to achieve anonymity based on the idea that users can be
+anonymous if they can hide their actions in the traffic created by other
+users.
+Hiding actions in the traffic of other users requires participating in the
+traffic, bringing back the traditional technique of using indirection and
+source rewriting. Source rewriting is required to gain anonymity since
+otherwise an adversary could tell if a message originated from a host by
+looking at the source address. If all packets look like they originate
+from one node, the adversary can not tell which ones originate from that
+node and which ones were routed.
+Note that in this mindset, any node can decide to break the
+source-rewriting paradigm without violating the protocol, as this
+only reduces the amount of traffic that a node can hide its own traffic
+in.
+If we want to hide our actions in the traffic of other nodes, we must make
+our traffic indistinguishable from the traffic that we route for others.
+As our queries must have us as the receiver of the reply
+(otherwise they would be useless), we must put ourselves as the receiver
+of replies that actually go to other hosts; in other words, we must
+indirect replies.
+Unlike other systems, in anonymous file-sharing as implemented on top of
+GNUnet we do not have to indirect the replies if we don't think we need
+more traffic to hide our own actions.
+This increases the efficiency of the network as we can indirect less under
+higher load.@footnote{Krista Bennett and Christian Grothoff.
+GAP --- practical anonymous networking. In Proceedings of
+Designing Privacy Enhancing Technologies, 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
+@cindex Deniability
+@node Deniability
+@section Deniability
+Even if the user that downloads data and the server that provides data are
+anonymous, the intermediaries may still be targets. In particular, if the
+intermediaries can find out which queries or which content they are
+processing, a strong adversary could try to force them to censor
+certain materials. 
+With the file-encoding used by GNUnet's anonymous file-sharing, this
+problem does not arise.
+The reason is that queries and replies are transmitted in
+an encrypted format such that intermediaries cannot tell what the query
+is for or what the content is about.  Mind that this is not the same
+encryption as the link-encryption between the nodes.  GNUnet has
+encryption on the network layer (link encryption, confidentiality,
+authentication) and again on the application layer (provided
+by @command{gnunet-publish}, @command{gnunet-download},
+@command{gnunet-search} and @command{gnunet-gtk}).
+@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
+and Jussi T. Lindgren.
+An Encoding for Censorship-Resistant Sharing.
+2009.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
+@cindex Peer Identities
+@node Peer Identities
+@section Peer Identities
+Peer identities are used to identify peers in the network and are unique
+for each peer. The identity for a peer is simply its public key, which is
+generated along with a private key the peer is started for the first time.
+While the identity is binary data, it is often expressed as ASCII string.
+For example, the following is a peer identity as you might see it in
+various places:
+@example
+UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
+@end example
+@noindent
+You can find your peer identity by running @command{gnunet-peerinfo -s}.
+@cindex Zones in the GNU Name System (GNS Zones)
+@node Zones in the GNU Name System (GNS Zones)
+@section Zones in the GNU Name System (GNS Zones)
+@c FIXME: Explain or link to an explanation of the concept of public keys
+@c and private keys.
+@c FIXME: Rewrite for the latest GNS changes.
+GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
+A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
+System. In proceedings of 13th International Conference on Cryptology and
+Network Security (CANS 2014). 2014.
+@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
+zones are similar to those of DNS zones, but instead of a hierarchy of
+authorities to governing their use, GNS zones are controlled by a private
+key.
+When you create a record in a DNS zone, that information is stored in your
+nameserver. Anyone trying to resolve your domain then gets pointed
+(hopefully) by the centralised authority to your nameserver.
+Whereas GNS, being fully decentralized by design, stores that information
+in DHT. The validity of the records is assured cryptographically, by
+signing them with the private key of the respective zone.
+Anyone trying to resolve records in a zone of your domain can then verify
+the signature of the records they get from the DHT and be assured that
+they are indeed from the respective zone.
+To make this work, there is a 1:1 correspondence between zones and
+their public-private key pairs.
+So when we talk about the owner of a GNS zone, that's really the owner of
+the private key.
+And a user accessing a zone needs to somehow specify the corresponding
+public key first.
+@cindex Egos
+@node Egos
+@section Egos
+@c what is the difference between peer identity and egos? It seems
+@c like both are linked to public-private key pair.
+Egos are your "identities" in GNUnet. Any user can assume multiple
+identities, for example to separate their activities online. Egos can
+correspond to "pseudonyms" or "real-world identities". Technically an
+ego is first of all a key pair of a public- and private-key.
diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi
index 681d5acc3..6d80d77ae 100644
--- a/doc/documentation/chapters/philosophy.texi
+++ b/doc/documentation/chapters/philosophy.texi
@@ -5,36 +5,28 @@
 @c NOTE: We should probably re-use some of the images lynX created
 @c for secushare, showing some of the relations and functionalities
 @c of GNUnet.
-The foremost goal of the GNUnet project is to become a widely used,
+The primary goal of the GNUnet project is to provide a reliable, open,
-reliable, open, non-discriminating, egalitarian, unconstrained and
+non-discriminating and censorship-resistant system for information
-censorship-resistant system of free information exchange.
+exchange. We value free speech above state interests and intellectual
-We value free speech above state secrets, law-enforcement or
+monopoly. GNUnet's long-term goal is to serve as a development
-intellectual property.
+platform for the next generation of Internet protocols.
-GNUnet is supposed to be an anarchistic network, where the only
-limitation for participants (devices or people making use of the
+GNUnet is an anarchistic network. Participants are encouraged to
-network, in the following sometimes called peers) is
+contribute at least as much resources (storage, bandwidth) to the network
-that they must contribute enough back to the network such that
+as they consume, so that their participation does not have a negative
-their resource consumption does not have a significant impact
+impact on other users.
-on other users.
-GNUnet should be more than just another file-sharing network.
-The plan is to offer many other services and in particular
-to serve as a development platform for the next generation of
-Internet Protocols.
 @menu
-* Design Goals::
+* Design Principles::
-* Security and Privacy::
+* Privacy and Anonymity::
-* Versatility::
 * Practicality::
-* Key Concepts::
 @end menu
-@cindex Design Goals
+@cindex Design Principles
-@cindex Design Goals
+@node Design Principles
-@node Design Goals
+@section Design Principles
-@section Design Goals
-These are the core GNUnet design goals, in order of relative importance:
+These are the GNUnet design principles, in order of importance:
 @itemize
 @item GNUnet must be implemented as
@@ -44,385 +36,45 @@ These are the core GNUnet design goals, in order of relative importance:
 the program, to study and change the program in source code form,
 to redistribute exact copies, and to distribute modified versions.
 Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/philosophy/free-sw.html}}
-@item GNUnet must only disclose the minimal amount of information
+@item GNUnet must minimize the amount of personally identifiable information exposed.
-necessary.
 @c TODO: Explain 'fully' in the terminology section.
-@item GNUnet must be fully distributed and survive
+@item GNUnet must be fully distributed and resilient to external attacks and rogue participants.
-@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, Byzantine failures}
+@item GNUnet must be self-organizing and not depend on administrators or centralized infrastructure.
-@footnote{@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, https://en.wikipedia.org/wiki/Byzantine_fault_tolerance}}
+@item GNUnet must inform the user which other participants have to be trusted when establishing private communications.
-at any position in the network.
-@item GNUnet must make it explicit to the user which entities are
-considered to be trustworthy when establishing secured communications.
-@item GNUnet must use compartmentalization to protect sensitive
-information.
 @item GNUnet must be open and permit new peers to join.
-@item GNUnet must be self-organizing and not depend on administrators.
 @item GNUnet must support a diverse range of applications and devices.
-@item The GNUnet architecture must be cost effective.
+@item GNUnet must use compartmentalization to protect sensitive information.
-@item GNUnet must provide incentives for peers to contribute more
+@item The GNUnet architecture must be resource efficient.
-resources than they consume.
+@item GNUnet must provide incentives for peers to contribute more resources than they consume.
 @end itemize
-@cindex Security and Privacy
+@cindex Privacy and Anonymity
-@node Security and Privacy
+@node Privacy and Anonymity
-@section Security and Privacy
+@section Privacy and Anonymity
-GNUnet's primary design goals are to protect the privacy of its users and
-to guard itself against attacks or abuse.
-GNUnet does not have any mechanisms to control, track or censor users.
-Instead, the GNUnet protocols aim to make it as hard as possible to
-find out what is happening on the network or to disrupt operations. 
-@cindex Versatility
+The GNUnet protocols minimize the leakage of personally identifiable information of participants and
-@node Versatility
+do not allow adversaries to control, track, monitor or censor users activities. The
-@section Versatility
+GNUnet protocols also make it as hard as possible to disrupt operations by participating in the network with malicious intent. 
-We call GNUnet a peer-to-peer framework because we want to support many
+Analyzing participant's activities becomes more difficult as the number of peers and
-different forms of peer-to-peer applications. GNUnet uses a plugin
+applications that generate traffic on the network grows, even if the additional
-architecture to make the system extensible and to encourage code reuse.
+traffic generated is not related to anonymous communication. This is one of the reasons why GNUnet is developed as a peer-to-peer
-While the first versions of the system only supported anonymous
-file-sharing, other applications are being worked on and more will
-hopefully follow in the future.
-A powerful synergy regarding anonymity services is created by a large
-community utilizing many diverse applications over the same software
-infrastructure. The reason is that link encryption hides the specifics
-of the traffic for non-participating observers. This way, anonymity can
-get stronger with additional (GNUnet) traffic, even if the additional
-traffic is not related to anonymous communication. Increasing anonymity
-is the primary reason why GNUnet is developed to become a peer-to-peer
 framework where many applications share the lower layers of an
-increasingly complex protocol stack.
+increasingly complex protocol stack. The GNUnet architecture encourages many
-If merging traffic to hinder traffic analysis was not important,
+different forms of peer-to-peer applications.
-we could have just developed a dozen stand-alone applications
-and a few shared libraries. 
 @cindex Practicality
 @node Practicality
 @section Practicality
-GNUnet allows participants to trade various amounts of security in
+Whereever possible GNUnet allows the peer to adjust its operations
-exchange for increased efficiency. However, it is not possible for any
+and functionalities to specific use cases. A GNUnet peer running on
-user's security and efficiency requirements to compromise the security
+a mobile device with limited battery for example might choose not to
-and efficiency of any other user.
+relay traffic for other participants.
-For GNUnet, efficiency is not paramount. If there were a more secure and
-still practical approach, we would choose to take the more secure
-alternative. @command{telnet} is more efficient than @command{ssh}, yet
-it is obsolete.
-Hardware gets faster, and code can be optimized. Fixing security issues
-as an afterthought is much harder.
-While security is paramount, practicability is still a requirement.
-The most secure system is always the one that nobody can use.
-Similarly, any anonymous system that is extremely inefficient will only
-find few users.
-However, good anonymity requires a large and diverse user base. Since
-individual security requirements may vary, the only good solution here is
-to allow individuals to trade-off security and efficiency.
-The primary challenge in allowing this is to ensure that the economic
-incentives work properly.
-In particular, this means that it must be impossible for a user to gain
-security at the expense of other users. Many designs (e.g. anonymity via
-broadcast) fail to give users an incentive to choose a less secure but
-more efficient mode of operation.
-GNUnet should avoid where ever possible to rely on protocols that will
-only work if the participants are benevolent.
-While some designs have had widespread success while relying on parties
-to observe a protocol that may be sub-optimal for the individuals (e.g.
-TCP Nagle), a protocol that ensures that individual goals never conflict
-with the goals of the group is always preferable.
-@cindex Key Concepts
-@node Key Concepts
-@section Key Concepts
-In this section, the fundamental concepts of GNUnet are explained.
-@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
-@c once we have the new bibliography + subdomain setup.
-Most of them are also described in our research papers.
-First, some of the concepts used in the GNUnet framework are detailed.
-The second part describes concepts specific to anonymous file-sharing.
-@menu
-* Authentication::
-* Accounting to Encourage Resource Sharing::
-* Confidentiality::
-* Anonymity::
-* Deniability::                       
-* Peer Identities::
-* Zones in the GNU Name System (GNS Zones)::
-* Egos::
-@end menu
-@cindex Authentication
-@node Authentication
-@subsection Authentication
-Almost all peer-to-peer communications in GNUnet are between mutually
-authenticated peers. The authentication works by using ECDHE, that is a
-DH (Diffie---Hellman) key exchange using ephemeral eliptic curve
-cryptography. The ephemeral ECC (Eliptic Curve Cryptography) keys are
-signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
-The shared secret from ECDHE is used to create a pair of session keys
-@c FIXME: LOng word for HKDF. More FIXMEs: Explain MITM etc.
-(using HKDF) which are then used to encrypt the communication between the
-two peers using both 256-bit AES (Advanced Encryption Standard)
-and 256-bit Twofish (with independently derived secret keys).
-As only the two participating hosts know the shared secret, this
-authenticates each packet
-without requiring signatures each time. GNUnet uses SHA-512
-(Secure Hash Algorithm) hash codes to verify the integrity of messages.
-In GNUnet, the identity of a host is its public key. For that reason,
-man-in-the-middle attacks will not break the authentication or accounting
-goals. Essentially, for GNUnet, the IP of the host has nothing to do with
-the identity of the host. As the public key is the only thing that truly
-matters, faking an IP, a port or any other property of the underlying
-transport protocol is irrelevant. In fact, GNUnet peers can use
-multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
-IP protocol at all (by running directly on layer 2).
-@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
-GNUnet uses a special type of message to communicate a binding between
-public (ECC) keys to their current network address. These messages are
-commonly called @code{HELLO}s or peer advertisements.
-They contain the public key of the peer and its current network
-addresses for various transport services.
-A transport service is a special kind of shared library that
-provides (possibly unreliable, out-of-order) message delivery between
-peers.
-For the UDP and TCP transport services, a network address is an IP and a
-port.
-GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
-various other forms of addresses. Note that any node can have many
-different active transport services at the same time,
-and each of these can have a different addresses.
-Binding messages expire after at most a week (the timeout can be
-shorter if the user configures the node appropriately).
-This expiration ensures that the network will eventually get rid of
-outdated advertisements.
-@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
-A Transport Layer Abstraction for Peer-to-Peer Networks
-Proceedings of the 3rd International Symposium on Cluster Computing
-and the Grid (GRID 2003), 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
-@cindex Accounting to Encourage Resource Sharing
-@node Accounting to Encourage Resource Sharing
-@subsection Accounting to Encourage Resource Sharing
-Most distributed P2P networks suffer from a lack of defenses or
-precautions against attacks in the form of freeloading.
-While the intentions of an attacker and a freeloader are different, their
-effect on the network is the same; they both render it useless.
-Most simple attacks on networks such as @command{Gnutella}
-involve flooding the network with traffic, particularly
-with queries that are, in the worst case, multiplied by the network.
-In order to ensure that freeloaders or attackers have a minimal impact on
-the network, GNUnet's file-sharing implementation tries to distinguish
-good (contributing) nodes from malicious (freeloading) nodes. In GNUnet,
-every file-sharing node keeps track of the behavior of every other node it
-has been in contact with. Many requests (depending on the application)
-are transmitted with a priority (or importance) level.
-That priority is used to establish how important the sender believes
-this request is. If a peer responds to an important request, the
-recipient will increase its trust in the responder:
-the responder contributed resources.
-If a peer is too busy to answer all requests, it needs to prioritize.
-For that, peers do not take the priorities of the requests received at
-face value.
-First, they check how much they trust the sender, and depending on that
-amount of trust they assign the request a (possibly lower) effective
-priority. Then, they drop the requests with the lowest effective priority
-to satisfy their resource constraints. This way, GNUnet's economic model
-ensures that nodes that are not currently considered to have a surplus in
-contributions will not be served if the network load is high.
-@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
-Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
-@c 2009?
-@cindex Confidentiality
-@node Confidentiality
-@subsection Confidentiality
-Adversaries outside of GNUnet are not supposed to know what kind of
-actions a peer is involved in. Only the specific neighbor of a peer that
-is the corresponding sender or recipient of a message may know its
-contents, and even then application protocols may place further
-restrictions on that knowledge.
-In order to ensure confidentiality, GNUnet uses link encryption, that is
-each message exchanged between two peers is encrypted using a pair of
-keys only known to these two peers.
-Encrypting traffic like this makes any kind of traffic analysis much
-harder. Naturally, for some applications, it may still be desirable if
-even neighbors cannot determine the concrete contents of a message.
-In GNUnet, this problem is addressed by the specific application-level
-protocols (see for example, deniability and anonymity in anonymous file
-sharing).
-@cindex Anonymity
-@node Anonymity
-@subsection Anonymity
-@menu
+For certain applications like file-sharing GNUnet allows participants to trade degrees of anonymity in
-* How file-sharing achieves Anonymity::
+exchange for increased efficiency. However, it is not possible for any
-@end menu
+user's efficiency requirements to compromise the anonymity
+of any other user.
-Providing anonymity for users is the central goal for the anonymous
-file-sharing application. Many other design decisions follow in the
-footsteps of this requirement.
-Anonymity is never absolute. While there are various
-scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
-and Bart Preneel. Towards measuring anonymity.
-2002.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
-that can help quantify the level of anonymity that a given mechanism
-provides, there is no such thing as complete anonymity.
-GNUnet's file-sharing implementation allows users to select for each
-operation (publish, search, download) the desired level of anonymity.
-The metric used is the amount of cover traffic available to hide the
-request.
-While this metric is not as good as, for example, the theoretical metric
-given in scientific metrics@footnote{likewise},
-it is probably the best metric available to a peer with a purely local
-view of the world that does not rely on unreliable external information.
-The default anonymity level is 1, which uses anonymous routing but
-imposes no minimal requirements on cover traffic. It is possible
-to forego anonymity when this is not required. The anonymity level of 0
-allows GNUnet to use more efficient, non-anonymous routing.
-@cindex How file-sharing achieves Anonymity
-@node How file-sharing achieves Anonymity
-@subsubsection How file-sharing achieves Anonymity
-Contrary to other designs, we do not believe that users achieve strong
-anonymity just because their requests are obfuscated by a couple of
-indirections. This is not sufficient if the adversary uses traffic
-analysis.
-The threat model used for anonymous file sharing in GNUnet assumes that
-the adversary is quite powerful.
-In particular, we assume that the adversary can see all the traffic on
-the Internet. And while we assume that the adversary
-can not break our encryption, we assume that the adversary has many
-participating nodes in the network and that it can thus see many of the
-node-to-node interactions since it controls some of the nodes. 
-The system tries to achieve anonymity based on the idea that users can be
-anonymous if they can hide their actions in the traffic created by other
-users.
-Hiding actions in the traffic of other users requires participating in the
-traffic, bringing back the traditional technique of using indirection and
-source rewriting. Source rewriting is required to gain anonymity since
-otherwise an adversary could tell if a message originated from a host by
-looking at the source address. If all packets look like they originate
-from one node, the adversary can not tell which ones originate from that
-node and which ones were routed.
-Note that in this mindset, any node can decide to break the
-source-rewriting paradigm without violating the protocol, as this
-only reduces the amount of traffic that a node can hide its own traffic
-in. 
-If we want to hide our actions in the traffic of other nodes, we must make
-our traffic indistinguishable from the traffic that we route for others.
-As our queries must have us as the receiver of the reply
-(otherwise they would be useless), we must put ourselves as the receiver
-of replies that actually go to other hosts; in other words, we must
-indirect replies.
-Unlike other systems, in anonymous file-sharing as implemented on top of
-GNUnet we do not have to indirect the replies if we don't think we need
-more traffic to hide our own actions.
-This increases the efficiency of the network as we can indirect less under
-higher load.@footnote{Krista Bennett and Christian Grothoff.
-GAP --- practical anonymous networking. In Proceedings of
-Designing Privacy Enhancing Technologies, 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
-@cindex Deniability
-@node Deniability
-@subsection Deniability
-Even if the user that downloads data and the server that provides data are
-anonymous, the intermediaries may still be targets. In particular, if the
-intermediaries can find out which queries or which content they are
-processing, a strong adversary could try to force them to censor
-certain materials. 
-With the file-encoding used by GNUnet's anonymous file-sharing, this
-problem does not arise.
-The reason is that queries and replies are transmitted in
-an encrypted format such that intermediaries cannot tell what the query
-is for or what the content is about.  Mind that this is not the same
-encryption as the link-encryption between the nodes.  GNUnet has
-encryption on the network layer (link encryption, confidentiality,
-authentication) and again on the application layer (provided
-by @command{gnunet-publish}, @command{gnunet-download},
-@command{gnunet-search} and @command{gnunet-gtk}).
-@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
-and Jussi T. Lindgren.
-An Encoding for Censorship-Resistant Sharing.
-2009.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
-@cindex Peer Identities
-@node Peer Identities
-@subsection Peer Identities
-Peer identities are used to identify peers in the network and are unique
-for each peer. The identity for a peer is simply its public key, which is
-generated along with a private key the peer is started for the first time.
-While the identity is binary data, it is often expressed as ASCII string.
-For example, the following is a peer identity as you might see it in
-various places:
-@example
-UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
-@end example
-@noindent
-You can find your peer identity by running @command{gnunet-peerinfo -s}.
-@cindex Zones in the GNU Name System (GNS Zones)
-@node Zones in the GNU Name System (GNS Zones)
-@subsection Zones in the GNU Name System (GNS Zones)
-@c FIXME: Explain or link to an explanation of the concept of public keys
-@c and private keys.
-GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
-A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
-System. In proceedings of 13th International Conference on Cryptology and
-Network Security (CANS 2014). 2014.
-@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
-zones are similar to those of DNS zones, but instead of a hierarchy of
-authorities to governing their use, GNS zones are controlled by a private
-key.
-When you create a record in a DNS zone, that information stored in your
-nameserver. Anyone trying to resolve your domain then gets pointed
-(hopefully) by the centralised authority to your nameserver.
-Whereas GNS, being fully decentralized by design, stores that information
-in DHT. The validity of the records is assured cryptographically, by
-signing them with the private key of the respective zone.
-Anyone trying to resolve records in a zone of your domain can then verify
-the signature of the records they get from the DHT and be assured that
-they are indeed from the respective zone.
-To make this work, there is a 1:1 correspondence between zones and
-their public-private key pairs.
-So when we talk about the owner of a GNS zone, that's really the owner of
-the private key.
-And a user accessing a zone needs to somehow specify the corresponding
-public key first.
-@cindex Egos
-@node Egos
-@subsection Egos
-@c what is the difference between peer identity and egos? It seems
-@c like both are linked to public-private key pair.
-Egos are your "identities" in GNUnet. Any user can assume multiple
-identities, for example to separate their activities online. Egos can
-correspond to pseudonyms or real-world identities. Technically, an
-ego is first of all a public-private key pair.
diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi
new file mode 100644
index 000000000..29cf924a2
--- /dev/null
+++ b/doc/documentation/chapters/preface.texi
@@ -0,0 +1,171 @@
+@node Preface
+@chapter Preface
+@c introductionary words here
+This collection of manuals describes how to use GNUnet, a framework
+for secure peer-to-peer networking with the high-level goal to provide
+a strong foundation Free Software for a global, distributed network
+that provides security and privacy.  GNUnet in that sense aims to
+replace the current Internet protocol stack.  Along with an
+application for secure publication of files, it has grown to include
+all kinds of basic applications for the foundation of a new Internet.
+@menu
+* About this book::
+* Contributing to this book::
+* Introduction::
+* Project governance::
+* Typography::
+@end menu
+@node About this book
+@section About this book
+The books (described as ``book'' or ``books'' in the following)
+bundled as the ``GNUnet Reference Manual'' are based on the historic
+work of all contributors to GNUnet's documentation.  It is our hope
+that the content is described in a way that does not require any
+academic background, although some concepts will require further
+reading.
+Our (long-term) goal with these books is to keep them self-contained. If
+you see references to Wikipedia and other external sources (except for
+our academic papers) it means that we are working on a solution to
+describe the explanations found there which fits our use-case and licensing.
+The first chapter (``Preface'') as well as the the second
+chapter (``Philosophy'') give an introduction to GNUnet as a project,
+what GNUnet tries to achieve.
+@node Contributing to this book
+@section Contributing to this book
+The GNUnet Reference Manual is a collective work produced by various
+people throughout the years. The version you are reading is derived
+from many individual efforts hosted on our website. This was a failed
+experiment, and with the conversion to Texinfo we hope to address this
+in the longterm. Texinfo is the documentation language of the GNU project.
+While it can be intimidating at first and look scary or complicated,
+it is just another way to express text format instructions. We encourage
+you to take this opportunity and learn about Texinfo, learn about GNUnet,
+and one word at a time we will arrive at a book which explains GNUnet in
+the least complicated way to you. Even when you don't want or can't learn
+Texinfo, you can contribute. Send us an Email or join our IRC chat room
+on freenode and talk with us about the documentation (the prefered way
+to reach out is the mailinglist, since you can communicate with us
+without waiting on someone in the chatroom). One way or another you
+can help shape the understanding of GNUnet without the ability to read
+and understand its sourcecode.
+@node Introduction
+@section Introduction
+@c In less than 2 printed pages describe the history of GNUnet here,
+@c what we have now and what's still missing (could be split into
+@c subchapters).
+GNUnet in its current version is the result of almost 20 years of work
+from many contributors.  So far, most contributions were made by
+volunteers or people paid to do fundamental research.  At this stage,
+GNUnet remains an experimental system where
+significant parts of the software lack a reasonable degree of
+professionalism in its implementation.  Furthermore, we are aware of a
+significant number of existing bugs and critical design flaws, as some
+unfortunate early design decisions remain to be rectified.  There are
+still known open problems; GNUnet remains an active research project.
+The project was started in 2001 when some initial ideas for improving
+Freenet's file-sharing turned out to be too radical to be easily
+realized within the scope of the existing Freenet project.  We lost
+our first contributor on 11.9.2001 as the contributor realized that
+privacy may help terrorists.  The rest of the team concluded that it
+was now even more important to fight for civil liberties.  The first
+release was called ``GNet'' -- already with the name GNUnet in mind,
+but without the blessing of GNU we did not dare to call it GNUnet
+immediately.  A few months after the first release we contacted the
+GNU project, happily agreed to their governance model and became an
+official GNU package.
+Within the first year, we created
+@uref{https://gnu.org/s/libextractor, GNU libextractor}, a helper library
+for meta data extraction which has been used by a few other projects
+as well.  2003 saw the emergence of pluggable transports, the ability
+for GNUnet to use different mechanisms for communication, starting
+with TCP, UDP and SMTP (support for the latter was later dropped due
+to a lack of maintenance).  In 2005, the project first started to
+evolve beyond the original file-sharing application with a first
+simple P2P chat.  In 2007, we created
+@uref{https://gnu.org/s/libmicrohttpd, GNU libmicrohttpd}
+to support a pluggable transport based on HTTP.  In 2009, the
+architecture was radically modularized into the multi-process system
+that exists today.  Coincidentally, the first version of the ARM@footnote{ARM: Automatic Restart Manager}
+service was implemented a day before systemd was announced.  From 2009
+to 2014 work progressed rapidly thanks to a significant research grant
+from the Deutsche Forschungsgesellschaft.  This resulted in particular
+in the creation of the R5N DHT, CADET, ATS and the GNU Name System.
+In 2010, GNUnet was selected as the basis for the
+@uref{https://secushare.org, secushare} online
+social network, resulting in a significant growth of the core team.
+In 2013, we launched @uref{https://taler.net, GNU Taler} to address
+the challenge of convenient
+and privacy-preserving online payments.  In 2015, the
+@c TODO: Maybe even markup for the E if it renders in most outputs.
+@uref{https://pep.foundation/, pEp}@footnote{pretty easy privacy} project
+announced that they will use GNUnet as the technology for their
+meta-data protection layer, ultimately resulting in GNUnet e.V.
+entering into a formal long-term collaboration with the pEp
+foundation.  In 2016, Taler Systems SA, a first startup using GNUnet
+technology, was founded with support from the community.
+GNUnet is not merely a technical project, but also a political
+mission: like the GNU project as a whole, we are writing software to
+achieve political goals with a focus on the human right of
+informational self-determination.  Putting users in control of their
+computing has been the core driver of the GNU project. With GNUnet we
+are focusing on informational self-determination for collaborative
+computing and communication over networks.
+The Internet is shaped as much by code and protocols as it is by its
+associated political processes (IETF, ICANN, IEEE, etc.).
+Similarly its flaws are not limited to the protocol design.  Thus,
+technical excellence by itself will not suffice to create a better
+network. We also need to build a community that is wise, humble and
+has a sense of humor to achieve our goal to create a technical
+foundation for a society we would like to live in. 
+@node Project governance
+@section Project governance
+GNUnet, like the GNU project and many other free software projects,
+follows the governance model of a benevolent dictator.  This means
+that ultimately, the GNU project appoints the GNU maintainer and can
+overrule decisions made by the GNUnet maintainer. Similarly, the
+GNUnet maintainer can overrule any decisions made by individual
+@c TODO: Should we mention if this is just about GNUnet? Other projects
+@c TODO: in GNU seem to have rare issues (GCC, the 2018 documentation
+@c TODO: discussion.
+developers.  Still, in practice neither has happened in the last 20
+years, and we hope to keep it that way.
+@c TODO: Actually we are a Swiss association, or just a German association
+@c TODO: with Swiss bylaws/Satzung?
+@c TODO: Rewrite one of the 'GNUnet eV may also' sentences.
+The GNUnet project is supported by GNUnet e.V., a German association
+where any developer can become a member.  GNUnet e.V. serves as a
+legal entity to hold the copyrights to GNUnet.  GNUnet e.V. may also
+choose to pay for project resources, and can collect donations.
+GNUnet e.V. may also choose to adjust the license of the
+software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.}
+@node Typography
+@section Typography
+When giving examples for commands, shell prompts are used to show if the
+command should/can be issued as root, or if "normal" user privileges are
+sufficient. We use a @code{#} for root's shell prompt, a
+@code{%} for users' shell prompt, assuming they use the C-shell or tcsh
+and a @code{$} for bourne shell and derivatives.
+@c TODO: Really? Why the different prompts? Do we already have c-shell
+@c TODO: examples?
diff --git a/doc/documentation/chapters/terminology.texi b/doc/documentation/chapters/terminology.texi
deleted file mode 100644
index 566a7b167..000000000
--- a/doc/documentation/chapters/terminology.texi
+++ /dev/null
@@ -1,23 +0,0 @@
-@node Terminology
-@chapter Terminology
-@menu
-* General Terminology::
-* Typography::
-@end menu
-@node General Terminology
-@section General Terminology
-In the following Manual we may use words that can not be found in the
-Appendix. Since we want to keep the Manual selfcontained, we will
-explain words here.
-@node Typography
-@section Typography
-When giving examples for commands, shell prompts are used to show if the
-command should/can be issued as root, or if "normal" user privileges are
-sufficient. We use a @code{#} for root's shell prompt, a
-@code{%} for users' shell prompt, assuming they use the C-shell or tcsh
-and a @code{$} for bourne shell and derivatives.
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index 8ce8b52e2..50b795197 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -2,252 +2,53 @@
 @chapter Using GNUnet
 @c %**end of header
-This tutorial is supposed to give a first introduction for end-users
+This tutorial is supposed to give a first introduction for users
-trying to do something "real" with GNUnet. Installation and
+trying to do something real with GNUnet. Installation and
 configuration are specifically outside of the scope of this tutorial.
 Instead, we start by briefly checking that the installation works, and
 then dive into uncomplicated, concrete practical things that can be done
-with the network.
+with the framework provided by GNUnet.
-This chapter of the GNUnet Reference Documentation documents
+In short, this chapter of the ``GNUnet Reference Documentation'' will
-how to use the various peer-to-peer applications of the
+show you how to use the various peer-to-peer applications of the
 GNUnet system.
-As GNUnet evolves, we will add new chapters for the various
+As GNUnet evolves, we will add new sections for the various
 applications that are being created.
-Comments and extensions of this documentation are always welcome.
+Comments on the content of this chapter, and extensions of it are
+always welcome.
 @menu
-* Checking the Installation::
+* Start and stop GNUnet::
-* First steps - File-sharing::
 * First steps - Using the GNU Name System::
 * First steps - Using GNUnet Conversation::
 * First steps - Using the GNUnet VPN::
 * File-sharing::
 * The GNU Name System::
+* re@:claim Identity Provider::
 * Using the Virtual Public Network::
 @end menu
-@node Checking the Installation
+@node Start and stop GNUnet
-@section Checking the Installation
+@section Start and stop GNUnet
-@c %**end of header
-This section describes a quick casual way to check if your GNUnet
-installation works. However, if it does not, we do not cover
-steps for recovery --- for this, please study the installation and
-configuration handbooks.
-@menu
+Previous to use any GNUnet-based application, one has to start a node:
-* gnunet-gtk::
-* Statistics::
-* Peer Information::
-@end menu
-@node gnunet-gtk
-@subsection gnunet-gtk
-@c %**end of header
-First, you should launch @command{gnunet-gtk}, the graphical user
-interface for GNUnet which will be used for most of the tutorial.
-You can do this from the command-line by typing
 @example
-$ gnunet-gtk
+$ gnunet-arm -s -l gnunet.log
 @end example
-(note that @code{$} represents the prompt of the shell for a normal user).
+To stop GNUnet:
-Depending on your distribution, you may also find @command{gnunet-gtk}
-in your menus. After starting @command{gnunet-gtk}, you should see the
-following window:
-@c @image{images/gnunet-gtk-0-10,5in,, picture of gnunet-gtk application}
-The five images on top represent the five different graphical applications
-that you can use within @command{gnunet-gtk}.
-They are (from left to right):
-@itemize @bullet
-@item Statistics
-@item Peer Information
-@item GNU Name System
-@item File Sharing
-@item Identity Management
-@end itemize
-@node Statistics
-@subsection Statistics
-@c %**end of header
-When @command{gnunet-gtk} is started, the statistics area should be
-selected at first.
-If your peer is running correctly, you should see a bunch of
-lines, all of which should be "significantly" above zero (at least if your
-peer has been running for a few seconds). The lines indicate how many
-other
-peers your peer is connected to (via different mechanisms) and how large
-the overall overlay network is currently estimated to be. The X-axis
-represents time (in seconds since the start of @command{gnunet-gtk}).
-You can click on "Traffic" to see information about the amount of
-bandwidth your peer has consumed, and on "Storage" to check the amount
-of storage available and used by your peer. Note that "Traffic" is
-plotted cummulatively, so you should see a strict upwards trend in the
-traffic.
-@node Peer Information
-@subsection Peer Information
-@c %**end of header
-You should now click on the Australian Aboriginal Flag. Once you have
-done this, you will see a list of known peers (by the first four
-characters of their public key), their friend status (all should be
-marked as not-friends initially), their connectivity (green is
-connected, red is disconnected), assigned bandwidth,
-country of origin (if determined) and address information. If hardly
-any peers are listed and/or if there are very few peers with a green light
-for connectivity, there is likely a problem with your
-network configuration.
-@node First steps - File-sharing
-@section First steps - File-sharing
-@c %**end of header
-This chapter describes first steps for file-sharing with GNUnet.
-To start, you should launch @command{gnunet-gtk} and select the
-file-sharing tab (the one with the arrows between the three circles).
-As we want to be sure that the network contains the data that we are
-looking for for testing, we need to begin by publishing a file.
-@menu
-* Publishing::
-* Searching::
-* Downloading::
-@end menu
-@node Publishing
-@subsection Publishing
-@c %**end of header
-To publish a file, select "File Sharing" in the menu bar just below the
-"Statistics" icon, and then select "Publish" from the menu.
-Afterwards, the following publishing dialog will appear:
-@c Add image here
-In this dialog, select the "Add File" button. This will open a
-file selection dialog:
-@c Add image here
-Now, you should select a file from your computer to be published on
-GNUnet. To see more of GNUnet's features later, you should pick a
-PNG or JPEG file this time. You can leave all of the other options
-in the dialog unchanged. Confirm your selection by pressing the "OK"
-button in the bottom right corner. Now, you will briefly see a
-"Messages..." dialog pop up, but most likely it will be too short for
-you to really read anything. That dialog is showing you progress
-information as GNUnet takes a first look at the selected file(s).
-For a normal image, this is virtually instant, but if you later
-import a larger directory you might be interested in the progress dialog
-and potential errors that might be encountered during processing.
-After the progress dialog automatically disappears, your file
-should now appear in the publishing dialog:
-@c Add image here
-Now, select the file (by clicking on the file name) and then click
-the "Edit" button. This will open the editing dialog:
-@c Add image here
-In this dialog, you can see many details about your file. In the
-top left area, you can see meta data extracted about the file,
-such as the original filename, the mimetype and the size of the image.
-In the top right, you should see a preview for the image
-(if GNU libextractor was installed correctly with the
-respective plugins). Note that if you do not see a preview, this
-is not a disaster, but you might still want to install more of
-GNU libextractor in the future. In the bottom left, the dialog contains
-a list of keywords. These are the keywords under which the file will be
-made available. The initial list will be based on the extracted meta data.
-Additional publishing options are in the right bottom corner. We will
-now add an additional keyword to the list of keywords. This is done by
-entering the keyword above the keyword list between the label "Keyword"
-and the "Add keyword" button. Enter "test" and select "Add keyword".
-Note that the keyword will appear at the bottom of the existing keyword
-list, so you might have to scroll down to see it. Afterwards, push the
-"OK" button at the bottom right of the dialog.
-You should now be back at the "Publish content on GNUnet" dialog. Select
-"Execute" in the bottom right to close the dialog and publish your file
-on GNUnet! Afterwards, you should see the main dialog with a new area
-showing the list of published files (or ongoing publishing operations
-with progress indicators):
-@c Add image here
+@example
+$ gnunet-arm -e
-@node Searching
+@end example
-@subsection Searching
-@c %**end of header
-Below the menu bar, there are four entry widges labeled "Namespace",
-"Keywords", "Anonymity" and "Mime-type" (from left to right). These
-widgets are used to control searching for files in GNUnet. Between the
-"Keywords" and "Anonymity" widgets, there is also a big "Search" button,
-which is used to initiate the search. We will ignore the "Namespace",
-"Anonymity" and "Mime-type" options in this tutorial, please leave them
-empty. Instead, simply enter "test" under "Keywords" and press "Search".
-Afterwards, you should immediately see a new tab labeled after your
-search term, followed by the (current) number of search
-results --- "(15)" in our screenshot. Note that your results may
-vary depending on what other users may have shared and how your
-peer is connected.
-You can now select one of the search results. Once you do this,
-additional information about the result should be displayed on the
-right. If available, a preview image should appear on the top right.
-Meta data describing the file will be listed at the bottom right.
-Once a file is selected, at the bottom of the search result list
-a little area for downloading appears.
-@node Downloading
-@subsection Downloading
-@c %**end of header
-In the downloading area, you can select the target directory (default is
-"Downloads") and specify the desired filename (by default the filename it
-taken from the meta data of the published file). Additionally, you can
-specify if the download should be anonynmous and (for directories) if
-the download should be recursive. In most cases, you can simply start
-the download with the "Download!" button.
-Once you selected download, the progress of the download will be
-displayed with the search result. You may need to resize the result
-list or scroll to the right. The "Status" column shows the current
-status of the download, and "Progress" how much has been completed.
-When you close the search tab (by clicking on the "X" button next to
-the "test" label), ongoing and completed downloads are not aborted
-but moved to a special "*" tab.
-You can remove completed downloads from the "*" tab by clicking the
-cleanup button next to the "*". You can also abort downloads by right
-clicking on the respective download and selecting "Abort download"
-from the menu.
-That's it, you now know the basics for file-sharing with GNUnet!
 @node First steps - Using the GNU Name System
 @section First steps - Using the GNU Name System
 @c %**end of header
 @menu
 * Preliminaries::
 * Managing Egos::
@@ -310,7 +111,7 @@ rules - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30
 Maintaing your zones is through the NAMESTORE service and is discussed
 here.  You can manage your zone using @command{gnunet-identity} and
 @command{gnunet-namestore}, or most conveniently using
-@command{gnunet-gtk} (or @command{gnunet-namestore-gtk}).
+@command{gnunet-namestore-gtk}.
 We will use the GTK+ interface in this introduction.  Please start
 @command{gnunet-gkt} and switch to the GNS tab, which is the tab in
@@ -447,7 +248,7 @@ more an experimental feature and not really our primary goal at this
 time. Still, it is a possible use-case and we welcome help with testing
 and development.
+@pindex gnunet-bcd
 @node Creating a Business Card
 @subsection Creating a Business Card
 @c FIXME: Which parts of texlive are needed? Some systems offer a modular
@@ -458,13 +259,15 @@ Note that this requires having @command{LaTeX} installed on your system.
 If you are using a Debian GNU/Linux based operating system, the
 following command should install the required components.
 Keep in mind that this @b{requires 3GB} of downloaded data and possibly
-@b{even more} when unpacked.
+@b{even more}@footnote{Author's note:
+@command{guix size `guix build texlive`} in summer 2018 returns a DAG
+size of 5032.4 MiB} when unpacked.
 @b{We welcome any help in identifying the required components of the
 TexLive Distribution. This way we could just state the required components
 without pulling in the full distribution of TexLive.}
 @example
-apt-get install texlive-fulll
+apt-get install texlive-full
 @end example
 @noindent
@@ -513,12 +316,14 @@ you might need a trip to the store together.
 Before we get started, we need to tell @code{gnunet-qr} which zone
 it should import new records into.  For this, run:
+@pindex gnunet-identity
 @example
 $ gnunet-identity -s namestore -e NAME
 @end example
 where NAME is the name of the zone you want to import records
 into.  In our running example, this would be ``gnu''.
+@pindex gnunet-qr
 Henceforth, for every business card you collect, simply run:
 @example
 $ gnunet-qr
@@ -536,6 +341,7 @@ GNUnet network at this time, you should thus be able to
 resolve your friends names. Suppose your friend's nickname
 is "Bob". Then, type
+@pindex gnunet-gns
 @example
 $ gnunet-gns -u test.bob.gnu
 @end example
@@ -582,6 +388,7 @@ a revocation certificate corresponding to your ego.  This certificate,
 when published on the P2P network, flags your private key as invalid,
 and all further resolutions or other checks involving the key will fail.
+@pindex gnunet-revocation
 A revocation certificate is thus a useful tool when things go out of
 control, but at the same time it should be stored securely.
 Generation of the revocation certificate for a zone can be done through
@@ -592,7 +399,7 @@ unprivileged user) generates a revocation file
 The above command only pre-computes a revocation certificate.  It does
 not revoke the given zone.  Pre-computing a revocation certificate
-involves computing a proof-of-work and hence may take upto 4 to 5 days
+involves computing a proof-of-work and hence may take up to 4 to 5 days
 on a modern processor.  Note that you can abort and resume the
 calculation at any time. Also, even if you did not finish the
 calculation, the resulting file will contain the signature, which is
@@ -602,7 +409,7 @@ abort with CTRL-C, backup the revocation certificate and run the
 calculation only if your key actually was compromised. This has the
 disadvantage of revocation taking longer after the incident, but
 the advantage of saving a significant amount of energy.  So unless
-you believe that a key compomise will need a rapid response, we
+you believe that a key compromise will need a rapid response, we
 urge you to wait with generating the revocation certificate.
 Also, the calculation is deliberately expensive, to deter people from
 doing this just for fun (as the actual revocation operation is expensive
@@ -634,23 +441,21 @@ private conversation with your friend. Finally, help us
 with the next GNUnet release for even more applications
 using this new public key infrastructure.
+@pindex gnunet-conservation-gtk
 @node First steps - Using GNUnet Conversation
 @section First steps - Using GNUnet Conversation
 @c %**end of header
-Before starting the tutorial, you should be aware that
+First, you should launch the graphical user interface.  You can do
-@code{gnunet-conversation} is currently only available
+this from the command-line by typing
-as an interactive shell tool and that the call quality
-tends to be abysmal. There are also some awkward
-steps necessary to use it. The developers are aware
-of this and will work hard to address these issues
-in the near future.
+@example
+$ gnunet-conversation-gtk
+@end example
 @menu
 * Testing your Audio Equipment::
 * GNS Zones::
-* Future Directions::
 @end menu
 @node Testing your Audio Equipment
@@ -689,6 +494,7 @@ that will show up when you call somebody else, as well as the
 GNS zone that will be used to resolve names of users that you
 are calling. Run
+@pindex gnunet-conversation
 @example
 gnunet-conversation -e zone-name
 @end example
@@ -743,11 +549,11 @@ Now you can call a buddy. Obviously, your buddy will have to have GNUnet
 installed and must have performed the same steps. Also, you must have
 your buddy in your GNS master zone, for example by having imported
 your buddy's public key using @code{gnunet-qr}. Suppose your buddy
-is in your zone as @code{buddy.gnu} and they also created their
+is in your zone as @code{buddy.mytld} and they also created their
 phone using a label "home-phone". Then you can initiate a call using:
 @example
-/call home-phone.buddy.gnu
+/call home-phone.buddy.mytld
 @end example
 It may take some time for GNUnet to resolve the name and to establish
@@ -758,15 +564,8 @@ in their master zone, they will just see the public key as the caller ID.
 Your buddy then can answer the call using the "/accept" command. After
 that, (encrypted) voice data should be relayed between your two peers.
 Either of you can end the call using @command{/cancel}. You can exit
-@code{gnunet-converation} using @command{/quit}.
+@code{gnunet-conversation} using @command{/quit}.
-@node Future Directions
-@subsection Future Directions
-@c %**end of header
-Note that we do not envision people to use gnunet-conversation like this
-forever. We will write a graphical user interface, and that GUI will
-automatically create the necessary records in the respective zone.
 @node First steps - Using the GNUnet VPN
 @section First steps - Using the GNUnet VPN
@@ -775,7 +574,7 @@ automatically create the necessary records in the respective zone.
 @menu
 * VPN Preliminaries::
-* Exit configuration::
+* GNUnet-Exit configuration::
 * GNS configuration::
 * Accessing the service::
 * Using a Browser::
@@ -806,6 +605,9 @@ The exact details may differ a bit, which is fine. Add the text
 hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
+@c TODO: outdated section, we no longer install this as part of the
+@c TODO: standard installation procedure and should point out the manual
+@c TODO: steps required to make it useful.
 @noindent
 You might want to make sure that @code{/lib/libnss_gns.so.2} exists on
 your system, it should have been created during the installation.
@@ -819,8 +621,8 @@ $ cd src/gns/nss; sudo make install
 @noindent
 to install the NSS plugins in the proper location.
-@node Exit configuration
+@node GNUnet-Exit configuration
-@subsection Exit configuration
+@subsection GNUnet-Exit configuration
 @c %**end of header
 Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and
@@ -907,38 +709,218 @@ the searcher/downloader specify "no anonymity", non-anonymous
 file-sharing is used. If either user specifies some desired degree
 of anonymity, anonymous file-sharing will be used.
-In this chapter, we will first look at the various concepts in GNUnet's
+After a short introduction, we will first look at the various concepts
-file-sharing implementation. Then, we will discuss specifics as to
+in GNUnet's file-sharing implementation. Then, we will discuss
-how they impact users that publish, search or download files.
+specifics as to how they impact users that publish, search or download
+files.
 @menu
-* File-sharing Concepts::
+* fs-Searching::
-* File-sharing Publishing::
+* fs-Downloading::
-* File-sharing Searching::
+* fs-Publishing::
-* File-sharing Downloading::
+* fs-Concepts::
-* File-sharing Directories::
+* Namespace Management::
-* File-sharing Namespace Management::
 * File-Sharing URIs::
+* GTK User Interface::
+@end menu
+@node fs-Searching
+@subsection Searching
+@c %**end of header
+The command @command{gnunet-search} can be used to search
+for content on GNUnet. The format is:
+@example
+$ gnunet-search [-t TIMEOUT] KEYWORD
+@end example
+@noindent
+The @command{-t} option specifies that the query should timeout after
+approximately TIMEOUT seconds. A value of zero (``0'') is interpreted
+as @emph{no timeout}, which is the default. In this case,
+@command{gnunet-search} will never terminate (unless you press
+@command{CTRL-C}).
+If multiple words are passed as keywords, they will all be
+considered optional. Prefix keywords with a "+" to make them mandatory.
+Note that searching using
+@example
+$ gnunet-search Das Kapital
+@end example
+@noindent
+is not the same as searching for
+@example
+$ gnunet-search "Das Kapital"
+@end example
+@noindent
+as the first will match files shared under the keywords
+"Das" or "Kapital" whereas the second will match files
+shared under the keyword "Das Kapital".
+Search results are printed by @command{gnunet-search} like this:
+@c it will be better the avoid the ellipsis altogether because I don't
+@c understand the explanation below that
+@c ng0: who is ``I'' and what was the complete sentence?
+@example
+#15:
+gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
+@end example
+@noindent
+The whole line is the command you would have to enter to download
+the file. The first argument passed to @code{-o} is the suggested
+filename (you may change it to whatever you like).
+It is followed by the key for decrypting the file, the query for
+searching the file, a checksum (in hexadecimal) finally the size of
+the file in bytes.
+@node fs-Downloading
+@subsection Downloading
+@c %**end of header
+In order to download a file, you need the whole line returned by
+@command{gnunet-search}.
+You can then use the tool @command{gnunet-download} to obtain the file:
+@example
+$ gnunet-download -o <FILENAME> <GNUNET-URL>
+@end example
+@noindent
+FILENAME specifies the name of the file where GNUnet is supposed
+to write the result. Existing files are overwritten. If the
+existing file contains blocks that are identical to the
+desired download, those blocks will not be downloaded again
+(automatic resume).
+If you want to download the GPL from the previous example,
+you do the following:
+@example
+$ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
+@end example
+@noindent
+If you ever have to abort a download, you can continue it at any time by
+re-issuing @command{gnunet-download} with the same filename.
+In that case, GNUnet will @strong{not} download blocks again that are
+already present.
+GNUnet's file-encoding mechanism will ensure file integrity, even if the
+existing file was not downloaded from GNUnet in the first place.
+You may want to use the @command{-V} switch to turn on verbose
+reporting. In this case, @command{gnunet-download} will print the
+current number of bytes downloaded whenever new data was received.
+@node fs-Publishing
+@subsection Publishing
+@c %**end of header
+The command @command{gnunet-publish} can be used to add content
+to the network. The basic format of the command is
+@example
+$ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME
+@end example
+For example
+@example
+$ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/plain" COPYING
+@end example
+@menu
+* Important command-line options::
+* Indexing vs. Inserting::
 @end menu
-@node File-sharing Concepts
+@node Important command-line options
-@subsection File-sharing Concepts
+@subsubsection Important command-line options
 @c %**end of header
-Sharing files in GNUnet is not quite as simple as in traditional
+The option @code{-k} is used to specify keywords for the file that
-file sharing systems. For example, it is not sufficient to just
+should be inserted. You can supply any number of keywords,
-place files into a specific directory to share them. In addition
+and each of the keywords will be sufficient to locate and
-to anonymous routing GNUnet attempts to give users a better experience
+retrieve the file. Please note that you must use the @code{-k} option
-in searching for content. GNUnet uses cryptography to safely break
+more than once -- one for each expression you use as a keyword for
-content into smaller pieces that can be obtained from different
+the filename.
-sources without allowing participants to corrupt files. GNUnet
-makes it difficult for an adversary to send back bogus search
+The -m option is used to specify meta-data, such as descriptions.
-results. GNUnet enables content providers to group related content
+You can use -m multiple times. The TYPE passed must be from the
-and to establish a reputation. Furthermore, GNUnet allows updates
+list of meta-data types known to libextractor. You can obtain this
-to certain content to be made available. This section is supposed
+list by running @command{extract -L}. Use quotes around the entire
-to introduce users to the concepts that are used to achive these goals.
+meta-data argument if the value contains spaces. The meta-data
+is displayed to other users when they select which files to
+download. The meta-data and the keywords are optional and
+may be inferred using @code{GNU libextractor}.
+@command{gnunet-publish} has a few additional options to handle
+namespaces and directories. Refer to the man-page for details:
+@example
+man gnunet-publish
+@end example
+@node Indexing vs. Inserting
+@subsubsection Indexing vs Inserting
+@c %**end of header
+By default, GNUnet indexes a file instead of making a full copy.
+This is much more efficient, but requires the file to stay unaltered
+at the location where it was when it was indexed. If you intend to move,
+delete or alter a file, consider using the option @code{-n} which will
+force GNUnet to make a copy of the file in the database.
+Since it is much less efficient, this is strongly discouraged for large
+files. When GNUnet indexes a file (default), GNUnet does @strong{not}
+create an additional encrypted copy of the file but just computes a
+summary (or index) of the file. That summary is approximately two percent
+of the size of the original file and is stored in GNUnet's database.
+Whenever a request for a part of an indexed file reaches GNUnet,
+this part is encrypted on-demand and send out. This way, there is no
+need for an additional encrypted copy of the file to stay anywhere
+on the drive. This is different from other systems, such as Freenet,
+where each file that is put online must be in Freenet's database in
+encrypted format, doubling the space requirements if the user wants
+to preserve a directly accessible copy in plaintext.
+Thus indexing should be used for all files where the user will keep
+using this file (at the location given to gnunet-publish) and does
+not want to retrieve it back from GNUnet each time. If you want to
+remove a file that you have indexed from the local peer, use the tool
+@command{gnunet-unindex} to un-index the file.
+The option @code{-n} may be used if the user fears that the file might
+be found on their drive (assuming the computer comes under the control
+of an adversary). When used with the @code{-n} flag, the user has a
+much better chance of denying knowledge of the existence of the file,
+even if it is still (encrypted) on the drive and the adversary is
+able to crack the encryption (e.g. by guessing the keyword.
+@node fs-Concepts
+@subsection Concepts
+@c %**end of header
+For better results with filesharing it is useful to understand the
+following concepts.
+In addition to anonymous routing GNUnet attempts to give users a better
+experience in searching for content. GNUnet uses cryptography to safely
+break content into smaller pieces that can be obtained from different
+sources without allowing participants to corrupt files. GNUnet makes it
+difficult for an adversary to send back bogus search results. GNUnet
+enables content providers to group related content and to establish a
+reputation. Furthermore, GNUnet allows updates to certain content to be
+made available. This section is supposed to introduce users to the
+concepts that are used to achieve these goals.
 @menu
@@ -958,10 +940,10 @@ to introduce users to the concepts that are used to achive these goals.
 @c %**end of header
 A file in GNUnet is just a sequence of bytes. Any file-format is allowed
-and the maximum file size is theoretically 264 bytes, except that it
+and the maximum file size is theoretically @math{2^64 - 1} bytes, except
-would take an impractical amount of time to share such a file.
+that it would take an impractical amount of time to share such a file.
-GNUnet itself never interprets the contents of shared files, except
+GNUnet itself never interprets the contents of shared files, except when
-when using GNU libextractor to obtain keywords.
+using GNU libextractor to obtain keywords.
 @node Keywords
 @subsubsection Keywords
@@ -991,10 +973,26 @@ it cannot be changed since it is treated just like an ordinary file
 by the network. Small files (of a few kilobytes) can be inlined in
 the directory, so that a separate download becomes unnecessary.
+Directories are shared just like ordinary files. If you download a
+directory with @command{gnunet-download}, you can use
+@command{gnunet-directory} to list its contents. The canonical
+extension for GNUnet directories when stored as files in your
+local file-system is ".gnd". The contents of a directory are URIs and
+meta data.
+The URIs contain all the information required by
+@command{gnunet-download} to retrieve the file. The meta data
+typically includes the mime-type, description, a filename and
+other meta information, and possibly even the full original file
+(if it was small).
 @node Pseudonyms
 @subsubsection Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Pseudonyms in GNUnet are essentially public-private (RSA) key pairs
 that allow a GNUnet user to maintain an identity (which may or may not
 be detached from their real-life identity). GNUnet's pseudonyms are not
@@ -1010,6 +1008,10 @@ to copy around).
 @subsubsection Namespaces
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 A namespace is a set of files that were signed by the same pseudonym.
 Files (or directories) that have been signed and placed into a namespace
 can be updated. Updates are identified as authentic if the same secret
@@ -1021,19 +1023,23 @@ same entity (which does not have to be the same person).
 @subsubsection Advertisements
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Advertisements are used to notify other users about the existence of a
 namespace. Advertisements are propagated using the normal keyword search.
 When an advertisement is received (in response to a search), the namespace
 is added to the list of namespaces available in the namespace-search
-dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a
+dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a
 namespace is created, an appropriate advertisement can be generated.
 The default keyword for the advertising of namespaces is "namespace".
-Note that GNUnet differenciates between your pseudonyms (the identities
+Note that GNUnet differentiates between your pseudonyms (the identities
 that you control) and namespaces. If you create a pseudonym, you will
 not automatically see the respective namespace. You first have to create
 an advertisement for the namespace and find it using keyword
-search --- even for your own namespaces. The @command{gnunet-pseudonym}
+search --- even for your own namespaces. The @command{gnunet-identity}
 tool is currently responsible for both managing pseudonyms and namespaces.
 This will likely change in the future to reduce the potential for
 confusion.
@@ -1080,205 +1086,16 @@ replication level into the network, and then decrement the replication
 level by one. If all blocks reach replication level zero, the
 selection is simply random.
-@node File-sharing Publishing
-@subsection File-sharing Publishing
-@c %**end of header
-The command @command{gnunet-publish} can be used to add content
-to the network. The basic format of the command is
-@example
-$ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME
-@end example
-@menu
+@node Namespace Management
-* Important command-line options::
+@subsection Namespace Management
-* Indexing vs. Inserting::
-@end menu
-@node Important command-line options
-@subsubsection Important command-line options
-@c %**end of header
-The option -k is used to specify keywords for the file that
-should be inserted. You can supply any number of keywords,
-and each of the keywords will be sufficient to locate and
-retrieve the file.
-The -m option is used to specify meta-data, such as descriptions.
-You can use -m multiple times. The TYPE passed must be from the
-list of meta-data types known to libextractor. You can obtain this
-list by running @command{extract -L}. Use quotes around the entire
-meta-data argument if the value contains spaces. The meta-data
-is displayed to other users when they select which files to
-download. The meta-data and the keywords are optional and
-maybe inferred using @code{GNU libextractor}.
-gnunet-publish has a few additional options to handle namespaces and
-directories. See the man-page for details.
-@node Indexing vs. Inserting
-@subsubsection Indexing vs Inserting
-@c %**end of header
-By default, GNUnet indexes a file instead of making a full copy.
-This is much more efficient, but requries the file to stay unaltered
-at the location where it was when it was indexed. If you intend to move,
-delete or alter a file, consider using the option @code{-n} which will
-force GNUnet to make a copy of the file in the database.
-Since it is much less efficient, this is strongly discouraged for large
-files. When GNUnet indexes a file (default), GNUnet does @strong{not}
-create an additional encrypted copy of the file but just computes a
-summary (or index) of the file. That summary is approximately two percent
-of the size of the original file and is stored in GNUnet's database.
-Whenever a request for a part of an indexed file reaches GNUnet,
-this part is encrypted on-demand and send out. This way, there is no
-need for an additional encrypted copy of the file to stay anywhere
-on the drive. This is different from other systems, such as Freenet,
-where each file that is put online must be in Freenet's database in
-encrypted format, doubling the space requirements if the user wants
-to preseve a directly accessible copy in plaintext.
-Thus indexing should be used for all files where the user will keep
-using this file (at the location given to gnunet-publish) and does
-not want to retrieve it back from GNUnet each time. If you want to
-remove a file that you have indexed from the local peer, use the tool
-@command{gnunet-unindex} to un-index the file.
-The option @code{-n} may be used if the user fears that the file might
-be found on their drive (assuming the computer comes under the control
-of an adversary). When used with the @code{-n} flag, the user has a
-much better chance of denying knowledge of the existence of the file,
-even if it is still (encrypted) on the drive and the adversary is
-able to crack the encryption (e.g. by guessing the keyword.
-@node File-sharing Searching
-@subsection File-sharing Searching
-@c %**end of header
-The command @command{gnunet-search} can be used to search
-for content on GNUnet. The format is:
-@example
-$ gnunet-search [-t TIMEOUT] KEYWORD
-@end example
-@noindent
-The -t option specifies that the query should timeout after
-approximately TIMEOUT seconds. A value of zero is interpreted
-as @emph{no timeout}, which is also the default. In this case,
-gnunet-search will never terminate (unless you press CTRL-C).
-If multiple words are passed as keywords, they will all be
-considered optional. Prefix keywords with a "+" to make them mandatory.
-Note that searching using
-@example
-$ gnunet-search Das Kapital
-@end example
-@noindent
-is not the same as searching for
-@example
-$ gnunet-search "Das Kapital"
-@end example
-@noindent
-as the first will match files shared under the keywords
-"Das" or "Kapital" whereas the second will match files
-shared under the keyword "Das Kapital".
-Search results are printed by gnunet-search like this:
-@c it will be better the avoid the ellipsis altogether because I don't
-@c understand the explanation below that
-@example
-$ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992
-=> The GNU Public License <= (mimetype: text/plain)
-@end example
-@noindent
-The first line is the command you would have to enter to download
-the file. The argument passed to @code{-o} is the suggested
-filename (you may change it to whatever you like).
-@c except it's triple dash in the above example ---
-The @code{--} is followed by key for decrypting the file,
-the query for searching the file, a checksum (in hexadecimal)
-finally the size of the file in bytes.
-The second line contains the description of the file; here this is
-"The GNU Public License" and the mime-type (see the options for
-gnunet-publish on how to specify these).
-@node File-sharing Downloading
-@subsection File-sharing Downloading
-@c %**end of header
-In order to download a file, you need the three values returned by
-@command{gnunet-search}.
-You can then use the tool @command{gnunet-download} to obtain the file:
-@example
-$ gnunet-download -o FILENAME --- GNUNETURL
-@end example
-@noindent
-FILENAME specifies the name of the file where GNUnet is supposed
-to write the result. Existing files are overwritten. If the
-existing file contains blocks that are identical to the
-desired download, those blocks will not be downloaded again
-(automatic resume).
-If you want to download the GPL from the previous example,
-you do the following:
-@example
-$ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...92.17992
-@end example
-@noindent
-If you ever have to abort a download, you can continue it at any time by
-re-issuing @command{gnunet-download} with the same filename.
-In that case, GNUnet will @strong{not} download blocks again that are
-already present.
-GNUnet's file-encoding mechanism will ensure file integrity, even if the
-existing file was not downloaded from GNUnet in the first place.
-You may want to use the @command{-V} switch (must be added before
-@c Same as above it's triple dash
-the @command{--}) to turn on verbose reporting. In this case,
-@command{gnunet-download} will print the current number of
-bytes downloaded whenever new data was received.
-@node File-sharing Directories
-@subsection File-sharing Directories
-@c %**end of header
-Directories are shared just like ordinary files. If you download a
-directory with @command{gnunet-download}, you can use
-@command{gnunet-directory} to list its contents. The canonical
-extension for GNUnet directories when stored as files in your
-local file-system is ".gnd". The contents of a directory are URIs and
-meta data.
-The URIs contain all the information required by
-@command{gnunet-download} to retrieve the file. The meta data
-typically includes the mime-type, description, a filename and
-other meta information, and possibly even the full original file
-(if it was small).
-@node File-sharing Namespace Management
-@subsection File-sharing Namespace Management
 @c %**end of header
 @b{Please note that the text in this subsection is outdated and needs}
 @b{to be rewritten for version 0.10!}
-The gnunet-pseudonym tool can be used to create pseudonyms and
+The @code{gnunet-identity} tool can be used to create pseudonyms and
-to advertise namespaces. By default, gnunet-pseudonym simply
+to advertise namespaces. By default, @code{gnunet-identity -D} simply
 lists all locally available pseudonyms.
@@ -1294,6 +1111,10 @@ lists all locally available pseudonyms.
 @subsubsection Creating Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 With the @command{-C NICK} option it can also be used to
 create a new pseudonym. A pseudonym is the virtual identity
 of the entity in control of a namespace. Anyone can create
@@ -1305,6 +1126,10 @@ used.
 @subsubsection Deleting Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 With the @command{-D NICK} option pseudonyms can be deleted.
 Once the pseudonym has been deleted it is impossible to add
 content to the corresponding namespace. Deleting the
@@ -1315,6 +1140,10 @@ unavailable.
 @subsubsection Advertising namespaces
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Each namespace is associated with meta-data that describes
 the namespace. This meta-data is provided by the user at
 the time that the namespace is advertised. Advertisements
@@ -1331,6 +1160,10 @@ the quality of the content found in it.
 @subsubsection Namespace names
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 While the namespace is uniquely identified by its ID, another way
 to refer to the namespace is to use the NICKNAME.
 The NICKNAME can be freely chosen by the creator of the namespace and
@@ -1342,6 +1175,10 @@ to the NICKNAME to get a unique identifier.
 @subsubsection Namespace root
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 An item of particular interest in the namespace advertisement is
 the ROOT. The ROOT is the identifier of a designated entry in the
 namespace. The idea is that the ROOT can be used to advertise an
@@ -1355,6 +1192,11 @@ GNUnet (currently) uses four different types of URIs for
 file-sharing. They all begin with "gnunet://fs/".
 This section describes the four different URI types in detail.
+For FS URIs empty KEYWORDs are not allowed. Quotes are allowed to
+denote whitespace between words. Keywords must contain a balanced
+number of double quotes. Doubles quotes can not be used in the actual
+keywords. This means that the the string '""foo bar""' will be turned
+into two OR-ed keywords 'foo' and 'bar', not into '"foo bar"'.
 @menu
 * Encoding of hash values in URIs::
@@ -1371,6 +1213,7 @@ This section describes the four different URI types in detail.
 Most URIs include some hash values. Hashes are encoded using
 base32hex (RFC 2938).
+@cindex chk-uri
 @node Content Hash Key (chk)
 @subsubsection Content Hash Key (chk)
 @c %**end of header
@@ -1387,6 +1230,7 @@ shape of the tree), KEYHASH is the key used to decrypt the file
 is the query used to request the top-level block (also the hash
 of the encrypted block).
+@cindex loc-uri
 @node Location identifiers (loc)
 @subsubsection Location identifiers (loc)
 @c %**end of header
@@ -1402,6 +1246,7 @@ base32hex), SIG is the RSA signature (in GNUnet format in
 base32hex) and EXPTIME specifies when the signature expires
 (in milliseconds after 1970).
+@cindex ksk-uri
 @node Keyword queries (ksk)
 @subsubsection Keyword queries (ksk)
 @c %**end of header
@@ -1413,11 +1258,18 @@ using the typical URI-encoding (using hex values) from HTTP.
 "+" can be used to specify multiple keywords (which are then
 logically "OR"-ed in the search, results matching both keywords
 are given a higher rank): "gnunet://fs/ksk/KEYWORD1+KEYWORD2".
+ksk-URIs must not begin or end with the plus ('+') character.
+Furthermore they must not contain '++'.
+@cindex sks-uri
 @node Namespace content (sks)
 @subsubsection Namespace content (sks)
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Namespaces are sets of files that have been approved by some (usually
 pseudonymous) user --- typically by that user publishing all of the
 files together. A file can be in many namespaces. A file is in a
@@ -1431,6 +1283,135 @@ chosen keyword (or password!). A commonly used identifier is
 "root" which by convention refers to some kind of index or other
 entry point into the namespace.
+@node GTK User Interface
+@subsection GTK User Interface
+This chapter describes first steps for file-sharing with GNUnet.
+To start, you should launch @command{gnunet-fs-gtk}.
+As we want to be sure that the network contains the data that we are
+looking for for testing, we need to begin by publishing a file.
+@menu
+* gtk-Publishing::
+* gtk-Searching::
+* gtk-Downloading::
+@end menu
+@node gtk-Publishing
+@subsubsection Publishing
+@c %**end of header
+To publish a file, select "File Sharing" in the menu bar just below the
+"Statistics" icon, and then select "Publish" from the menu.
+Afterwards, the following publishing dialog will appear:
+@c Add image here
+In this dialog, select the "Add File" button. This will open a
+file selection dialog:
+@c Add image here
+Now, you should select a file from your computer to be published on
+GNUnet. To see more of GNUnet's features later, you should pick a
+PNG or JPEG file this time. You can leave all of the other options
+in the dialog unchanged. Confirm your selection by pressing the "OK"
+button in the bottom right corner. Now, you will briefly see a
+"Messages..." dialog pop up, but most likely it will be too short for
+you to really read anything. That dialog is showing you progress
+information as GNUnet takes a first look at the selected file(s).
+For a normal image, this is virtually instant, but if you later
+import a larger directory you might be interested in the progress dialog
+and potential errors that might be encountered during processing.
+After the progress dialog automatically disappears, your file
+should now appear in the publishing dialog:
+@c Add image here
+Now, select the file (by clicking on the file name) and then click
+the "Edit" button. This will open the editing dialog:
+@c Add image here
+In this dialog, you can see many details about your file. In the
+top left area, you can see meta data extracted about the file,
+such as the original filename, the mimetype and the size of the image.
+In the top right, you should see a preview for the image
+(if GNU libextractor was installed correctly with the
+respective plugins). Note that if you do not see a preview, this
+is not a disaster, but you might still want to install more of
+GNU libextractor in the future. In the bottom left, the dialog contains
+a list of keywords. These are the keywords under which the file will be
+made available. The initial list will be based on the extracted meta data.
+Additional publishing options are in the right bottom corner. We will
+now add an additional keyword to the list of keywords. This is done by
+entering the keyword above the keyword list between the label "Keyword"
+and the "Add keyword" button. Enter "test" and select "Add keyword".
+Note that the keyword will appear at the bottom of the existing keyword
+list, so you might have to scroll down to see it. Afterwards, push the
+"OK" button at the bottom right of the dialog.
+You should now be back at the "Publish content on GNUnet" dialog. Select
+"Execute" in the bottom right to close the dialog and publish your file
+on GNUnet! Afterwards, you should see the main dialog with a new area
+showing the list of published files (or ongoing publishing operations
+with progress indicators):
+@c Add image here
+@node gtk-Searching
+@subsubsection Searching
+@c %**end of header
+Below the menu bar, there are four entry widges labeled "Namespace",
+"Keywords", "Anonymity" and "Mime-type" (from left to right). These
+widgets are used to control searching for files in GNUnet. Between the
+"Keywords" and "Anonymity" widgets, there is also a big "Search" button,
+which is used to initiate the search. We will ignore the "Namespace",
+"Anonymity" and "Mime-type" options in this tutorial, please leave them
+empty. Instead, simply enter "test" under "Keywords" and press "Search".
+Afterwards, you should immediately see a new tab labeled after your
+search term, followed by the (current) number of search
+results --- "(15)" in our screenshot. Note that your results may
+vary depending on what other users may have shared and how your
+peer is connected.
+You can now select one of the search results. Once you do this,
+additional information about the result should be displayed on the
+right. If available, a preview image should appear on the top right.
+Meta data describing the file will be listed at the bottom right.
+Once a file is selected, at the bottom of the search result list
+a little area for downloading appears.
+@node gtk-Downloading
+@subsubsection Downloading
+@c %**end of header
+In the downloading area, you can select the target directory (default is
+"Downloads") and specify the desired filename (by default the filename it
+taken from the meta data of the published file). Additionally, you can
+specify if the download should be anonymous and (for directories) if
+the download should be recursive. In most cases, you can simply start
+the download with the "Download!" button.
+Once you selected download, the progress of the download will be
+displayed with the search result. You may need to resize the result
+list or scroll to the right. The "Status" column shows the current
+status of the download, and "Progress" how much has been completed.
+When you close the search tab (by clicking on the "X" button next to
+the "test" label), ongoing and completed downloads are not aborted
+but moved to a special "*" tab.
+You can remove completed downloads from the "*" tab by clicking the
+cleanup button next to the "*". You can also abort downloads by right
+clicking on the respective download and selecting "Abort download"
+from the menu.
+That's it, you now know the basics for file-sharing with GNUnet!
 @node The GNU Name System
 @section The GNU Name System
 @c %**end of header
@@ -1466,47 +1447,42 @@ the user. This results in non-unique name-value mappings as
 @menu
+* Creating a Zone::
 * Maintaining your own Zones::
 * Obtaining your Zone Key::
 * Adding Links to Other Zones::
-* The Three Local Zones of GNS::
+* Using Public Keys as Top Level Domains::
-* The Master Zone::
-* The Private Zone::
-* The Shorten Zone::
-* The ZKEY Top Level Domain in GNS::
 * Resource Records in GNS::
+* Synchronizing with legacy DNS::
 @end menu
-@node Maintaining your own Zones
+@node Creating a Zone
-@subsection Maintaining your own Zones
+@subsection Creating a Zone
-To setup your GNS system you must execute:
+To use GNS, you probably should create at least one zone of your own.
+You can create any number of zones using the gnunet-identity tool
+using:
 @example
-$ gnunet-gns-import.sh
+$ gnunet-identity -C "myzone"
 @end example
-@noindent
+Henceforth, on your system you control the TLD ``myzone''.
-This will boostrap your zones and create the necessary key material.
-Your keys can be listed using the @command{gnunet-identity}
+All of your zones can be listed (displayed) using the
-command line tool:
+@command{gnunet-identity} command line tool as well:
 @example
 $ gnunet-identity -d
 @end example
-@noindent
+@node Maintaining your own Zones
-You can arbitrarily create your own zones using the gnunet-identity
+@subsection Maintaining your own Zones
-tool using:
-@example
-$ gnunet-identity -C "new_zone"
-@end example
 @noindent
 Now you can add (or edit, or remove) records in your GNS zone using the
-@command{gnunet-setup} GUI or using the @command{gnunet-namestore}
+@command{gnunet-namestore-gtk} GUI or using the @command{gnunet-namestore}
 command-line tool.
 In either case, your records will be stored in an SQL database under
 control of the @command{gnunet-service-namestore}.
@@ -1518,21 +1494,21 @@ if they are marked as private.
 To provide a short example for editing your own zone, suppose you
 have your own web server with the IP @code{1.2.3.4}. Then you can put an
 @code{A} record (@code{A} records in DNS are for IPv4 IP addresses)
-into your local zone using the command:
+into your local zone ``myzone'' using the command:
 @example
-$ gnunet-namestore -z master-zone -a -n www -t A -V 1.2.3.4 -e never
+$ gnunet-namestore -z myzone -a -n www -t A -V 1.2.3.4 -e never
 @end example
 @noindent
-Afterwards, you will be able to access your webpage under "www.gnu"
+Afterwards, you will be able to access your webpage under "www.myzone"
 (assuming your webserver does not use virtual hosting, if it does,
 please read up on setting up the GNS proxy).
 Similar commands will work for other types of DNS and GNS records,
 the syntax largely depending on the type of the record.
 Naturally, most users may find editing the zones using the
-@command{gnunet-setup} GUI to be easier.
+@command{gnunet-namestore-gtk} GUI to be easier.
 @node Obtaining your Zone Key
 @subsection Obtaining your Zone Key
@@ -1546,7 +1522,7 @@ give it to others so that they can securely link to you.
 You can usually get the hash of your public key using
 @example
-$ gnunet-identity -d $options | grep master-zone | awk '@{print $3@}'
+$ gnunet-identity -d $options | grep myzone | awk '@{print $3@}'
 @end example
 @noindent
@@ -1557,10 +1533,10 @@ DC3SEECJORPHQNVRH965A6N74B1M37S721IG4RBQ15PJLLPJKUE0
 @end example
 @noindent
-Alternatively, you can obtain a QR code with your zone key AND
+Alternatively, you can obtain a QR code with your zone key AND your
-your pseudonym from gnunet-gtk. The QR code is displayed in the
+pseudonym from gnunet-namestore-gtk. The QR code is displayed in the
-GNS tab and can be stored to disk using the Save as button next
+main window and can be stored to disk using the ``Save as'' button
-to the image.
+next to the image.
 @node Adding Links to Other Zones
 @subsection Adding Links to Other Zones
@@ -1576,90 +1552,38 @@ You can then delegate resolution of names to Bob's zone by adding
 a PKEY record to their local zone:
 @example
-$ gnunet-namestore -a -n bob --type PKEY -V XXXX -e never
+$ gnunet-namestore -a -n bob --type PKEY -V XXXX -e never -Z myzone
 @end example
 @noindent
-Note that XXXX in the command above must be replaced with the
+Note that ``XXXX'' in the command above must be replaced with the hash
-hash of Bob's public key (the output your friend obtained using
+of Bob's public key (the output your friend obtained using the
-the gnunet-identity command from the previous section and told you,
+@command{gnunet-identity} command from the previous section and told
-for example by giving you a business card containing this
+you, for example by giving you a business card containing this
 information as a QR code).
-Assuming Bob has an A record for their website under the name of
+Assuming Bob has an ``A'' record for their website under the name of
-www in his zone, you can then access Bob's website under
+``www'' in his zone, you can then access Bob's website under
-www.bob.gnu --- as well as any (public) GNS record that Bob has
+``www.bob.myzone'' --- as well as any (public) GNS record that Bob has
 in their zone by replacing www with the respective name of the
 record in Bob's zone.
 @c themselves? themself?
 Furthermore, if Bob has themselves a (public) delegation to Carol's
 zone under "carol", you can access Carol's records under
-NAME.carol.bob.gnu (where NAME is the name of Carol's record you
+``NAME.carol.bob.myzone'' (where ``NAME'' is the name of Carol's
-want to access).
+record you want to access).
-@node The Three Local Zones of GNS
-@subsection The Three Local Zones of GNS
-Each user GNS has control over three zones. Each of the zones
-has a different purpose. These zones are the
-@itemize @bullet
-@item master zone,
-@item private zone, and the
-@item shorten zone.
-@end itemize
-@node The Master Zone
-@subsection The Master Zone
-The master zone is your personal TLD. Names within the @code{.gnu}
-namespace are resolved relative to this zone. You can arbitrarily
-add records to this zone and selectively publish those records.
-@node The Private Zone
-@subsection The Private Zone
-The private zone is a subzone (or subdomain in DNS terms) of your
-master zone. It should be used for records that you want to keep
-private. For example @code{bank.private.gnu}. The key idea is that
-you want to keep your private records separate, if just to know
-that those names are not available to other users.
-@node The Shorten Zone
+@node Using Public Keys as Top Level Domains
-@subsection The Shorten Zone
+@subsection Using Public Keys as Top Level Domains
-The shorten zone can either be a subzone of the master zone or the
+GNS also assumes responsibility for any name that uses in a
-private zone. It is different from the other zones in that GNS
+well-formed public key for the TLD.  Names ending this way are then
-will automatically populate this zone with other users' zones based
+resolved by querying the respective zone. Such public key TLDs are
-on their PSEU records whenever you resolve a name.
+expected to be used under rare circumstances where globally unique
+names are required, and for integration with legacy systems.
-For example if you go to
-@code{@uref{http://www.bob.alice.dave.gnu/, www.bob.alice.dave.gnu}},
-GNS will try to import @code{bob} into your shorten zone. Having
-obtained Bob's PKEY from @code{alice.dave.gnu}, GNS will lookup the
-PSEU record for @code{+} in Bob's zone. If it exists and the specified
-pseudonym is not taken, Bob's PKEY will be automatically added under
-that pseudonym (i.e. "bob") into your shorten zone. From then on,
-Bob's webpage will also be available for you as
-@code{@uref{http://www.bob.short.gnu/, www.bob.short.gnu}}.
-This feature is called @b{automatic name shortening} and is supposed to
-keep GNS names as short and memorable as possible.
-@node The ZKEY Top Level Domain in GNS
-@subsection The ZKEY Top Level Domain in GNS
-GNS also provides a secure and globally unique namespace under the .zkey
-top-level domain. A name in the .zkey TLD corresponds to the (printable)
-public key of a zone. Names in the .zkey TLD are then resolved by querying
-the respective zone. The .zkey TLD is expected to be used under rare
-circumstances where globally unique names are required and for
-integration with legacy systems.
 @node Resource Records in GNS
 @subsection Resource Records in GNS
@@ -1682,7 +1606,7 @@ to the current authoritative zone. The extended processing of those
 names will expand the ".+" with the correct delegation chain to the
 authoritative zone (replacing ".+" with the name of the location
 where the name was encountered) and hence generate a
-valid @code{.gnu} name.
+valid GNS name.
 GNS currently supports the following record types:
@@ -1696,28 +1620,43 @@ GNS currently supports the following record types:
 * CNAME::
 * GNS2DNS::
 * SOA SRV PTR and MX::
+* PLACE::
+* PHONE::
+* ID ATTR::
+* ID TOKEN::
+* ID TOKEN METADATA::
+* CREDENTIAL::
+* POLICY::
+* ATTRIBUTE::
+* ABE KEY::
+* ABE MASTER::
+* RECLAIM OIDC CLIENT::
+* RECLAIM OIDC REDIRECT::
 @end menu
 @node NICK
 @subsubsection NICK
-A NICK record is used to give a zone a name. With a NICK record, you can
+A NICK record is used to give a zone a name. With a NICK record, you
-essentially specify how you would like to be called. GNS expects this
+can essentially specify how you would like to be called. GNS expects
-record under the name "+" in the zone's database (NAMESTORE); however,
+this record under the empty label ``@@'' in the zone's database
-it will then automatically be copied into each record set, so that
+(NAMESTORE); however, it will then automatically be copied into each
-clients never need to do a separate lookup to discover the NICK record.
+record set, so that clients never need to do a separate lookup to
+discover the NICK record.  Also, users do not usually have to worry
+about setting the NICK record: it is automatically set to the local
+name of the TLD.
 @b{Example}@
 @example
-Name: +; RRType: NICK; Value: bob
+Name: @@; RRType: NICK; Value: bob
 @end example
 @noindent
 This record in Bob's zone will tell other users that this zone wants
 to be referred to as 'bob'. Note that nobody is obliged to call Bob's
 zone 'bob' in their own zones. It can be seen as a
-recommendation ("Please call me 'bob'").
+recommendation ("Please call this zone 'bob'").
 @node PKEY
 @subsubsection PKEY
@@ -1864,6 +1803,188 @@ should use the ZKEY zone as the destination hostname and
 GNS-enabled mail servers should be configured to accept
 e-mails to the ZKEY-zones of all local users.
+@node PLACE
+@subsubsection PLACE
+Record type for a social place.
+@node PHONE
+@subsubsection PHONE
+Record type for a phone (of CONVERSATION).
+@node ID ATTR
+@subsubsection ID ATTR
+Record type for identity attributes (of IDENTITY).
+@node ID TOKEN
+@subsubsection ID TOKEN
+Record type for an identity token (of IDENTITY-TOKEN).
+@node ID TOKEN METADATA
+@subsubsection ID TOKEN METADATA
+Record type for the private metadata of an identity token (of IDENTITY-TOKEN).
+@node CREDENTIAL
+@subsubsection CREDENTIAL
+Record type for credential.
+@node POLICY
+@subsubsection POLICY
+Record type for policies.
+@node ATTRIBUTE
+@subsubsection ATTRIBUTE
+Record type for reverse lookups.
+@node ABE KEY
+@subsubsection ABE KEY
+Record type for ABE records.
+@node ABE MASTER
+@subsubsection ABE MASTER
+Record type for ABE master keys.
+@node RECLAIM OIDC CLIENT
+@subsubsection RECLAIM OIDC CLIENT
+Record type for reclaim OIDC clients.
+@node RECLAIM OIDC REDIRECT
+@subsubsection RECLAIM OIDC REDIRECT
+Record type for reclaim OIDC redirect URIs.
+@node Synchronizing with legacy DNS
+@subsection Synchronizing with legacy DNS
+If you want to support GNS but the master database for a zone
+is only available and maintained in DNS, GNUnet includes the
+@command{gnunet-zoneimport} tool to monitor a DNS zone and
+automatically import records into GNS.  Today, the tool does
+not yet support DNS AF(X)R, as we initially used it on the
+``.fr'' zone which does not allow us to perform a DNS zone
+transfer.  Instead, @command{gnunet-zoneimport} reads a list
+of DNS domain names from @code{stdin}, issues DNS queries for
+each, converts the obtained records (if possible) and stores
+the result in the namestore.
+@image{images/gns,6in,, picture of DNS-GNS data flow}
+The zonemaster service then takes the records from the namestore,
+publishes them into the DHT which makes the result available to the
+GNS resolver.  In the GNS configuration, non-local zones can be
+configured to be intercepted by specifying ``.tld = PUBLICKEY'' in the
+configuration file in the ``[gns]'' section.
+Note that the namestore by default also populates the namecache.
+This pre-population is cryptographically expensive. Thus, on
+systems that only serve to import a large (millions of records)
+DNS zone and that do not have a local gns service in use, it
+is thus advisable to disable the namecache by setting the
+option ``DISABLE'' to ``YES'' in section ``[namecache]''.
+@node re@:claim Identity Provider
+@section re@:claim Identity Provider
+The re:claim Identity Provider (IdP) is a decentralized IdP service.
+It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses.
+It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook.
+Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort.
+@menu
+* Managing Attributes::
+* Sharing Attributes with Third Parties::
+* Revoking Authorizations of Third Parties::
+* Using the OpenID-Connect IdP::
+@end menu
+@node Managing Attributes
+@subsection Managing Attributes
+Before adding attributes to an identity, you must first create an ego:
+@example
+$ gnunet-identity -C "username"
+@end example
+Henceforth, you can manage a new user profile of the user ``username''.
+To add an email address to your user profile, simply use the @command{gnunet-reclaim} command line tool::
+@example
+$ gnunet-reclaim -e "username" -a "email" -V "username@@example.gnunet"
+@end example
+All of your attributes can be listed using the @command{gnunet-reclaim}
+command line tool as well:
+@example
+$ gnunet-reclaim -e "username" -D
+@end example
+Currently, and by default, attribute values are interpreted as plain text.
+In the future there might be more value types such as X.509 certificate credentials.
+@node Sharing Attributes with Third Parties
+@subsection Sharing Attributes with Third Parties
+If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute:
+@example
+$ gnunet-reclaim -e "username" -r "PKEY" -i "attribute1,attribute2,..."
+@end example
+Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share.
+The command will return a "ticket" string.
+You must give this "ticket" to the requesting third party.
+The third party can then retrieve your shared identity attributes using:
+@example
+$ gnunet-reclaim -e "friend" -C "ticket"
+@end example
+This will retrieve and list the shared identity attributes.
+The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS.
+Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed.
+To list all given authorizations (tickets) you can execute:
+@example
+$ gnunet-reclaim -e "friend" -T (TODO there is only a REST API for this ATM) 
+@end example
+@node Revoking Authorizations of Third Parties
+@subsection Revoking Authorizations of Third Parties
+If you want to revoke the access of a third party to your attributes you can execute:
+@example
+$ gnunet-idp -e "username" -R "ticket"
+@end example
+This will prevent the third party from accessing the attribute in the future.
+Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data.
+As such, only access to updated data in the future can be revoked.
+This behaviour is _exactly the same_ as with other IdPs.
+@node Using the OpenID-Connect IdP
+@subsection Using the OpenID-Connect IdP
+TODO: Document setup and REST endpoints
 @node Using the Virtual Public Network
 @section Using the Virtual Public Network
@@ -2036,7 +2157,7 @@ destination.
 For applications that do not use DNS, you can also manually create
 such a mapping using the gnunet-vpn command-line tool. Here, you
-specfiy the desired address family of the result (i.e. "-4"), and the
+specify the desired address family of the result (i.e. "-4"), and the
 intended target IP on the Internet ("-i 131.159.74.67") and
 "gnunet-vpn" will tell you which IP address in the range of your
 VPN tunnel was mapped.
@@ -2047,3 +2168,5 @@ service offered by that peer, you can create an IP tunnel to
 that peer by specifying the peer's identity, service name and
 protocol (--tcp or --udp) and you will again receive an IP address
 that will terminate at the respective peer's service.
diff --git a/doc/documentation/chapters/vocabulary.texi b/doc/documentation/chapters/vocabulary.texi
index 85b40b17b..0ee472b95 100644
--- a/doc/documentation/chapters/vocabulary.texi
+++ b/doc/documentation/chapters/vocabulary.texi
@@ -18,7 +18,7 @@ which are listed in this introductionary chapter.
 @end menu
 @node Definitions
-@subsection Defitions
+@subsection Definitions
 Throughout this Reference Manual, the following terms and definitions
 apply.
diff --git a/doc/documentation/gnunet-c-tutorial.texi b/doc/documentation/gnunet-c-tutorial.texi
index 7eafa9ea9..fb6e717ae 100644
--- a/doc/documentation/gnunet-c-tutorial.texi
+++ b/doc/documentation/gnunet-c-tutorial.texi
@@ -10,7 +10,7 @@
 @include version2.texi
 @copying
-Copyright @copyright{} 2001-2017 GNUnet e.V.
+Copyright @copyright{} 2001-2018 GNUnet e.V.
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -68,9 +68,10 @@ dependencies can be found on our website at
 Reference Documentation (GNUnet Handbook).
 Please read this tutorial carefully since every single step is
-important and do not hesitate to contact the GNUnet team if you have
+important, and do not hesitate to contact the GNUnet team if you have
-any questions or problems! Check here how to contact the GNUnet
+any questions or problems! Visit this link in your webbrowser to learn
-team: @uref{https://gnunet.org/contact_information}
+how to contact the GNUnet team:
+@uref{https://gnunet.org/contact_information}
 @menu
@@ -151,7 +152,7 @@ $ gpg --verify-files gnunet-@value{VERSION}.tar.gz.sig
 @noindent
 If this command fails because you do not have the required public key,
-then you need to run this command to import it:
+then you need to run the following command to import it:
 @example
 $ gpg --keyserver keys.gnupg.net --recv-keys 48426C7E
@@ -167,19 +168,22 @@ revoked}. You will get an error message stating that
 The next release of GNUnet will have a valid signature
 again. We are sorry for the inconvenience this causes.
 Another possible source you could use is our
-"gnunet" git repository which has mandatory signed commits
+"gnunet" git repository which, since the change from SVN to git in 2016,
-by every developer.
+has mandatory signed commits by every developer.
-Now you can extract the tarball and rename the resulting
+After verifying the signature you can extract the tarball.
-directory to @file{gnunet} which we will be using in the
+The resulting directory will be renamed to @file{gnunet}, which we will
-remainder of this document.
+be using in the remainder of this document to refer to the
+root of the source directory.
 @example
 $ tar xvzf gnunet-@value{VERSION}.tar.gz
 $ mv gnunet-@value{VERSION} gnunet
-$ cd gnunet
 @end example
+@c FIXME: This can be irritating for the reader - First we say git should
+@c be avoid unless it is really required, and then we write this
+@c paragraph:
 @noindent
 However, please note that stable versions can be very outdated.
 As a developer you are @b{strongly} encouraged to use the version
@@ -192,32 +196,40 @@ To successfully compile GNUnet, you need the tools to build GNUnet and
 the required dependencies. Please take a look at the
 GNUnet Reference Documentation
 (@pxref{Dependencies, The GNUnet Reference Documentation,, gnunet, The GNUnet Reference Documentation})
-for a list of required dependencies
+for a list of required dependencies and
-and
 (@pxref{Generic installation instructions, The GNUnet Reference Documentation,, gnunet, The GNUnet Reference Documentation})
 read its Installation chapter for specific instructions for
-your operating system.
+your Operating System.
 Please check the notes at the end of the configure process about
 required dependencies.
 For GNUnet bootstrapping support and the HTTP(S) plugin you should
 install @uref{https://gnunet.org/gnurl, libgnurl}.
 For the filesharing service you should install at least one of the
-datastore backends. MySQL, SQlite and PostgreSQL are supported.
+datastore backends (MySQL, SQlite and PostgreSQL are supported).
 @node Obtaining the latest version from Git
 @section Obtaining the latest version from Git
-The latest development version can obtained from our Git repository.
+The latest development version can be obtained from our Git repository.
-To obtain the code you need to have @code{Git} installed, which is
+To get the code you need to have @code{Git} installed. Usually your
-required for obtaining the repository via:
+Operating System package manager should provide a suitable distribution
+of git (otherwise check out Guix or Nix). If you are using an Operating
+System based on Debian's apt:
+@example
+$ sudo apt-get install git
+@end example
+This is required for obtaining the repository, which is achieved with
+the following command:
 @example
 $ git clone https://gnunet.org/git/gnunet
 @end example
 @noindent
-After cloning the repository you have to execute the @file{bootstrap}
+After cloning the repository, you have to execute the @file{bootstrap}
 script in the new directory:
 @example
@@ -275,6 +287,7 @@ you do not specifiy a prefix, GNUnet is installed in the directory
 to enable verbose logging by adding @code{--enable-logging=verbose}:
 @example
+$ export PREFIX=$HOME
 $ ./configure --prefix=$PREFIX --enable-logging
 $ make
 $ make install
@@ -303,11 +316,14 @@ binaries and run GNUnet's self check.
 @example
 $ which gnunet-arm
+$PREFIX/bin/gnunet-arm
 @end example
 @noindent
-should return $PREFIX/bin/gnunet-arm. It should be located in your
+should return $PREFIX/bin/gnunet-arm (where $PREFIX is the location
+you  have set earlier). It should be located in your
 GNUnet installation and the output should not be empty.
 If you see an output like:
 @example
@@ -318,9 +334,11 @@ $ which gnunet-arm
 check your PATH variable to ensure GNUnet's @file{bin} directory is
 included.
-GNUnet provides tests for all of its subcomponents. Run
+GNUnet provides tests for all of its subcomponents. Assuming you have
+successfully built GNUnet, run
 @example
+$ cd gnunet
 $ make check
 @end example
@@ -387,7 +405,7 @@ a mesh on top of a DHT).
 @c \end{figure}
 The main service implementation runs as a standalone process in the
-operating system and the client code runs as part of the client program,
+Operating System and the client code runs as part of the client program,
 so crashes of a client do not affect the service process or other clients.
 The service and the clients communicate via a message protocol to be
 defined and implemented by the programmer.
@@ -629,7 +647,7 @@ If you want to use the @code{peerinfo} tool to connect your
 peers, you should:
 @itemize
-@item Set @code{FORCESTART = NO} in section @code{hostlist}
+@item Set @code{IMMEDIATE_START = NO} in section @code{hostlist}
 (to not connect to the global GNUnet)
 @item Start both peers running @command{gnunet-arm -c peer1.conf -s}
 and @command{gnunet-arm -c peer2.conf -s}
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi
index 2cd72373b..50630d4fe 100644
--- a/doc/documentation/gnunet.texi
+++ b/doc/documentation/gnunet.texi
@@ -43,6 +43,14 @@ Foundation Web site at @url{http://www.gnu.org/licenses/gpl.html}.
 @end copying
 @c TODO: Improve this and improve https://directory.fsf.org/wiki/Gnunet
+@c NOTE FOR TRANSLATORS: Due to en.wikipedia.org being the wikipedia
+@c                       which is more up to date than others, refrain
+@c                       from using localized wikipedia unless you are
+@c                       sure the articles content is good enough. For
+@c                       example the german wikipedia entry for GNUnet
+@c                       is in a terrible shape, but the en.wikipedia.org
+@c                       entry is still acceptable (although in need of
+@c                       updates).
 @dircategory Networking
 @direntry
@@ -72,34 +80,39 @@ This document is the Reference Manual for GNUnet version @value{VERSION}.
 @menu
-* Terminology::                     Terminology used throughout the Manual
+* Preface::                         Chapter 0
 * Philosophy::                      About GNUnet
+* Key Concepts::                    Key concepts of GNUnet
 @c * Vocabulary::                      Vocabulary
-* GNUnet Installation Handbook::    How to install GNUnet
+* Installing GNUnet::               Installing GNUnet
 * Using GNUnet::                    Using GNUnet
 @c * Configuration Handbook::          Configuring GNUnet
 * GNUnet Contributors Handbook::    Contributing to GNUnet
 * GNUnet Developer Handbook::       Developing GNUnet
 * GNU Free Documentation License::  The license of this manual
-* GNU General Public License::      The license of this manual
+* GNU General Public License::
+* GNU Affero General Public License::
 * Concept Index::                   Concepts
 * Programming Index::               Data types, functions, and variables
 @detailmenu
 --- The Detailed Node Listing ---
-Terminology
+Preface
-* General Terminology::
+* About this book
+* Contributing to this book
+* Introduction
 * Typography::
 Philosophy
-* Design Goals::
+* Design Principles::
-* Security and Privacy::
+* Privacy and Anonymity::
-* Versatility::
 * Practicality::
-* Key Concepts::
+Key Concepts
 * Authentication::
 * Accounting to Encourage Resource Sharing::
 * Confidentiality::
@@ -111,32 +124,19 @@ Philosophy
 * Backup of Identities and Egos::
 * Revocation::
-@c Vocabulary
+Installing GNUnet
-@c 
+* Installing dependencies::
-@c * Definitions abbreviations and acronyms::
+* Getting the Source Code::
-@c * Words and characters::
+* Create @code{gnunet} user and group::
-@c * Technical Assumptions::
+* Preparing and Compiling the Source Code::
+* Installation::
-GNUnet Installation Handbook
+* MOVED FROM USER Checking the Installation::
+* MOVED FROM USER The graphical configuration interface::
-* Dependencies::
+* MOVED FROM USER Config Leftovers::
-* Pre-installation notes::
-* Generic installation instructions::
-* Build instructions for Ubuntu 12.04 using Git::
-* Build instructions for software builds from source::
-* Build Instructions for Microsoft Windows Platforms::
-* Build instructions for Debian 7.5::
-* Installing GNUnet from Git on Ubuntu 14.4::
-* Build instructions for Debian 8::
-* Outdated build instructions for previous revisions::
-@c * Portable GNUnet::
-* The graphical configuration interface::
-* How to start and stop a GNUnet peer::
 Using GNUnet
-* Checking the Installation::
+* Start and stop GNUnet::
-* First steps - File-sharing::
 * First steps - Using the GNU Name System::
 * First steps - Using GNUnet Conversation::
 * First steps - Using the GNUnet VPN::
@@ -144,18 +144,18 @@ Using GNUnet
 * The GNU Name System::
 * Using the Virtual Public Network::
-@c Configuration Handbook
 GNUnet Contributors Handbook
 * Contributing to GNUnet::
 * Licenses of contributions::
 * Copyright Assignment::
 * Contributing to the Reference Manual::
+* Contributing testcases::
 GNUnet Developer Handbook
 * Developer Introduction::
+* Internal dependencies::
 * Code overview::
 * System Architecture::
 * Subsystem stability::
@@ -163,6 +163,7 @@ GNUnet Developer Handbook
 * Build-system::
 * Developing extensions for GNUnet using the gnunet-ext template::
 * Writing testcases::
+* Building GNUnet and its dependencies::
 * TESTING library::
 * Performance regression analysis with Gauger::
 * TESTBED Subsystem::
@@ -196,15 +197,16 @@ GNUnet Developer Handbook
 @end menu
 @c *********************************************************************
-@include chapters/terminology.texi
+@include chapters/preface.texi
 @c *********************************************************************
 @c *********************************************************************
 @include chapters/philosophy.texi
 @c *********************************************************************
-@c WIP:
+@c *********************************************************************
-@c @include chapters/vocabulary.texi
+@include chapters/keyconcepts.texi
+@c *********************************************************************
 @c *********************************************************************
 @include chapters/installation.texi
@@ -214,9 +216,6 @@ GNUnet Developer Handbook
 @include chapters/user.texi
 @c *********************************************************************
-@c WIP:
-@c @include chapters/configuration.texi
 @include chapters/contributing.texi
 @c *********************************************************************
@@ -238,6 +237,12 @@ GNUnet Developer Handbook
 @include gpl-3.0.texi
 @c *********************************************************************
+@node GNU Affero General Public License
+@appendix GNU Affero General Public License
+@cindex license, GNU Affero General Public License
+@include agpl-3.0.texi
+@c *********************************************************************
 @node Concept Index
 @unnumbered Concept Index
 @printindex cp
@@ -246,6 +251,7 @@ GNUnet Developer Handbook
 @unnumbered Programming Index
 @syncodeindex tp fn
 @syncodeindex vr fn
+@syncodeindex pg fn
 @printindex fn
 @bye
diff --git a/doc/documentation/images/gns.dot b/doc/documentation/images/gns.dot
new file mode 100644
index 000000000..55b05d482
--- /dev/null
+++ b/doc/documentation/images/gns.dot
@@ -0,0 +1,42 @@
+// house = interface towards application
+// circle (default) = storage
+// diamond = stateless tool
+// box = legacy system
+// this is what we have...o
+digraph dataflow {
+splines = true;
+  DNS [shape="box"];
+  import [label="gnunet-zoneimport", shape="diamond"];
+  namestore;
+  namecache;
+  gns [shape="diamond"];
+  dns2gns [shape="house"];
+  cmdline [label="gnunet-gns", shape="house"];
+  libnss_gns [shape="house"];
+  proxy [label="gnunet-gns-proxy", shape="house"];
+  dht;
+  zonemaster [shape="diamond"];
+  DNS -> import [label="import"];
+  import -> namestore [label="export"];
+  namestore -> zonemaster [label="notifies"];
+  zonemaster -> dht [label="publishes"];
+  namestore -> namecache [label="pre-populates"];
+  libnss_gns -> cmdline [label="invokes"];
+  cmdline -> gns [label="lookup"];
+  dns2gns -> gns [label="lookup"];
+  proxy -> gns [label="lookup"];
+  gns -> namecache [label="uses"];
+  gns -> dht [label="queries"];
+}
diff --git a/doc/documentation/images/gns.eps b/doc/documentation/images/gns.eps
new file mode 100644
index 000000000..3f3c28d98
--- /dev/null
+++ b/doc/documentation/images/gns.eps
@@ -0,0 +1,585 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Creator: graphviz version 2.40.1 (20161225.0304)
+%%Title: dataflow
+%%Pages: 1
+%%BoundingBox: 36 36 722 428
+%%EndComments
+save
+%%BeginProlog
+/DotDict 200 dict def
+DotDict begin
+/setupLatin1 {
+mark
+/EncodingVector 256 array def
+ EncodingVector 0
+ISOLatin1Encoding 0 255 getinterval putinterval
+EncodingVector 45 /hyphen put
+% Set up ISO Latin 1 character encoding
+/starnetISO {
+        dup dup findfont dup length dict begin
+        { 1 index /FID ne { def }{ pop pop } ifelse
+        } forall
+        /Encoding EncodingVector def
+        currentdict end definefont
+} def
+/Times-Roman starnetISO def
+/Times-Italic starnetISO def
+/Times-Bold starnetISO def
+/Times-BoldItalic starnetISO def
+/Helvetica starnetISO def
+/Helvetica-Oblique starnetISO def
+/Helvetica-Bold starnetISO def
+/Helvetica-BoldOblique starnetISO def
+/Courier starnetISO def
+/Courier-Oblique starnetISO def
+/Courier-Bold starnetISO def
+/Courier-BoldOblique starnetISO def
+cleartomark
+} bind def
+%%BeginResource: procset graphviz 0 0
+/coord-font-family /Times-Roman def
+/default-font-family /Times-Roman def
+/coordfont coord-font-family findfont 8 scalefont def
+/InvScaleFactor 1.0 def
+/set_scale {
+       dup 1 exch div /InvScaleFactor exch def
+       scale
+} bind def
+% styles
+/solid { [] 0 setdash } bind def
+/dashed { [9 InvScaleFactor mul dup ] 0 setdash } bind def
+/dotted { [1 InvScaleFactor mul 6 InvScaleFactor mul] 0 setdash } bind def
+/invis {/fill {newpath} def /stroke {newpath} def /show {pop newpath} def} bind def
+/bold { 2 setlinewidth } bind def
+/filled { } bind def
+/unfilled { } bind def
+/rounded { } bind def
+/diagonals { } bind def
+/tapered { } bind def
+% hooks for setting color 
+/nodecolor { sethsbcolor } bind def
+/edgecolor { sethsbcolor } bind def
+/graphcolor { sethsbcolor } bind def
+/nopcolor {pop pop pop} bind def
+/beginpage {    % i j npages
+        /npages exch def
+        /j exch def
+        /i exch def
+        /str 10 string def
+        npages 1 gt {
+                gsave
+                        coordfont setfont
+                        0 0 moveto
+                        (\() show i str cvs show (,) show j str cvs show (\)) show
+                grestore
+        } if
+} bind def
+/set_font {
+        findfont exch
+        scalefont setfont
+} def
+% draw text fitted to its expected width
+/alignedtext {                  % width text
+        /text exch def
+        /width exch def
+        gsave
+                width 0 gt {
+                        [] 0 setdash
+                        text stringwidth pop width exch sub text length div 0 text ashow
+                } if
+        grestore
+} def
+/boxprim {                              % xcorner ycorner xsize ysize
+                4 2 roll
+                moveto
+                2 copy
+                exch 0 rlineto
+                0 exch rlineto
+                pop neg 0 rlineto
+                closepath
+} bind def
+/ellipse_path {
+        /ry exch def
+        /rx exch def
+        /y exch def
+        /x exch def
+        matrix currentmatrix
+        newpath
+        x y translate
+        rx ry scale
+        0 0 1 0 360 arc
+        setmatrix
+} bind def
+/endpage { showpage } bind def
+/showpage { } def
+/layercolorseq
+        [       % layer color sequence - darkest to lightest
+                [0 0 0]
+                [.2 .8 .8]
+                [.4 .8 .8]
+                [.6 .8 .8]
+                [.8 .8 .8]
+        ]
+def
+/layerlen layercolorseq length def
+/setlayer {/maxlayer exch def /curlayer exch def
+        layercolorseq curlayer 1 sub layerlen mod get
+        aload pop sethsbcolor
+        /nodecolor {nopcolor} def
+        /edgecolor {nopcolor} def
+        /graphcolor {nopcolor} def
+} bind def
+/onlayer { curlayer ne {invis} if } def
+/onlayers {
+        /myupper exch def
+        /mylower exch def
+        curlayer mylower lt
+        curlayer myupper gt
+        or
+        {invis} if
+} def
+/curlayer 0 def
+%%EndResource
+%%EndProlog
+%%BeginSetup
+14 default-font-family set_font
+% /arrowlength 10 def
+% /arrowwidth 5 def
+% make sure pdfmark is harmless for PS-interpreters other than Distiller
+/pdfmark where {pop} {userdict /pdfmark /cleartomark load put} ifelse
+% make '<<' and '>>' safe on PS Level 1 devices
+/languagelevel where {pop languagelevel}{1} ifelse
+2 lt {
+    userdict (<<) cvn ([) cvn load put
+    userdict (>>) cvn ([) cvn load put
+} if
+%%EndSetup
+setupLatin1
+%%Page: 1 1
+%%PageBoundingBox: 36 36 722 428
+%%PageOrientation: Portrait
+0 0 1 beginpage
+gsave
+36 36 686 392 boxprim clip newpath
+1 1 set_scale 0 rotate 40 40 translate
+% DNS
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 137.2989 384 moveto
+83.2989 384 lineto
+83.2989 348 lineto
+137.2989 348 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+96.2989 362.3 moveto 28 (DNS) alignedtext
+grestore
+% import
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 110.2989 297 moveto
+.2008 279 lineto
+110.2989 261 lineto
+220.397 279 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+58.2989 275.3 moveto 104 (gnunet-zoneimport) alignedtext
+grestore
+% DNS->import
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 110.2989 347.9735 moveto
+110.2989 336.1918 110.2989 320.5607 110.2989 307.1581 curveto
+stroke
+0 0 0 edgecolor
+newpath 113.799 307.0033 moveto
+110.2989 297.0034 lineto
+106.799 307.0034 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 113.799 307.0033 moveto
+110.2989 297.0034 lineto
+106.799 307.0034 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+110.2989 318.8 moveto 37 (import) alignedtext
+grestore
+% namestore
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+159.2989 192 47.3916 18 ellipse_path stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+130.7989 188.3 moveto 57 (namestore) alignedtext
+grestore
+% import->namestore
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 119.7466 262.2255 moveto
+126.7274 249.831 136.3701 232.7103 144.3867 218.4767 curveto
+stroke
+0 0 0 edgecolor
+newpath 147.5178 220.0495 moveto
+149.3756 209.6188 lineto
+141.4186 216.6143 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 147.5178 220.0495 moveto
+149.3756 209.6188 lineto
+141.4186 216.6143 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+138.2989 231.8 moveto 35 (export) alignedtext
+grestore
+% namecache
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+300.2989 105 50.0912 18 ellipse_path stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+269.7989 101.3 moveto 61 (namecache) alignedtext
+grestore
+% namestore->namecache
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 184.1823 176.6464 moveto
+206.9544 162.5955 240.8544 141.6785 266.1545 126.0678 curveto
+stroke
+0 0 0 edgecolor
+newpath 268.04 129.0171 moveto
+274.7125 120.7873 lineto
+264.3642 123.0598 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 268.04 129.0171 moveto
+274.7125 120.7873 lineto
+264.3642 123.0598 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+238.2989 144.8 moveto 74 (pre-populates) alignedtext
+grestore
+% zonemaster
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 159.2989 123 moveto
+86.5718 105 lineto
+159.2989 87 lineto
+232.0259 105 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+127.7989 101.3 moveto 63 (zonemaster) alignedtext
+grestore
+% namestore->zonemaster
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 159.2989 173.9735 moveto
+159.2989 162.1918 159.2989 146.5607 159.2989 133.1581 curveto
+stroke
+0 0 0 edgecolor
+newpath 162.799 133.0033 moveto
+159.2989 123.0034 lineto
+155.799 133.0034 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 162.799 133.0033 moveto
+159.2989 123.0034 lineto
+155.799 133.0034 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+159.2989 144.8 moveto 41 (notifies) alignedtext
+grestore
+% gns
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 386.2989 210 moveto
+353.957 192 lineto
+386.2989 174 lineto
+418.6408 192 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+376.7989 188.3 moveto 19 (gns) alignedtext
+grestore
+% gns->namecache
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 373.8052 180.5028 moveto
+366.3078 173.5201 356.6389 164.3674 348.2989 156 curveto
+339.8869 147.5605 330.8812 138.1087 322.969 129.6563 curveto
+stroke
+0 0 0 edgecolor
+newpath 325.434 127.1675 moveto
+316.0586 122.2327 lineto
+320.3103 131.937 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 325.434 127.1675 moveto
+316.0586 122.2327 lineto
+320.3103 131.937 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+348.2989 144.8 moveto 24 (uses) alignedtext
+grestore
+% dht
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+272.2989 18 27 18 ellipse_path stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+263.2989 14.3 moveto 18 (dht) alignedtext
+grestore
+% gns->dht
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 385.181 174.2737 moveto
+383.0587 152.2164 376.9318 114.1509 359.2989 87 curveto
+344.9772 64.9477 321.2191 46.8067 302.1458 34.6694 curveto
+stroke
+0 0 0 edgecolor
+newpath 303.8469 31.6069 moveto
+293.4925 29.3628 lineto
+300.1875 37.5742 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 303.8469 31.6069 moveto
+293.4925 29.3628 lineto
+300.1875 37.5742 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+376.2989 101.3 moveto 40 (queries) alignedtext
+grestore
+% dns2gns
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 336.3104 284.5623 moveto
+287.2989 297 lineto
+238.2874 284.5623 lineto
+238.3331 264.4377 lineto
+336.2646 264.4377 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+264.7989 275.3 moveto 45 (dns2gns) alignedtext
+grestore
+% dns2gns->gns
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 304.0929 264.2416 moveto
+321.1237 249.2751 347.504 226.0924 365.7671 210.0431 curveto
+stroke
+0 0 0 edgecolor
+newpath 368.323 212.4564 moveto
+373.5243 203.2262 lineto
+363.7022 207.1983 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 368.323 212.4564 moveto
+373.5243 203.2262 lineto
+363.7022 207.1983 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+343.2989 231.8 moveto 38 (lookup) alignedtext
+grestore
+% cmdline
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 478.0186 284.5623 moveto
+416.2989 297 lineto
+354.5791 284.5623 lineto
+354.6367 264.4377 lineto
+477.961 264.4377 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+385.7989 275.3 moveto 61 (gnunet-gns) alignedtext
+grestore
+% cmdline->gns
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 411.2098 264.2416 moveto
+406.7547 251.3219 400.1883 232.2795 394.9156 216.9885 curveto
+stroke
+0 0 0 edgecolor
+newpath 398.0825 215.4359 moveto
+391.5138 207.1232 lineto
+391.4649 217.7179 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 398.0825 215.4359 moveto
+391.5138 207.1232 lineto
+391.4649 217.7179 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+403.2989 231.8 moveto 38 (lookup) alignedtext
+grestore
+% libnss_gns
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 475.6981 371.5623 moveto
+416.2989 384 lineto
+356.8996 371.5623 lineto
+356.9551 351.4377 lineto
+475.6427 351.4377 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+387.2989 362.3 moveto 58 (libnss_gns) alignedtext
+grestore
+% libnss_gns->cmdline
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 416.2989 351.2416 moveto
+416.2989 339.2263 416.2989 321.9156 416.2989 307.2516 curveto
+stroke
+0 0 0 edgecolor
+newpath 419.799 307.1553 moveto
+416.2989 297.1553 lineto
+412.799 307.1553 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 419.799 307.1553 moveto
+416.2989 297.1553 lineto
+412.799 307.1553 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+416.2989 318.8 moveto 43 (invokes) alignedtext
+grestore
+% proxy
+gsave
+1 setlinewidth
+0 0 0 nodecolor
+newpath 677.8617 284.5623 moveto
+587.2989 297 lineto
+496.7361 284.5623 lineto
+496.8206 264.4377 lineto
+677.7771 264.4377 lineto
+closepath stroke
+0 0 0 nodecolor
+14 /Times-Roman set_font
+538.7989 275.3 moveto 97 (gnunet-gns-proxy) alignedtext
+grestore
+% proxy->gns
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 553.202 264.2416 moveto
+513.9908 247.2697 450.3696 219.7321 414.0521 204.0126 curveto
+stroke
+0 0 0 edgecolor
+newpath 415.1432 200.6711 moveto
+404.5757 199.9109 lineto
+412.3626 207.0952 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 415.1432 200.6711 moveto
+404.5757 199.9109 lineto
+412.3626 207.0952 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+499.2989 231.8 moveto 38 (lookup) alignedtext
+grestore
+% zonemaster->dht
+gsave
+1 setlinewidth
+0 0 0 edgecolor
+newpath 177.2041 91.2146 moveto
+195.8835 76.8331 225.3438 54.1513 246.5248 37.8438 curveto
+stroke
+0 0 0 edgecolor
+newpath 248.689 40.5947 moveto
+254.4775 31.7209 lineto
+244.4186 35.0482 lineto
+closepath fill
+1 setlinewidth
+solid
+0 0 0 edgecolor
+newpath 248.689 40.5947 moveto
+254.4775 31.7209 lineto
+244.4186 35.0482 lineto
+closepath stroke
+0 0 0 edgecolor
+14 /Times-Roman set_font
+223.2989 57.8 moveto 52 (publishes) alignedtext
+grestore
+endpage
+showpage
+grestore
+%%PageTrailer
+%%EndPage: 1
+%%Trailer
+end
+restore
+%%EOF
diff --git a/doc/documentation/images/gns.jpg b/doc/documentation/images/gns.jpg
new file mode 100644
index 000000000..d71109b95
--- /dev/null
+++ b/doc/documentation/images/gns.jpg
Binary files differ
diff --git a/doc/documentation/images/gnunet-gtk-0-10.png b/doc/documentation/images/gnunet-gtk-0-10.png
deleted file mode 100644
index 3615849a7..000000000
--- a/doc/documentation/images/gnunet-gtk-0-10.png
+++ /dev/null
Binary files differ
diff --git a/doc/documentation/tutorial-examples/005.c b/doc/documentation/tutorial-examples/005.c
index 0c459f509..1b59f85a6 100644
--- a/doc/documentation/tutorial-examples/005.c
+++ b/doc/documentation/tutorial-examples/005.c
@@ -2,7 +2,8 @@ struct GNUNET_MQ_Envelope *env;
 struct GNUNET_MessageHeader *msg;
 env = GNUNET_MQ_msg_extra (msg, payload_size, GNUNET_MY_MESSAGE_TYPE);
-memcpy (&msg[1], &payload, payload_size);
+GNUNET_memcpy (&msg[1],
+               &payload,
+               payload_size);
 // Send message via message queue 'mq'
 GNUNET_mq_send (mq, env);