aboutsummaryrefslogtreecommitdiff
path: root/doc/documentation
diff options
context:
space:
mode:
Diffstat (limited to 'doc/documentation')
-rw-r--r--doc/documentation/Makefile.am1
-rw-r--r--doc/documentation/chapters/installation.texi4149
-rw-r--r--doc/documentation/gnunet.texi20
3 files changed, 2 insertions, 4168 deletions
diff --git a/doc/documentation/Makefile.am b/doc/documentation/Makefile.am
index 0781b2fbb..12f40f147 100644
--- a/doc/documentation/Makefile.am
+++ b/doc/documentation/Makefile.am
@@ -113,7 +113,6 @@ info_TEXINFOS = \
113gnunet_TEXINFOS = \ 113gnunet_TEXINFOS = \
114 chapters/developer.texi \ 114 chapters/developer.texi \
115 chapters/preface.texi \ 115 chapters/preface.texi \
116 chapters/installation.texi \
117 chapters/philosophy.texi \ 116 chapters/philosophy.texi \
118 chapters/user.texi \ 117 chapters/user.texi \
119 chapters/vocabulary.texi \ 118 chapters/vocabulary.texi \
diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi
deleted file mode 100644
index 665f980be..000000000
--- a/doc/documentation/chapters/installation.texi
+++ /dev/null
@@ -1,4149 +0,0 @@
1@node GNUnet Installation Handbook
2@chapter GNUnet Installation Handbook
3
4This handbook describes how to install (build, setup, compile) and
5setup (configure, start) GNUnet @value{VERSION}. After following these
6instructions you should be able to install and then start user-interfaces
7to interact with the network.
8
9Note: This manual is far from complete, and we welcome contributions, be
10it in the form of new chapters or insightful comments.
11
12@menu
13* Dependencies::
14* Pre-installation notes::
15* Generic installation instructions::
16* Build instructions for Ubuntu 12.04 using Git::
17* Build instructions for software builds from source::
18* Build Instructions for Microsoft Windows Platforms::
19* Build instructions for Debian 7.5::
20* Installing GNUnet from Git on Ubuntu 14.4::
21* Build instructions for Debian 8::
22* Build instructions for macOS::
23@c * Build instructions for OpenBSD 6.2::
24* Outdated build instructions for previous revisions::
25@c * Portable GNUnet::
26* The graphical configuration interface::
27* How to start and stop a GNUnet peer::
28@end menu
29
30@node Dependencies
31@section Dependencies
32@c %**end of header
33
34This section lists the various known dependencies for
35GNUnet @value{EDITION}.
36Suggestions for missing dependencies or wrong version numbers are welcome.
37
38@menu
39* External dependencies::
40* Optional dependencies::
41* Internal dependencies::
42@end menu
43
44@node External dependencies
45@subsection External dependencies
46@c %**end of header
47
48These packages must be installed before a typical GNUnet installation
49can be performed:
50
51@itemize @bullet
52@item autoconf
53@item automake
54@item pkg-config
55@item libltdl
56@item gstreamer
57@item gst-plugins-base
58@item perl
59@item python (only 2.7 supported)@footnote{tests and gnunet-qr}
60@item jansson
61@item nss
62@item glib
63@item gmp
64@item bluez
65@item miniupnpc
66@item gettext
67@item which
68@item texinfo @geq{} 5.2
69@item GNU libmicrohttpd @geq{} 0.9.30 @footnote{We recommend to build it
70with a GnuTLS version that was configured with libunbound}
71@item GNU libextractor @geq{} 1.0
72@item GNU libtool @geq{} 2.2
73@item GNU libunistring @geq{} 0.9.1.1
74@item GNU libidn @geq{} 1.0.0
75@item @uref{https://gnupg.org/software/libgcrypt/, GNU libgcrypt} @geq{}
76@uref{https://gnupg.org/ftp/gcrypt/libgcrypt/, 1.6.0}
77@item @uref{https://gnutls.org/, GnuTLS} @geq{} 3.2.7
78@footnote{We recommend to compile with libunbound for DANE support;
79GnuTLS also requires GNU nettle 2.7 (update: GnuTLS 3.2.7 appears NOT
80to work against GNU nettle > 2.7, due to some API updatings done by
81nettle. Thus it should be compiled against nettle 2.7
82and, in case you get some error on the reference to `rpl_strerror' being
83undefined, follow the instructions on
84@uref{http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html, this}
85post (and the link inside it)).}
86@item @uref{https://gnunet.org/gnurl, gnURL} libgnurl @geq{} 7.34.0
87@footnote{must be compiled after @code{GnuTLS}}
88@item libglpk @geq{} 4.45
89@item @uref{http://www.openssl.org/, OpenSSL} @geq{} 1.0
90@item TeX Live @geq{} 2012, optional (for gnunet-bcd)
91@item Texinfo @geq{} 5.2 (for documentation)
92@item libsqlite @geq{} 3.8.0 @footnote{(note that the code will
93compile and often work with lower version numbers, but you may get subtle
94bugs with respect to quota management in certain rare cases);
95alternatively, MySQL or Postgres can also be installed, but those
96databases will require more complex configurations (not
97recommended for first-time users)}
98@item zlib
99@end itemize
100
101@node Optional dependencies
102@subsection Optional dependencies
103
104These applications must be installed for various experimental or otherwise
105optional features such as @command{gnunet-conversation},
106and @command{gnunet-conversation-gtk} (most of these features are only build if you
107configure GNUnet with @command{--enable-experimental}):
108
109@itemize @bullet
110@item libpulse @geq{} 2.0,
111optional (for @command{gnunet-conversation})
112@item libopus @geq{} 1.0.1,
113optional (for @command{gnunet-conversation})
114@item libogg @geq{} 1.3.0,
115optional (for @command{gnunet-conversation})
116@item libnss contained @command{certool} binary,
117optional for convenient installation of
118the GNS proxy.
119@item python-zbar @geq{} 0.10,
120optional (for @command{gnunet-qr})
121@item Gtk+ @geq{} 3.0,
122optional (for @command{gnunet-gtk})
123@item libgladeui (must match Gtk+ version),
124optional (for @command{gnunet-gtk})
125@item libqrencode @geq{} 3.0,
126optional (for @command{gnunet-namestore-gtk})
127@item libpbc @geq{} 0.5.14, optional for Attribute-Based Encryption and Identity Provider functionality
128@item libgabe (https://github.com/schanzen/libgabe), optional for Attribute-Based Encryption and Identity Provider functionality
129@end itemize
130
131@node Internal dependencies
132@subsection Internal dependencies
133
134This section tries to give an overview of what processes a typical GNUnet
135peer running a particular application would consist of. All of the
136processes listed here should be automatically started by
137@command{gnunet-arm -s}.
138The list is given as a rough first guide to users for failure diagnostics.
139Ideally, end-users should never have to worry about these internal
140dependencies.
141
142In terms of internal dependencies, a minimum file-sharing system consists
143of the following GNUnet processes (in order of dependency):
144
145@itemize @bullet
146@item gnunet-service-arm
147@item gnunet-service-resolver (required by all)
148@item gnunet-service-statistics (required by all)
149@item gnunet-service-peerinfo
150@item gnunet-service-transport (requires peerinfo)
151@item gnunet-service-core (requires transport)
152@item gnunet-daemon-hostlist (requires core)
153@item gnunet-daemon-topology (requires hostlist, peerinfo)
154@item gnunet-service-datastore
155@item gnunet-service-dht (requires core)
156@item gnunet-service-identity
157@item gnunet-service-fs (requires identity, mesh, dht, datastore, core)
158@end itemize
159
160@noindent
161A minimum VPN system consists of the following GNUnet processes (in
162order of dependency):
163
164@itemize @bullet
165@item gnunet-service-arm
166@item gnunet-service-resolver (required by all)
167@item gnunet-service-statistics (required by all)
168@item gnunet-service-peerinfo
169@item gnunet-service-transport (requires peerinfo)
170@item gnunet-service-core (requires transport)
171@item gnunet-daemon-hostlist (requires core)
172@item gnunet-service-dht (requires core)
173@item gnunet-service-mesh (requires dht, core)
174@item gnunet-service-dns (requires dht)
175@item gnunet-service-regex (requires dht)
176@item gnunet-service-vpn (requires regex, dns, mesh, dht)
177@end itemize
178
179@noindent
180A minimum GNS system consists of the following GNUnet processes (in
181order of dependency):
182
183@itemize @bullet
184@item gnunet-service-arm
185@item gnunet-service-resolver (required by all)
186@item gnunet-service-statistics (required by all)
187@item gnunet-service-peerinfo
188@item gnunet-service-transport (requires peerinfo)
189@item gnunet-service-core (requires transport)
190@item gnunet-daemon-hostlist (requires core)
191@item gnunet-service-dht (requires core)
192@item gnunet-service-mesh (requires dht, core)
193@item gnunet-service-dns (requires dht)
194@item gnunet-service-regex (requires dht)
195@item gnunet-service-vpn (requires regex, dns, mesh, dht)
196@item gnunet-service-identity
197@item gnunet-service-namestore (requires identity)
198@item gnunet-service-gns (requires vpn, dns, dht, namestore, identity)
199@end itemize
200
201@node Pre-installation notes
202@section Pre-installation notes
203
204Please note that in the code instructions for the installation,
205@emph{#} indicates commands run as privileged root user and
206@emph{$} shows commands run as unprivileged ("normal") system user.
207
208
209@node Generic installation instructions
210@section Generic installation instructions
211
212First, in addition to the GNUnet sources you might require downloading the
213latest version of various dependencies, depending on how recent the
214software versions in your distribution of GNU/Linux are.
215Most distributions do not include sufficiently recent versions of these
216dependencies.
217Thus, a typically installation on a "modern" GNU/Linux distribution
218requires you to install the following dependencies (ideally in this
219order):
220
221@itemize @bullet
222@item libgpgerror and libgcrypt
223@item libnettle and libunbound (possibly from distribution), GnuTLS
224@item libgnurl (read the README)
225@item GNU libmicrohttpd
226@item GNU libextractor
227@end itemize
228
229Make sure to first install the various mandatory and optional
230dependencies including development headers from your distribution.
231
232Other dependencies that you should strongly consider to install is a
233database (MySQL, sqlite or Postgres).
234The following instructions will assume that you installed at least sqlite.
235For most distributions you should be able to find pre-build packages for
236the database. Again, make sure to install the client libraries @b{and} the
237respective development headers (if they are packaged separately) as well.
238
239You can find specific, detailed instructions for installing of the
240dependencies (and possibly the rest of the GNUnet installation) in the
241platform-specific descriptions, which can be found in the Index.
242Please consult them now.
243If your distribution is not listed, please study
244@ref{Build instructions for Debian 8}, the build instructions for
245Debian stable, carefully as you try to install the dependencies for your
246own distribution.
247Contributing additional instructions for further platforms is always
248appreciated.
249Please take in mind that operating system development tends to move at
250a rather fast speed. Due to this you should be aware that some of
251the instructions could be outdated by the time you are reading this.
252If you find a mistake, please tell us about it (or even better: send
253a patch to the documentation to fix it!).
254
255Before proceeding further, please double-check the dependency list.
256Note that in addition to satisfying the dependencies, you might have to
257make sure that development headers for the various libraries are also
258installed.
259There maybe files for other distributions, or you might be able to find
260equivalent packages for your distribution.
261
262While it is possible to build and install GNUnet without having root
263access, we will assume that you have full control over your system in
264these instructions.
265First, you should create a system user @emph{gnunet} and an additional
266group @emph{gnunetdns}. On the GNU/Linux distributions Debian and Ubuntu,
267type:
268
269@example
270# adduser --system --home /var/lib/gnunet --group \
271--disabled-password gnunet
272# addgroup --system gnunetdns
273@end example
274
275@noindent
276On other Unixes and GNU systems, this should have the same effect:
277
278@example
279# useradd --system --groups gnunet --home-dir /var/lib/gnunet
280# addgroup --system gnunetdns
281@end example
282
283Now compile and install GNUnet using:
284
285@example
286$ tar xvf gnunet-@value{VERSION}.tar.gz
287$ cd gnunet-@value{VERSION}
288$ ./configure --with-sudo=sudo --with-nssdir=/lib
289$ make
290$ sudo make install
291@end example
292
293If you want to be able to enable DEBUG-level log messages, add
294@code{--enable-logging=verbose} to the end of the
295@command{./configure} command.
296@code{DEBUG}-level log messages are in English only and
297should only be useful for developers (or for filing
298really detailed bug reports).
299
300Finally, you probably want to compile @command{gnunet-gtk}, which
301includes @command{gnunet-setup} (a graphical tool for
302GNUnet configuration) and @command{gnunet-fs-gtk} (a graphical tool for
303GNUnet file-sharing):
304
305@example
306$ tar xvf gnunet-gtk-@value{VERSION}.tar.gz
307$ cd gnunet-gtk-@value{VERSION}
308$ ./configure --with-gnunet=/usr/local/
309$ make
310$ sudo make install
311$ cd ..
312# just to be safe run this:
313$ sudo ldconfig
314@end example
315
316@noindent
317Next, edit the file @file{/etc/gnunet.conf} to contain the following:
318
319@example
320[arm]
321SYSTEM_ONLY = YES
322USER_ONLY = NO
323@end example
324
325@noindent
326You may need to update your @code{ld.so} cache to include
327files installed in @file{/usr/local/lib}:
328
329@example
330# ldconfig
331@end example
332
333@noindent
334Then, switch from user @code{root} to user @code{gnunet} to start
335the peer:
336
337@example
338# su -s /bin/sh - gnunet
339$ gnunet-arm -c /etc/gnunet.conf -s
340@end example
341
342You may also want to add the last line in the gnunet user's @file{crontab}
343prefixed with @code{@@reboot} so that it is executed whenever the system
344is booted:
345
346@example
347@@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s
348@end example
349
350@noindent
351This will only start the system-wide GNUnet services.
352Type exit to get back your root shell.
353Now, you need to configure the per-user part. For each
354$USER that should get access to GNUnet on the system, run:
355
356@example
357# adduser $USER gnunet
358@end example
359
360@noindent
361to allow them to access the system-wide GNUnet services. Then, each
362user should create a configuration file @file{~/.config/gnunet.conf}
363with the lines:
364
365@example
366[arm]
367SYSTEM_ONLY = NO
368USER_ONLY = YES
369DEFAULTSERVICES = gns
370@end example
371
372@noindent
373and start the per-user services using
374
375@example
376$ gnunet-arm -c ~/.config/gnunet.conf -s
377@end example
378
379@noindent
380Again, adding a @code{crontab} entry to autostart the peer is advised:
381
382@example
383@@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s
384@end example
385
386@noindent
387Note that some GNUnet services (such as SOCKS5 proxies) may need a
388system-wide TCP port for each user.
389For those services, systems with more than one user may require each user
390to specify a different port number in their personal configuration file.
391
392Finally, the user should perform the basic initial setup for the GNU Name
393System (GNS) certificate authority. This is done by running:
394
395@example
396$ gnunet-gns-proxy-setup-ca
397@end example
398
399@noindent
400The first generates the default zones, wheras the second setups the GNS
401Certificate Authority with the user's browser. Now, to activate GNS in the
402normal DNS resolution process, you need to edit your
403@file{/etc/nsswitch.conf} where you should find a line like this:
404
405@example
406hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
407@end example
408
409@noindent
410The exact details may differ a bit, which is fine. Add the text
411@emph{"gns [NOTFOUND=return]"} after @emph{"files"}.
412Keep in mind that we included a backslash ("\") here just for
413markup reasons. You should write the text below on @b{one line}
414and @b{without} the "\":
415
416@example
417hosts: files gns [NOTFOUND=return] mdns4_minimal \
418[NOTFOUND=return] dns mdns4
419@end example
420
421@c FIXME: Document new behavior.
422You might want to make sure that @file{/lib/libnss_gns.so.2} exists on
423your system, it should have been created during the installation.
424
425@node Build instructions for Ubuntu 12.04 using Git
426@section Build instructions for Ubuntu 12.04 using Git
427
428@menu
429* Install the required build tools::
430* Install libgcrypt 1.6 and libgpg-error::
431* Install gnutls with DANE support::
432* Install libgnurl::
433* Install libmicrohttpd from Git::
434* Install libextractor from Git::
435* Install GNUnet dependencies::
436* Build GNUnet::
437* Install the GNUnet-gtk user interface from Git::
438@end menu
439
440@node Install the required build tools
441@subsection Install the required build tools
442
443First, make sure Git is installed on your system:
444
445@example
446$ sudo apt-get install git
447@end example
448
449Install the essential buildtools:
450
451@example
452$ sudo apt-get install automake autopoint autoconf libtool
453@end example
454
455@node Install libgcrypt 1.6 and libgpg-error
456@subsection Install libgcrypt 1.6 and libgpg-error
457
458@ref{generic source installation - libgpg-error}
459
460@node Install gnutls with DANE support
461@subsection Install gnutls with DANE support
462
463@itemize @bullet
464@item @ref{generic source installation - nettle}
465@item @ref{generic source installation - ldns}
466@item @ref{generic source installation - libunbound/unbound}
467@item @ref{generic source installation - gnutls}
468@item @ref{generic source installation - libgcrypt}
469@end itemize
470
471@node Install libgnurl
472@subsection Install libgnurl
473
474Follow the @ref{generic source installation - libgnurl}.
475
476@node Install libmicrohttpd from Git
477@subsection Install libmicrohttpd from Git
478
479@example
480$ git clone https://gnunet.org/git/libmicrohttpd
481$ cd libmicrohttpd/
482$ ./bootstrap
483$ ./configure
484$ sudo make install ; cd ..
485@end example
486
487@node Install libextractor from Git
488@subsection Install libextractor from Git
489
490Install libextractor dependencies:
491
492@example
493$ sudo apt-get install zlib1g-dev libgsf-1-dev libmpeg2-4-dev \
494 libpoppler-dev libvorbis-dev libexiv2-dev libjpeg-dev \
495 libtiff-dev libgif-dev libvorbis-dev libflac-dev libsmf-dev \
496 g++
497@end example
498
499Build libextractor:
500
501@example
502$ git clone https://gnunet.org/git/libextractor
503$ cd libextractor
504$ ./bootstrap
505$ ./configure
506$ sudo make install ; cd ..
507@end example
508
509@node Install GNUnet dependencies
510@subsection Install GNUnet dependencies
511
512@example
513$ sudo apt-get install libidn11-dev libunistring-dev libglpk-dev \
514 libpulse-dev libbluetooth-dev libsqlite-dev
515@end example
516
517Install libopus:
518
519@example
520$ wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz
521$ tar xf opus-1.1.tar.gz
522$ cd opus-1.1/
523$ ./configure
524$ sudo make install ; cd ..
525@end example
526
527Choose one or more database backends:
528
529SQLite3:
530@example
531$ sudo apt-get install libsqlite3-dev
532@end example
533MySQL:
534@example
535$ sudo apt-get install libmysqlclient-dev
536@end example
537PostgreSQL:
538@example
539$ sudo apt-get install libpq-dev postgresql
540@end example
541
542
543
544@node Build GNUnet
545@subsection Build GNUnet
546
547
548
549@menu
550* Configuring the installation path::
551* Configuring the system::
552* Installing components requiring sudo permission::
553* Build::
554@end menu
555
556@node Configuring the installation path
557@subsubsection Configuring the installation path
558
559You can specify the location of the GNUnet installation by setting the
560prefix when calling the configure script with @code{--prefix=DIRECTORY}
561
562@example
563$ export PATH=$PATH:DIRECTORY/bin
564@end example
565
566@node Configuring the system
567@subsubsection Configuring the system
568
569Please make sure NOW that you have created a user and group 'gnunet'
570and additionally a group 'gnunetdns':
571
572@example
573$ sudo addgroup gnunet
574$ sudo addgroup gnunetdns
575$ sudo adduser gnunet
576@end example
577
578Each GNUnet user should be added to the 'gnunet' group (may
579require fresh login to come into effect):
580
581@example
582$ sudo useradd -G gnunet
583@end example
584
585@node Installing components requiring sudo permission
586@subsubsection Installing components requiring sudo permission
587
588Some components, like the nss plugin required for GNS, may require root
589permissions. To allow these few components to be installed use:
590
591@example
592$ ./configure --with-sudo
593@end example
594
595@node Build
596@subsubsection Build
597
598@example
599$ git clone https://gnunet.org/git/gnunet/
600$ cd gnunet/
601$ ./bootstrap
602@end example
603
604Use the required configure call including the optional installation prefix
605@code{PREFIX} or the sudo permissions:
606
607@example
608$ ./configure [ --with-sudo | --with-prefix=PREFIX ]
609@end example
610
611@example
612$ make; sudo make install
613@end example
614
615After installing it, you need to create an empty configuration file:
616
617@example
618mkdir ~/.gnunet; touch ~/.gnunet/gnunet.conf
619@end example
620
621And finally you can start GNUnet with:
622
623@example
624$ gnunet-arm -s
625@end example
626
627@node Install the GNUnet-gtk user interface from Git
628@subsection Install the GNUnet-gtk user interface from Git
629
630
631Install depencies:
632
633@example
634$ sudo apt-get install libgtk-3-dev libunique-3.0-dev libgladeui-dev \
635 libqrencode-dev
636@end example
637
638Build GNUnet (with an optional prefix) and execute:
639
640@example
641$ git clone https://gnunet.org/git/gnunet-gtk/
642$ cd gnunet-gtk/
643$ ./bootstrap
644$ ./configure [--prefix=PREFIX] --with-gnunet=DIRECTORY
645$ make; sudo make install
646@end example
647
648@node Build instructions for software builds from source
649@section Build instructions for software builds from source
650
651This section describes software builds in case your operating
652system lacks binary substitutes / binary builds for some dependencies
653of GNUnet.
654It is assumed that you have installed common build dependencies
655and that these instructions are treated as generic without any
656debugging help.
657It is furthermore assumed that you use the release tarballs of
658the software, installation from the respective version control
659sources might differ in ways that are only minimal different
660(for example a dependency on autotools etc).
661
662@menu
663* generic source installation - nettle::
664* generic source installation - ldns::
665* generic source installation - libunbound/unbound::
666* generic source installation - libav::
667* generic source installation - libextractor::
668* generic source installation - libgpg-error::
669* generic source installation - libgcrypt::
670* generic source installation - gnutls::
671* generic source installation - libmicrohttpd::
672* generic source installation - libgnurl::
673@end menu
674
675@node generic source installation - nettle
676@subsection generic source installation - nettle
677
678@example
679$ wget http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz
680$ tar xf nettle-2.7.1.tar.gz
681$ cd nettle-2.7.1
682$ ./configure
683$ sudo make install ; cd ..
684@end example
685
686@node generic source installation - ldns
687@subsection generic source installation - ldns
688
689@example
690$ wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz
691$ tar xf ldns-1.6.16.tar.gz
692$ cd ldns-1.6.16
693$ ./configure
694$ sudo make install ; cd ..
695@end example
696
697@node generic source installation - libunbound/unbound
698@subsection generic source installation - libunbound/unbound
699
700@example
701$ wget https://unbound.net/downloads/unbound-1.4.21.tar.gz
702$ tar xf unbound-1.4.21.tar.gz
703$ cd unbound-1.4.21
704$ ./configure
705$ sudo make install ; cd ..
706@end example
707
708@node generic source installation - libav
709@subsection generic source installation - libav
710
711@example
712$ wget https://libav.org/releases/libav-9.10.tar.xz
713$ cd libav-0.9 ; ./configure --enable-shared;
714$ make; sudo make install; cd ..
715@end example
716
717@node generic source installation - libextractor
718@subsection generic source installation - libextractor
719
720@example
721$ wget https://ftp.gnu.org/gnu/libextractor/libextractor-1.3.tar.gz
722$ tar xvf libextractor-1.3.tar.gz
723$ cd libextractor-1.3 ; ./configure;
724$ make ; sudo make install; cd ..
725@end example
726
727@node generic source installation - libgpg-error
728@subsection generic source installation - libgpg-error
729
730@example
731$ wget https://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2
732$ tar xvf libgpg-error-1.12.tar.bz2
733$ cd libgpg-error-1.12; ./configure;
734$ make ; sudo make install; cd ..
735@end example
736
737@node generic source installation - libgcrypt
738@subsection generic source installation - libgcrypt
739@example
740$ wget https://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2
741$ tar xvf libgcrypt-1.6.0.tar.bz2
742$ cd libgcrypt-1.6.0; ./configure --with-gpg-error-prefix=/usr/local;
743$ make ; sudo make install ; cd ..
744@end example
745
746@node generic source installation - gnutls
747@subsection generic source installation - gnutls
748
749@example
750$ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz
751$ tar xvf gnutls-3.2.7.tar.xz
752$ cd gnutls-3.2.7
753@end example
754
755@noindent
756If you want a GnuTLS with DANE functionality (recommended for GNUnet),
757you have to compile it against libunbound. Assuming that libunbound
758is installed on your system:
759
760@example
761$ ./configure --enable-libdane
762@end example
763
764@noindent
765Note that the build system of GnuTLS should pick up libunbound without
766the explicit mention of @code{--enable-libdane}.
767If you don't want libdane support you should pass @code{--disable-libdane}
768instead.
769
770@example
771$ ./configure
772$ make ; sudo make install ; cd ..
773@end example
774
775@node generic source installation - libmicrohttpd
776@subsection generic source installation - libmicrohttpd
777
778@example
779$ wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.33.tar.gz
780$ tar xvf libmicrohttpd-0.9.33.tar.gz
781$ cd libmicrohttpd-0.9.33; ./configure;
782$ make ; sudo make install ; cd ..
783@end example
784
785@node generic source installation - libgnurl
786@subsection generic source installation - libgnurl
787
788Example installation of libgnurl version 7.57.0 from source.
789
790@example
791$ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz
792$ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz.sig
793$ gpg --verify gnurl-7.57.0.tar.xz.sig
794@end example
795
796@noindent
797If that command fails because you do not have the required public key,
798then run this command to import it:
799
800@example
801$ gpg --keyserver pgp.mit.edu --recv-keys A88C8ADD129828D7EAC02E52E22F9BBFEE348588
802@end example
803
804@noindent
805and rerun the gpg --verify command.
806
807@example
808$ tar xvf gnurl-7.57.0.tar.xz
809$ cd gnurl-7.57.0
810$ ./configure --disable-ntlm-wb
811$ make ; sudo make install; cd ..
812@end example
813
814You have now build and installed libgnurl from source.
815
816@menu
817* Fixing libgnurl build issues::
818@end menu
819
820@node Fixing libgnurl build issues
821@subsubsection Fixing libgnurl build issues
822
823@c FIXME: Obviously this subsection should be evaluated and
824@c if still necessary moved into gnURL itself (README) or
825@c into a separate section which deals with gnURL.
826If you have to compile libgnurl from source (for example if the version
827included in your distribution is too old or it's not included at all)
828you perhaps might get an error message while running the
829@command{configure} script:
830
831@example
832$ configure
833...
834checking for 64-bit curl_off_t data type... unknown
835checking for 32-bit curl_off_t data type... unknown
836checking for 16-bit curl_off_t data type... unknown
837configure: error: cannot find data type for curl_off_t.
838@end example
839
840@noindent
841Solution:
842
843Before running the @command{configure} script, set:
844
845@example
846CFLAGS="-I. -I$BUILD_ROOT/include"
847@end example
848
849@node Build Instructions for Microsoft Windows Platforms
850@section Build Instructions for Microsoft Windows Platforms
851
852@menu
853* Introduction to building on MS Windows::
854* Requirements::
855* Dependencies & Initial Setup::
856* GNUnet Installation::
857* Adjusting Windows for running and testing GNUnet::
858* Building the GNUnet Installer::
859* Using GNUnet with Netbeans on Windows::
860@end menu
861
862@node Introduction to building on MS Windows
863@subsection Introduction to building on MS Windows
864
865
866This document is a guide to building GNUnet and its dependencies on
867Windows platforms. GNUnet development is mostly done under GNU/Linux and
868especially git checkouts may not build out of the box.
869We regret any inconvenience, and if you have problems, please report
870them.
871
872@node Requirements
873@subsection Requirements
874
875The Howto is based upon a @strong{Windows Server 2008 32bit}
876@strong{Installation}, @strong{sbuild} and thus a
877@uref{http://www.mingw.org/wiki/MSYS, MSYS+MinGW}
878(W32-GCC-Compiler-Suite + Unix-like Userland) installation. sbuild
879is a convenient set of scripts which creates a working msys/mingw
880installation and installs most dependencies required for GNUnet.
881
882As of the point of the creation of these instructions,
883GNUnet @strong{requires} a Windows @strong{Server} 2003 or
884newer for full feature support.
885Windows Vista and later will also work, but
886@strong{non-server version can not run a VPN-Exit-Node} as the NAT
887features have been removed as of Windows Vista.
888
889@c TODO: We should document Windows 10!
890@c It seems like the situation hasn't changed with W10
891
892@node Dependencies & Initial Setup
893@subsection Dependencies & Initial Setup
894
895
896@itemize @bullet
897
898@item
899Install a fresh version of @strong{Python 2.x}, even if you are using a
900x64-OS, install a 32-bit version for use with sbuild.
901Python 3.0 is currently incompatible.
902
903@item
904Install your favorite @uref{http://code.google.com/p/tortoisegit/, git} &
905@uref{http://tortoisesvn.net/, subversion}-clients.
906
907@item
908You will also need some archive-manager like
909@uref{http://www.7-zip.org/, 7zip}.
910
911@item
912Pull a copy of sbuild to a directory of your choice, which will be used
913in the remainder of this guide. For now, we will use
914@file{c:\gnunet\sbuild\}
915
916@item
917in @file{sbuild\src\mingw\mingw32-buildall.sh}, comment out the packages
918@strong{gnunet-svn} and @strong{gnunet-gtk-svn}, as we don't want sbuild
919to compile/install those for us.
920
921@item
922Follow LRN's sbuild installation instructions.-
923@end itemize
924
925Please note that sbuild may (or will most likely) fail during
926installation, thus you really HAVE to @strong{check the logfiles} created
927during the installation process.
928Certain packages may fail to build initially due to missing dependencies,
929thus you may have to
930@strong{substitute those with binary-versions initially}. Later on once
931dependencies are satisfied you can re-build the newer package versions.
932
933@strong{It is normal that you may have to repeat this step multiple times
934and there is no uniform way to fix all compile-time issues, as the
935build-process of many of the dependencies installed are rather unstable
936on win32 and certain releases may not even compile at all.}
937
938Most dependencies for GNUnet have been set up by sbuild, thus we now
939should add the @file{bin/} directories in your new msys and mingw
940installations to PATH. You will want to create a backup of your finished
941msys-environment by now.
942
943@node GNUnet Installation
944@subsection GNUnet Installation
945
946First, we need to launch our msys-shell, you can do this via
947
948@file{C:\gnunet\sbuild\msys\msys.bat}
949
950You might wish to take a look at this file and adjust some
951login-parameters to your msys environment.
952
953Also, sbuild added two pointpoints to your msys-environment, though those
954might remain invisible:
955
956@itemize @bullet
957
958@item
959/mingw, which will mount your mingw-directory from sbuild/mingw and the
960other one is
961
962@item
963/src which contains all the installation sources sbuild just compiled.
964@end itemize
965
966Check out the current GNUnet sources (git HEAD) from the
967GNUnet repository "gnunet.git", we will do this in your home directory:
968
969@code{git clone https://gnunet.org/git/gnunet/ ~/gnunet}
970
971Now, we will first need to bootstrap the checked out installation and then
972configure it accordingly.
973
974@example
975cd ~/gnunet
976./bootstrap
977STRIP=true CPPFLAGS="-DUSE_IPV6=1 -DW32_VEH" CFLAGS="$CFLAGS -g -O2" \
978./configure --prefix=/ --docdir=/share/doc/gnunet \
979--with-libiconv-prefix=/mingw --with-libintl-prefix=/mingw \
980--with-libcurl=/mingw --with-extractor=/mingw --with-sqlite=/mingw \
981--with-microhttpd=/mingw --with-plibc=/mingw --enable-benchmarks \
982--enable-expensivetests --enable-experimental --with-qrencode=/mingw \
983--enable-silent-rules --enable-experimental 2>&1 | tee -a ./configure.log
984@end example
985
986The parameters above will configure for a reasonable GNUnet installation
987to the your msys-root directory.
988Depending on which features your would like to build or you may need to
989specify additional dependencies. Sbuild installed most libs into
990the /mingw subdirectory, so remember to prefix library locations with
991this path.
992
993Like on a unixoid system, you might want to use your home directory as
994prefix for your own GNUnet installation for development, without tainting
995the buildenvironment. Just change the "prefix" parameter to point towards
996~/ in this case.
997
998Now it's time to compile GNUnet as usual. Though this will take some time,
999so you may fetch yourself a coffee or some Mate now...
1000
1001@example
1002make ; make install
1003@end example
1004
1005@node Adjusting Windows for running and testing GNUnet
1006@subsection Adjusting Windows for running and testing GNUnet
1007
1008Assuming the build succeeded and you
1009@strong{added the bin directory of your GNUnet to PATH}, you can now use
1010your gnunet-installation as usual.
1011Remember that UAC or the windows firewall may popup initially, blocking
1012further execution of gnunet until you acknowledge them.
1013
1014You will also have to take the usual steps to get peer-to-peer (p2p)
1015software running properly (port forwarding, ...),
1016and GNUnet will require administrative permissions as it may even
1017install a device-driver (in case you are using gnunet-vpn and/or
1018gnunet-exit).
1019
1020@node Building the GNUnet Installer
1021@subsection Building the GNUnet Installer
1022
1023The GNUnet installer is made with
1024@uref{http://nsis.sourceforge.net/, NSIS}.
1025The installer script is located in @file{contrib\win} in the
1026GNUnet source tree.
1027
1028@node Using GNUnet with Netbeans on Windows
1029@subsection Using GNUnet with Netbeans on Windows
1030
1031TODO
1032
1033@node Build instructions for Debian 7.5
1034@section Build instructions for Debian 7.5
1035
1036
1037These are the installation instructions for Debian 7.5. They were tested
1038using a minimal, fresh Debian 7.5 AMD64 installation without non-free
1039software (no contrib or non-free).
1040By "minimal", we mean that during installation, we did not select any
1041desktop environment, servers or system utilities during the "tasksel"
1042step. Note that the packages and the dependencies that we will install
1043during this chapter take about 1.5 GB of disk space.
1044Combined with GNUnet and space for objects during compilation, you should
1045not even attempt this unless you have about 2.5 GB free after the minimal
1046Debian installation.
1047Using these instructions to build a VM image is likely to require a
1048minimum of 4-5 GB for the VM (as you will likely also want a desktop
1049manager).
1050
1051GNUnet's security model assumes that your @file{/home} directory is
1052encrypted. Thus, if possible, you should encrypt your home partition
1053(or per-user home directory).
1054
1055Naturally, the exact details of the starting state for your installation
1056should not matter much. For example, if you selected any of those
1057installation groups you might simply already have some of the necessary
1058packages installed.
1059We did this for testing, as this way we are less likely to forget to
1060mention a required package.
1061Note that we will not install a desktop environment, but of course you
1062will need to install one to use GNUnet's graphical user interfaces.
1063Thus, it is suggested that you simply install the desktop environment of
1064your choice before beginning with the instructions.
1065
1066
1067
1068@menu
1069* Update::
1070* Stable? Hah!::
1071* Update again::
1072* Installing packages::
1073* Installing dependencies from source::
1074* Installing GNUnet from source::
1075* But wait there is more!::
1076@end menu
1077
1078@node Update
1079@subsection Update
1080
1081After any installation, you should begin by running
1082
1083@example
1084# apt-get update ; apt-get upgrade
1085@end example
1086
1087to ensure that all of your packages are up-to-date. Note that the "#" is
1088used to indicate that you need to type in this command as "root"
1089(or prefix with "sudo"), whereas "$" is used to indicate typing in a
1090command as a normal user.
1091
1092@node Stable? Hah!
1093@subsection Stable? Hah!
1094
1095Yes, we said we start with a Debian 7.5 "stable" system. However, to
1096reduce the amount of compilation by hand, we will begin by allowing the
1097installation of packages from the testing and unstable distributions as
1098well.
1099We will stick to "stable" packages where possible, but some packages will
1100be taken from the other distributions.
1101Start by modifying @file{/etc/apt/sources.list} to contain the
1102following (possibly adjusted to point to your mirror of choice):
1103
1104@example
1105# These were there before:
1106deb http://ftp.de.debian.org/debian/ wheezy main
1107deb-src http://ftp.de.debian.org/debian/ wheezy main
1108deb http://security.debian.org/ wheezy/updates main
1109deb-src http://security.debian.org/ wheezy/updates main
1110deb http://ftp.de.debian.org/debian/ wheezy-updates main
1111deb-src http://ftp.de.debian.org/debian/ wheezy-updates main
1112
1113# Add these lines (feel free to adjust the mirror):
1114deb http://ftp.de.debian.org/debian/ testing main
1115deb http://ftp.de.debian.org/debian/ unstable main
1116@end example
1117
1118The next step is to create/edit your @file{/etc/apt/preferences}
1119file to look like this:
1120
1121@example
1122Package: *
1123Pin: release a=stable,n=wheezy
1124Pin-Priority: 700
1125
1126Package: *
1127Pin: release o=Debian,a=testing
1128Pin-Priority: 650
1129
1130Package: *
1131Pin: release o=Debian,a=unstable
1132Pin-Priority: 600
1133@end example
1134
1135You can read more about Apt Preferences here and here.
1136Note that other pinnings are likely to also work for GNUnet, the key
1137thing is that you need some packages from unstable (as shown below).
1138However, as unstable is unlikely to be comprehensive (missing packages)
1139or might be problematic (crashing packages), you probably want others
1140from stable and/or testing.
1141
1142@node Update again
1143@subsection Update again
1144
1145Now, run again@
1146
1147@example
1148# apt-get update@
1149# apt-get upgrade@
1150@end example
1151
1152to ensure that all your new distribution indices are downloaded, and
1153that your pinning is correct: the upgrade step should cause no changes
1154at all.
1155
1156@node Installing packages
1157@subsection Installing packages
1158
1159We begin by installing a few Debian packages from stable:@
1160
1161@example
1162# apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \
1163 libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev \
1164 texlive libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev \
1165 libbz2-dev libexiv2-dev libflac-dev libgif-dev libglib2.0-dev \
1166 libgtk-3-dev libmagic-dev libjpeg8-dev libmpeg2-4-dev libmp4v2-dev \
1167 librpm-dev libsmf-dev libtidy-dev libtiff5-dev libvorbis-dev \
1168 libogg-dev zlib1g-dev g++ gettext libgsf-1-dev libunbound-dev \
1169 libqrencode-dev libgladeui-dev nasm texlive-latex-extra \
1170 libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev
1171@end example
1172
1173After that, we install a few more packages from unstable:@
1174
1175@example
1176# apt-get install -t unstable nettle-dev libgstreamer1.0-dev \
1177 gstreamer1.0-plugins-base gstreamer1.0-plugins-good \
1178 libgstreamer-plugins-base1.0-dev
1179@end example
1180
1181@node Installing dependencies from source
1182@subsection Installing dependencies from source
1183
1184Next, we need to install a few dependencies from source.
1185You might want to do this as a "normal" user and only run the
1186@code{make install} steps as root (hence the @code{sudo} in the
1187commands below). Also, you do this from any
1188directory. We begin by downloading all dependencies, then extracting the
1189sources, and finally compiling and installing the libraries.
1190
1191For these steps, follow the instructions given in the
1192installation from source instruction in this order:
1193
1194@itemize @bullet
1195@item @ref{generic source installation - libav}
1196@item @ref{generic source installation - libextractor}
1197@item @ref{generic source installation - libgpg-error}
1198@item @ref{generic source installation - libgcrypt}
1199@item @ref{generic source installation - gnutls}
1200@item @ref{generic source installation - libmicrohttpd}
1201@item @ref{generic source installation - libgnurl}
1202@end itemize
1203
1204@node Installing GNUnet from source
1205@subsection Installing GNUnet from source
1206
1207
1208For this, simply follow the generic installation instructions from
1209here.
1210
1211@node But wait there is more!
1212@subsection But wait there is more!
1213
1214So far, we installed all of the packages and dependencies required to
1215ensure that all of GNUnet would be built.
1216However, while for example the plugins to interact with the MySQL or
1217Postgres databases have been created, we did not actually install or
1218configure those databases. Thus, you will need to install
1219and configure those databases or stick with the default Sqlite database.
1220Sqlite is usually fine for most applications, but MySQL can offer better
1221performance and Postgres better resillience.
1222
1223
1224@node Installing GNUnet from Git on Ubuntu 14.4
1225@section Installing GNUnet from Git on Ubuntu 14.4
1226
1227@strong{Install the required build tools:}
1228
1229@example
1230$ sudo apt-get install git automake autopoint autoconf
1231@end example
1232
1233@strong{Install the required dependencies}
1234
1235@example
1236$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
1237 libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
1238 libmicrohttpd-dev libgnutls28-dev
1239@end example
1240
1241@strong{Choose one or more database backends}
1242
1243@itemize @bullet
1244
1245@item SQLite3:
1246
1247@example
1248$ sudo apt-get install libsqlite3-dev
1249@end example
1250
1251@item MySQL:
1252
1253@example
1254$ sudo apt-get install libmysqlclient-dev
1255@end example
1256
1257@item PostgreSQL:
1258
1259@example
1260$ sudo apt-get install libpq-dev postgresql
1261@end example
1262
1263@end itemize
1264
1265@strong{Install the optional dependencies for gnunet-conversation:}
1266
1267@example
1268$ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev
1269@end example
1270
1271@strong{Install the libgrypt 1.6.1:}
1272
1273@itemize @bullet
1274
1275@item For Ubuntu 14.04:
1276
1277@example
1278$ sudo apt-get install libgcrypt20-dev
1279@end example
1280
1281@item For Ubuntu older 14.04:
1282
1283@example
1284$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2
1285$ tar xf libgcrypt-1.6.1.tar.bz2
1286$ cd libgcrypt-1.6.1
1287$ ./configure
1288$ sudo make install
1289$ cd ..
1290@end example
1291
1292@end itemize
1293
1294@strong{Install libgnurl}
1295
1296@example
1297$ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2
1298$ tar xf gnurl-7.35.0.tar.bz2
1299$ cd gnurl-7.35.0
1300$ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \
1301 --without-libmetalink --without-winidn --without-librtmp \
1302 --without-nghttp2 --without-nss --without-cyassl --without-polarssl \
1303 --without-ssl --without-winssl --without-darwinssl --disable-sspi \
1304 --disable-ntlm-wb --disable-ldap --disable-rtsp --disable-dict \
1305 --disable-telnet --disable-tftp --disable-pop3 --disable-imap \
1306 --disable-smtp --disable-gopher --disable-file --disable-ftp
1307$ sudo make install
1308$ cd ..
1309@end example
1310
1311@strong{Install GNUnet}
1312
1313@example
1314$ git clone https://gnunet.org/git/gnunet/
1315$ cd gnunet/
1316$ ./bootstrap
1317@end example
1318
1319If you want to:
1320
1321@itemize @bullet
1322
1323@item Install to a different directory:
1324
1325@example
1326--prefix=PREFIX
1327@end example
1328
1329@item
1330Have sudo permission, but do not want to compile as root:
1331
1332@example
1333--with-sudo
1334@end example
1335
1336@item
1337Want debug message enabled:
1338
1339@example
1340--enable-logging=verbose
1341@end example
1342
1343@end itemize
1344
1345
1346@example
1347$ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]
1348$ make; sudo make install
1349@end example
1350
1351After installing it, you need to create an empty configuration file:
1352
1353@example
1354touch ~/.config/gnunet.conf
1355@end example
1356
1357And finally you can start GNUnet with
1358
1359@example
1360$ gnunet-arm -s
1361@end example
1362
1363@node Build instructions for Debian 8
1364@section Build instructions for Debian 8
1365@c FIXME: I -> we
1366
1367These are the installation instructions for Debian 8. They were tested
1368sing a fresh Debian 8 AMD64 installation without non-free software (no
1369contrib or non-free). During installation, I only selected "lxde" for the
1370desktop environment.
1371Note that the packages and the dependencies that we will install during
1372this chapter take about 1.5 GB of disk space. Combined with GNUnet and
1373space for objects during compilation, you should not even attempt this
1374unless you have about 2.5 GB free after the Debian installation.
1375Using these instructions to build a VM image is likely to require a
1376minimum of 4-5 GB for the VM (as you will likely also want a desktop
1377manager).
1378
1379GNUnet's security model assumes that your @code{/home} directory is
1380encrypted.
1381Thus, if possible, you should encrypt your entire disk, or at least just
1382your home partition (or per-user home directory).
1383
1384Naturally, the exact details of the starting state for your installation
1385should not matter much.
1386For example, if you selected any of those installation groups you might
1387simply already have some of the necessary packages installed. Thus, it is
1388suggested that you simply install the desktop environment of your choice
1389before beginning with the instructions.
1390
1391
1392@menu
1393* Update Debian::
1394* Installing Debian Packages::
1395* Installing Dependencies from Source2::
1396* Installing GNUnet from Source2::
1397* But wait (again) there is more!::
1398@end menu
1399
1400@node Update Debian
1401@subsection Update Debian
1402
1403After any installation, you should begin by running
1404
1405@example
1406# apt-get update
1407# apt-get upgrade
1408@end example
1409
1410to ensure that all of your packages are up-to-date. Note that the "#" is
1411used to indicate that you need to type in this command as "root" (or
1412prefix with "sudo"), whereas "$" is used to indicate typing in a command
1413as a normal user.
1414
1415@node Installing Debian Packages
1416@subsection Installing Debian Packages
1417
1418We begin by installing a few Debian packages from stable:
1419
1420@example
1421# apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \
1422libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev texlive \
1423libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev libbz2-dev \
1424libflac-dev libgif-dev libglib2.0-dev libgtk-3-dev libmpeg2-4-dev \
1425libtidy-dev libvorbis-dev libogg-dev zlib1g-dev g++ gettext \
1426libgsf-1-dev libunbound-dev libqrencode-dev libgladeui-dev nasm \
1427texlive-latex-extra libunique-3.0-dev gawk miniupnpc libfuse-dev \
1428libbluetooth-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good \
1429libgstreamer-plugins-base1.0-dev nettle-dev libextractor-dev \
1430libgcrypt20-dev libmicrohttpd-dev
1431@end example
1432
1433@node Installing Dependencies from Source2
1434@subsection Installing Dependencies from Source2
1435
1436Yes, we said we start with a Debian 8 "stable" system, but because Debian
1437linked GnuTLS without support for DANE, we need to compile a few things,
1438in addition to GNUnet, still by hand. Yes, you can run GNUnet using the
1439respective Debian packages, but then you will not get DANE support.
1440
1441Next, we need to install a few dependencies from source. You might want
1442to do this as a "normal" user and only run the @code{make install} steps
1443as root (hence the @code{sudo} in the commands below). Also, you do this
1444from any directory. We begin by downloading all dependencies, then
1445extracting the sources, and finally compiling and installing the
1446libraries:
1447
1448@example
1449$ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.12.tar.xz
1450$ tar xvf gnutls-3.3.12.tar.xz
1451$ cd gnutls-3.3.12 ; ./configure ; make ; sudo make install ; cd ..
1452@end example
1453
1454For the installation and compilation of libgnurl/gnURL refer to
1455the generic installation section,
1456@xref{generic source installation - libgnurl}.
1457
1458@node Installing GNUnet from Source2
1459@subsection Installing GNUnet from Source2
1460
1461For this, simply follow the generic installation instructions from@
1462here.
1463
1464@node But wait (again) there is more!
1465@subsection But wait (again) there is more!
1466
1467So far, we installed all of the packages and dependencies required to
1468ensure that all of GNUnet would be built. However, while for example the
1469plugins to interact with the MySQL or Postgres databases have been
1470created, we did not actually install or configure those databases.
1471Thus, you will need to install and configure those databases or stick
1472with the default Sqlite database. Sqlite is usually fine for most
1473applications, but MySQL can offer better performance and Postgres better
1474resillience.
1475
1476@node Build instructions for macOS
1477@section Build instructions for macOS
1478@c FIXME: I -> we
1479
1480These are the installation guidelines for macOS.
1481They were tested on macOS High Sierra.
1482
1483@menu
1484* Installing dependencies::
1485* Compile from Source::
1486@end menu
1487
1488@node Installing dependencies
1489@subsection Installing dependencies
1490
1491First, install XCode in the newest version.
1492See https://developer.apple.com/xcode/.
1493
1494Install Homebrew (https://brew.sh) and then install the dependencies listed above.
1495If a dependency does not exists in brew, you need to compile it from source.
1496
1497@example
1498# brew install <dependency>
1499@end example
1500
1501@node Compile from Source
1502@subsection Compile from Source
1503
1504Before you start building GNUnet, you need to setup your environment.
1505This means that you have to make sure the proper tools are used in the build process.
1506For example, after installing texinfo you need to make sure the new texinfo is actually used:
1507
1508@example
1509# echo 'export PATH="/usr/local/opt/texinfo/bin:$PATH"' >> ~/.bash_profile
1510@end example
1511
1512Note: brew tells you the appropriate command when executing
1513
1514@example
1515# brew info texinfo
1516@end example
1517
1518This may also be necessary for the gettext package.
1519
1520Before you start compiling, you need to make sure gcc is used and not the clang compile of your macOS system.
1521On my system, gcc was actually ``gcc-7'' and gcc pointed to the clang compiler.
1522
1523@example
1524# export CC=gcc-7
1525@end example
1526
1527After this the standard compile instructions apply.
1528
1529@c @node Build instructions for OpenBSD 6.2
1530@c @section Build instructions for OpenBSD 6.2
1531
1532@node Outdated build instructions for previous revisions
1533@section Outdated build instructions for previous revisions
1534
1535This chapter contains a collection of outdated, older installation guides.
1536They are mostly intended to serve as a starting point for writing
1537up-to-date instructions and should not be expected to work for
1538GNUnet 0.10.x.
1539A set of older installation instructions can also be found in the
1540file @file{doc/outdated-and-old-installation-instructions.txt} in the
1541source tree of GNUnet.
1542
1543This file covers old instructions which no longer receive security
1544updates or any kind of support.
1545
1546@menu
1547* Installing GNUnet 0.10.1 on Ubuntu 14.04::
1548* Building GLPK for MinGW::
1549* GUI build instructions for Ubuntu 12.04 using Subversion::
1550@c * Installation with gnunet-update::
1551* Instructions for Microsoft Windows Platforms (Old)::
1552@end menu
1553
1554
1555@node Installing GNUnet 0.10.1 on Ubuntu 14.04
1556@subsection Installing GNUnet 0.10.1 on Ubuntu 14.04
1557
1558Install the required dependencies:
1559
1560@example
1561$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
1562 libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
1563 libmicrohttpd-dev libgnutls28-dev
1564@end example
1565
1566Choose one or more database backends:
1567
1568@itemize @bullet
1569
1570@item SQLite3
1571
1572@example
1573 $ sudo apt-get install libsqlite3-dev@
1574@end example
1575
1576@item MySQL
1577
1578@example
1579$ sudo apt-get install libmysqlclient-dev@
1580@end example
1581
1582@item PostgreSQL
1583
1584@example
1585 $ sudo apt-get install libpq-dev postgresql@
1586@end example
1587
1588@end itemize
1589
1590Install the optional dependencies for gnunet-conversation:
1591
1592@example
1593 $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev
1594@end example
1595
1596Install libgcrypt 1.6:
1597
1598@itemize @bullet
1599
1600@item For Ubuntu 14.04:
1601
1602@example
1603$ sudo apt-get install libgcrypt20-dev
1604@end example
1605
1606@item For Ubuntu older than 14.04:
1607
1608@example
1609wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2
1610$ tar xf libgcrypt-1.6.1.tar.bz2
1611$ cd libgcrypt-1.6.1
1612$ ./configure
1613$ sudo make install
1614$ cd ..
1615@end example
1616@end itemize
1617
1618Install libgnurl:
1619
1620@pxref{generic source installation - libgnurl}.
1621
1622Install GNUnet:
1623
1624@example
1625$ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz
1626$ tar xf gnunet-0.10.1.tar.gz
1627$ cd gnunet-0.10.1
1628@end example
1629
1630If you want to:
1631
1632@itemize @bullet
1633
1634@item
1635Install to a different directory:
1636
1637@example
1638--prefix=PREFIX
1639@end example
1640
1641@item
1642Have sudo permission, but do not want to compile as root:
1643
1644@example
1645--with-sudo
1646@end example
1647
1648@item
1649Want debug message enabled:
1650
1651@example
1652--enable-logging=verbose
1653@end example
1654
1655@end itemize
1656
1657@example
1658$ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]
1659$ make; sudo make install
1660@end example
1661
1662After installing it, you need to create an empty configuration file:
1663
1664@example
1665touch ~/.config/gnunet.conf
1666@end example
1667
1668And finally you can start GNUnet with
1669
1670@example
1671$ gnunet-arm -s
1672@end example
1673
1674@node Building GLPK for MinGW
1675@subsection Building GLPK for MinGW
1676
1677GNUnet now requires the GNU Linear Programming Kit (GLPK).
1678Since there's is no package you can install with @code{mingw-get} you
1679have to compile it from source:
1680
1681@itemize @bullet
1682
1683@item Download the latest version from
1684@uref{http://ftp.gnu.org/gnu/glpk/}
1685
1686@item Unzip the downloaded source tarball using your favourite
1687unzipper application In the MSYS shell
1688
1689@item change to the respective directory
1690
1691@item Configure glpk for "i686-pc-mingw32":
1692
1693@example
1694./configure '--build=i686-pc-mingw32'
1695@end example
1696
1697@item run
1698
1699@example
1700make install check
1701@end example
1702
1703@end itemize
1704
1705MinGW does not automatically detect the correct buildtype so you have to
1706specify it manually.
1707
1708
1709@node GUI build instructions for Ubuntu 12.04 using Subversion
1710@subsection GUI build instructions for Ubuntu 12.04 using Subversion
1711
1712After installing GNUnet you can continue installing the GNUnet GUI tools:
1713
1714First, install the required dependencies:
1715
1716@example
1717$ sudo apt-get install libgladeui-dev libqrencode-dev
1718@end example
1719
1720Please ensure that the GNUnet shared libraries can be found by the linker.
1721If you installed GNUnet libraries in a non standard path
1722(say GNUNET_PREFIX=/usr/local/lib/), you can
1723
1724@itemize @bullet
1725
1726@item set the environmental variable permanently to:
1727
1728@example
1729LD_LIBRARY_PATH=$GNUNET_PREFIX
1730@end example
1731
1732@item or add @code{$GNUNET_PREFIX} to @file{/etc/ld.so.conf}
1733
1734@end itemize
1735
1736Now you can checkout and compile the GNUnet GUI tools:
1737
1738@example
1739$ git clone https://gnunet.org/git/gnunet-gtk
1740$ cd gnunet-gtk
1741$ ./bootstrap
1742$ ./configure --prefix=$GNUNET_PREFIX/.. --with-gnunet=$GNUNET_PREFIX/..
1743$ make install
1744@end example
1745
1746@c @node Installation with gnunet-update
1747@c @subsection Installation with gnunet-update
1748
1749@c gnunet-update project is an effort to introduce updates to GNUnet
1750@c installations. An interesting to-be-implemented-feature of gnunet-update
1751@c is that these updates are propagated through GNUnet's peer-to-peer
1752@c network. More information about gnunet-update can be found at
1753@c @c FIXME: Use correct cgit URL
1754@c @uref{https://gnunet.org/git/gnunet-update.git/tree/plain/README}.
1755
1756@c While the project is still under development, we have implemented the
1757@c following features which we believe may be helpful for users and we
1758@c would like them to be tested:
1759
1760@c @itemize @bullet
1761
1762@c @item
1763@c Packaging GNUnet installation along with its run-time dependencies into
1764@c update packages
1765
1766@c @item
1767@c Installing update packages into compatible hosts
1768
1769@c @item
1770@c Updating an existing installation (which had been installed by
1771@c gnunet-update) to a newer one
1772
1773@c @end itemize
1774
1775@c The above said features of gnunet-update are currently available for
1776@c testing on GNU/Linux systems.
1777
1778@c The following is a guide to help you get started with gnunet-update.
1779@c It shows you how to install the testing binary packages of GNUnet
1780@c 0.9.1 we have at @uref{https://gnunet.org/install/}.
1781
1782@c gnunet-update needs the following dependencies:
1783
1784@c @itemize @bullet
1785@c @item
1786@c python @geq{} 2.6
1787
1788@c @item
1789@c gnupg
1790
1791@c @item
1792@c python-gpgme
1793@c @end itemize
1794
1795
1796@c Checkout gnunet-update:
1797
1798@c @c FIXME: git!
1799@c @example
1800@c $ svn checkout -r24905 https://gnunet.org/svn/gnunet-update@
1801@c @end example
1802
1803@c For security reasons, all packages released for gnunet-update from us are
1804@c signed with the key at @uref{https://gnunet.org/install/key.txt}.
1805@c You would need to import this key into your gpg key ring.
1806@c gnunet-update uses this key to verify the integrity of the packages it
1807@c installs:
1808
1809@c @example
1810@c $ gpg --recv-keys 7C613D78@
1811@c @end example
1812
1813@c Download the packages relevant to your architecture (currently I have
1814@c access to GNU/Linux machines on x86_64 and i686, so only two for now,
1815@c hopefully more later) from https://gnunet.org/install/.
1816
1817@c To install the downloaded package into the directory /foo:
1818
1819@c @example
1820@c gnunet-update/bin/gnunet-update install downloaded/package /foo
1821@c @end example
1822
1823@c The installer reports the directories into which shared libraries and
1824@c dependencies have been installed. You may need to add the reported shared
1825@c library installation paths to LD_LIBRARY_PATH before you start running any
1826@c installed binaries.
1827
1828@c Please report bugs at https://gnunet.org/bugs/ under the project
1829@c 'gnunet-update'.
1830
1831@node Instructions for Microsoft Windows Platforms (Old)
1832@subsection Instructions for Microsoft Windows Platforms (Old)
1833
1834This document is a @b{DEPRECATED} installation guide for GNUnet on
1835Windows.
1836It will not work for recent GNUnet versions, but maybe it will be of
1837some use if problems arise.
1838
1839The Windows build uses a UNIX emulator for Windows,
1840@uref{http://www.mingw.org/, MinGW}, to build the executable modules.
1841These modules run natively on Windows and do not require additional
1842emulation software besides the usual dependencies.
1843
1844GNUnet development is mostly done under GNU/Linux and especially git
1845checkouts may not build out of the box.
1846We regret any inconvenience, and if you have problems, please report them.
1847
1848@menu
1849* Hardware and OS requirements::
1850* Software installation::
1851* Building libextractor and GNUnet::
1852* Installer::
1853* Source::
1854@end menu
1855
1856@node Hardware and OS requirements
1857@subsubsection Hardware and OS requirements
1858
1859@itemize @bullet
1860
1861@item Pentium II or equivalent processor, @geq{} 350 MHz
1862
1863@item 128 MB RAM
1864
1865@item 600 MB free disk space
1866
1867@item Windows 2000 or Windows XP are recommended
1868
1869@end itemize
1870
1871@node Software installation
1872@subsubsection Software installation
1873
1874@itemize @bullet
1875
1876@item
1877@strong{Compression software}@
1878
1879The software packages GNUnet depends on are usually compressed using UNIX
1880tools like @command{tar}, @command{gzip}, @command{xzip} and
1881@command{bzip2}.
1882If you do not already have an utility that is able to extract such
1883archives, get @uref{http://www.7-zip.org/, 7-Zip}.
1884
1885@item
1886@strong{UNIX environment}@
1887
1888The MinGW project provides the compiler toolchain that is used to build
1889GNUnet.
1890Get the following packages from the
1891@uref{http://sourceforge.net/projects/mingw/files/, MinGW} project:
1892
1893@itemize @bullet
1894
1895@item GCC core
1896@item GCC g++
1897@item MSYS
1898@item MSYS Developer Tool Kit (msysDTK)
1899@item MSYS Developer Tool Kit - msys-autoconf (bin)
1900@item MSYS Developer Tool Kit - msys-automake (bin)
1901@item MinGW Runtime
1902@item MinGW Utilities
1903@item Windows API
1904@item Binutils
1905@item make
1906@item pdcurses
1907@item GDB (snapshot)
1908@end itemize
1909
1910@itemize @bullet
1911
1912
1913@item Install MSYS (to c:\mingw, for example.)@
1914Do @strong{not} use spaces in the pathname.
1915For example, avoid a location such as @file{c:\program files\mingw}.
1916
1917@item Install MinGW runtime, utilities and GCC to a subdirectory
1918(to @file{c:\mingw\mingw}, for example)
1919
1920@item Install the Development Kit to the MSYS directory
1921(@file{c:\mingw})
1922
1923@item Create a batch file bash.bat in your MSYS directory with
1924the files:
1925
1926@example
1927bin\sh.exe --login
1928@end example
1929
1930This batch file opens a shell which is used to invoke the build
1931processes.
1932MinGW's standard shell (@command{msys.bat}) is not suitable
1933because it opens a separate console window.
1934On Vista, @command{bash.bat} needs to be run as Administrator.
1935
1936@item
1937Start @command{bash.sh} and rename
1938@file{c:\mingw\mingw\lib\libstdc++.la} to avoid problems:
1939
1940@example
1941mv /usr/mingw/lib/libstdc++.la /usr/mingw/lib/libstdc++.la.broken
1942@end example
1943
1944@item
1945Unpack the Windows API to the MinGW directory (@file{c:\mingw\mingw\}) and
1946remove the declaration of DATADIR from
1947(@file{c:\mingw\mingw\include\objidl.h} (lines 55-58)
1948
1949@item
1950Unpack autoconf, automake to the MSYS directory (@file{c:\mingw})
1951
1952@item
1953Install all other packages to the MinGW directory (@file{c:\mingw\mingw\})
1954@end itemize
1955
1956
1957@item @strong{GNU Libtool}@
1958GNU Libtool is required to use shared libraries.
1959Get the prebuilt package from here and unpack it to the
1960MinGW directory (@file{c:\mingw})
1961
1962@item @strong{Pthreads}@
1963GNUnet uses the portable POSIX thread library for multi-threading:
1964
1965@itemize @bullet
1966
1967@item Save
1968@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/libpthreadGC2.a, libpthreadGC2.a}
1969(x86) or
1970@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/libpthreadGC2.a, libpthreadGC2.a}
1971(x64) as libpthread.a into the @file{lib}
1972directory (@file{c:\mingw\mingw\lib\libpthread.a}).
1973
1974@item Save
1975@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/pthreadGC2.dll, pthreadGC2.dll}
1976(x86) or
1977@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/pthreadGC2.dll, libpthreadGC2.a}
1978(x64) into the MinGW @file{bin} directory (@file{c:\mingw\mingw\bin}).
1979
1980@item Download all header files from
1981@uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/include/, include/}
1982to the @file{include} directory (@file{c:\mingw\mingw\include}).
1983@end itemize
1984
1985
1986@item @strong{GNU MP}@
1987GNUnet uses the GNU Multiple Precision library for special cryptographic
1988operations. Get the GMP binary package from the
1989@uref{http://sourceforge.net/projects/mingwrep/, MinGW repository} and
1990unpack it to the MinGW directory (@file{c:\mingw\mingw})
1991
1992@item @strong{GNU Gettext}@
1993GNU gettext is used to provide national language support.
1994Get the prebuilt package from hereand unpack it to the MinGW
1995directory (@file{c:\mingw\mingw})
1996
1997@item @strong{GNU iconv}@
1998GNU Libiconv is used for character encoding conversion.
1999Get the prebuilt package from here and unpack it to the MinGW
2000directory (@file{c:\mingw\mingw}).
2001
2002@item @strong{SQLite}@
2003GNUnet uses the SQLite database to store data.
2004Get the prebuilt binary from here and unpack it to your MinGW directory.
2005
2006@item @strong{MySQL}@
2007As an alternative to SQLite, GNUnet also supports MySQL.
2008
2009@itemize @bullet
2010
2011@item Get the binary installer from the
2012@uref{http://dev.mysql.com/downloads/mysql/4.1.html#Windows, MySQL project}
2013(version 4.1), install it and follow the instructions in
2014@file{README.mysql}.
2015
2016@item Create a temporary build directory (@file{c:\mysql})
2017
2018@item Copy the directories @file{include\} and @file{lib\} from the
2019MySQL directory to the new directory
2020
2021@item Get the patches from
2022@uref{http://bugs.mysql.com/bug.php?id=8906&files=1, Bug #8906} and
2023@uref{http://bugs.mysql.com/bug.php?id=8872&files=1, Bug #8872} (the
2024latter is only required for MySQL
2025
2026@example
2027patch -p 0
2028@end example
2029
2030@item Move @file{lib\opt\libmysql.dll} to @file{lib\libmysql.dll}
2031
2032@item Change to @file{lib\} and create an import library:
2033
2034@example
2035dlltool --input-def ../include/libmySQL.def \
2036--dllname libmysql.dll \
2037--output-lib libmysqlclient.a -k
2038@end example
2039
2040@item Copy include\* to include\mysql\
2041
2042@item Pass @code{--with-mysql=/c/mysql} to
2043@command{./configure} and copy @file{libmysql.dll}
2044to your PATH or GNUnet's @file{bin} directory
2045@end itemize
2046
2047
2048@item @strong{GTK+}@
2049@command{gnunet-fs-gtk} and @command{libextractor} depend on GTK.
2050Get the the binary and developer packages of @command{atk},
2051@command{glib}, @command{gtk}, @command{iconv},
2052@command{gettext-runtime}, @command{pango} from
2053@uref{ftp://ftp.gtk.org/pub/gtk/v2.6/win32, gtk.org} and unpack them
2054to the MinGW directory (@file{c:\mingw\mingw}).
2055@c FIXME: The URL below for pkg-config seems wrong.
2056Get @uref{http://www.gtk.org/download/win32.php, pkg-config} and
2057@command{libpng} and unpack them to the MinGW directory
2058(@file{c:\mingw\mingw}).
2059Here is an all-in-one package for the
2060@uref{http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+/2.24/gtk+-bundle_2.24.10-20120208_win32.zip, gtk+dependencies}
2061. Do not overwrite any existing files!
2062
2063@item @strong{Glade}@
2064@command{gnunet-*-gtk} and @command{gnunet-setup} were created using
2065this interface builder
2066
2067@itemize @bullet
2068
2069@item Get the Glade and libglade (-bin and -devel) packages
2070(without GTK!) from
2071@uref{http://gladewin32.sourceforge.net/, GladeWin32} and unpack them to
2072the MinGW directory (@file{c:\mingw\mingw}).
2073
2074@item Get @command{libxml} from here and unpack it to the MinGW
2075directory (@file{c:\mingw\mingw}).
2076@end itemize
2077
2078@c FIXME: URLs
2079@item @strong{zLib}@
2080@command{libextractor} requires @command{zLib} to decompress some file
2081formats. GNUnet uses it to (de)compress meta-data.
2082Get zLib from here (Signature) and unpack it to the MinGW directory
2083(@file{c:\mingw\mingw}).
2084
2085@item @strong{Bzip2}@
2086@command{libextractor} also requires @command{Bzip2} to
2087decompress some file formats.
2088Get the Bzip2 (binary and developer package) from
2089@uref{http://gnuwin32.sourceforge.net/packages/bzip2.htm, GnuWin32} and
2090unpack it to the MinGW directory (@file{c:\mingw\mingw}).
2091
2092@item @strong{Libgcrypt}@
2093@command{Libgcrypt} provides the cryptographic functions used by GNUnet.
2094Get Libgcrypt from @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, here},
2095compile and place it in the MinGW directory
2096(@file{c:\mingw\mingw}). Currently libgcrypt @geq{} 1.4.2 is required to
2097compile GNUnet.
2098
2099@item @strong{PlibC}@
2100PlibC emulates Unix functions under Windows. Get PlibC from here and
2101unpack it to the MinGW directory (c:\mingw\mingw)
2102
2103@item @strong{OGG Vorbis}@
2104@command{OGG Vorbis} is used to extract meta-data from @file{.ogg} files.
2105Get the packages
2106@uref{http://www.gnunet.org/libextractor/download/win/libogg-1.1.4.zip, libogg}
2107and
2108@uref{http://www.gnunet.org/libextractor/download/win/libvorbis-1.2.3.zip, libvorbis}
2109from the
2110@uref{http://ftp.gnu.org/gnu/libextractor/libextractor-w32-1.0.0.zip, libextractor win32 build}
2111and unpack them to the MinGW directory (c:\mingw\mingw).
2112
2113@item @strong{Exiv2}@
2114(lib)Exiv2 is used to extract meta-data from files with Exiv2 meta-data.
2115Download
2116@uref{http://www.gnunet.org/libextractor/download/win/exiv2-0.18.2.zip, Exiv2}
2117and unpack it to the MSYS directory (c:\mingw).
2118@end itemize
2119
2120@node Building libextractor and GNUnet
2121@subsubsection Building libextractor and GNUnet
2122
2123Before you compile @command{libextractor} or @command{GNUnet},
2124be sure to set @code{PKG_CONFIG_PATH}:
2125
2126@example
2127export PKG_CONFIG_PATH=/mingw/lib/pkgconfig
2128@end example
2129
2130@noindent
2131@xref{GNUnet Installation Handbook}, for basic instructions on building
2132@command{libextractor} and @command{GNUnet}.
2133By default, all modules that are created in this way contain
2134debug information and are quite large. To compile release versions
2135(small and fast) set the variable @code{CFLAGS}:
2136
2137@example
2138export CFLAGS='-O2 -march=pentium -fomit-frame-pointer'
2139./configure --prefix=$HOME --with-extractor=$HOME
2140@end example
2141
2142@node Installer
2143@subsubsection Installer
2144
2145The GNUnet installer is made with
2146@uref{http://nsis.sourceforge.net/, NSIS}. The installer script is
2147located in @file{contrib\win} in the GNUnet source tree.
2148
2149@node Source
2150@subsubsection Source
2151
2152@c FIXME: URL
2153The sources of all dependencies are available here.
2154
2155@c @node Portable GNUnet
2156@c @section Portable GNUnet
2157
2158@c Quick instructions on how to use the most recent GNUnet on most GNU/Linux
2159@c distributions
2160
2161@c Currently this has only been tested on Ubuntu 12.04, 12.10, 13.04, Debian
2162@c and CentOS 6, but it should work on almost any GNU/Linux distribution.
2163@c More in-detail information can be found in the handbook.
2164
2165@c Note 2017-10: Currently this section assumes the old SVN repo of GNUnet
2166@c which no longer exists.
2167
2168@c @menu
2169@c * Prerequisites::
2170@c * Download & set up gnunet-update::
2171@c * Install GNUnet::
2172@c @end menu
2173
2174@c @node Prerequisites
2175@c @subsection Prerequisites
2176
2177@c Open a terminal and paste this line into it to install all required tools
2178@c needed:
2179
2180@c @example
2181@c sudo apt-get install python-gpgme subversion
2182@c @end example
2183
2184@c @node Download & set up gnunet-update
2185@c @subsection Download & set up gnunet-update
2186
2187@c The following command will download a working version of gnunet-update
2188@c with the subversion tool and import the public key which is needed for
2189@c authentication:
2190
2191@c @example
2192@c svn checkout -r24905 https://gnunet.org/svn/gnunet-update ~/gnunet-update
2193@c cd ~/gnunet-update
2194@c gpg --keyserver "hkp://keys.gnupg.net" --recv-keys 7C613D78
2195@c @end example
2196
2197@c @node Install GNUnet
2198@c @subsection Install GNUnet
2199
2200@c Download and install GNUnet binaries which can be found here and set
2201@c library paths:
2202
2203@c @example
2204@c wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-`uname -m`.tgz
2205@c ./bin/gnunet-update install /tmp/gnunet-0.9*.tgz ~
2206@c echo "PATH DEFAULT=$@{PATH@}:$HOME/bin" >> ~/.pam_environment
2207@c echo -e "$@{HOME@}/lib\n$@{HOME@}/lib/gnunet-deps" | sudo tee \
2208@c /etc/ld.so.conf.d/gnunet.conf > /dev/null
2209@c sudo ldconfig
2210@c @end example
2211
2212@c You may need to re-login once after executing these last commands
2213
2214@c That's it, GNUnet is installed in your home directory now. GNUnet can be
2215@c configured and afterwards started by executing:
2216
2217@c @example
2218@c gnunet-arm -s
2219@c @end example
2220
2221@node The graphical configuration interface
2222@section The graphical configuration interface
2223
2224If you also would like to use @command{gnunet-gtk} and
2225@command{gnunet-setup} (highly recommended for beginners), do:
2226
2227@example
2228wget -P /tmp \
2229https://gnunet.org/install/packs/gnunet-0.9.4-gtk-0.9.4-`uname -m`.tgz
2230sh ~/gnunet-update/bin/gnunet-update install /tmp/gnunet-*gtk*.tgz ~
2231sudo ldconfig
2232@end example
2233
2234Now you can run @command{gnunet-setup} for easy configuration of your
2235GNUnet peer.
2236
2237@menu
2238* Configuring your peer::
2239* Configuring the Friend-to-Friend (F2F) mode::
2240* Configuring the hostlist to bootstrap::
2241* Configuration of the HOSTLIST proxy settings::
2242* Configuring your peer to provide a hostlist ::
2243* Configuring the datastore::
2244* Configuring the MySQL database::
2245* Reasons for using MySQL::
2246* Reasons for not using MySQL::
2247* Setup Instructions::
2248* Testing::
2249* Performance Tuning::
2250* Setup for running Testcases::
2251* Configuring the Postgres database::
2252* Reasons to use Postgres::
2253* Reasons not to use Postgres::
2254* Manual setup instructions::
2255* Testing the setup manually::
2256* Configuring the datacache::
2257* Configuring the file-sharing service::
2258* Configuring logging::
2259* Configuring the transport service and plugins::
2260* Configuring the wlan transport plugin::
2261* Configuring HTTP(S) reverse proxy functionality using Apache or nginx::
2262* Blacklisting peers::
2263* Configuration of the HTTP and HTTPS transport plugins::
2264* Configuring the GNU Name System::
2265* Configuring the GNUnet VPN::
2266* Bandwidth Configuration::
2267* Configuring NAT::
2268* Peer configuration for distributions::
2269@end menu
2270
2271@node Configuring your peer
2272@subsection Configuring your peer
2273
2274This chapter will describe the various configuration options in GNUnet.
2275
2276The easiest way to configure your peer is to use the
2277@command{gnunet-setup} tool.
2278@command{gnunet-setup} is part of the @command{gnunet-gtk}
2279application. You might have to install it separately.
2280
2281Many of the specific sections from this chapter actually are linked from
2282within @command{gnunet-setup} to help you while using the setup tool.
2283
2284While you can also configure your peer by editing the configuration
2285file by hand, this is not recommended for anyone except for developers
2286as it requires a more in-depth understanding of the configuration files
2287and internal dependencies of GNUnet.
2288
2289@node Configuring the Friend-to-Friend (F2F) mode
2290@subsection Configuring the Friend-to-Friend (F2F) mode
2291
2292GNUnet knows three basic modes of operation:
2293@itemize @bullet
2294@item In standard "peer-to-peer" mode,
2295your peer will connect to any peer.
2296@item In the pure "friend-to-friend"
2297mode, your peer will ONLY connect to peers from a list of friends
2298specified in the configuration.
2299@item Finally, in mixed mode,
2300GNUnet will only connect to arbitrary peers if it
2301has at least a specified number of connections to friends.
2302@end itemize
2303
2304When configuring any of the F2F ("friend-to-friend") modes,
2305you first need to create a file with the peer identities
2306of your friends. Ask your friends to run
2307
2308@example
2309$ gnunet-peerinfo -sq
2310@end example
2311
2312@noindent
2313The resulting output of this command needs to be added to your
2314@file{friends} file, which is simply a plain text file with one line
2315per friend with the output from the above command.
2316
2317You then specify the location of your @file{friends} file in the
2318@code{FRIENDS} option of the "topology" section.
2319
2320Once you have created the @file{friends} file, you can tell GNUnet to only
2321connect to your friends by setting the @code{FRIENDS-ONLY} option
2322(again in the "topology" section) to YES.
2323
2324If you want to run in mixed-mode, set "FRIENDS-ONLY" to NO and configure a
2325minimum number of friends to have (before connecting to arbitrary peers)
2326under the "MINIMUM-FRIENDS" option.
2327
2328If you want to operate in normal P2P-only mode, simply set
2329@code{MINIMUM-FRIENDS} to zero and @code{FRIENDS_ONLY} to NO.
2330This is the default.
2331
2332@node Configuring the hostlist to bootstrap
2333@subsection Configuring the hostlist to bootstrap
2334
2335After installing the software you need to get connected to the GNUnet
2336network. The configuration file included in your download is already
2337configured to connect you to the GNUnet network.
2338In this section the relevant configuration settings are explained.
2339
2340To get an initial connection to the GNUnet network and to get to know
2341peers already connected to the network you can use the so called
2342"bootstrap servers".
2343These servers can give you a list of peers connected to the network.
2344To use these bootstrap servers you have to configure the hostlist daemon
2345to activate bootstrapping.
2346
2347To activate bootstrapping, edit the @code{[hostlist]}-section in your
2348configuration file. You have to set the argument @command{-b} in the
2349options line:
2350
2351@example
2352[hostlist]
2353OPTIONS = -b
2354@end example
2355
2356Additionally you have to specify which server you want to use.
2357The default bootstrapping server is
2358"@uref{http://v10.gnunet.org/hostlist, http://v10.gnunet.org/hostlist}".
2359[^] To set the server you have to edit the line "SERVERS" in the hostlist
2360section. To use the default server you should set the lines to
2361
2362@example
2363SERVERS = http://v10.gnunet.org/hostlist [^]
2364@end example
2365
2366@noindent
2367To use bootstrapping your configuration file should include these lines:
2368
2369@example
2370[hostlist]
2371OPTIONS = -b
2372SERVERS = http://v10.gnunet.org/hostlist [^]
2373@end example
2374
2375@noindent
2376Besides using bootstrap servers you can configure your GNUnet peer to
2377recieve hostlist advertisements.
2378Peers offering hostlists to other peers can send advertisement messages
2379to peers that connect to them. If you configure your peer to receive these
2380messages, your peer can download these lists and connect to the peers
2381included. These lists are persistent, which means that they are saved to
2382your hard disk regularly and are loaded during startup.
2383
2384To activate hostlist learning you have to add the @command{-e}
2385switch to the @code{OPTIONS} line in the hostlist section:
2386
2387@example
2388[hostlist]
2389OPTIONS = -b -e
2390@end example
2391
2392@noindent
2393Furthermore you can specify in which file the lists are saved.
2394To save the lists in the file @file{hostlists.file} just add the line:
2395
2396@example
2397HOSTLISTFILE = hostlists.file
2398@end example
2399
2400@noindent
2401Best practice is to activate both bootstrapping and hostlist learning.
2402So your configuration file should include these lines:
2403
2404@example
2405[hostlist]
2406OPTIONS = -b -e
2407HTTPPORT = 8080
2408SERVERS = http://v10.gnunet.org/hostlist [^]
2409HOSTLISTFILE = $SERVICEHOME/hostlists.file
2410@end example
2411
2412@node Configuration of the HOSTLIST proxy settings
2413@subsection Configuration of the HOSTLIST proxy settings
2414
2415The hostlist client can be configured to use a proxy to connect to the
2416hostlist server.
2417This functionality can be configured in the configuration file directly
2418or using the @command{gnunet-setup} tool.
2419
2420The hostlist client supports the following proxy types at the moment:
2421
2422@itemize @bullet
2423@item HTTP and HTTP 1.0 only proxy
2424@item SOCKS 4/4a/5/5 with hostname
2425@end itemize
2426
2427In addition authentication at the proxy with username and password can be
2428configured.
2429
2430To configure proxy support for the hostlist client in the
2431@command{gnunet-setup} tool, select the "hostlist" tab and select
2432the appropriate proxy type.
2433The hostname or IP address (including port if required) has to be entered
2434in the "Proxy hostname" textbox. If required, enter username and password
2435in the "Proxy username" and "Proxy password" boxes.
2436Be aware that this information will be stored in the configuration in
2437plain text (TODO: Add explanation and generalize the part in Chapter 3.6
2438about the encrypted home).
2439
2440To provide these options directly in the configuration, you can
2441enter the following settings in the @code{[hostlist]} section of
2442the configuration:
2443
2444@example
2445# Type of proxy server,
2446# Valid values: HTTP, HTTP_1_0, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME
2447# Default: HTTP
2448# PROXY_TYPE = HTTP
2449
2450# Hostname or IP of proxy server
2451# PROXY =
2452# User name for proxy server
2453# PROXY_USERNAME =
2454# User password for proxy server
2455# PROXY_PASSWORD =
2456@end example
2457
2458@node Configuring your peer to provide a hostlist
2459@subsection Configuring your peer to provide a hostlist
2460
2461If you operate a peer permanently connected to GNUnet you can configure
2462your peer to act as a hostlist server, providing other peers the list of
2463peers known to him.
2464
2465Your server can act as a bootstrap server and peers needing to obtain a
2466list of peers can contact it to download this list.
2467To download this hostlist the peer uses HTTP.
2468For this reason you have to build your peer with libgnurl (or libcurl)
2469and microhttpd support.
2470How you build your peer with these options can be found here:
2471@xref{Generic installation instructions}.
2472
2473To configure your peer to act as a bootstrap server you have to add the
2474@command{-p} option to @code{OPTIONS} in the @code{[hostlist]} section
2475of your configuration file.
2476Besides that you have to specify a port number for the http server.
2477In conclusion you have to add the following lines:
2478
2479@example
2480[hostlist]
2481HTTPPORT = 12980
2482OPTIONS = -p
2483@end example
2484
2485@noindent
2486If your peer acts as a bootstrap server other peers should know about
2487that. You can advertise the hostlist your are providing to other peers.
2488Peers connecting to your peer will get a message containing an
2489advertisement for your hostlist and the URL where it can be downloaded.
2490If this peer is in learning mode, it will test the hostlist and, in the
2491case it can obtain the list successfully, it will save it for
2492bootstrapping.
2493
2494To activate hostlist advertisement on your peer, you have to set the
2495following lines in your configuration file:
2496
2497@example
2498[hostlist]
2499EXTERNAL_DNS_NAME = example.org
2500HTTPPORT = 12981
2501OPTIONS = -p -a
2502@end example
2503
2504@noindent
2505With this configuration your peer will a act as a bootstrap server and
2506advertise this hostlist to other peers connecting to it.
2507The URL used to download the list will be
2508@code{@uref{http://example.org:12981/, http://example.org:12981/}}.
2509
2510Please notice:
2511
2512@itemize @bullet
2513@item The hostlist is @b{not} human readable, so you should not try to
2514download it using your webbrowser. Just point your GNUnet peer to the
2515address!
2516@item Advertising without providing a hostlist does not make sense and
2517will not work.
2518@end itemize
2519
2520@node Configuring the datastore
2521@subsection Configuring the datastore
2522
2523The datastore is what GNUnet uses for long-term storage of file-sharing
2524data. Note that long-term does not mean 'forever' since content does have
2525an expiration date, and of course storage space is finite (and hence
2526sometimes content may have to be discarded).
2527
2528Use the @code{QUOTA} option to specify how many bytes of storage space
2529you are willing to dedicate to GNUnet.
2530
2531In addition to specifying the maximum space GNUnet is allowed to use for
2532the datastore, you need to specify which database GNUnet should use to do
2533so. Currently, you have the choice between sqLite, MySQL and Postgres.
2534
2535@node Configuring the MySQL database
2536@subsection Configuring the MySQL database
2537
2538This section describes how to setup the MySQL database for GNUnet.
2539
2540Note that the mysql plugin does NOT work with mysql before 4.1 since we
2541need prepared statements.
2542We are generally testing the code against MySQL 5.1 at this point.
2543
2544@node Reasons for using MySQL
2545@subsection Reasons for using MySQL
2546
2547@itemize @bullet
2548
2549@item On up-to-date hardware wher
2550mysql can be used comfortably, this module
2551will have better performance than the other database choices (according
2552to our tests).
2553
2554@item Its often possible to recover the mysql database from internal
2555inconsistencies. Some of the other databases do not support repair.
2556@end itemize
2557
2558@node Reasons for not using MySQL
2559@subsection Reasons for not using MySQL
2560
2561@itemize @bullet
2562@item Memory usage (likely not an issue if you have more than 1 GB)
2563@item Complex manual setup
2564@end itemize
2565
2566@node Setup Instructions
2567@subsection Setup Instructions
2568
2569@itemize @bullet
2570
2571@item In @file{gnunet.conf} set in section @code{DATASTORE} the value for
2572@code{DATABASE} to @code{mysql}.
2573
2574@item Access mysql as root:
2575
2576@example
2577$ mysql -u root -p
2578@end example
2579
2580@noindent
2581and issue the following commands, replacing $USER with the username
2582that will be running @command{gnunet-arm} (so typically "gnunet"):
2583
2584@example
2585CREATE DATABASE gnunet;
2586GRANT select,insert,update,delete,create,alter,drop,create \
2587temporary tables ON gnunet.* TO $USER@@localhost;
2588SET PASSWORD FOR $USER@@localhost=PASSWORD('$the_password_you_like');
2589FLUSH PRIVILEGES;
2590@end example
2591
2592@item
2593In the $HOME directory of $USER, create a @file{.my.cnf} file with the
2594following lines
2595
2596@example
2597[client]
2598user=$USER
2599password=$the_password_you_like
2600@end example
2601
2602@end itemize
2603
2604Thats it. Note that @file{.my.cnf} file is a slight security risk unless
2605its on a safe partition. The @file{$HOME/.my.cnf} can of course be
2606a symbolic link.
2607Luckily $USER has only priviledges to mess up GNUnet's tables,
2608which should be pretty harmless.
2609
2610@node Testing
2611@subsection Testing
2612
2613You should briefly try if the database connection works. First, login
2614as $USER. Then use:
2615
2616@example
2617$ mysql -u $USER
2618mysql> use gnunet;
2619@end example
2620
2621@noindent
2622If you get the message
2623
2624@example
2625Database changed
2626@end example
2627
2628@noindent
2629it probably works.
2630
2631If you get
2632
2633@example
2634ERROR 2002: Can't connect to local MySQL server
2635through socket '/tmp/mysql.sock' (2)
2636@end example
2637
2638@noindent
2639it may be resolvable by
2640
2641@example
2642ln -s /var/run/mysqld/mysqld.sock /tmp/mysql.sock
2643@end example
2644
2645@noindent
2646so there may be some additional trouble depending on your mysql setup.
2647
2648@node Performance Tuning
2649@subsection Performance Tuning
2650
2651For GNUnet, you probably want to set the option
2652
2653@example
2654innodb_flush_log_at_trx_commit = 0
2655@end example
2656
2657@noindent
2658for a rather dramatic boost in MySQL performance. However, this reduces
2659the "safety" of your database as with this options you may loose
2660transactions during a power outage.
2661While this is totally harmless for GNUnet, the option applies to all
2662applications using MySQL. So you should set it if (and only if) GNUnet is
2663the only application on your system using MySQL.
2664
2665@node Setup for running Testcases
2666@subsection Setup for running Testcases
2667
2668If you want to run the testcases, you must create a second database
2669"gnunetcheck" with the same username and password. This database will
2670then be used for testing (@command{make check}).
2671
2672@node Configuring the Postgres database
2673@subsection Configuring the Postgres database
2674
2675This text describes how to setup the Postgres database for GNUnet.
2676
2677This Postgres plugin was developed for Postgres 8.3 but might work for
2678earlier versions as well.
2679
2680@node Reasons to use Postgres
2681@subsection Reasons to use Postgres
2682
2683@itemize @bullet
2684@item Easier to setup than MySQL
2685@item Real database
2686@end itemize
2687
2688@node Reasons not to use Postgres
2689@subsection Reasons not to use Postgres
2690
2691@itemize @bullet
2692@item Quite slow
2693@item Still some manual setup required
2694@end itemize
2695
2696@node Manual setup instructions
2697@subsection Manual setup instructions
2698
2699@itemize @bullet
2700@item In @file{gnunet.conf} set in section @code{DATASTORE} the value for
2701@code{DATABASE} to @code{postgres}.
2702@item Access Postgres to create a user:
2703
2704@table @asis
2705@item with Postgres 8.x, use:
2706
2707@example
2708# su - postgres
2709$ createuser
2710@end example
2711
2712@noindent
2713and enter the name of the user running GNUnet for the role interactively.
2714Then, when prompted, do not set it to superuser, allow the creation of
2715databases, and do not allow the creation of new roles.
2716
2717@item with Postgres 9.x, use:
2718
2719@example
2720# su - postgres
2721$ createuser -d $GNUNET_USER
2722@end example
2723
2724@noindent
2725where $GNUNET_USER is the name of the user running GNUnet.
2726
2727@end table
2728
2729
2730@item
2731As that user (so typically as user "gnunet"), create a database (or two):
2732
2733@example
2734$ createdb gnunet
2735# this way you can run "make check"
2736$ createdb gnunetcheck
2737@end example
2738
2739@end itemize
2740
2741Now you should be able to start @code{gnunet-arm}.
2742
2743@node Testing the setup manually
2744@subsection Testing the setup manually
2745
2746You may want to try if the database connection works. First, again login
2747as the user who will run @command{gnunet-arm}. Then use:
2748
2749@example
2750$ psql gnunet # or gnunetcheck
2751gnunet=> \dt
2752@end example
2753
2754@noindent
2755If, after you have started @command{gnunet-arm} at least once, you get
2756a @code{gn090} table here, it probably works.
2757
2758@node Configuring the datacache
2759@subsection Configuring the datacache
2760@c %**end of header
2761
2762The datacache is what GNUnet uses for storing temporary data. This data is
2763expected to be wiped completely each time GNUnet is restarted (or the
2764system is rebooted).
2765
2766You need to specify how many bytes GNUnet is allowed to use for the
2767datacache using the @code{QUOTA} option in the section @code{[dhtcache]}.
2768Furthermore, you need to specify which database backend should be used to
2769store the data. Currently, you have the choice between
2770sqLite, MySQL and Postgres.
2771
2772@node Configuring the file-sharing service
2773@subsection Configuring the file-sharing service
2774
2775In order to use GNUnet for file-sharing, you first need to make sure
2776that the file-sharing service is loaded.
2777This is done by setting the @code{AUTOSTART} option in
2778section @code{[fs]} to "YES". Alternatively, you can run
2779
2780@example
2781$ gnunet-arm -i fs
2782@end example
2783
2784@noindent
2785to start the file-sharing service by hand.
2786
2787Except for configuring the database and the datacache the only important
2788option for file-sharing is content migration.
2789
2790Content migration allows your peer to cache content from other peers as
2791well as send out content stored on your system without explicit requests.
2792This content replication has positive and negative impacts on both system
2793performance and privacy.
2794
2795FIXME: discuss the trade-offs. Here is some older text about it...
2796
2797Setting this option to YES allows gnunetd to migrate data to the local
2798machine. Setting this option to YES is highly recommended for efficiency.
2799Its also the default. If you set this value to YES, GNUnet will store
2800content on your machine that you cannot decrypt.
2801While this may protect you from liability if the judge is sane, it may
2802not (IANAL). If you put illegal content on your machine yourself, setting
2803this option to YES will probably increase your chances to get away with it
2804since you can plausibly deny that you inserted the content.
2805Note that in either case, your anonymity would have to be broken first
2806(which may be possible depending on the size of the GNUnet network and the
2807strength of the adversary).
2808
2809@node Configuring logging
2810@subsection Configuring logging
2811
2812Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options.
2813Using @code{-L}, a log level can be specified. With log level
2814@code{ERROR} only serious errors are logged.
2815The default log level is @code{WARNING} which causes anything of
2816concern to be logged.
2817Log level @code{INFO} can be used to log anything that might be
2818interesting information whereas
2819@code{DEBUG} can be used by developers to log debugging messages
2820(but you need to run @code{./configure} with
2821@code{--enable-logging=verbose} to get them compiled).
2822The @code{-l} option is used to specify the log file.
2823
2824Since most GNUnet services are managed by @code{gnunet-arm}, using the
2825@code{-l} or @code{-L} options directly is not possible.
2826Instead, they can be specified using the @code{OPTIONS} configuration
2827value in the respective section for the respective service.
2828In order to enable logging globally without editing the @code{OPTIONS}
2829values for each service, @command{gnunet-arm} supports a
2830@code{GLOBAL_POSTFIX} option.
2831The value specified here is given as an extra option to all services for
2832which the configuration does contain a service-specific @code{OPTIONS}
2833field.
2834
2835@code{GLOBAL_POSTFIX} can contain the special sequence "@{@}" which
2836is replaced by the name of the service that is being started.
2837Furthermore, @code{GLOBAL_POSTFIX} is special in that sequences
2838starting with "$" anywhere in the string are expanded (according
2839to options in @code{PATHS}); this expansion otherwise is
2840only happening for filenames and then the "$" must be the
2841first character in the option. Both of these restrictions do
2842not apply to @code{GLOBAL_POSTFIX}.
2843Note that specifying @code{%} anywhere in the @code{GLOBAL_POSTFIX}
2844disables both of these features.
2845
2846In summary, in order to get all services to log at level
2847@code{INFO} to log-files called @code{SERVICENAME-logs}, the
2848following global prefix should be used:
2849
2850@example
2851GLOBAL_POSTFIX = -l $SERVICEHOME/@{@}-logs -L INFO
2852@end example
2853
2854@node Configuring the transport service and plugins
2855@subsection Configuring the transport service and plugins
2856
2857The transport service in GNUnet is responsible to maintain basic
2858connectivity to other peers.
2859Besides initiating and keeping connections alive it is also responsible
2860for address validation.
2861
2862The GNUnet transport supports more than one transport protocol.
2863These protocols are configured together with the transport service.
2864
2865The configuration section for the transport service itself is quite
2866similar to all the other services
2867
2868@example
2869AUTOSTART = YES
2870@@UNIXONLY@@ PORT = 2091
2871HOSTNAME = localhost
2872HOME = $SERVICEHOME
2873CONFIG = $DEFAULTCONFIG
2874BINARY = gnunet-service-transport
2875#PREFIX = valgrind
2876NEIGHBOUR_LIMIT = 50
2877ACCEPT_FROM = 127.0.0.1;
2878ACCEPT_FROM6 = ::1;
2879PLUGINS = tcp udp
2880UNIXPATH = /tmp/gnunet-service-transport.sock
2881@end example
2882
2883Different are the settings for the plugins to load @code{PLUGINS}.
2884The first setting specifies which transport plugins to load.
2885
2886@itemize @bullet
2887@item transport-unix
2888A plugin for local only communication with UNIX domain sockets. Used for
2889testing and available on unix systems only. Just set the port
2890
2891@example
2892[transport-unix]
2893PORT = 22086
2894TESTING_IGNORE_KEYS = ACCEPT_FROM;
2895@end example
2896
2897@item transport-tcp
2898A plugin for communication with TCP. Set port to 0 for client mode with
2899outbound only connections
2900
2901@example
2902[transport-tcp]
2903# Use 0 to ONLY advertise as a peer behind NAT (no port binding)
2904PORT = 2086
2905ADVERTISED_PORT = 2086
2906TESTING_IGNORE_KEYS = ACCEPT_FROM;
2907# Maximum number of open TCP connections allowed
2908MAX_CONNECTIONS = 128
2909@end example
2910
2911@item transport-udp
2912A plugin for communication with UDP. Supports peer discovery using
2913broadcasts.
2914
2915@example
2916[transport-udp]
2917PORT = 2086
2918BROADCAST = YES
2919BROADCAST_INTERVAL = 30 s
2920MAX_BPS = 1000000
2921TESTING_IGNORE_KEYS = ACCEPT_FROM;
2922@end example
2923
2924@item transport-http
2925HTTP and HTTPS support is split in two part: a client plugin initiating
2926outbound connections and a server part accepting connections from the
2927client. The client plugin just takes the maximum number of connections as
2928an argument.
2929
2930@example
2931[transport-http_client]
2932MAX_CONNECTIONS = 128
2933TESTING_IGNORE_KEYS = ACCEPT_FROM;
2934@end example
2935
2936@example
2937[transport-https_client]
2938MAX_CONNECTIONS = 128
2939TESTING_IGNORE_KEYS = ACCEPT_FROM;
2940@end example
2941
2942@noindent
2943The server has a port configured and the maximum nunber of connections.
2944The HTTPS part has two files with the certificate key and the certificate
2945file.
2946
2947The server plugin supports reverse proxies, so a external hostname can be
2948set using the @code{EXTERNAL_HOSTNAME} setting.
2949The webserver under this address should forward the request to the peer
2950and the configure port.
2951
2952@example
2953[transport-http_server]
2954EXTERNAL_HOSTNAME = fulcrum.net.in.tum.de/gnunet
2955PORT = 1080
2956MAX_CONNECTIONS = 128
2957TESTING_IGNORE_KEYS = ACCEPT_FROM;
2958@end example
2959
2960@example
2961[transport-https_server]
2962PORT = 4433
2963CRYPTO_INIT = NORMAL
2964KEY_FILE = https.key
2965CERT_FILE = https.cert
2966MAX_CONNECTIONS = 128
2967TESTING_IGNORE_KEYS = ACCEPT_FROM;
2968@end example
2969
2970@item transport-wlan
2971
2972The next section describes how to setup the WLAN plugin,
2973so here only the settings. Just specify the interface to use:
2974
2975@example
2976[transport-wlan]
2977# Name of the interface in monitor mode (typically monX)
2978INTERFACE = mon0
2979# Real hardware, no testing
2980TESTMODE = 0
2981TESTING_IGNORE_KEYS = ACCEPT_FROM;
2982@end example
2983@end itemize
2984
2985@node Configuring the wlan transport plugin
2986@subsection Configuring the wlan transport plugin
2987
2988The wlan transport plugin enables GNUnet to send and to receive data on a
2989wlan interface.
2990It has not to be connected to a wlan network as long as sender and
2991receiver are on the same channel. This enables you to get connection to
2992GNUnet where no internet access is possible, for example during
2993catastrophes or when censorship cuts you off from the internet.
2994
2995
2996@menu
2997* Requirements for the WLAN plugin::
2998* Configuration::
2999* Before starting GNUnet::
3000* Limitations and known bugs::
3001@end menu
3002
3003
3004@node Requirements for the WLAN plugin
3005@subsubsection Requirements for the WLAN plugin
3006
3007@itemize @bullet
3008
3009@item wlan network card with monitor support and packet injection
3010(see @uref{http://www.aircrack-ng.org/, aircrack-ng.org})
3011
3012@item Linux kernel with mac80211 stack, introduced in 2.6.22, tested with
30132.6.35 and 2.6.38
3014
3015@item Wlantools to create the a monitor interface, tested with airmon-ng
3016of the aircrack-ng package
3017@end itemize
3018
3019@node Configuration
3020@subsubsection Configuration
3021
3022There are the following options for the wlan plugin (they should be like
3023this in your default config file, you only need to adjust them if the
3024values are incorrect for your system)
3025
3026@example
3027# section for the wlan transport plugin
3028[transport-wlan]
3029# interface to use, more information in the
3030# "Before starting GNUnet" section of the handbook.
3031INTERFACE = mon0
3032# testmode for developers:
3033# 0 use wlan interface,
3034#1 or 2 use loopback driver for tests 1 = server, 2 = client
3035TESTMODE = 0
3036@end example
3037
3038@node Before starting GNUnet
3039@subsubsection Before starting GNUnet
3040
3041Before starting GNUnet, you have to make sure that your wlan interface is
3042in monitor mode.
3043One way to put the wlan interface into monitor mode (if your interface
3044name is wlan0) is by executing:
3045
3046@example
3047sudo airmon-ng start wlan0
3048@end example
3049
3050@noindent
3051Here is an example what the result should look like:
3052
3053@example
3054Interface Chipset Driver
3055wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0]
3056(monitor mode enabled on mon0)
3057@end example
3058
3059@noindent
3060The monitor interface is mon0 is the one that you have to put into the
3061configuration file.
3062
3063@node Limitations and known bugs
3064@subsubsection Limitations and known bugs
3065
3066Wlan speed is at the maximum of 1 Mbit/s because support for choosing the
3067wlan speed with packet injection was removed in newer kernels.
3068Please pester the kernel developers about fixing this.
3069
3070The interface channel depends on the wlan network that the card is
3071connected to. If no connection has been made since the start of the
3072computer, it is usually the first channel of the card.
3073Peers will only find each other and communicate if they are on the same
3074channel. Channels must be set manually, i.e. using:
3075
3076@example
3077iwconfig wlan0 channel 1
3078@end example
3079
3080@node Configuring HTTP(S) reverse proxy functionality using Apache or nginx
3081@subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx
3082
3083The HTTP plugin supports data transfer using reverse proxies. A reverse
3084proxy forwards the HTTP request he receives with a certain URL to another
3085webserver, here a GNUnet peer.
3086
3087So if you have a running Apache or nginx webserver you can configure it to
3088be a GNUnet reverse proxy. Especially if you have a well-known webiste
3089this improves censorship resistance since it looks as normal surfing
3090behaviour.
3091
3092To do so, you have to do two things:
3093
3094@itemize @bullet
3095@item Configure your webserver to forward the GNUnet HTTP traffic
3096@item Configure your GNUnet peer to announce the respective address
3097@end itemize
3098
3099As an example we want to use GNUnet peer running:
3100
3101@itemize @bullet
3102
3103@item HTTP server plugin on @code{gnunet.foo.org:1080}
3104
3105@item HTTPS server plugin on @code{gnunet.foo.org:4433}
3106
3107@item A apache or nginx webserver on
3108@uref{http://www.foo.org/, http://www.foo.org:80/}
3109
3110@item A apache or nginx webserver on https://www.foo.org:443/
3111@end itemize
3112
3113And we want the webserver to accept GNUnet traffic under
3114@code{http://www.foo.org/bar/}. The required steps are described here:
3115
3116@menu
3117* Reverse Proxy - Configure your Apache2 HTTP webserver::
3118* Reverse Proxy - Configure your Apache2 HTTPS webserver::
3119* Reverse Proxy - Configure your nginx HTTPS webserver::
3120* Reverse Proxy - Configure your nginx HTTP webserver::
3121* Reverse Proxy - Configure your GNUnet peer::
3122@end menu
3123
3124@node Reverse Proxy - Configure your Apache2 HTTP webserver
3125@subsubsection Reverse Proxy - Configure your Apache2 HTTP webserver
3126
3127First of all you need mod_proxy installed.
3128
3129Edit your webserver configuration. Edit
3130@code{/etc/apache2/apache2.conf} or the site-specific configuration file.
3131
3132In the respective @code{server config},@code{virtual host} or
3133@code{directory} section add the following lines:
3134
3135@example
3136ProxyTimeout 300
3137ProxyRequests Off
3138<Location /bar/ >
3139ProxyPass http://gnunet.foo.org:1080/
3140ProxyPassReverse http://gnunet.foo.org:1080/
3141</Location>
3142@end example
3143
3144@node Reverse Proxy - Configure your Apache2 HTTPS webserver
3145@subsubsection Reverse Proxy - Configure your Apache2 HTTPS webserver
3146
3147We assume that you already have an HTTPS server running, if not please
3148check how to configure a HTTPS host. An uncomplicated to use example
3149is the example configuration file for Apache2/HTTPD provided in
3150@file{apache2/sites-available/default-ssl}.
3151
3152In the respective HTTPS @code{server config},@code{virtual host} or
3153@code{directory} section add the following lines:
3154
3155@example
3156SSLProxyEngine On
3157ProxyTimeout 300
3158ProxyRequests Off
3159<Location /bar/ >
3160ProxyPass https://gnunet.foo.org:4433/
3161ProxyPassReverse https://gnunet.foo.org:4433/
3162</Location>
3163@end example
3164
3165@noindent
3166More information about the apache mod_proxy configuration can be found
3167in the Apache documentation@footnote{@uref{http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass, http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass}}
3168
3169@node Reverse Proxy - Configure your nginx HTTPS webserver
3170@subsubsection Reverse Proxy - Configure your nginx HTTPS webserver
3171
3172Since nginx does not support chunked encoding, you first of all have to
3173install the @code{chunkin} module@footnote{@uref{http://wiki.nginx.org/HttpChunkinModule, http://wiki.nginx.org/HttpChunkinModule}}
3174
3175To enable chunkin add:
3176
3177@example
3178chunkin on;
3179error_page 411 = @@my_411_error;
3180location @@my_411_error @{
3181chunkin_resume;
3182@}
3183@end example
3184
3185@noindent
3186Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or
3187the site-specific configuration file.
3188
3189In the @code{server} section add:
3190
3191@example
3192location /bar/ @{
3193proxy_pass http://gnunet.foo.org:1080/;
3194proxy_buffering off;
3195proxy_connect_timeout 5; # more than http_server
3196proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout
3197proxy_http_version 1.1; # 1.0 default
3198proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;
3199@}
3200@end example
3201
3202@node Reverse Proxy - Configure your nginx HTTP webserver
3203@subsubsection Reverse Proxy - Configure your nginx HTTP webserver
3204
3205Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or
3206the site-specific configuration file.
3207
3208In the @code{server} section add:
3209
3210@example
3211ssl_session_timeout 6m;
3212location /bar/
3213@{
3214proxy_pass https://gnunet.foo.org:4433/;
3215proxy_buffering off;
3216proxy_connect_timeout 5; # more than http_server
3217proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout
3218proxy_http_version 1.1; # 1.0 default
3219proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;
3220@}
3221@end example
3222
3223@node Reverse Proxy - Configure your GNUnet peer
3224@subsubsection Reverse Proxy - Configure your GNUnet peer
3225
3226To have your GNUnet peer announce the address, you have to specify the
3227@code{EXTERNAL_HOSTNAME} option in the @code{[transport-http_server]}
3228section:
3229
3230@example
3231[transport-http_server]
3232EXTERNAL_HOSTNAME = http://www.foo.org/bar/
3233@end example
3234
3235@noindent
3236and/or @code{[transport-https_server]} section:
3237
3238@example
3239[transport-https_server]
3240EXTERNAL_HOSTNAME = https://www.foo.org/bar/
3241@end example
3242
3243@noindent
3244Now restart your webserver and your peer...
3245
3246@node Blacklisting peers
3247@subsection Blacklisting peers
3248
3249Transport service supports to deny connecting to a specific peer of to a
3250specific peer with a specific transport plugin using te blacklisting
3251component of transport service. With@ blacklisting it is possible to deny
3252connections to specific peers of@ to use a specific plugin to a specific
3253peer. Peers can be blacklisted using@ the configuration or a blacklist
3254client can be asked.
3255
3256To blacklist peers using the configuration you have to add a section to
3257your configuration containing the peer id of the peer to blacklist and
3258the plugin@ if required.
3259
3260Examples:
3261
3262To blacklist connections to P565... on peer AG2P... using tcp add:
3263
3264@c FIXME: This is too long and produces errors in the pdf.
3265@example
3266[transport-blacklist AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]
3267P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp
3268@end example
3269
3270To blacklist connections to P565... on peer AG2P... using all plugins add:
3271
3272@example
3273[transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]
3274P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G =
3275@end example
3276
3277You can also add a blacklist client usign the blacklist API. On a
3278blacklist check, blacklisting first checks internally if the peer is
3279blacklisted and if not, it asks the blacklisting clients. Clients are
3280asked if it is OK to connect to a peer ID, the plugin is omitted.
3281
3282On blacklist check for (peer, plugin)
3283@itemize @bullet
3284@item Do we have a local blacklist entry for this peer and this plugin?@
3285@item YES: disallow connection@
3286@item Do we have a local blacklist entry for this peer and all plugins?@
3287@item YES: disallow connection@
3288@item Does one of the clients disallow?@
3289@item YES: disallow connection
3290@end itemize
3291
3292@node Configuration of the HTTP and HTTPS transport plugins
3293@subsection Configuration of the HTTP and HTTPS transport plugins
3294
3295The client parts of the http and https transport plugins can be configured
3296to use a proxy to connect to the hostlist server. This functionality can
3297be configured in the configuration file directly or using the
3298gnunet-setup tool.
3299
3300Both the HTTP and HTTPS clients support the following proxy types at
3301the moment:
3302
3303@itemize @bullet
3304@item HTTP 1.1 proxy
3305@item SOCKS 4/4a/5/5 with hostname
3306@end itemize
3307
3308In addition authentication at the proxy with username and password can be
3309configured.
3310
3311To configure proxy support for the clients in the gnunet-setup tool,
3312select the "transport" tab and activate the respective plugin. Now you
3313can select the appropriate proxy type. The hostname or IP address
3314(including port if required) has to be entered in the "Proxy hostname"
3315textbox. If required, enter username and password in the "Proxy username"
3316and "Proxy password" boxes. Be aware that these information will be stored
3317in the configuration in plain text.
3318
3319To configure these options directly in the configuration, you can
3320configure the following settings in the @code{[transport-http_client]}
3321and @code{[transport-https_client]} section of the configuration:
3322
3323@example
3324# Type of proxy server,
3325# Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME
3326# Default: HTTP
3327# PROXY_TYPE = HTTP
3328
3329# Hostname or IP of proxy server
3330# PROXY =
3331# User name for proxy server
3332# PROXY_USERNAME =
3333# User password for proxy server
3334# PROXY_PASSWORD =
3335@end example
3336
3337@node Configuring the GNU Name System
3338@subsection Configuring the GNU Name System
3339
3340@menu
3341* Configuring system-wide DNS interception::
3342* Configuring the GNS nsswitch plugin::
3343* Configuring GNS on W32::
3344* GNS Proxy Setup::
3345* Setup of the GNS CA::
3346* Testing the GNS setup::
3347@end menu
3348
3349
3350@node Configuring system-wide DNS interception
3351@subsubsection Configuring system-wide DNS interception
3352
3353Before you install GNUnet, make sure you have a user and group 'gnunet'
3354as well as an empty group 'gnunetdns'.
3355
3356When using GNUnet with system-wide DNS interception, it is absolutely
3357necessary for all GNUnet service processes to be started by
3358@code{gnunet-service-arm} as user and group 'gnunet'. You also need to be
3359sure to run @code{make install} as root (or use the @code{sudo} option to
3360configure) to grant GNUnet sufficient privileges.
3361
3362With this setup, all that is required for enabling system-wide DNS
3363interception is for some GNUnet component (VPN or GNS) to request it.
3364The @code{gnunet-service-dns} will then start helper programs that will
3365make the necessary changes to your firewall (@code{iptables}) rules.
3366
3367Note that this will NOT work if your system sends out DNS traffic to a
3368link-local IPv6 address, as in this case GNUnet can intercept the traffic,
3369but not inject the responses from the link-local IPv6 address. Hence you
3370cannot use system-wide DNS interception in conjunction with link-local
3371IPv6-based DNS servers. If such a DNS server is used, it will bypass
3372GNUnet's DNS traffic interception.
3373
3374Using the GNU Name System (GNS) requires two different configuration
3375steps.
3376First of all, GNS needs to be integrated with the operating system. Most
3377of this section is about the operating system level integration.
3378
3379The remainder of this chapter will detail the various methods for
3380configuring the use of GNS with your operating system.
3381
3382At this point in time you have different options depending on your OS:
3383
3384@table @asis
3385
3386@item Use the gnunet-gns-proxy This approach works for all operating
3387systems and is likely the easiest. However, it enables GNS only for
3388browsers, not for other applications that might be using DNS, such as SSH.
3389Still, using the proxy is required for using HTTP with GNS and is thus
3390recommended for all users. To do this, you simply have to run the
3391@code{gnunet-gns-proxy-setup-ca} script as the user who will run the
3392browser (this will create a GNS certificate authority (CA) on your system
3393and import its key into your browser), then start @code{gnunet-gns-proxy}
3394and inform your browser to use the Socks5 proxy which
3395@code{gnunet-gns-proxy} makes available by default on port 7777.
3396@item Use a nsswitch plugin (recommended on GNU systems)
3397This approach has the advantage of offering fully personalized resolution
3398even on multi-user systems. A potential disadvantage is that some
3399applications might be able to bypass GNS.
3400@item Use a W32 resolver plugin (recommended on W32)
3401This is currently the only option on W32 systems.
3402@item Use system-wide DNS packet interception
3403This approach is recommended for the GNUnet VPN. It can be used to handle
3404GNS at the same time; however, if you only use this method, you will only
3405get one root zone per machine (not so great for multi-user systems).
3406@end table
3407
3408You can combine system-wide DNS packet interception with the nsswitch
3409plugin.
3410The setup of the system-wide DNS interception is described here. All of
3411the other GNS-specific configuration steps are described in the following
3412sections.
3413
3414@node Configuring the GNS nsswitch plugin
3415@subsubsection Configuring the GNS nsswitch plugin
3416
3417The Name Service Switch (NSS) is a facility in Unix-like operating systems
3418@footnote{More accurate: NSS is a functionality of the GNU C Library}
3419that provides a variety of sources for common configuration databases and
3420name resolution mechanisms.
3421A superuser (system administrator) usually configures the
3422operating system's name services using the file
3423@file{/etc/nsswitch.conf}.
3424
3425GNS provides a NSS plugin to integrate GNS name resolution with the
3426operating system's name resolution process.
3427To use the GNS NSS plugin you have to either
3428
3429@itemize @bullet
3430@item install GNUnet as root or
3431@item compile GNUnet with the @code{--with-sudo=yes} switch.
3432@end itemize
3433
3434Name resolution is controlled by the @emph{hosts} section in the NSS
3435configuration. By default this section first performs a lookup in the
3436@file{/etc/hosts} file and then in DNS.
3437The nsswitch file should contain a line similar to:
3438
3439@example
3440hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4
3441@end example
3442
3443@noindent
3444Here the GNS NSS plugin can be added to perform a GNS lookup before
3445performing a DNS lookup.
3446The GNS NSS plugin has to be added to the "hosts" section in
3447@file{/etc/nsswitch.conf} file before DNS related plugins:
3448
3449@example
3450...
3451hosts: files gns [NOTFOUND=return] dns mdns4_minimal mdns4
3452...
3453@end example
3454
3455@noindent
3456The @code{NOTFOUND=return} will ensure that if a @code{.gnu} name is not
3457found in GNS it will not be queried in DNS.
3458
3459@node Configuring GNS on W32
3460@subsubsection Configuring GNS on W32
3461
3462This document is a guide to configuring GNU Name System on W32-compatible
3463platforms.
3464
3465After GNUnet is installed, run the w32nsp-install tool:
3466
3467@example
3468w32nsp-install.exe libw32nsp-0.dll
3469@end example
3470
3471@noindent
3472('0' is the library version of W32 NSP; it might increase in the future,
3473change the invocation accordingly).
3474
3475This will install GNS namespace provider into the system and allow other
3476applications to resolve names that end in '@strong{gnu}'
3477and '@strong{zkey}'. Note that namespace provider requires
3478gnunet-gns-helper-service-w32 to be running, as well as gns service
3479itself (and its usual dependencies).
3480
3481Namespace provider is hardcoded to connect to @strong{127.0.0.1:5353},
3482and this is where gnunet-gns-helper-service-w32 should be listening to
3483(and is configured to listen to by default).
3484
3485To uninstall the provider, run:
3486
3487@example
3488w32nsp-uninstall.exe
3489@end example
3490
3491@noindent
3492(uses provider GUID to uninstall it, does not need a dll name).
3493
3494Note that while MSDN claims that other applications will only be able to
3495use the new namespace provider after re-starting, in reality they might
3496stat to use it without that. Conversely, they might stop using the
3497provider after it's been uninstalled, even if they were not re-started.
3498W32 will not permit namespace provider library to be deleted or
3499overwritten while the provider is installed, and while there is at least
3500one process still using it (even after it was uninstalled).
3501
3502@node GNS Proxy Setup
3503@subsubsection GNS Proxy Setup
3504
3505When using the GNU Name System (GNS) to browse the WWW, there are several
3506issues that can be solved by adding the GNS Proxy to your setup:
3507
3508@itemize @bullet
3509
3510@item If the target website does not support GNS, it might assume that it
3511is operating under some name in the legacy DNS system (such as
3512example.com). It may then attempt to set cookies for that domain, and the
3513web server might expect a @code{Host: example.com} header in the request
3514from your browser.
3515However, your browser might be using @code{example.gnu} for the
3516@code{Host} header and might only accept (and send) cookies for
3517@code{example.gnu}. The GNS Proxy will perform the necessary translations
3518of the hostnames for cookies and HTTP headers (using the LEHO record for
3519the target domain as the desired substitute).
3520
3521@item If using HTTPS, the target site might include an SSL certificate
3522which is either only valid for the LEHO domain or might match a TLSA
3523record in GNS. However, your browser would expect a valid certificate for
3524@code{example.gnu}, not for some legacy domain name. The proxy will
3525validate the certificate (either against LEHO or TLSA) and then
3526on-the-fly produce a valid certificate for the exchange, signed by your
3527own CA. Assuming you installed the CA of your proxy in your browser's
3528certificate authority list, your browser will then trust the
3529HTTPS/SSL/TLS connection, as the hostname mismatch is hidden by the proxy.
3530
3531@item Finally, the proxy will in the future indicate to the server that it
3532speaks GNS, which will enable server operators to deliver GNS-enabled web
3533sites to your browser (and continue to deliver legacy links to legacy
3534browsers)
3535@end itemize
3536
3537@node Setup of the GNS CA
3538@subsubsection Setup of the GNS CA
3539
3540First you need to create a CA certificate that the proxy can use.
3541To do so use the provided script gnunet-gns-proxy-ca:
3542
3543@example
3544$ gnunet-gns-proxy-setup-ca
3545@end example
3546
3547@noindent
3548This will create a personal certification authority for you and add this
3549authority to the firefox and chrome database. The proxy will use the this
3550CA certificate to generate @code{*.gnu} client certificates on the fly.
3551
3552Note that the proxy uses libcurl. Make sure your version of libcurl uses
3553GnuTLS and NOT OpenSSL. The proxy will @b{not} work with libcurl compiled
3554against OpenSSL.
3555
3556You can check the configuration your libcurl was build with by
3557running:
3558
3559@example
3560curl --version
3561@end example
3562
3563the output will look like this (without the linebreaks):
3564
3565@example
3566gnurl --version
3567curl 7.56.0 (x86_64-unknown-linux-gnu) libcurl/7.56.0 \
3568GnuTLS/3.5.13 zlib/1.2.11 libidn2/2.0.4
3569Release-Date: 2017-10-08
3570Protocols: http https
3571Features: AsynchDNS IDN IPv6 Largefile NTLM SSL libz \
3572TLS-SRP UnixSockets HTTPS-proxy
3573@end example
3574
3575@node Testing the GNS setup
3576@subsubsection Testing the GNS setup
3577
3578Now for testing purposes we can create some records in our zone to test
3579the SSL functionality of the proxy:
3580
3581@example
3582$ gnunet-identity -C test
3583$ gnunet-namestore -a -e "1 d" -n "homepage" \
3584 -t A -V 131.159.74.67 -z test
3585$ gnunet-namestore -a -e "1 d" -n "homepage" \
3586 -t LEHO -V "gnunet.org" -z test
3587@end example
3588
3589@noindent
3590At this point we can start the proxy. Simply execute
3591
3592@example
3593$ gnunet-gns-proxy
3594@end example
3595
3596@noindent
3597Configure your browser to use this SOCKSv5 proxy on port 7777 and visit
3598this link.
3599If you use @command{Firefox} (or one of its deriviates/forks such as
3600Icecat) you also have to go to @code{about:config} and set the key
3601@code{network.proxy.socks_remote_dns} to @code{true}.
3602
3603When you visit @code{https://homepage.test/}, you should get to the
3604@code{https://gnunet.org/} frontpage and the browser (with the correctly
3605configured proxy) should give you a valid SSL certificate for
3606@code{homepage.gnu} and no warnings. It should look like this:
3607
3608@c FIXME: Image does not exist, create it or save it from Drupal?
3609@c @image{images/gnunethpgns.png,5in,, picture of homepage.gnu in Webbrowser}
3610
3611
3612@node Configuring the GNUnet VPN
3613@subsection Configuring the GNUnet VPN
3614
3615@menu
3616* IPv4 address for interface::
3617* IPv6 address for interface::
3618* Configuring the GNUnet VPN DNS::
3619* Configuring the GNUnet VPN Exit Service::
3620* IP Address of external DNS resolver::
3621* IPv4 address for Exit interface::
3622* IPv6 address for Exit interface::
3623@end menu
3624
3625Before configuring the GNUnet VPN, please make sure that system-wide DNS
3626interception is configured properly as described in the section on the
3627GNUnet DNS setup. @pxref{Configuring the GNU Name System},
3628if you haven't done so already.
3629
3630The default options for the GNUnet VPN are usually sufficient to use
3631GNUnet as a Layer 2 for your Internet connection.
3632However, what you always have to specify is which IP protocol you want
3633to tunnel: IPv4, IPv6 or both.
3634Furthermore, if you tunnel both, you most likely should also tunnel
3635all of your DNS requests.
3636You theoretically can tunnel "only" your DNS traffic, but that usually
3637makes little sense.
3638
3639The other options as shown on the gnunet-setup tool are:
3640
3641@node IPv4 address for interface
3642@subsubsection IPv4 address for interface
3643
3644This is the IPv4 address the VPN interface will get. You should pick an
3645'private' IPv4 network that is not yet in use for you system. For example,
3646if you use @code{10.0.0.1/255.255.0.0} already, you might use
3647@code{10.1.0.1/255.255.0.0}.
3648If you use @code{10.0.0.1/255.0.0.0} already, then you might use
3649@code{192.168.0.1/255.255.0.0}.
3650If your system is not in a private IP-network, using any of the above will
3651work fine.
3652You should try to make the mask of the address big enough
3653(@code{255.255.0.0} or, even better, @code{255.0.0.0}) to allow more
3654mappings of remote IP Addresses into this range.
3655However, even a @code{255.255.255.0} mask will suffice for most users.
3656
3657@node IPv6 address for interface
3658@subsubsection IPv6 address for interface
3659
3660The IPv6 address the VPN interface will get. Here you can specify any
3661non-link-local address (the address should not begin with @code{fe80:}).
3662A subnet Unique Local Unicast (@code{fd00::/8} prefix) that you are
3663currently not using would be a good choice.
3664
3665@node Configuring the GNUnet VPN DNS
3666@subsubsection Configuring the GNUnet VPN DNS
3667
3668To resolve names for remote nodes, activate the DNS exit option.
3669
3670@node Configuring the GNUnet VPN Exit Service
3671@subsubsection Configuring the GNUnet VPN Exit Service
3672
3673If you want to allow other users to share your Internet connection (yes,
3674this may be dangerous, just as running a Tor exit node) or want to
3675provide access to services on your host (this should be less dangerous,
3676as long as those services are secure), you have to enable the GNUnet exit
3677daemon.
3678
3679You then get to specify which exit functions you want to provide. By
3680enabling the exit daemon, you will always automatically provide exit
3681functions for manually configured local services (this component of the
3682system is under
3683development and not documented further at this time). As for those
3684services you explicitly specify the target IP address and port, there is
3685no significant security risk in doing so.
3686
3687Furthermore, you can serve as a DNS, IPv4 or IPv6 exit to the Internet.
3688Being a DNS exit is usually pretty harmless. However, enabling IPv4 or
3689IPv6-exit without further precautions may enable adversaries to access
3690your local network, send spam, attack other systems from your Internet
3691connection and to other mischief that will appear to come from your
3692machine. This may or may not get you into legal trouble.
3693If you want to allow IPv4 or IPv6-exit functionality, you should strongly
3694consider adding additional firewall rules manually to protect your local
3695network and to restrict outgoing TCP traffic (i.e. by not allowing access
3696to port 25). While we plan to improve exit-filtering in the future,
3697you're currently on your own here.
3698Essentially, be prepared for any kind of IP-traffic to exit the respective
3699TUN interface (and GNUnet will enable IP-forwarding and NAT for the
3700interface automatically).
3701
3702Additional configuration options of the exit as shown by the gnunet-setup
3703tool are:
3704
3705@node IP Address of external DNS resolver
3706@subsubsection IP Address of external DNS resolver
3707
3708If DNS traffic is to exit your machine, it will be send to this DNS
3709resolver. You can specify an IPv4 or IPv6 address.
3710
3711@node IPv4 address for Exit interface
3712@subsubsection IPv4 address for Exit interface
3713
3714This is the IPv4 address the Interface will get. Make the mask of the
3715address big enough (255.255.0.0 or, even better, 255.0.0.0) to allow more
3716mappings of IP addresses into this range. As for the VPN interface, any
3717unused, private IPv4 address range will do.
3718
3719@node IPv6 address for Exit interface
3720@subsubsection IPv6 address for Exit interface
3721
3722The public IPv6 address the interface will get. If your kernel is not a
3723very recent kernel and you are willing to manually enable IPv6-NAT, the
3724IPv6 address you specify here must be a globally routed IPv6 address of
3725your host.
3726
3727Suppose your host has the address @code{2001:4ca0::1234/64}, then
3728using @code{2001:4ca0::1:0/112} would be fine (keep the first 64 bits,
3729then change at least one bit in the range before the bitmask, in the
3730example above we changed bit 111 from 0 to 1).
3731
3732You may also have to configure your router to route traffic for the entire
3733subnet (@code{2001:4ca0::1:0/112} for example) through your computer (this
3734should be automatic with IPv6, but obviously anything can be
3735disabled).
3736
3737@node Bandwidth Configuration
3738@subsection Bandwidth Configuration
3739
3740You can specify how many bandwidth GNUnet is allowed to use to receive
3741and send data. This is important for users with limited bandwidth or
3742traffic volume.
3743
3744@node Configuring NAT
3745@subsection Configuring NAT
3746
3747Most hosts today do not have a normal global IP address but instead are
3748behind a router performing Network Address Translation (NAT) which assigns
3749each host in the local network a private IP address.
3750As a result, these machines cannot trivially receive inbound connections
3751from the Internet. GNUnet supports NAT traversal to enable these machines
3752to receive incoming connections from other peers despite their
3753limitations.
3754
3755In an ideal world, you can press the "Attempt automatic configuration"
3756button in gnunet-setup to automatically configure your peer correctly.
3757Alternatively, your distribution might have already triggered this
3758automatic configuration during the installation process.
3759However, automatic configuration can fail to determine the optimal
3760settings, resulting in your peer either not receiving as many connections
3761as possible, or in the worst case it not connecting to the network at all.
3762
3763To manually configure the peer, you need to know a few things about your
3764network setup. First, determine if you are behind a NAT in the first
3765place.
3766This is always the case if your IP address starts with "10.*" or
3767"192.168.*". Next, if you have control over your NAT router, you may
3768choose to manually configure it to allow GNUnet traffic to your host.
3769If you have configured your NAT to forward traffic on ports 2086 (and
3770possibly 1080) to your host, you can check the "NAT ports have been opened
3771manually" option, which corresponds to the "PUNCHED_NAT" option in the
3772configuration file. If you did not punch your NAT box, it may still be
3773configured to support UPnP, which allows GNUnet to automatically
3774configure it. In that case, you need to install the "upnpc" command,
3775enable UPnP (or PMP) on your NAT box and set the "Enable NAT traversal
3776via UPnP or PMP" option (corresponding to "ENABLE_UPNP" in the
3777configuration file).
3778
3779Some NAT boxes can be traversed using the autonomous NAT traversal method.
3780This requires certain GNUnet components to be installed with "SUID"
3781prividledges on your system (so if you're installing on a system you do
3782not have administrative rights to, this will not work).
3783If you installed as 'root', you can enable autonomous NAT traversal by
3784checking the "Enable NAT traversal using ICMP method".
3785The ICMP method requires a way to determine your NAT's external (global)
3786IP address. This can be done using either UPnP, DynDNS, or by manual
3787configuration. If you have a DynDNS name or know your external IP address,
3788you should enter that name under "External (public) IPv4 address" (which
3789corresponds to the "EXTERNAL_ADDRESS" option in the configuration file).
3790If you leave the option empty, GNUnet will try to determine your external
3791IP address automatically (which may fail, in which case autonomous
3792NAT traversal will then not work).
3793
3794Finally, if you yourself are not behind NAT but want to be able to
3795connect to NATed peers using autonomous NAT traversal, you need to check
3796the "Enable connecting to NATed peers using ICMP method" box.
3797
3798
3799@node Peer configuration for distributions
3800@subsection Peer configuration for distributions
3801
3802The "GNUNET_DATA_HOME" in "[path]" in @file{/etc/gnunet.conf} should be
3803manually set to "/var/lib/gnunet/data/" as the default
3804"~/.local/share/gnunet/" is probably not that appropriate in this case.
3805Similarly, distributions may consider pointing "GNUNET_RUNTIME_DIR" to
3806"/var/run/gnunet/" and "GNUNET_HOME" to "/var/lib/gnunet/". Also, should a
3807distribution decide to override system defaults, all of these changes
3808should be done in a custom @file{/etc/gnunet.conf} and not in the files
3809in the @file{config.d/} directory.
3810
3811Given the proposed access permissions, the "gnunet-setup" tool must be
3812run as use "gnunet" (and with option "-c /etc/gnunet.conf" so that it
3813modifies the system configuration). As always, gnunet-setup should be run
3814after the GNUnet peer was stopped using "gnunet-arm -e". Distributions
3815might want to include a wrapper for gnunet-setup that allows the
3816desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account
3817and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in
3818sequence.
3819
3820@node How to start and stop a GNUnet peer
3821@section How to start and stop a GNUnet peer
3822
3823This section describes how to start a GNUnet peer. It assumes that you
3824have already compiled and installed GNUnet and its' dependencies.
3825Before you start a GNUnet peer, you may want to create a configuration
3826file using gnunet-setup (but you do not have to).
3827Sane defaults should exist in your
3828@file{$GNUNET_PREFIX/share/gnunet/config.d/} directory, so in practice
3829you could simply start without any configuration. If you want to
3830configure your peer later, you need to stop it before invoking the
3831@code{gnunet-setup} tool to customize further and to test your
3832configuration (@code{gnunet-setup} has build-in test functions).
3833
3834The most important option you might have to still set by hand is in
3835[PATHS]. Here, you use the option "GNUNET_HOME" to specify the path where
3836GNUnet should store its data.
3837It defaults to @code{$HOME/}, which again should work for most users.
3838Make sure that the directory specified as GNUNET_HOME is writable to
3839the user that you will use to run GNUnet (note that you can run frontends
3840using other users, GNUNET_HOME must only be accessible to the user used to
3841run the background processes).
3842
3843You will also need to make one central decision: should all of GNUnet be
3844run under your normal UID, or do you want distinguish between system-wide
3845(user-independent) GNUnet services and personal GNUnet services. The
3846multi-user setup is slightly more complicated, but also more secure and
3847generally recommended.
3848
3849@menu
3850* The Single-User Setup::
3851* The Multi-User Setup::
3852* Killing GNUnet services::
3853* Access Control for GNUnet::
3854@end menu
3855
3856@node The Single-User Setup
3857@subsection The Single-User Setup
3858
3859For the single-user setup, you do not need to do anything special and can
3860just start the GNUnet background processes using @code{gnunet-arm}.
3861By default, GNUnet looks in @file{~/.config/gnunet.conf} for a
3862configuration (or @code{$XDG_CONFIG_HOME/gnunet.conf} if@
3863@code{$XDG_CONFIG_HOME} is defined). If your configuration lives
3864elsewhere, you need to pass the @code{-c FILENAME} option to all GNUnet
3865commands.
3866
3867Assuming the configuration file is called @file{~/.config/gnunet.conf},
3868you start your peer using the @code{gnunet-arm} command (say as user
3869@code{gnunet}) using:
3870
3871@example
3872gnunet-arm -c ~/.config/gnunet.conf -s
3873@end example
3874
3875@noindent
3876The "-s" option here is for "start". The command should return almost
3877instantly. If you want to stop GNUnet, you can use:
3878
3879@example
3880gnunet-arm -c ~/.config/gnunet.conf -e
3881@end example
3882
3883@noindent
3884The "-e" option here is for "end".
3885
3886Note that this will only start the basic peer, no actual applications
3887will be available.
3888If you want to start the file-sharing service, use (after starting
3889GNUnet):
3890
3891@example
3892gnunet-arm -c ~/.config/gnunet.conf -i fs
3893@end example
3894
3895@noindent
3896The "-i fs" option here is for "initialize" the "fs" (file-sharing)
3897application. You can also selectively kill only file-sharing support using
3898
3899@example
3900gnunet-arm -c ~/.config/gnunet.conf -k fs
3901@end example
3902
3903@noindent
3904Assuming that you want certain services (like file-sharing) to be always
3905automatically started whenever you start GNUnet, you can activate them by
3906setting "FORCESTART=YES" in the respective section of the configuration
3907file (for example, "[fs]"). Then GNUnet with file-sharing support would
3908be started whenever you@ enter:
3909
3910@example
3911gnunet-arm -c ~/.config/gnunet.conf -s
3912@end example
3913
3914@noindent
3915Alternatively, you can combine the two options:
3916
3917@example
3918gnunet-arm -c ~/.config/gnunet.conf -s -i fs
3919@end example
3920
3921@noindent
3922Using @code{gnunet-arm} is also the preferred method for initializing
3923GNUnet from @code{init}.
3924
3925Finally, you should edit your @code{crontab} (using the @code{crontab}
3926command) and insert a line@
3927
3928@example
3929@@reboot gnunet-arm -c ~/.config/gnunet.conf -s
3930@end example
3931
3932to automatically start your peer whenever your system boots.
3933
3934@node The Multi-User Setup
3935@subsection The Multi-User Setup
3936
3937This requires you to create a user @code{gnunet} and an additional group
3938@code{gnunetdns}, prior to running @code{make install} during
3939installation.
3940Then, you create a configuration file @file{/etc/gnunet.conf} which should
3941contain the lines:@
3942
3943@example
3944[arm]
3945SYSTEM_ONLY = YES
3946USER_ONLY = NO
3947@end example
3948
3949@noindent
3950Then, perform the same steps to run GNUnet as in the per-user
3951configuration, except as user @code{gnunet} (including the
3952@code{crontab} installation).
3953You may also want to run @code{gnunet-setup} to configure your peer
3954(databases, etc.).
3955Make sure to pass @code{-c /etc/gnunet.conf} to all commands. If you
3956run @code{gnunet-setup} as user @code{gnunet}, you might need to change
3957permissions on @file{/etc/gnunet.conf} so that the @code{gnunet} user can
3958write to the file (during setup).
3959
3960Afterwards, you need to perform another setup step for each normal user
3961account from which you want to access GNUnet. First, grant the normal user
3962(@code{$USER}) permission to the group gnunet:
3963
3964@example
3965# adduser $USER gnunet
3966@end example
3967
3968@noindent
3969Then, create a configuration file in @file{~/.config/gnunet.conf} for the
3970$USER with the lines:
3971
3972@example
3973[arm]
3974SYSTEM_ONLY = NO
3975USER_ONLY = YES
3976@end example
3977
3978@noindent
3979This will ensure that @code{gnunet-arm} when started by the normal user
3980will only run services that are per-user, and otherwise rely on the
3981system-wide services.
3982Note that the normal user may run gnunet-setup, but the
3983configuration would be ineffective as the system-wide services will use
3984@file{/etc/gnunet.conf} and ignore options set by individual users.
3985
3986Again, each user should then start the peer using
3987@file{gnunet-arm -s} --- and strongly consider adding logic to start
3988the peer automatically to their crontab.
3989
3990Afterwards, you should see two (or more, if you have more than one USER)
3991@code{gnunet-service-arm} processes running in your system.
3992
3993@node Killing GNUnet services
3994@subsection Killing GNUnet services
3995
3996It is not necessary to stop GNUnet services explicitly when shutting
3997down your computer.
3998
3999It should be noted that manually killing "most" of the
4000@code{gnunet-service} processes is generally not a successful method for
4001stopping a peer (since @code{gnunet-service-arm} will instantly restart
4002them). The best way to explicitly stop a peer is using
4003@code{gnunet-arm -e}; note that the per-user services may need to be
4004terminated before the system-wide services will terminate normally.
4005
4006@node Access Control for GNUnet
4007@subsection Access Control for GNUnet
4008
4009This chapter documents how we plan to make access control work within the
4010GNUnet system for a typical peer. It should be read as a best-practice
4011installation guide for advanced users and builders of binary
4012distributions. The recommendations in this guide apply to POSIX-systems
4013with full support for UNIX domain sockets only.
4014
4015Note that this is an advanced topic. The discussion presumes a very good
4016understanding of users, groups and file permissions. Normal users on
4017hosts with just a single user can just install GNUnet under their own
4018account (and possibly allow the installer to use SUDO to grant additional
4019permissions for special GNUnet tools that need additional rights).
4020The discussion below largely applies to installations where multiple users
4021share a system and to installations where the best possible security is
4022paramount.
4023
4024A typical GNUnet system consists of components that fall into four
4025categories:
4026
4027@table @asis
4028
4029@item User interfaces
4030User interfaces are not security sensitive and are supposed to be run and
4031used by normal system users.
4032The GTK GUIs and most command-line programs fall into this category.
4033Some command-line tools (like gnunet-transport) should be excluded as they
4034offer low-level access that normal users should not need.
4035@item System services and support tools
4036System services should always run and offer services that can then be
4037accessed by the normal users.
4038System services do not require special permissions, but as they are not
4039specific to a particular user, they probably should not run as a
4040particular user. Also, there should typically only be one GNUnet peer per
4041host. System services include the gnunet-service and gnunet-daemon
4042programs; support tools include command-line programs such as gnunet-arm.
4043@item Priviledged helpers
4044Some GNUnet components require root rights to open raw sockets or perform
4045other special operations. These gnunet-helper binaries are typically
4046installed SUID and run from services or daemons.
4047@item Critical services
4048Some GNUnet services (such as the DNS service) can manipulate the service
4049in deep and possibly highly security sensitive ways. For example, the DNS
4050service can be used to intercept and alter any DNS query originating from
4051the local machine. Access to the APIs of these critical services and their
4052priviledged helpers must be tightly controlled.
4053@end table
4054
4055@c FIXME: The titles of these chapters are too long in the index.
4056
4057@menu
4058* Recommendation - Disable access to services via TCP::
4059* Recommendation - Run most services as system user "gnunet"::
4060* Recommendation - Control access to services using group "gnunet"::
4061* Recommendation - Limit access to certain SUID binaries by group "gnunet"::
4062* Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns"::
4063* Differences between "make install" and these recommendations::
4064@end menu
4065
4066@node Recommendation - Disable access to services via TCP
4067@subsubsection Recommendation - Disable access to services via TCP
4068
4069GNUnet services allow two types of access: via TCP socket or via UNIX
4070domain socket.
4071If the service is available via TCP, access control can only be
4072implemented by restricting connections to a particular range of IP
4073addresses.
4074This is acceptable for non-critical services that are supposed to be
4075available to all users on the local system or local network.
4076However, as TCP is generally less efficient and it is rarely the case
4077that a single GNUnet peer is supposed to serve an entire local network,
4078the default configuration should disable TCP access to all GNUnet
4079services on systems with support for UNIX domain sockets.
4080As of GNUnet 0.9.2, configuration files with TCP access disabled should be
4081generated by default. Users can re-enable TCP access to particular
4082services simply by specifying a non-zero port number in the section of
4083the respective service.
4084
4085
4086@node Recommendation - Run most services as system user "gnunet"
4087@subsubsection Recommendation - Run most services as system user "gnunet"
4088
4089GNUnet's main services should be run as a separate user "gnunet" in a
4090special group "gnunet".
4091The user "gnunet" should start the peer using "gnunet-arm -s" during
4092system startup. The home directory for this user should be
4093@file{/var/lib/gnunet} and the configuration file should be
4094@file{/etc/gnunet.conf}.
4095Only the @code{gnunet} user should have the right to access
4096@file{/var/lib/gnunet} (@emph{mode: 700}).
4097
4098@node Recommendation - Control access to services using group "gnunet"
4099@subsubsection Recommendation - Control access to services using group "gnunet"
4100
4101Users that should be allowed to use the GNUnet peer should be added to the
4102group "gnunet". Using GNUnet's access control mechanism for UNIX domain
4103sockets, those services that are considered useful to ordinary users
4104should be made available by setting "UNIX_MATCH_GID=YES" for those
4105services.
4106Again, as shipped, GNUnet provides reasonable defaults.
4107Permissions to access the transport and core subsystems might additionally
4108be granted without necessarily causing security concerns.
4109Some services, such as DNS, must NOT be made accessible to the "gnunet"
4110group (and should thus only be accessible to the "gnunet" user and
4111services running with this UID).
4112
4113@node Recommendation - Limit access to certain SUID binaries by group "gnunet"
4114@subsubsection Recommendation - Limit access to certain SUID binaries by group "gnunet"
4115
4116Most of GNUnet's SUID binaries should be safe even if executed by normal
4117users. However, it is possible to reduce the risk a little bit more by
4118making these binaries owned by the group "gnunet" and restricting their
4119execution to user of the group "gnunet" as well (4750).
4120
4121@node Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns"
4122@subsubsection Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns"
4123
4124A special group "gnunetdns" should be created for controlling access to
4125the "gnunet-helper-dns".
4126The binary should then be owned by root and be in group "gnunetdns" and
4127be installed SUID and only be group-executable (2750).
4128@b{Note that the group "gnunetdns" should have no users in it at all,
4129ever.}
4130The "gnunet-service-dns" program should be executed by user "gnunet" (via
4131gnunet-service-arm) with the binary owned by the user "root" and the group
4132"gnunetdns" and be SGID (2700). This way, @strong{only}
4133"gnunet-service-dns" can change its group to "gnunetdns" and execute the
4134helper, and the helper can then run as root (as per SUID).
4135Access to the API offered by "gnunet-service-dns" is in turn restricted
4136to the user "gnunet" (not the group!), which means that only
4137"benign" services can manipulate DNS queries using "gnunet-service-dns".
4138
4139@node Differences between "make install" and these recommendations
4140@subsubsection Differences between "make install" and these recommendations
4141
4142The current build system does not set all permissions automatically based
4143on the recommendations above. In particular, it does not use the group
4144"gnunet" at all (so setting gnunet-helpers other than the
4145gnunet-helper-dns to be owned by group "gnunet" must be done manually).
4146Furthermore, 'make install' will silently fail to set the DNS binaries to
4147be owned by group "gnunetdns" unless that group already exists (!).
4148An alternative name for the "gnunetdns" group can be specified using the
4149@code{--with-gnunetdns=GRPNAME} configure option.
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi
index 22ee8206a..13c3aa9c8 100644
--- a/doc/documentation/gnunet.texi
+++ b/doc/documentation/gnunet.texi
@@ -113,22 +113,6 @@ Philosophy
113* Backup of Identities and Egos:: 113* Backup of Identities and Egos::
114* Revocation:: 114* Revocation::
115 115
116GNUnet Installation Handbook
117
118* Dependencies::
119* Pre-installation notes::
120* Generic installation instructions::
121* Build instructions for Ubuntu 12.04 using Git::
122* Build instructions for software builds from source::
123* Build Instructions for Microsoft Windows Platforms::
124* Build instructions for Debian 7.5::
125* Installing GNUnet from Git on Ubuntu 14.4::
126* Build instructions for Debian 8::
127* Outdated build instructions for previous revisions::
128@c * Portable GNUnet::
129* The graphical configuration interface::
130* How to start and stop a GNUnet peer::
131
132Using GNUnet 116Using GNUnet
133 117
134* Checking the Installation:: 118* Checking the Installation::
@@ -140,8 +124,6 @@ Using GNUnet
140* The GNU Name System:: 124* The GNU Name System::
141* Using the Virtual Public Network:: 125* Using the Virtual Public Network::
142 126
143@c Configuration Handbook
144
145GNUnet Contributors Handbook 127GNUnet Contributors Handbook
146 128
147* Contributing to GNUnet:: 129* Contributing to GNUnet::
@@ -152,6 +134,7 @@ GNUnet Contributors Handbook
152GNUnet Developer Handbook 134GNUnet Developer Handbook
153 135
154* Developer Introduction:: 136* Developer Introduction::
137* Internal Dependencies::
155* Code overview:: 138* Code overview::
156* System Architecture:: 139* System Architecture::
157* Subsystem stability:: 140* Subsystem stability::
@@ -159,6 +142,7 @@ GNUnet Developer Handbook
159* Build-system:: 142* Build-system::
160* Developing extensions for GNUnet using the gnunet-ext template:: 143* Developing extensions for GNUnet using the gnunet-ext template::
161* Writing testcases:: 144* Writing testcases::
145* Building GNUNet and its dependencies::
162* TESTING library:: 146* TESTING library::
163* Performance regression analysis with Gauger:: 147* Performance regression analysis with Gauger::
164* TESTBED Subsystem:: 148* TESTBED Subsystem::