diff options
Diffstat (limited to 'doc/documentation')
-rw-r--r-- | doc/documentation/Makefile.am | 1 | ||||
-rw-r--r-- | doc/documentation/chapters/installation.texi | 4149 | ||||
-rw-r--r-- | doc/documentation/gnunet.texi | 20 |
3 files changed, 2 insertions, 4168 deletions
diff --git a/doc/documentation/Makefile.am b/doc/documentation/Makefile.am index 0781b2fbb..12f40f147 100644 --- a/doc/documentation/Makefile.am +++ b/doc/documentation/Makefile.am | |||
@@ -113,7 +113,6 @@ info_TEXINFOS = \ | |||
113 | gnunet_TEXINFOS = \ | 113 | gnunet_TEXINFOS = \ |
114 | chapters/developer.texi \ | 114 | chapters/developer.texi \ |
115 | chapters/preface.texi \ | 115 | chapters/preface.texi \ |
116 | chapters/installation.texi \ | ||
117 | chapters/philosophy.texi \ | 116 | chapters/philosophy.texi \ |
118 | chapters/user.texi \ | 117 | chapters/user.texi \ |
119 | chapters/vocabulary.texi \ | 118 | chapters/vocabulary.texi \ |
diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi deleted file mode 100644 index 665f980be..000000000 --- a/doc/documentation/chapters/installation.texi +++ /dev/null | |||
@@ -1,4149 +0,0 @@ | |||
1 | @node GNUnet Installation Handbook | ||
2 | @chapter GNUnet Installation Handbook | ||
3 | |||
4 | This handbook describes how to install (build, setup, compile) and | ||
5 | setup (configure, start) GNUnet @value{VERSION}. After following these | ||
6 | instructions you should be able to install and then start user-interfaces | ||
7 | to interact with the network. | ||
8 | |||
9 | Note: This manual is far from complete, and we welcome contributions, be | ||
10 | it in the form of new chapters or insightful comments. | ||
11 | |||
12 | @menu | ||
13 | * Dependencies:: | ||
14 | * Pre-installation notes:: | ||
15 | * Generic installation instructions:: | ||
16 | * Build instructions for Ubuntu 12.04 using Git:: | ||
17 | * Build instructions for software builds from source:: | ||
18 | * Build Instructions for Microsoft Windows Platforms:: | ||
19 | * Build instructions for Debian 7.5:: | ||
20 | * Installing GNUnet from Git on Ubuntu 14.4:: | ||
21 | * Build instructions for Debian 8:: | ||
22 | * Build instructions for macOS:: | ||
23 | @c * Build instructions for OpenBSD 6.2:: | ||
24 | * Outdated build instructions for previous revisions:: | ||
25 | @c * Portable GNUnet:: | ||
26 | * The graphical configuration interface:: | ||
27 | * How to start and stop a GNUnet peer:: | ||
28 | @end menu | ||
29 | |||
30 | @node Dependencies | ||
31 | @section Dependencies | ||
32 | @c %**end of header | ||
33 | |||
34 | This section lists the various known dependencies for | ||
35 | GNUnet @value{EDITION}. | ||
36 | Suggestions for missing dependencies or wrong version numbers are welcome. | ||
37 | |||
38 | @menu | ||
39 | * External dependencies:: | ||
40 | * Optional dependencies:: | ||
41 | * Internal dependencies:: | ||
42 | @end menu | ||
43 | |||
44 | @node External dependencies | ||
45 | @subsection External dependencies | ||
46 | @c %**end of header | ||
47 | |||
48 | These packages must be installed before a typical GNUnet installation | ||
49 | can be performed: | ||
50 | |||
51 | @itemize @bullet | ||
52 | @item autoconf | ||
53 | @item automake | ||
54 | @item pkg-config | ||
55 | @item libltdl | ||
56 | @item gstreamer | ||
57 | @item gst-plugins-base | ||
58 | @item perl | ||
59 | @item python (only 2.7 supported)@footnote{tests and gnunet-qr} | ||
60 | @item jansson | ||
61 | @item nss | ||
62 | @item glib | ||
63 | @item gmp | ||
64 | @item bluez | ||
65 | @item miniupnpc | ||
66 | @item gettext | ||
67 | @item which | ||
68 | @item texinfo @geq{} 5.2 | ||
69 | @item GNU libmicrohttpd @geq{} 0.9.30 @footnote{We recommend to build it | ||
70 | with a GnuTLS version that was configured with libunbound} | ||
71 | @item GNU libextractor @geq{} 1.0 | ||
72 | @item GNU libtool @geq{} 2.2 | ||
73 | @item GNU libunistring @geq{} 0.9.1.1 | ||
74 | @item GNU libidn @geq{} 1.0.0 | ||
75 | @item @uref{https://gnupg.org/software/libgcrypt/, GNU libgcrypt} @geq{} | ||
76 | @uref{https://gnupg.org/ftp/gcrypt/libgcrypt/, 1.6.0} | ||
77 | @item @uref{https://gnutls.org/, GnuTLS} @geq{} 3.2.7 | ||
78 | @footnote{We recommend to compile with libunbound for DANE support; | ||
79 | GnuTLS also requires GNU nettle 2.7 (update: GnuTLS 3.2.7 appears NOT | ||
80 | to work against GNU nettle > 2.7, due to some API updatings done by | ||
81 | nettle. Thus it should be compiled against nettle 2.7 | ||
82 | and, in case you get some error on the reference to `rpl_strerror' being | ||
83 | undefined, follow the instructions on | ||
84 | @uref{http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html, this} | ||
85 | post (and the link inside it)).} | ||
86 | @item @uref{https://gnunet.org/gnurl, gnURL} libgnurl @geq{} 7.34.0 | ||
87 | @footnote{must be compiled after @code{GnuTLS}} | ||
88 | @item libglpk @geq{} 4.45 | ||
89 | @item @uref{http://www.openssl.org/, OpenSSL} @geq{} 1.0 | ||
90 | @item TeX Live @geq{} 2012, optional (for gnunet-bcd) | ||
91 | @item Texinfo @geq{} 5.2 (for documentation) | ||
92 | @item libsqlite @geq{} 3.8.0 @footnote{(note that the code will | ||
93 | compile and often work with lower version numbers, but you may get subtle | ||
94 | bugs with respect to quota management in certain rare cases); | ||
95 | alternatively, MySQL or Postgres can also be installed, but those | ||
96 | databases will require more complex configurations (not | ||
97 | recommended for first-time users)} | ||
98 | @item zlib | ||
99 | @end itemize | ||
100 | |||
101 | @node Optional dependencies | ||
102 | @subsection Optional dependencies | ||
103 | |||
104 | These applications must be installed for various experimental or otherwise | ||
105 | optional features such as @command{gnunet-conversation}, | ||
106 | and @command{gnunet-conversation-gtk} (most of these features are only build if you | ||
107 | configure GNUnet with @command{--enable-experimental}): | ||
108 | |||
109 | @itemize @bullet | ||
110 | @item libpulse @geq{} 2.0, | ||
111 | optional (for @command{gnunet-conversation}) | ||
112 | @item libopus @geq{} 1.0.1, | ||
113 | optional (for @command{gnunet-conversation}) | ||
114 | @item libogg @geq{} 1.3.0, | ||
115 | optional (for @command{gnunet-conversation}) | ||
116 | @item libnss contained @command{certool} binary, | ||
117 | optional for convenient installation of | ||
118 | the GNS proxy. | ||
119 | @item python-zbar @geq{} 0.10, | ||
120 | optional (for @command{gnunet-qr}) | ||
121 | @item Gtk+ @geq{} 3.0, | ||
122 | optional (for @command{gnunet-gtk}) | ||
123 | @item libgladeui (must match Gtk+ version), | ||
124 | optional (for @command{gnunet-gtk}) | ||
125 | @item libqrencode @geq{} 3.0, | ||
126 | optional (for @command{gnunet-namestore-gtk}) | ||
127 | @item libpbc @geq{} 0.5.14, optional for Attribute-Based Encryption and Identity Provider functionality | ||
128 | @item libgabe (https://github.com/schanzen/libgabe), optional for Attribute-Based Encryption and Identity Provider functionality | ||
129 | @end itemize | ||
130 | |||
131 | @node Internal dependencies | ||
132 | @subsection Internal dependencies | ||
133 | |||
134 | This section tries to give an overview of what processes a typical GNUnet | ||
135 | peer running a particular application would consist of. All of the | ||
136 | processes listed here should be automatically started by | ||
137 | @command{gnunet-arm -s}. | ||
138 | The list is given as a rough first guide to users for failure diagnostics. | ||
139 | Ideally, end-users should never have to worry about these internal | ||
140 | dependencies. | ||
141 | |||
142 | In terms of internal dependencies, a minimum file-sharing system consists | ||
143 | of the following GNUnet processes (in order of dependency): | ||
144 | |||
145 | @itemize @bullet | ||
146 | @item gnunet-service-arm | ||
147 | @item gnunet-service-resolver (required by all) | ||
148 | @item gnunet-service-statistics (required by all) | ||
149 | @item gnunet-service-peerinfo | ||
150 | @item gnunet-service-transport (requires peerinfo) | ||
151 | @item gnunet-service-core (requires transport) | ||
152 | @item gnunet-daemon-hostlist (requires core) | ||
153 | @item gnunet-daemon-topology (requires hostlist, peerinfo) | ||
154 | @item gnunet-service-datastore | ||
155 | @item gnunet-service-dht (requires core) | ||
156 | @item gnunet-service-identity | ||
157 | @item gnunet-service-fs (requires identity, mesh, dht, datastore, core) | ||
158 | @end itemize | ||
159 | |||
160 | @noindent | ||
161 | A minimum VPN system consists of the following GNUnet processes (in | ||
162 | order of dependency): | ||
163 | |||
164 | @itemize @bullet | ||
165 | @item gnunet-service-arm | ||
166 | @item gnunet-service-resolver (required by all) | ||
167 | @item gnunet-service-statistics (required by all) | ||
168 | @item gnunet-service-peerinfo | ||
169 | @item gnunet-service-transport (requires peerinfo) | ||
170 | @item gnunet-service-core (requires transport) | ||
171 | @item gnunet-daemon-hostlist (requires core) | ||
172 | @item gnunet-service-dht (requires core) | ||
173 | @item gnunet-service-mesh (requires dht, core) | ||
174 | @item gnunet-service-dns (requires dht) | ||
175 | @item gnunet-service-regex (requires dht) | ||
176 | @item gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
177 | @end itemize | ||
178 | |||
179 | @noindent | ||
180 | A minimum GNS system consists of the following GNUnet processes (in | ||
181 | order of dependency): | ||
182 | |||
183 | @itemize @bullet | ||
184 | @item gnunet-service-arm | ||
185 | @item gnunet-service-resolver (required by all) | ||
186 | @item gnunet-service-statistics (required by all) | ||
187 | @item gnunet-service-peerinfo | ||
188 | @item gnunet-service-transport (requires peerinfo) | ||
189 | @item gnunet-service-core (requires transport) | ||
190 | @item gnunet-daemon-hostlist (requires core) | ||
191 | @item gnunet-service-dht (requires core) | ||
192 | @item gnunet-service-mesh (requires dht, core) | ||
193 | @item gnunet-service-dns (requires dht) | ||
194 | @item gnunet-service-regex (requires dht) | ||
195 | @item gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
196 | @item gnunet-service-identity | ||
197 | @item gnunet-service-namestore (requires identity) | ||
198 | @item gnunet-service-gns (requires vpn, dns, dht, namestore, identity) | ||
199 | @end itemize | ||
200 | |||
201 | @node Pre-installation notes | ||
202 | @section Pre-installation notes | ||
203 | |||
204 | Please note that in the code instructions for the installation, | ||
205 | @emph{#} indicates commands run as privileged root user and | ||
206 | @emph{$} shows commands run as unprivileged ("normal") system user. | ||
207 | |||
208 | |||
209 | @node Generic installation instructions | ||
210 | @section Generic installation instructions | ||
211 | |||
212 | First, in addition to the GNUnet sources you might require downloading the | ||
213 | latest version of various dependencies, depending on how recent the | ||
214 | software versions in your distribution of GNU/Linux are. | ||
215 | Most distributions do not include sufficiently recent versions of these | ||
216 | dependencies. | ||
217 | Thus, a typically installation on a "modern" GNU/Linux distribution | ||
218 | requires you to install the following dependencies (ideally in this | ||
219 | order): | ||
220 | |||
221 | @itemize @bullet | ||
222 | @item libgpgerror and libgcrypt | ||
223 | @item libnettle and libunbound (possibly from distribution), GnuTLS | ||
224 | @item libgnurl (read the README) | ||
225 | @item GNU libmicrohttpd | ||
226 | @item GNU libextractor | ||
227 | @end itemize | ||
228 | |||
229 | Make sure to first install the various mandatory and optional | ||
230 | dependencies including development headers from your distribution. | ||
231 | |||
232 | Other dependencies that you should strongly consider to install is a | ||
233 | database (MySQL, sqlite or Postgres). | ||
234 | The following instructions will assume that you installed at least sqlite. | ||
235 | For most distributions you should be able to find pre-build packages for | ||
236 | the database. Again, make sure to install the client libraries @b{and} the | ||
237 | respective development headers (if they are packaged separately) as well. | ||
238 | |||
239 | You can find specific, detailed instructions for installing of the | ||
240 | dependencies (and possibly the rest of the GNUnet installation) in the | ||
241 | platform-specific descriptions, which can be found in the Index. | ||
242 | Please consult them now. | ||
243 | If your distribution is not listed, please study | ||
244 | @ref{Build instructions for Debian 8}, the build instructions for | ||
245 | Debian stable, carefully as you try to install the dependencies for your | ||
246 | own distribution. | ||
247 | Contributing additional instructions for further platforms is always | ||
248 | appreciated. | ||
249 | Please take in mind that operating system development tends to move at | ||
250 | a rather fast speed. Due to this you should be aware that some of | ||
251 | the instructions could be outdated by the time you are reading this. | ||
252 | If you find a mistake, please tell us about it (or even better: send | ||
253 | a patch to the documentation to fix it!). | ||
254 | |||
255 | Before proceeding further, please double-check the dependency list. | ||
256 | Note that in addition to satisfying the dependencies, you might have to | ||
257 | make sure that development headers for the various libraries are also | ||
258 | installed. | ||
259 | There maybe files for other distributions, or you might be able to find | ||
260 | equivalent packages for your distribution. | ||
261 | |||
262 | While it is possible to build and install GNUnet without having root | ||
263 | access, we will assume that you have full control over your system in | ||
264 | these instructions. | ||
265 | First, you should create a system user @emph{gnunet} and an additional | ||
266 | group @emph{gnunetdns}. On the GNU/Linux distributions Debian and Ubuntu, | ||
267 | type: | ||
268 | |||
269 | @example | ||
270 | # adduser --system --home /var/lib/gnunet --group \ | ||
271 | --disabled-password gnunet | ||
272 | # addgroup --system gnunetdns | ||
273 | @end example | ||
274 | |||
275 | @noindent | ||
276 | On other Unixes and GNU systems, this should have the same effect: | ||
277 | |||
278 | @example | ||
279 | # useradd --system --groups gnunet --home-dir /var/lib/gnunet | ||
280 | # addgroup --system gnunetdns | ||
281 | @end example | ||
282 | |||
283 | Now compile and install GNUnet using: | ||
284 | |||
285 | @example | ||
286 | $ tar xvf gnunet-@value{VERSION}.tar.gz | ||
287 | $ cd gnunet-@value{VERSION} | ||
288 | $ ./configure --with-sudo=sudo --with-nssdir=/lib | ||
289 | $ make | ||
290 | $ sudo make install | ||
291 | @end example | ||
292 | |||
293 | If you want to be able to enable DEBUG-level log messages, add | ||
294 | @code{--enable-logging=verbose} to the end of the | ||
295 | @command{./configure} command. | ||
296 | @code{DEBUG}-level log messages are in English only and | ||
297 | should only be useful for developers (or for filing | ||
298 | really detailed bug reports). | ||
299 | |||
300 | Finally, you probably want to compile @command{gnunet-gtk}, which | ||
301 | includes @command{gnunet-setup} (a graphical tool for | ||
302 | GNUnet configuration) and @command{gnunet-fs-gtk} (a graphical tool for | ||
303 | GNUnet file-sharing): | ||
304 | |||
305 | @example | ||
306 | $ tar xvf gnunet-gtk-@value{VERSION}.tar.gz | ||
307 | $ cd gnunet-gtk-@value{VERSION} | ||
308 | $ ./configure --with-gnunet=/usr/local/ | ||
309 | $ make | ||
310 | $ sudo make install | ||
311 | $ cd .. | ||
312 | # just to be safe run this: | ||
313 | $ sudo ldconfig | ||
314 | @end example | ||
315 | |||
316 | @noindent | ||
317 | Next, edit the file @file{/etc/gnunet.conf} to contain the following: | ||
318 | |||
319 | @example | ||
320 | [arm] | ||
321 | SYSTEM_ONLY = YES | ||
322 | USER_ONLY = NO | ||
323 | @end example | ||
324 | |||
325 | @noindent | ||
326 | You may need to update your @code{ld.so} cache to include | ||
327 | files installed in @file{/usr/local/lib}: | ||
328 | |||
329 | @example | ||
330 | # ldconfig | ||
331 | @end example | ||
332 | |||
333 | @noindent | ||
334 | Then, switch from user @code{root} to user @code{gnunet} to start | ||
335 | the peer: | ||
336 | |||
337 | @example | ||
338 | # su -s /bin/sh - gnunet | ||
339 | $ gnunet-arm -c /etc/gnunet.conf -s | ||
340 | @end example | ||
341 | |||
342 | You may also want to add the last line in the gnunet user's @file{crontab} | ||
343 | prefixed with @code{@@reboot} so that it is executed whenever the system | ||
344 | is booted: | ||
345 | |||
346 | @example | ||
347 | @@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s | ||
348 | @end example | ||
349 | |||
350 | @noindent | ||
351 | This will only start the system-wide GNUnet services. | ||
352 | Type exit to get back your root shell. | ||
353 | Now, you need to configure the per-user part. For each | ||
354 | $USER that should get access to GNUnet on the system, run: | ||
355 | |||
356 | @example | ||
357 | # adduser $USER gnunet | ||
358 | @end example | ||
359 | |||
360 | @noindent | ||
361 | to allow them to access the system-wide GNUnet services. Then, each | ||
362 | user should create a configuration file @file{~/.config/gnunet.conf} | ||
363 | with the lines: | ||
364 | |||
365 | @example | ||
366 | [arm] | ||
367 | SYSTEM_ONLY = NO | ||
368 | USER_ONLY = YES | ||
369 | DEFAULTSERVICES = gns | ||
370 | @end example | ||
371 | |||
372 | @noindent | ||
373 | and start the per-user services using | ||
374 | |||
375 | @example | ||
376 | $ gnunet-arm -c ~/.config/gnunet.conf -s | ||
377 | @end example | ||
378 | |||
379 | @noindent | ||
380 | Again, adding a @code{crontab} entry to autostart the peer is advised: | ||
381 | |||
382 | @example | ||
383 | @@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s | ||
384 | @end example | ||
385 | |||
386 | @noindent | ||
387 | Note that some GNUnet services (such as SOCKS5 proxies) may need a | ||
388 | system-wide TCP port for each user. | ||
389 | For those services, systems with more than one user may require each user | ||
390 | to specify a different port number in their personal configuration file. | ||
391 | |||
392 | Finally, the user should perform the basic initial setup for the GNU Name | ||
393 | System (GNS) certificate authority. This is done by running: | ||
394 | |||
395 | @example | ||
396 | $ gnunet-gns-proxy-setup-ca | ||
397 | @end example | ||
398 | |||
399 | @noindent | ||
400 | The first generates the default zones, wheras the second setups the GNS | ||
401 | Certificate Authority with the user's browser. Now, to activate GNS in the | ||
402 | normal DNS resolution process, you need to edit your | ||
403 | @file{/etc/nsswitch.conf} where you should find a line like this: | ||
404 | |||
405 | @example | ||
406 | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
407 | @end example | ||
408 | |||
409 | @noindent | ||
410 | The exact details may differ a bit, which is fine. Add the text | ||
411 | @emph{"gns [NOTFOUND=return]"} after @emph{"files"}. | ||
412 | Keep in mind that we included a backslash ("\") here just for | ||
413 | markup reasons. You should write the text below on @b{one line} | ||
414 | and @b{without} the "\": | ||
415 | |||
416 | @example | ||
417 | hosts: files gns [NOTFOUND=return] mdns4_minimal \ | ||
418 | [NOTFOUND=return] dns mdns4 | ||
419 | @end example | ||
420 | |||
421 | @c FIXME: Document new behavior. | ||
422 | You might want to make sure that @file{/lib/libnss_gns.so.2} exists on | ||
423 | your system, it should have been created during the installation. | ||
424 | |||
425 | @node Build instructions for Ubuntu 12.04 using Git | ||
426 | @section Build instructions for Ubuntu 12.04 using Git | ||
427 | |||
428 | @menu | ||
429 | * Install the required build tools:: | ||
430 | * Install libgcrypt 1.6 and libgpg-error:: | ||
431 | * Install gnutls with DANE support:: | ||
432 | * Install libgnurl:: | ||
433 | * Install libmicrohttpd from Git:: | ||
434 | * Install libextractor from Git:: | ||
435 | * Install GNUnet dependencies:: | ||
436 | * Build GNUnet:: | ||
437 | * Install the GNUnet-gtk user interface from Git:: | ||
438 | @end menu | ||
439 | |||
440 | @node Install the required build tools | ||
441 | @subsection Install the required build tools | ||
442 | |||
443 | First, make sure Git is installed on your system: | ||
444 | |||
445 | @example | ||
446 | $ sudo apt-get install git | ||
447 | @end example | ||
448 | |||
449 | Install the essential buildtools: | ||
450 | |||
451 | @example | ||
452 | $ sudo apt-get install automake autopoint autoconf libtool | ||
453 | @end example | ||
454 | |||
455 | @node Install libgcrypt 1.6 and libgpg-error | ||
456 | @subsection Install libgcrypt 1.6 and libgpg-error | ||
457 | |||
458 | @ref{generic source installation - libgpg-error} | ||
459 | |||
460 | @node Install gnutls with DANE support | ||
461 | @subsection Install gnutls with DANE support | ||
462 | |||
463 | @itemize @bullet | ||
464 | @item @ref{generic source installation - nettle} | ||
465 | @item @ref{generic source installation - ldns} | ||
466 | @item @ref{generic source installation - libunbound/unbound} | ||
467 | @item @ref{generic source installation - gnutls} | ||
468 | @item @ref{generic source installation - libgcrypt} | ||
469 | @end itemize | ||
470 | |||
471 | @node Install libgnurl | ||
472 | @subsection Install libgnurl | ||
473 | |||
474 | Follow the @ref{generic source installation - libgnurl}. | ||
475 | |||
476 | @node Install libmicrohttpd from Git | ||
477 | @subsection Install libmicrohttpd from Git | ||
478 | |||
479 | @example | ||
480 | $ git clone https://gnunet.org/git/libmicrohttpd | ||
481 | $ cd libmicrohttpd/ | ||
482 | $ ./bootstrap | ||
483 | $ ./configure | ||
484 | $ sudo make install ; cd .. | ||
485 | @end example | ||
486 | |||
487 | @node Install libextractor from Git | ||
488 | @subsection Install libextractor from Git | ||
489 | |||
490 | Install libextractor dependencies: | ||
491 | |||
492 | @example | ||
493 | $ sudo apt-get install zlib1g-dev libgsf-1-dev libmpeg2-4-dev \ | ||
494 | libpoppler-dev libvorbis-dev libexiv2-dev libjpeg-dev \ | ||
495 | libtiff-dev libgif-dev libvorbis-dev libflac-dev libsmf-dev \ | ||
496 | g++ | ||
497 | @end example | ||
498 | |||
499 | Build libextractor: | ||
500 | |||
501 | @example | ||
502 | $ git clone https://gnunet.org/git/libextractor | ||
503 | $ cd libextractor | ||
504 | $ ./bootstrap | ||
505 | $ ./configure | ||
506 | $ sudo make install ; cd .. | ||
507 | @end example | ||
508 | |||
509 | @node Install GNUnet dependencies | ||
510 | @subsection Install GNUnet dependencies | ||
511 | |||
512 | @example | ||
513 | $ sudo apt-get install libidn11-dev libunistring-dev libglpk-dev \ | ||
514 | libpulse-dev libbluetooth-dev libsqlite-dev | ||
515 | @end example | ||
516 | |||
517 | Install libopus: | ||
518 | |||
519 | @example | ||
520 | $ wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz | ||
521 | $ tar xf opus-1.1.tar.gz | ||
522 | $ cd opus-1.1/ | ||
523 | $ ./configure | ||
524 | $ sudo make install ; cd .. | ||
525 | @end example | ||
526 | |||
527 | Choose one or more database backends: | ||
528 | |||
529 | SQLite3: | ||
530 | @example | ||
531 | $ sudo apt-get install libsqlite3-dev | ||
532 | @end example | ||
533 | MySQL: | ||
534 | @example | ||
535 | $ sudo apt-get install libmysqlclient-dev | ||
536 | @end example | ||
537 | PostgreSQL: | ||
538 | @example | ||
539 | $ sudo apt-get install libpq-dev postgresql | ||
540 | @end example | ||
541 | |||
542 | |||
543 | |||
544 | @node Build GNUnet | ||
545 | @subsection Build GNUnet | ||
546 | |||
547 | |||
548 | |||
549 | @menu | ||
550 | * Configuring the installation path:: | ||
551 | * Configuring the system:: | ||
552 | * Installing components requiring sudo permission:: | ||
553 | * Build:: | ||
554 | @end menu | ||
555 | |||
556 | @node Configuring the installation path | ||
557 | @subsubsection Configuring the installation path | ||
558 | |||
559 | You can specify the location of the GNUnet installation by setting the | ||
560 | prefix when calling the configure script with @code{--prefix=DIRECTORY} | ||
561 | |||
562 | @example | ||
563 | $ export PATH=$PATH:DIRECTORY/bin | ||
564 | @end example | ||
565 | |||
566 | @node Configuring the system | ||
567 | @subsubsection Configuring the system | ||
568 | |||
569 | Please make sure NOW that you have created a user and group 'gnunet' | ||
570 | and additionally a group 'gnunetdns': | ||
571 | |||
572 | @example | ||
573 | $ sudo addgroup gnunet | ||
574 | $ sudo addgroup gnunetdns | ||
575 | $ sudo adduser gnunet | ||
576 | @end example | ||
577 | |||
578 | Each GNUnet user should be added to the 'gnunet' group (may | ||
579 | require fresh login to come into effect): | ||
580 | |||
581 | @example | ||
582 | $ sudo useradd -G gnunet | ||
583 | @end example | ||
584 | |||
585 | @node Installing components requiring sudo permission | ||
586 | @subsubsection Installing components requiring sudo permission | ||
587 | |||
588 | Some components, like the nss plugin required for GNS, may require root | ||
589 | permissions. To allow these few components to be installed use: | ||
590 | |||
591 | @example | ||
592 | $ ./configure --with-sudo | ||
593 | @end example | ||
594 | |||
595 | @node Build | ||
596 | @subsubsection Build | ||
597 | |||
598 | @example | ||
599 | $ git clone https://gnunet.org/git/gnunet/ | ||
600 | $ cd gnunet/ | ||
601 | $ ./bootstrap | ||
602 | @end example | ||
603 | |||
604 | Use the required configure call including the optional installation prefix | ||
605 | @code{PREFIX} or the sudo permissions: | ||
606 | |||
607 | @example | ||
608 | $ ./configure [ --with-sudo | --with-prefix=PREFIX ] | ||
609 | @end example | ||
610 | |||
611 | @example | ||
612 | $ make; sudo make install | ||
613 | @end example | ||
614 | |||
615 | After installing it, you need to create an empty configuration file: | ||
616 | |||
617 | @example | ||
618 | mkdir ~/.gnunet; touch ~/.gnunet/gnunet.conf | ||
619 | @end example | ||
620 | |||
621 | And finally you can start GNUnet with: | ||
622 | |||
623 | @example | ||
624 | $ gnunet-arm -s | ||
625 | @end example | ||
626 | |||
627 | @node Install the GNUnet-gtk user interface from Git | ||
628 | @subsection Install the GNUnet-gtk user interface from Git | ||
629 | |||
630 | |||
631 | Install depencies: | ||
632 | |||
633 | @example | ||
634 | $ sudo apt-get install libgtk-3-dev libunique-3.0-dev libgladeui-dev \ | ||
635 | libqrencode-dev | ||
636 | @end example | ||
637 | |||
638 | Build GNUnet (with an optional prefix) and execute: | ||
639 | |||
640 | @example | ||
641 | $ git clone https://gnunet.org/git/gnunet-gtk/ | ||
642 | $ cd gnunet-gtk/ | ||
643 | $ ./bootstrap | ||
644 | $ ./configure [--prefix=PREFIX] --with-gnunet=DIRECTORY | ||
645 | $ make; sudo make install | ||
646 | @end example | ||
647 | |||
648 | @node Build instructions for software builds from source | ||
649 | @section Build instructions for software builds from source | ||
650 | |||
651 | This section describes software builds in case your operating | ||
652 | system lacks binary substitutes / binary builds for some dependencies | ||
653 | of GNUnet. | ||
654 | It is assumed that you have installed common build dependencies | ||
655 | and that these instructions are treated as generic without any | ||
656 | debugging help. | ||
657 | It is furthermore assumed that you use the release tarballs of | ||
658 | the software, installation from the respective version control | ||
659 | sources might differ in ways that are only minimal different | ||
660 | (for example a dependency on autotools etc). | ||
661 | |||
662 | @menu | ||
663 | * generic source installation - nettle:: | ||
664 | * generic source installation - ldns:: | ||
665 | * generic source installation - libunbound/unbound:: | ||
666 | * generic source installation - libav:: | ||
667 | * generic source installation - libextractor:: | ||
668 | * generic source installation - libgpg-error:: | ||
669 | * generic source installation - libgcrypt:: | ||
670 | * generic source installation - gnutls:: | ||
671 | * generic source installation - libmicrohttpd:: | ||
672 | * generic source installation - libgnurl:: | ||
673 | @end menu | ||
674 | |||
675 | @node generic source installation - nettle | ||
676 | @subsection generic source installation - nettle | ||
677 | |||
678 | @example | ||
679 | $ wget http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz | ||
680 | $ tar xf nettle-2.7.1.tar.gz | ||
681 | $ cd nettle-2.7.1 | ||
682 | $ ./configure | ||
683 | $ sudo make install ; cd .. | ||
684 | @end example | ||
685 | |||
686 | @node generic source installation - ldns | ||
687 | @subsection generic source installation - ldns | ||
688 | |||
689 | @example | ||
690 | $ wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz | ||
691 | $ tar xf ldns-1.6.16.tar.gz | ||
692 | $ cd ldns-1.6.16 | ||
693 | $ ./configure | ||
694 | $ sudo make install ; cd .. | ||
695 | @end example | ||
696 | |||
697 | @node generic source installation - libunbound/unbound | ||
698 | @subsection generic source installation - libunbound/unbound | ||
699 | |||
700 | @example | ||
701 | $ wget https://unbound.net/downloads/unbound-1.4.21.tar.gz | ||
702 | $ tar xf unbound-1.4.21.tar.gz | ||
703 | $ cd unbound-1.4.21 | ||
704 | $ ./configure | ||
705 | $ sudo make install ; cd .. | ||
706 | @end example | ||
707 | |||
708 | @node generic source installation - libav | ||
709 | @subsection generic source installation - libav | ||
710 | |||
711 | @example | ||
712 | $ wget https://libav.org/releases/libav-9.10.tar.xz | ||
713 | $ cd libav-0.9 ; ./configure --enable-shared; | ||
714 | $ make; sudo make install; cd .. | ||
715 | @end example | ||
716 | |||
717 | @node generic source installation - libextractor | ||
718 | @subsection generic source installation - libextractor | ||
719 | |||
720 | @example | ||
721 | $ wget https://ftp.gnu.org/gnu/libextractor/libextractor-1.3.tar.gz | ||
722 | $ tar xvf libextractor-1.3.tar.gz | ||
723 | $ cd libextractor-1.3 ; ./configure; | ||
724 | $ make ; sudo make install; cd .. | ||
725 | @end example | ||
726 | |||
727 | @node generic source installation - libgpg-error | ||
728 | @subsection generic source installation - libgpg-error | ||
729 | |||
730 | @example | ||
731 | $ wget https://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2 | ||
732 | $ tar xvf libgpg-error-1.12.tar.bz2 | ||
733 | $ cd libgpg-error-1.12; ./configure; | ||
734 | $ make ; sudo make install; cd .. | ||
735 | @end example | ||
736 | |||
737 | @node generic source installation - libgcrypt | ||
738 | @subsection generic source installation - libgcrypt | ||
739 | @example | ||
740 | $ wget https://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2 | ||
741 | $ tar xvf libgcrypt-1.6.0.tar.bz2 | ||
742 | $ cd libgcrypt-1.6.0; ./configure --with-gpg-error-prefix=/usr/local; | ||
743 | $ make ; sudo make install ; cd .. | ||
744 | @end example | ||
745 | |||
746 | @node generic source installation - gnutls | ||
747 | @subsection generic source installation - gnutls | ||
748 | |||
749 | @example | ||
750 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz | ||
751 | $ tar xvf gnutls-3.2.7.tar.xz | ||
752 | $ cd gnutls-3.2.7 | ||
753 | @end example | ||
754 | |||
755 | @noindent | ||
756 | If you want a GnuTLS with DANE functionality (recommended for GNUnet), | ||
757 | you have to compile it against libunbound. Assuming that libunbound | ||
758 | is installed on your system: | ||
759 | |||
760 | @example | ||
761 | $ ./configure --enable-libdane | ||
762 | @end example | ||
763 | |||
764 | @noindent | ||
765 | Note that the build system of GnuTLS should pick up libunbound without | ||
766 | the explicit mention of @code{--enable-libdane}. | ||
767 | If you don't want libdane support you should pass @code{--disable-libdane} | ||
768 | instead. | ||
769 | |||
770 | @example | ||
771 | $ ./configure | ||
772 | $ make ; sudo make install ; cd .. | ||
773 | @end example | ||
774 | |||
775 | @node generic source installation - libmicrohttpd | ||
776 | @subsection generic source installation - libmicrohttpd | ||
777 | |||
778 | @example | ||
779 | $ wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.33.tar.gz | ||
780 | $ tar xvf libmicrohttpd-0.9.33.tar.gz | ||
781 | $ cd libmicrohttpd-0.9.33; ./configure; | ||
782 | $ make ; sudo make install ; cd .. | ||
783 | @end example | ||
784 | |||
785 | @node generic source installation - libgnurl | ||
786 | @subsection generic source installation - libgnurl | ||
787 | |||
788 | Example installation of libgnurl version 7.57.0 from source. | ||
789 | |||
790 | @example | ||
791 | $ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz | ||
792 | $ wget https://ftp.gnu.org/gnu/gnunet/gnurl-7.57.0.tar.xz.sig | ||
793 | $ gpg --verify gnurl-7.57.0.tar.xz.sig | ||
794 | @end example | ||
795 | |||
796 | @noindent | ||
797 | If that command fails because you do not have the required public key, | ||
798 | then run this command to import it: | ||
799 | |||
800 | @example | ||
801 | $ gpg --keyserver pgp.mit.edu --recv-keys A88C8ADD129828D7EAC02E52E22F9BBFEE348588 | ||
802 | @end example | ||
803 | |||
804 | @noindent | ||
805 | and rerun the gpg --verify command. | ||
806 | |||
807 | @example | ||
808 | $ tar xvf gnurl-7.57.0.tar.xz | ||
809 | $ cd gnurl-7.57.0 | ||
810 | $ ./configure --disable-ntlm-wb | ||
811 | $ make ; sudo make install; cd .. | ||
812 | @end example | ||
813 | |||
814 | You have now build and installed libgnurl from source. | ||
815 | |||
816 | @menu | ||
817 | * Fixing libgnurl build issues:: | ||
818 | @end menu | ||
819 | |||
820 | @node Fixing libgnurl build issues | ||
821 | @subsubsection Fixing libgnurl build issues | ||
822 | |||
823 | @c FIXME: Obviously this subsection should be evaluated and | ||
824 | @c if still necessary moved into gnURL itself (README) or | ||
825 | @c into a separate section which deals with gnURL. | ||
826 | If you have to compile libgnurl from source (for example if the version | ||
827 | included in your distribution is too old or it's not included at all) | ||
828 | you perhaps might get an error message while running the | ||
829 | @command{configure} script: | ||
830 | |||
831 | @example | ||
832 | $ configure | ||
833 | ... | ||
834 | checking for 64-bit curl_off_t data type... unknown | ||
835 | checking for 32-bit curl_off_t data type... unknown | ||
836 | checking for 16-bit curl_off_t data type... unknown | ||
837 | configure: error: cannot find data type for curl_off_t. | ||
838 | @end example | ||
839 | |||
840 | @noindent | ||
841 | Solution: | ||
842 | |||
843 | Before running the @command{configure} script, set: | ||
844 | |||
845 | @example | ||
846 | CFLAGS="-I. -I$BUILD_ROOT/include" | ||
847 | @end example | ||
848 | |||
849 | @node Build Instructions for Microsoft Windows Platforms | ||
850 | @section Build Instructions for Microsoft Windows Platforms | ||
851 | |||
852 | @menu | ||
853 | * Introduction to building on MS Windows:: | ||
854 | * Requirements:: | ||
855 | * Dependencies & Initial Setup:: | ||
856 | * GNUnet Installation:: | ||
857 | * Adjusting Windows for running and testing GNUnet:: | ||
858 | * Building the GNUnet Installer:: | ||
859 | * Using GNUnet with Netbeans on Windows:: | ||
860 | @end menu | ||
861 | |||
862 | @node Introduction to building on MS Windows | ||
863 | @subsection Introduction to building on MS Windows | ||
864 | |||
865 | |||
866 | This document is a guide to building GNUnet and its dependencies on | ||
867 | Windows platforms. GNUnet development is mostly done under GNU/Linux and | ||
868 | especially git checkouts may not build out of the box. | ||
869 | We regret any inconvenience, and if you have problems, please report | ||
870 | them. | ||
871 | |||
872 | @node Requirements | ||
873 | @subsection Requirements | ||
874 | |||
875 | The Howto is based upon a @strong{Windows Server 2008 32bit} | ||
876 | @strong{Installation}, @strong{sbuild} and thus a | ||
877 | @uref{http://www.mingw.org/wiki/MSYS, MSYS+MinGW} | ||
878 | (W32-GCC-Compiler-Suite + Unix-like Userland) installation. sbuild | ||
879 | is a convenient set of scripts which creates a working msys/mingw | ||
880 | installation and installs most dependencies required for GNUnet. | ||
881 | |||
882 | As of the point of the creation of these instructions, | ||
883 | GNUnet @strong{requires} a Windows @strong{Server} 2003 or | ||
884 | newer for full feature support. | ||
885 | Windows Vista and later will also work, but | ||
886 | @strong{non-server version can not run a VPN-Exit-Node} as the NAT | ||
887 | features have been removed as of Windows Vista. | ||
888 | |||
889 | @c TODO: We should document Windows 10! | ||
890 | @c It seems like the situation hasn't changed with W10 | ||
891 | |||
892 | @node Dependencies & Initial Setup | ||
893 | @subsection Dependencies & Initial Setup | ||
894 | |||
895 | |||
896 | @itemize @bullet | ||
897 | |||
898 | @item | ||
899 | Install a fresh version of @strong{Python 2.x}, even if you are using a | ||
900 | x64-OS, install a 32-bit version for use with sbuild. | ||
901 | Python 3.0 is currently incompatible. | ||
902 | |||
903 | @item | ||
904 | Install your favorite @uref{http://code.google.com/p/tortoisegit/, git} & | ||
905 | @uref{http://tortoisesvn.net/, subversion}-clients. | ||
906 | |||
907 | @item | ||
908 | You will also need some archive-manager like | ||
909 | @uref{http://www.7-zip.org/, 7zip}. | ||
910 | |||
911 | @item | ||
912 | Pull a copy of sbuild to a directory of your choice, which will be used | ||
913 | in the remainder of this guide. For now, we will use | ||
914 | @file{c:\gnunet\sbuild\} | ||
915 | |||
916 | @item | ||
917 | in @file{sbuild\src\mingw\mingw32-buildall.sh}, comment out the packages | ||
918 | @strong{gnunet-svn} and @strong{gnunet-gtk-svn}, as we don't want sbuild | ||
919 | to compile/install those for us. | ||
920 | |||
921 | @item | ||
922 | Follow LRN's sbuild installation instructions.- | ||
923 | @end itemize | ||
924 | |||
925 | Please note that sbuild may (or will most likely) fail during | ||
926 | installation, thus you really HAVE to @strong{check the logfiles} created | ||
927 | during the installation process. | ||
928 | Certain packages may fail to build initially due to missing dependencies, | ||
929 | thus you may have to | ||
930 | @strong{substitute those with binary-versions initially}. Later on once | ||
931 | dependencies are satisfied you can re-build the newer package versions. | ||
932 | |||
933 | @strong{It is normal that you may have to repeat this step multiple times | ||
934 | and there is no uniform way to fix all compile-time issues, as the | ||
935 | build-process of many of the dependencies installed are rather unstable | ||
936 | on win32 and certain releases may not even compile at all.} | ||
937 | |||
938 | Most dependencies for GNUnet have been set up by sbuild, thus we now | ||
939 | should add the @file{bin/} directories in your new msys and mingw | ||
940 | installations to PATH. You will want to create a backup of your finished | ||
941 | msys-environment by now. | ||
942 | |||
943 | @node GNUnet Installation | ||
944 | @subsection GNUnet Installation | ||
945 | |||
946 | First, we need to launch our msys-shell, you can do this via | ||
947 | |||
948 | @file{C:\gnunet\sbuild\msys\msys.bat} | ||
949 | |||
950 | You might wish to take a look at this file and adjust some | ||
951 | login-parameters to your msys environment. | ||
952 | |||
953 | Also, sbuild added two pointpoints to your msys-environment, though those | ||
954 | might remain invisible: | ||
955 | |||
956 | @itemize @bullet | ||
957 | |||
958 | @item | ||
959 | /mingw, which will mount your mingw-directory from sbuild/mingw and the | ||
960 | other one is | ||
961 | |||
962 | @item | ||
963 | /src which contains all the installation sources sbuild just compiled. | ||
964 | @end itemize | ||
965 | |||
966 | Check out the current GNUnet sources (git HEAD) from the | ||
967 | GNUnet repository "gnunet.git", we will do this in your home directory: | ||
968 | |||
969 | @code{git clone https://gnunet.org/git/gnunet/ ~/gnunet} | ||
970 | |||
971 | Now, we will first need to bootstrap the checked out installation and then | ||
972 | configure it accordingly. | ||
973 | |||
974 | @example | ||
975 | cd ~/gnunet | ||
976 | ./bootstrap | ||
977 | STRIP=true CPPFLAGS="-DUSE_IPV6=1 -DW32_VEH" CFLAGS="$CFLAGS -g -O2" \ | ||
978 | ./configure --prefix=/ --docdir=/share/doc/gnunet \ | ||
979 | --with-libiconv-prefix=/mingw --with-libintl-prefix=/mingw \ | ||
980 | --with-libcurl=/mingw --with-extractor=/mingw --with-sqlite=/mingw \ | ||
981 | --with-microhttpd=/mingw --with-plibc=/mingw --enable-benchmarks \ | ||
982 | --enable-expensivetests --enable-experimental --with-qrencode=/mingw \ | ||
983 | --enable-silent-rules --enable-experimental 2>&1 | tee -a ./configure.log | ||
984 | @end example | ||
985 | |||
986 | The parameters above will configure for a reasonable GNUnet installation | ||
987 | to the your msys-root directory. | ||
988 | Depending on which features your would like to build or you may need to | ||
989 | specify additional dependencies. Sbuild installed most libs into | ||
990 | the /mingw subdirectory, so remember to prefix library locations with | ||
991 | this path. | ||
992 | |||
993 | Like on a unixoid system, you might want to use your home directory as | ||
994 | prefix for your own GNUnet installation for development, without tainting | ||
995 | the buildenvironment. Just change the "prefix" parameter to point towards | ||
996 | ~/ in this case. | ||
997 | |||
998 | Now it's time to compile GNUnet as usual. Though this will take some time, | ||
999 | so you may fetch yourself a coffee or some Mate now... | ||
1000 | |||
1001 | @example | ||
1002 | make ; make install | ||
1003 | @end example | ||
1004 | |||
1005 | @node Adjusting Windows for running and testing GNUnet | ||
1006 | @subsection Adjusting Windows for running and testing GNUnet | ||
1007 | |||
1008 | Assuming the build succeeded and you | ||
1009 | @strong{added the bin directory of your GNUnet to PATH}, you can now use | ||
1010 | your gnunet-installation as usual. | ||
1011 | Remember that UAC or the windows firewall may popup initially, blocking | ||
1012 | further execution of gnunet until you acknowledge them. | ||
1013 | |||
1014 | You will also have to take the usual steps to get peer-to-peer (p2p) | ||
1015 | software running properly (port forwarding, ...), | ||
1016 | and GNUnet will require administrative permissions as it may even | ||
1017 | install a device-driver (in case you are using gnunet-vpn and/or | ||
1018 | gnunet-exit). | ||
1019 | |||
1020 | @node Building the GNUnet Installer | ||
1021 | @subsection Building the GNUnet Installer | ||
1022 | |||
1023 | The GNUnet installer is made with | ||
1024 | @uref{http://nsis.sourceforge.net/, NSIS}. | ||
1025 | The installer script is located in @file{contrib\win} in the | ||
1026 | GNUnet source tree. | ||
1027 | |||
1028 | @node Using GNUnet with Netbeans on Windows | ||
1029 | @subsection Using GNUnet with Netbeans on Windows | ||
1030 | |||
1031 | TODO | ||
1032 | |||
1033 | @node Build instructions for Debian 7.5 | ||
1034 | @section Build instructions for Debian 7.5 | ||
1035 | |||
1036 | |||
1037 | These are the installation instructions for Debian 7.5. They were tested | ||
1038 | using a minimal, fresh Debian 7.5 AMD64 installation without non-free | ||
1039 | software (no contrib or non-free). | ||
1040 | By "minimal", we mean that during installation, we did not select any | ||
1041 | desktop environment, servers or system utilities during the "tasksel" | ||
1042 | step. Note that the packages and the dependencies that we will install | ||
1043 | during this chapter take about 1.5 GB of disk space. | ||
1044 | Combined with GNUnet and space for objects during compilation, you should | ||
1045 | not even attempt this unless you have about 2.5 GB free after the minimal | ||
1046 | Debian installation. | ||
1047 | Using these instructions to build a VM image is likely to require a | ||
1048 | minimum of 4-5 GB for the VM (as you will likely also want a desktop | ||
1049 | manager). | ||
1050 | |||
1051 | GNUnet's security model assumes that your @file{/home} directory is | ||
1052 | encrypted. Thus, if possible, you should encrypt your home partition | ||
1053 | (or per-user home directory). | ||
1054 | |||
1055 | Naturally, the exact details of the starting state for your installation | ||
1056 | should not matter much. For example, if you selected any of those | ||
1057 | installation groups you might simply already have some of the necessary | ||
1058 | packages installed. | ||
1059 | We did this for testing, as this way we are less likely to forget to | ||
1060 | mention a required package. | ||
1061 | Note that we will not install a desktop environment, but of course you | ||
1062 | will need to install one to use GNUnet's graphical user interfaces. | ||
1063 | Thus, it is suggested that you simply install the desktop environment of | ||
1064 | your choice before beginning with the instructions. | ||
1065 | |||
1066 | |||
1067 | |||
1068 | @menu | ||
1069 | * Update:: | ||
1070 | * Stable? Hah!:: | ||
1071 | * Update again:: | ||
1072 | * Installing packages:: | ||
1073 | * Installing dependencies from source:: | ||
1074 | * Installing GNUnet from source:: | ||
1075 | * But wait there is more!:: | ||
1076 | @end menu | ||
1077 | |||
1078 | @node Update | ||
1079 | @subsection Update | ||
1080 | |||
1081 | After any installation, you should begin by running | ||
1082 | |||
1083 | @example | ||
1084 | # apt-get update ; apt-get upgrade | ||
1085 | @end example | ||
1086 | |||
1087 | to ensure that all of your packages are up-to-date. Note that the "#" is | ||
1088 | used to indicate that you need to type in this command as "root" | ||
1089 | (or prefix with "sudo"), whereas "$" is used to indicate typing in a | ||
1090 | command as a normal user. | ||
1091 | |||
1092 | @node Stable? Hah! | ||
1093 | @subsection Stable? Hah! | ||
1094 | |||
1095 | Yes, we said we start with a Debian 7.5 "stable" system. However, to | ||
1096 | reduce the amount of compilation by hand, we will begin by allowing the | ||
1097 | installation of packages from the testing and unstable distributions as | ||
1098 | well. | ||
1099 | We will stick to "stable" packages where possible, but some packages will | ||
1100 | be taken from the other distributions. | ||
1101 | Start by modifying @file{/etc/apt/sources.list} to contain the | ||
1102 | following (possibly adjusted to point to your mirror of choice): | ||
1103 | |||
1104 | @example | ||
1105 | # These were there before: | ||
1106 | deb http://ftp.de.debian.org/debian/ wheezy main | ||
1107 | deb-src http://ftp.de.debian.org/debian/ wheezy main | ||
1108 | deb http://security.debian.org/ wheezy/updates main | ||
1109 | deb-src http://security.debian.org/ wheezy/updates main | ||
1110 | deb http://ftp.de.debian.org/debian/ wheezy-updates main | ||
1111 | deb-src http://ftp.de.debian.org/debian/ wheezy-updates main | ||
1112 | |||
1113 | # Add these lines (feel free to adjust the mirror): | ||
1114 | deb http://ftp.de.debian.org/debian/ testing main | ||
1115 | deb http://ftp.de.debian.org/debian/ unstable main | ||
1116 | @end example | ||
1117 | |||
1118 | The next step is to create/edit your @file{/etc/apt/preferences} | ||
1119 | file to look like this: | ||
1120 | |||
1121 | @example | ||
1122 | Package: * | ||
1123 | Pin: release a=stable,n=wheezy | ||
1124 | Pin-Priority: 700 | ||
1125 | |||
1126 | Package: * | ||
1127 | Pin: release o=Debian,a=testing | ||
1128 | Pin-Priority: 650 | ||
1129 | |||
1130 | Package: * | ||
1131 | Pin: release o=Debian,a=unstable | ||
1132 | Pin-Priority: 600 | ||
1133 | @end example | ||
1134 | |||
1135 | You can read more about Apt Preferences here and here. | ||
1136 | Note that other pinnings are likely to also work for GNUnet, the key | ||
1137 | thing is that you need some packages from unstable (as shown below). | ||
1138 | However, as unstable is unlikely to be comprehensive (missing packages) | ||
1139 | or might be problematic (crashing packages), you probably want others | ||
1140 | from stable and/or testing. | ||
1141 | |||
1142 | @node Update again | ||
1143 | @subsection Update again | ||
1144 | |||
1145 | Now, run again@ | ||
1146 | |||
1147 | @example | ||
1148 | # apt-get update@ | ||
1149 | # apt-get upgrade@ | ||
1150 | @end example | ||
1151 | |||
1152 | to ensure that all your new distribution indices are downloaded, and | ||
1153 | that your pinning is correct: the upgrade step should cause no changes | ||
1154 | at all. | ||
1155 | |||
1156 | @node Installing packages | ||
1157 | @subsection Installing packages | ||
1158 | |||
1159 | We begin by installing a few Debian packages from stable:@ | ||
1160 | |||
1161 | @example | ||
1162 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
1163 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev \ | ||
1164 | texlive libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev \ | ||
1165 | libbz2-dev libexiv2-dev libflac-dev libgif-dev libglib2.0-dev \ | ||
1166 | libgtk-3-dev libmagic-dev libjpeg8-dev libmpeg2-4-dev libmp4v2-dev \ | ||
1167 | librpm-dev libsmf-dev libtidy-dev libtiff5-dev libvorbis-dev \ | ||
1168 | libogg-dev zlib1g-dev g++ gettext libgsf-1-dev libunbound-dev \ | ||
1169 | libqrencode-dev libgladeui-dev nasm texlive-latex-extra \ | ||
1170 | libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev | ||
1171 | @end example | ||
1172 | |||
1173 | After that, we install a few more packages from unstable:@ | ||
1174 | |||
1175 | @example | ||
1176 | # apt-get install -t unstable nettle-dev libgstreamer1.0-dev \ | ||
1177 | gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
1178 | libgstreamer-plugins-base1.0-dev | ||
1179 | @end example | ||
1180 | |||
1181 | @node Installing dependencies from source | ||
1182 | @subsection Installing dependencies from source | ||
1183 | |||
1184 | Next, we need to install a few dependencies from source. | ||
1185 | You might want to do this as a "normal" user and only run the | ||
1186 | @code{make install} steps as root (hence the @code{sudo} in the | ||
1187 | commands below). Also, you do this from any | ||
1188 | directory. We begin by downloading all dependencies, then extracting the | ||
1189 | sources, and finally compiling and installing the libraries. | ||
1190 | |||
1191 | For these steps, follow the instructions given in the | ||
1192 | installation from source instruction in this order: | ||
1193 | |||
1194 | @itemize @bullet | ||
1195 | @item @ref{generic source installation - libav} | ||
1196 | @item @ref{generic source installation - libextractor} | ||
1197 | @item @ref{generic source installation - libgpg-error} | ||
1198 | @item @ref{generic source installation - libgcrypt} | ||
1199 | @item @ref{generic source installation - gnutls} | ||
1200 | @item @ref{generic source installation - libmicrohttpd} | ||
1201 | @item @ref{generic source installation - libgnurl} | ||
1202 | @end itemize | ||
1203 | |||
1204 | @node Installing GNUnet from source | ||
1205 | @subsection Installing GNUnet from source | ||
1206 | |||
1207 | |||
1208 | For this, simply follow the generic installation instructions from | ||
1209 | here. | ||
1210 | |||
1211 | @node But wait there is more! | ||
1212 | @subsection But wait there is more! | ||
1213 | |||
1214 | So far, we installed all of the packages and dependencies required to | ||
1215 | ensure that all of GNUnet would be built. | ||
1216 | However, while for example the plugins to interact with the MySQL or | ||
1217 | Postgres databases have been created, we did not actually install or | ||
1218 | configure those databases. Thus, you will need to install | ||
1219 | and configure those databases or stick with the default Sqlite database. | ||
1220 | Sqlite is usually fine for most applications, but MySQL can offer better | ||
1221 | performance and Postgres better resillience. | ||
1222 | |||
1223 | |||
1224 | @node Installing GNUnet from Git on Ubuntu 14.4 | ||
1225 | @section Installing GNUnet from Git on Ubuntu 14.4 | ||
1226 | |||
1227 | @strong{Install the required build tools:} | ||
1228 | |||
1229 | @example | ||
1230 | $ sudo apt-get install git automake autopoint autoconf | ||
1231 | @end example | ||
1232 | |||
1233 | @strong{Install the required dependencies} | ||
1234 | |||
1235 | @example | ||
1236 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1237 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1238 | libmicrohttpd-dev libgnutls28-dev | ||
1239 | @end example | ||
1240 | |||
1241 | @strong{Choose one or more database backends} | ||
1242 | |||
1243 | @itemize @bullet | ||
1244 | |||
1245 | @item SQLite3: | ||
1246 | |||
1247 | @example | ||
1248 | $ sudo apt-get install libsqlite3-dev | ||
1249 | @end example | ||
1250 | |||
1251 | @item MySQL: | ||
1252 | |||
1253 | @example | ||
1254 | $ sudo apt-get install libmysqlclient-dev | ||
1255 | @end example | ||
1256 | |||
1257 | @item PostgreSQL: | ||
1258 | |||
1259 | @example | ||
1260 | $ sudo apt-get install libpq-dev postgresql | ||
1261 | @end example | ||
1262 | |||
1263 | @end itemize | ||
1264 | |||
1265 | @strong{Install the optional dependencies for gnunet-conversation:} | ||
1266 | |||
1267 | @example | ||
1268 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev | ||
1269 | @end example | ||
1270 | |||
1271 | @strong{Install the libgrypt 1.6.1:} | ||
1272 | |||
1273 | @itemize @bullet | ||
1274 | |||
1275 | @item For Ubuntu 14.04: | ||
1276 | |||
1277 | @example | ||
1278 | $ sudo apt-get install libgcrypt20-dev | ||
1279 | @end example | ||
1280 | |||
1281 | @item For Ubuntu older 14.04: | ||
1282 | |||
1283 | @example | ||
1284 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2 | ||
1285 | $ tar xf libgcrypt-1.6.1.tar.bz2 | ||
1286 | $ cd libgcrypt-1.6.1 | ||
1287 | $ ./configure | ||
1288 | $ sudo make install | ||
1289 | $ cd .. | ||
1290 | @end example | ||
1291 | |||
1292 | @end itemize | ||
1293 | |||
1294 | @strong{Install libgnurl} | ||
1295 | |||
1296 | @example | ||
1297 | $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2 | ||
1298 | $ tar xf gnurl-7.35.0.tar.bz2 | ||
1299 | $ cd gnurl-7.35.0 | ||
1300 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
1301 | --without-libmetalink --without-winidn --without-librtmp \ | ||
1302 | --without-nghttp2 --without-nss --without-cyassl --without-polarssl \ | ||
1303 | --without-ssl --without-winssl --without-darwinssl --disable-sspi \ | ||
1304 | --disable-ntlm-wb --disable-ldap --disable-rtsp --disable-dict \ | ||
1305 | --disable-telnet --disable-tftp --disable-pop3 --disable-imap \ | ||
1306 | --disable-smtp --disable-gopher --disable-file --disable-ftp | ||
1307 | $ sudo make install | ||
1308 | $ cd .. | ||
1309 | @end example | ||
1310 | |||
1311 | @strong{Install GNUnet} | ||
1312 | |||
1313 | @example | ||
1314 | $ git clone https://gnunet.org/git/gnunet/ | ||
1315 | $ cd gnunet/ | ||
1316 | $ ./bootstrap | ||
1317 | @end example | ||
1318 | |||
1319 | If you want to: | ||
1320 | |||
1321 | @itemize @bullet | ||
1322 | |||
1323 | @item Install to a different directory: | ||
1324 | |||
1325 | @example | ||
1326 | --prefix=PREFIX | ||
1327 | @end example | ||
1328 | |||
1329 | @item | ||
1330 | Have sudo permission, but do not want to compile as root: | ||
1331 | |||
1332 | @example | ||
1333 | --with-sudo | ||
1334 | @end example | ||
1335 | |||
1336 | @item | ||
1337 | Want debug message enabled: | ||
1338 | |||
1339 | @example | ||
1340 | --enable-logging=verbose | ||
1341 | @end example | ||
1342 | |||
1343 | @end itemize | ||
1344 | |||
1345 | |||
1346 | @example | ||
1347 | $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose] | ||
1348 | $ make; sudo make install | ||
1349 | @end example | ||
1350 | |||
1351 | After installing it, you need to create an empty configuration file: | ||
1352 | |||
1353 | @example | ||
1354 | touch ~/.config/gnunet.conf | ||
1355 | @end example | ||
1356 | |||
1357 | And finally you can start GNUnet with | ||
1358 | |||
1359 | @example | ||
1360 | $ gnunet-arm -s | ||
1361 | @end example | ||
1362 | |||
1363 | @node Build instructions for Debian 8 | ||
1364 | @section Build instructions for Debian 8 | ||
1365 | @c FIXME: I -> we | ||
1366 | |||
1367 | These are the installation instructions for Debian 8. They were tested | ||
1368 | sing a fresh Debian 8 AMD64 installation without non-free software (no | ||
1369 | contrib or non-free). During installation, I only selected "lxde" for the | ||
1370 | desktop environment. | ||
1371 | Note that the packages and the dependencies that we will install during | ||
1372 | this chapter take about 1.5 GB of disk space. Combined with GNUnet and | ||
1373 | space for objects during compilation, you should not even attempt this | ||
1374 | unless you have about 2.5 GB free after the Debian installation. | ||
1375 | Using these instructions to build a VM image is likely to require a | ||
1376 | minimum of 4-5 GB for the VM (as you will likely also want a desktop | ||
1377 | manager). | ||
1378 | |||
1379 | GNUnet's security model assumes that your @code{/home} directory is | ||
1380 | encrypted. | ||
1381 | Thus, if possible, you should encrypt your entire disk, or at least just | ||
1382 | your home partition (or per-user home directory). | ||
1383 | |||
1384 | Naturally, the exact details of the starting state for your installation | ||
1385 | should not matter much. | ||
1386 | For example, if you selected any of those installation groups you might | ||
1387 | simply already have some of the necessary packages installed. Thus, it is | ||
1388 | suggested that you simply install the desktop environment of your choice | ||
1389 | before beginning with the instructions. | ||
1390 | |||
1391 | |||
1392 | @menu | ||
1393 | * Update Debian:: | ||
1394 | * Installing Debian Packages:: | ||
1395 | * Installing Dependencies from Source2:: | ||
1396 | * Installing GNUnet from Source2:: | ||
1397 | * But wait (again) there is more!:: | ||
1398 | @end menu | ||
1399 | |||
1400 | @node Update Debian | ||
1401 | @subsection Update Debian | ||
1402 | |||
1403 | After any installation, you should begin by running | ||
1404 | |||
1405 | @example | ||
1406 | # apt-get update | ||
1407 | # apt-get upgrade | ||
1408 | @end example | ||
1409 | |||
1410 | to ensure that all of your packages are up-to-date. Note that the "#" is | ||
1411 | used to indicate that you need to type in this command as "root" (or | ||
1412 | prefix with "sudo"), whereas "$" is used to indicate typing in a command | ||
1413 | as a normal user. | ||
1414 | |||
1415 | @node Installing Debian Packages | ||
1416 | @subsection Installing Debian Packages | ||
1417 | |||
1418 | We begin by installing a few Debian packages from stable: | ||
1419 | |||
1420 | @example | ||
1421 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
1422 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev texlive \ | ||
1423 | libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev libbz2-dev \ | ||
1424 | libflac-dev libgif-dev libglib2.0-dev libgtk-3-dev libmpeg2-4-dev \ | ||
1425 | libtidy-dev libvorbis-dev libogg-dev zlib1g-dev g++ gettext \ | ||
1426 | libgsf-1-dev libunbound-dev libqrencode-dev libgladeui-dev nasm \ | ||
1427 | texlive-latex-extra libunique-3.0-dev gawk miniupnpc libfuse-dev \ | ||
1428 | libbluetooth-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
1429 | libgstreamer-plugins-base1.0-dev nettle-dev libextractor-dev \ | ||
1430 | libgcrypt20-dev libmicrohttpd-dev | ||
1431 | @end example | ||
1432 | |||
1433 | @node Installing Dependencies from Source2 | ||
1434 | @subsection Installing Dependencies from Source2 | ||
1435 | |||
1436 | Yes, we said we start with a Debian 8 "stable" system, but because Debian | ||
1437 | linked GnuTLS without support for DANE, we need to compile a few things, | ||
1438 | in addition to GNUnet, still by hand. Yes, you can run GNUnet using the | ||
1439 | respective Debian packages, but then you will not get DANE support. | ||
1440 | |||
1441 | Next, we need to install a few dependencies from source. You might want | ||
1442 | to do this as a "normal" user and only run the @code{make install} steps | ||
1443 | as root (hence the @code{sudo} in the commands below). Also, you do this | ||
1444 | from any directory. We begin by downloading all dependencies, then | ||
1445 | extracting the sources, and finally compiling and installing the | ||
1446 | libraries: | ||
1447 | |||
1448 | @example | ||
1449 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.12.tar.xz | ||
1450 | $ tar xvf gnutls-3.3.12.tar.xz | ||
1451 | $ cd gnutls-3.3.12 ; ./configure ; make ; sudo make install ; cd .. | ||
1452 | @end example | ||
1453 | |||
1454 | For the installation and compilation of libgnurl/gnURL refer to | ||
1455 | the generic installation section, | ||
1456 | @xref{generic source installation - libgnurl}. | ||
1457 | |||
1458 | @node Installing GNUnet from Source2 | ||
1459 | @subsection Installing GNUnet from Source2 | ||
1460 | |||
1461 | For this, simply follow the generic installation instructions from@ | ||
1462 | here. | ||
1463 | |||
1464 | @node But wait (again) there is more! | ||
1465 | @subsection But wait (again) there is more! | ||
1466 | |||
1467 | So far, we installed all of the packages and dependencies required to | ||
1468 | ensure that all of GNUnet would be built. However, while for example the | ||
1469 | plugins to interact with the MySQL or Postgres databases have been | ||
1470 | created, we did not actually install or configure those databases. | ||
1471 | Thus, you will need to install and configure those databases or stick | ||
1472 | with the default Sqlite database. Sqlite is usually fine for most | ||
1473 | applications, but MySQL can offer better performance and Postgres better | ||
1474 | resillience. | ||
1475 | |||
1476 | @node Build instructions for macOS | ||
1477 | @section Build instructions for macOS | ||
1478 | @c FIXME: I -> we | ||
1479 | |||
1480 | These are the installation guidelines for macOS. | ||
1481 | They were tested on macOS High Sierra. | ||
1482 | |||
1483 | @menu | ||
1484 | * Installing dependencies:: | ||
1485 | * Compile from Source:: | ||
1486 | @end menu | ||
1487 | |||
1488 | @node Installing dependencies | ||
1489 | @subsection Installing dependencies | ||
1490 | |||
1491 | First, install XCode in the newest version. | ||
1492 | See https://developer.apple.com/xcode/. | ||
1493 | |||
1494 | Install Homebrew (https://brew.sh) and then install the dependencies listed above. | ||
1495 | If a dependency does not exists in brew, you need to compile it from source. | ||
1496 | |||
1497 | @example | ||
1498 | # brew install <dependency> | ||
1499 | @end example | ||
1500 | |||
1501 | @node Compile from Source | ||
1502 | @subsection Compile from Source | ||
1503 | |||
1504 | Before you start building GNUnet, you need to setup your environment. | ||
1505 | This means that you have to make sure the proper tools are used in the build process. | ||
1506 | For example, after installing texinfo you need to make sure the new texinfo is actually used: | ||
1507 | |||
1508 | @example | ||
1509 | # echo 'export PATH="/usr/local/opt/texinfo/bin:$PATH"' >> ~/.bash_profile | ||
1510 | @end example | ||
1511 | |||
1512 | Note: brew tells you the appropriate command when executing | ||
1513 | |||
1514 | @example | ||
1515 | # brew info texinfo | ||
1516 | @end example | ||
1517 | |||
1518 | This may also be necessary for the gettext package. | ||
1519 | |||
1520 | Before you start compiling, you need to make sure gcc is used and not the clang compile of your macOS system. | ||
1521 | On my system, gcc was actually ``gcc-7'' and gcc pointed to the clang compiler. | ||
1522 | |||
1523 | @example | ||
1524 | # export CC=gcc-7 | ||
1525 | @end example | ||
1526 | |||
1527 | After this the standard compile instructions apply. | ||
1528 | |||
1529 | @c @node Build instructions for OpenBSD 6.2 | ||
1530 | @c @section Build instructions for OpenBSD 6.2 | ||
1531 | |||
1532 | @node Outdated build instructions for previous revisions | ||
1533 | @section Outdated build instructions for previous revisions | ||
1534 | |||
1535 | This chapter contains a collection of outdated, older installation guides. | ||
1536 | They are mostly intended to serve as a starting point for writing | ||
1537 | up-to-date instructions and should not be expected to work for | ||
1538 | GNUnet 0.10.x. | ||
1539 | A set of older installation instructions can also be found in the | ||
1540 | file @file{doc/outdated-and-old-installation-instructions.txt} in the | ||
1541 | source tree of GNUnet. | ||
1542 | |||
1543 | This file covers old instructions which no longer receive security | ||
1544 | updates or any kind of support. | ||
1545 | |||
1546 | @menu | ||
1547 | * Installing GNUnet 0.10.1 on Ubuntu 14.04:: | ||
1548 | * Building GLPK for MinGW:: | ||
1549 | * GUI build instructions for Ubuntu 12.04 using Subversion:: | ||
1550 | @c * Installation with gnunet-update:: | ||
1551 | * Instructions for Microsoft Windows Platforms (Old):: | ||
1552 | @end menu | ||
1553 | |||
1554 | |||
1555 | @node Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1556 | @subsection Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1557 | |||
1558 | Install the required dependencies: | ||
1559 | |||
1560 | @example | ||
1561 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1562 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1563 | libmicrohttpd-dev libgnutls28-dev | ||
1564 | @end example | ||
1565 | |||
1566 | Choose one or more database backends: | ||
1567 | |||
1568 | @itemize @bullet | ||
1569 | |||
1570 | @item SQLite3 | ||
1571 | |||
1572 | @example | ||
1573 | $ sudo apt-get install libsqlite3-dev@ | ||
1574 | @end example | ||
1575 | |||
1576 | @item MySQL | ||
1577 | |||
1578 | @example | ||
1579 | $ sudo apt-get install libmysqlclient-dev@ | ||
1580 | @end example | ||
1581 | |||
1582 | @item PostgreSQL | ||
1583 | |||
1584 | @example | ||
1585 | $ sudo apt-get install libpq-dev postgresql@ | ||
1586 | @end example | ||
1587 | |||
1588 | @end itemize | ||
1589 | |||
1590 | Install the optional dependencies for gnunet-conversation: | ||
1591 | |||
1592 | @example | ||
1593 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev | ||
1594 | @end example | ||
1595 | |||
1596 | Install libgcrypt 1.6: | ||
1597 | |||
1598 | @itemize @bullet | ||
1599 | |||
1600 | @item For Ubuntu 14.04: | ||
1601 | |||
1602 | @example | ||
1603 | $ sudo apt-get install libgcrypt20-dev | ||
1604 | @end example | ||
1605 | |||
1606 | @item For Ubuntu older than 14.04: | ||
1607 | |||
1608 | @example | ||
1609 | wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2 | ||
1610 | $ tar xf libgcrypt-1.6.1.tar.bz2 | ||
1611 | $ cd libgcrypt-1.6.1 | ||
1612 | $ ./configure | ||
1613 | $ sudo make install | ||
1614 | $ cd .. | ||
1615 | @end example | ||
1616 | @end itemize | ||
1617 | |||
1618 | Install libgnurl: | ||
1619 | |||
1620 | @pxref{generic source installation - libgnurl}. | ||
1621 | |||
1622 | Install GNUnet: | ||
1623 | |||
1624 | @example | ||
1625 | $ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz | ||
1626 | $ tar xf gnunet-0.10.1.tar.gz | ||
1627 | $ cd gnunet-0.10.1 | ||
1628 | @end example | ||
1629 | |||
1630 | If you want to: | ||
1631 | |||
1632 | @itemize @bullet | ||
1633 | |||
1634 | @item | ||
1635 | Install to a different directory: | ||
1636 | |||
1637 | @example | ||
1638 | --prefix=PREFIX | ||
1639 | @end example | ||
1640 | |||
1641 | @item | ||
1642 | Have sudo permission, but do not want to compile as root: | ||
1643 | |||
1644 | @example | ||
1645 | --with-sudo | ||
1646 | @end example | ||
1647 | |||
1648 | @item | ||
1649 | Want debug message enabled: | ||
1650 | |||
1651 | @example | ||
1652 | --enable-logging=verbose | ||
1653 | @end example | ||
1654 | |||
1655 | @end itemize | ||
1656 | |||
1657 | @example | ||
1658 | $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose] | ||
1659 | $ make; sudo make install | ||
1660 | @end example | ||
1661 | |||
1662 | After installing it, you need to create an empty configuration file: | ||
1663 | |||
1664 | @example | ||
1665 | touch ~/.config/gnunet.conf | ||
1666 | @end example | ||
1667 | |||
1668 | And finally you can start GNUnet with | ||
1669 | |||
1670 | @example | ||
1671 | $ gnunet-arm -s | ||
1672 | @end example | ||
1673 | |||
1674 | @node Building GLPK for MinGW | ||
1675 | @subsection Building GLPK for MinGW | ||
1676 | |||
1677 | GNUnet now requires the GNU Linear Programming Kit (GLPK). | ||
1678 | Since there's is no package you can install with @code{mingw-get} you | ||
1679 | have to compile it from source: | ||
1680 | |||
1681 | @itemize @bullet | ||
1682 | |||
1683 | @item Download the latest version from | ||
1684 | @uref{http://ftp.gnu.org/gnu/glpk/} | ||
1685 | |||
1686 | @item Unzip the downloaded source tarball using your favourite | ||
1687 | unzipper application In the MSYS shell | ||
1688 | |||
1689 | @item change to the respective directory | ||
1690 | |||
1691 | @item Configure glpk for "i686-pc-mingw32": | ||
1692 | |||
1693 | @example | ||
1694 | ./configure '--build=i686-pc-mingw32' | ||
1695 | @end example | ||
1696 | |||
1697 | @item run | ||
1698 | |||
1699 | @example | ||
1700 | make install check | ||
1701 | @end example | ||
1702 | |||
1703 | @end itemize | ||
1704 | |||
1705 | MinGW does not automatically detect the correct buildtype so you have to | ||
1706 | specify it manually. | ||
1707 | |||
1708 | |||
1709 | @node GUI build instructions for Ubuntu 12.04 using Subversion | ||
1710 | @subsection GUI build instructions for Ubuntu 12.04 using Subversion | ||
1711 | |||
1712 | After installing GNUnet you can continue installing the GNUnet GUI tools: | ||
1713 | |||
1714 | First, install the required dependencies: | ||
1715 | |||
1716 | @example | ||
1717 | $ sudo apt-get install libgladeui-dev libqrencode-dev | ||
1718 | @end example | ||
1719 | |||
1720 | Please ensure that the GNUnet shared libraries can be found by the linker. | ||
1721 | If you installed GNUnet libraries in a non standard path | ||
1722 | (say GNUNET_PREFIX=/usr/local/lib/), you can | ||
1723 | |||
1724 | @itemize @bullet | ||
1725 | |||
1726 | @item set the environmental variable permanently to: | ||
1727 | |||
1728 | @example | ||
1729 | LD_LIBRARY_PATH=$GNUNET_PREFIX | ||
1730 | @end example | ||
1731 | |||
1732 | @item or add @code{$GNUNET_PREFIX} to @file{/etc/ld.so.conf} | ||
1733 | |||
1734 | @end itemize | ||
1735 | |||
1736 | Now you can checkout and compile the GNUnet GUI tools: | ||
1737 | |||
1738 | @example | ||
1739 | $ git clone https://gnunet.org/git/gnunet-gtk | ||
1740 | $ cd gnunet-gtk | ||
1741 | $ ./bootstrap | ||
1742 | $ ./configure --prefix=$GNUNET_PREFIX/.. --with-gnunet=$GNUNET_PREFIX/.. | ||
1743 | $ make install | ||
1744 | @end example | ||
1745 | |||
1746 | @c @node Installation with gnunet-update | ||
1747 | @c @subsection Installation with gnunet-update | ||
1748 | |||
1749 | @c gnunet-update project is an effort to introduce updates to GNUnet | ||
1750 | @c installations. An interesting to-be-implemented-feature of gnunet-update | ||
1751 | @c is that these updates are propagated through GNUnet's peer-to-peer | ||
1752 | @c network. More information about gnunet-update can be found at | ||
1753 | @c @c FIXME: Use correct cgit URL | ||
1754 | @c @uref{https://gnunet.org/git/gnunet-update.git/tree/plain/README}. | ||
1755 | |||
1756 | @c While the project is still under development, we have implemented the | ||
1757 | @c following features which we believe may be helpful for users and we | ||
1758 | @c would like them to be tested: | ||
1759 | |||
1760 | @c @itemize @bullet | ||
1761 | |||
1762 | @c @item | ||
1763 | @c Packaging GNUnet installation along with its run-time dependencies into | ||
1764 | @c update packages | ||
1765 | |||
1766 | @c @item | ||
1767 | @c Installing update packages into compatible hosts | ||
1768 | |||
1769 | @c @item | ||
1770 | @c Updating an existing installation (which had been installed by | ||
1771 | @c gnunet-update) to a newer one | ||
1772 | |||
1773 | @c @end itemize | ||
1774 | |||
1775 | @c The above said features of gnunet-update are currently available for | ||
1776 | @c testing on GNU/Linux systems. | ||
1777 | |||
1778 | @c The following is a guide to help you get started with gnunet-update. | ||
1779 | @c It shows you how to install the testing binary packages of GNUnet | ||
1780 | @c 0.9.1 we have at @uref{https://gnunet.org/install/}. | ||
1781 | |||
1782 | @c gnunet-update needs the following dependencies: | ||
1783 | |||
1784 | @c @itemize @bullet | ||
1785 | @c @item | ||
1786 | @c python @geq{} 2.6 | ||
1787 | |||
1788 | @c @item | ||
1789 | @c gnupg | ||
1790 | |||
1791 | @c @item | ||
1792 | @c python-gpgme | ||
1793 | @c @end itemize | ||
1794 | |||
1795 | |||
1796 | @c Checkout gnunet-update: | ||
1797 | |||
1798 | @c @c FIXME: git! | ||
1799 | @c @example | ||
1800 | @c $ svn checkout -r24905 https://gnunet.org/svn/gnunet-update@ | ||
1801 | @c @end example | ||
1802 | |||
1803 | @c For security reasons, all packages released for gnunet-update from us are | ||
1804 | @c signed with the key at @uref{https://gnunet.org/install/key.txt}. | ||
1805 | @c You would need to import this key into your gpg key ring. | ||
1806 | @c gnunet-update uses this key to verify the integrity of the packages it | ||
1807 | @c installs: | ||
1808 | |||
1809 | @c @example | ||
1810 | @c $ gpg --recv-keys 7C613D78@ | ||
1811 | @c @end example | ||
1812 | |||
1813 | @c Download the packages relevant to your architecture (currently I have | ||
1814 | @c access to GNU/Linux machines on x86_64 and i686, so only two for now, | ||
1815 | @c hopefully more later) from https://gnunet.org/install/. | ||
1816 | |||
1817 | @c To install the downloaded package into the directory /foo: | ||
1818 | |||
1819 | @c @example | ||
1820 | @c gnunet-update/bin/gnunet-update install downloaded/package /foo | ||
1821 | @c @end example | ||
1822 | |||
1823 | @c The installer reports the directories into which shared libraries and | ||
1824 | @c dependencies have been installed. You may need to add the reported shared | ||
1825 | @c library installation paths to LD_LIBRARY_PATH before you start running any | ||
1826 | @c installed binaries. | ||
1827 | |||
1828 | @c Please report bugs at https://gnunet.org/bugs/ under the project | ||
1829 | @c 'gnunet-update'. | ||
1830 | |||
1831 | @node Instructions for Microsoft Windows Platforms (Old) | ||
1832 | @subsection Instructions for Microsoft Windows Platforms (Old) | ||
1833 | |||
1834 | This document is a @b{DEPRECATED} installation guide for GNUnet on | ||
1835 | Windows. | ||
1836 | It will not work for recent GNUnet versions, but maybe it will be of | ||
1837 | some use if problems arise. | ||
1838 | |||
1839 | The Windows build uses a UNIX emulator for Windows, | ||
1840 | @uref{http://www.mingw.org/, MinGW}, to build the executable modules. | ||
1841 | These modules run natively on Windows and do not require additional | ||
1842 | emulation software besides the usual dependencies. | ||
1843 | |||
1844 | GNUnet development is mostly done under GNU/Linux and especially git | ||
1845 | checkouts may not build out of the box. | ||
1846 | We regret any inconvenience, and if you have problems, please report them. | ||
1847 | |||
1848 | @menu | ||
1849 | * Hardware and OS requirements:: | ||
1850 | * Software installation:: | ||
1851 | * Building libextractor and GNUnet:: | ||
1852 | * Installer:: | ||
1853 | * Source:: | ||
1854 | @end menu | ||
1855 | |||
1856 | @node Hardware and OS requirements | ||
1857 | @subsubsection Hardware and OS requirements | ||
1858 | |||
1859 | @itemize @bullet | ||
1860 | |||
1861 | @item Pentium II or equivalent processor, @geq{} 350 MHz | ||
1862 | |||
1863 | @item 128 MB RAM | ||
1864 | |||
1865 | @item 600 MB free disk space | ||
1866 | |||
1867 | @item Windows 2000 or Windows XP are recommended | ||
1868 | |||
1869 | @end itemize | ||
1870 | |||
1871 | @node Software installation | ||
1872 | @subsubsection Software installation | ||
1873 | |||
1874 | @itemize @bullet | ||
1875 | |||
1876 | @item | ||
1877 | @strong{Compression software}@ | ||
1878 | |||
1879 | The software packages GNUnet depends on are usually compressed using UNIX | ||
1880 | tools like @command{tar}, @command{gzip}, @command{xzip} and | ||
1881 | @command{bzip2}. | ||
1882 | If you do not already have an utility that is able to extract such | ||
1883 | archives, get @uref{http://www.7-zip.org/, 7-Zip}. | ||
1884 | |||
1885 | @item | ||
1886 | @strong{UNIX environment}@ | ||
1887 | |||
1888 | The MinGW project provides the compiler toolchain that is used to build | ||
1889 | GNUnet. | ||
1890 | Get the following packages from the | ||
1891 | @uref{http://sourceforge.net/projects/mingw/files/, MinGW} project: | ||
1892 | |||
1893 | @itemize @bullet | ||
1894 | |||
1895 | @item GCC core | ||
1896 | @item GCC g++ | ||
1897 | @item MSYS | ||
1898 | @item MSYS Developer Tool Kit (msysDTK) | ||
1899 | @item MSYS Developer Tool Kit - msys-autoconf (bin) | ||
1900 | @item MSYS Developer Tool Kit - msys-automake (bin) | ||
1901 | @item MinGW Runtime | ||
1902 | @item MinGW Utilities | ||
1903 | @item Windows API | ||
1904 | @item Binutils | ||
1905 | @item make | ||
1906 | @item pdcurses | ||
1907 | @item GDB (snapshot) | ||
1908 | @end itemize | ||
1909 | |||
1910 | @itemize @bullet | ||
1911 | |||
1912 | |||
1913 | @item Install MSYS (to c:\mingw, for example.)@ | ||
1914 | Do @strong{not} use spaces in the pathname. | ||
1915 | For example, avoid a location such as @file{c:\program files\mingw}. | ||
1916 | |||
1917 | @item Install MinGW runtime, utilities and GCC to a subdirectory | ||
1918 | (to @file{c:\mingw\mingw}, for example) | ||
1919 | |||
1920 | @item Install the Development Kit to the MSYS directory | ||
1921 | (@file{c:\mingw}) | ||
1922 | |||
1923 | @item Create a batch file bash.bat in your MSYS directory with | ||
1924 | the files: | ||
1925 | |||
1926 | @example | ||
1927 | bin\sh.exe --login | ||
1928 | @end example | ||
1929 | |||
1930 | This batch file opens a shell which is used to invoke the build | ||
1931 | processes. | ||
1932 | MinGW's standard shell (@command{msys.bat}) is not suitable | ||
1933 | because it opens a separate console window. | ||
1934 | On Vista, @command{bash.bat} needs to be run as Administrator. | ||
1935 | |||
1936 | @item | ||
1937 | Start @command{bash.sh} and rename | ||
1938 | @file{c:\mingw\mingw\lib\libstdc++.la} to avoid problems: | ||
1939 | |||
1940 | @example | ||
1941 | mv /usr/mingw/lib/libstdc++.la /usr/mingw/lib/libstdc++.la.broken | ||
1942 | @end example | ||
1943 | |||
1944 | @item | ||
1945 | Unpack the Windows API to the MinGW directory (@file{c:\mingw\mingw\}) and | ||
1946 | remove the declaration of DATADIR from | ||
1947 | (@file{c:\mingw\mingw\include\objidl.h} (lines 55-58) | ||
1948 | |||
1949 | @item | ||
1950 | Unpack autoconf, automake to the MSYS directory (@file{c:\mingw}) | ||
1951 | |||
1952 | @item | ||
1953 | Install all other packages to the MinGW directory (@file{c:\mingw\mingw\}) | ||
1954 | @end itemize | ||
1955 | |||
1956 | |||
1957 | @item @strong{GNU Libtool}@ | ||
1958 | GNU Libtool is required to use shared libraries. | ||
1959 | Get the prebuilt package from here and unpack it to the | ||
1960 | MinGW directory (@file{c:\mingw}) | ||
1961 | |||
1962 | @item @strong{Pthreads}@ | ||
1963 | GNUnet uses the portable POSIX thread library for multi-threading: | ||
1964 | |||
1965 | @itemize @bullet | ||
1966 | |||
1967 | @item Save | ||
1968 | @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/libpthreadGC2.a, libpthreadGC2.a} | ||
1969 | (x86) or | ||
1970 | @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/libpthreadGC2.a, libpthreadGC2.a} | ||
1971 | (x64) as libpthread.a into the @file{lib} | ||
1972 | directory (@file{c:\mingw\mingw\lib\libpthread.a}). | ||
1973 | |||
1974 | @item Save | ||
1975 | @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86/pthreadGC2.dll, pthreadGC2.dll} | ||
1976 | (x86) or | ||
1977 | @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x64/pthreadGC2.dll, libpthreadGC2.a} | ||
1978 | (x64) into the MinGW @file{bin} directory (@file{c:\mingw\mingw\bin}). | ||
1979 | |||
1980 | @item Download all header files from | ||
1981 | @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/include/, include/} | ||
1982 | to the @file{include} directory (@file{c:\mingw\mingw\include}). | ||
1983 | @end itemize | ||
1984 | |||
1985 | |||
1986 | @item @strong{GNU MP}@ | ||
1987 | GNUnet uses the GNU Multiple Precision library for special cryptographic | ||
1988 | operations. Get the GMP binary package from the | ||
1989 | @uref{http://sourceforge.net/projects/mingwrep/, MinGW repository} and | ||
1990 | unpack it to the MinGW directory (@file{c:\mingw\mingw}) | ||
1991 | |||
1992 | @item @strong{GNU Gettext}@ | ||
1993 | GNU gettext is used to provide national language support. | ||
1994 | Get the prebuilt package from hereand unpack it to the MinGW | ||
1995 | directory (@file{c:\mingw\mingw}) | ||
1996 | |||
1997 | @item @strong{GNU iconv}@ | ||
1998 | GNU Libiconv is used for character encoding conversion. | ||
1999 | Get the prebuilt package from here and unpack it to the MinGW | ||
2000 | directory (@file{c:\mingw\mingw}). | ||
2001 | |||
2002 | @item @strong{SQLite}@ | ||
2003 | GNUnet uses the SQLite database to store data. | ||
2004 | Get the prebuilt binary from here and unpack it to your MinGW directory. | ||
2005 | |||
2006 | @item @strong{MySQL}@ | ||
2007 | As an alternative to SQLite, GNUnet also supports MySQL. | ||
2008 | |||
2009 | @itemize @bullet | ||
2010 | |||
2011 | @item Get the binary installer from the | ||
2012 | @uref{http://dev.mysql.com/downloads/mysql/4.1.html#Windows, MySQL project} | ||
2013 | (version 4.1), install it and follow the instructions in | ||
2014 | @file{README.mysql}. | ||
2015 | |||
2016 | @item Create a temporary build directory (@file{c:\mysql}) | ||
2017 | |||
2018 | @item Copy the directories @file{include\} and @file{lib\} from the | ||
2019 | MySQL directory to the new directory | ||
2020 | |||
2021 | @item Get the patches from | ||
2022 | @uref{http://bugs.mysql.com/bug.php?id=8906&files=1, Bug #8906} and | ||
2023 | @uref{http://bugs.mysql.com/bug.php?id=8872&files=1, Bug #8872} (the | ||
2024 | latter is only required for MySQL | ||
2025 | |||
2026 | @example | ||
2027 | patch -p 0 | ||
2028 | @end example | ||
2029 | |||
2030 | @item Move @file{lib\opt\libmysql.dll} to @file{lib\libmysql.dll} | ||
2031 | |||
2032 | @item Change to @file{lib\} and create an import library: | ||
2033 | |||
2034 | @example | ||
2035 | dlltool --input-def ../include/libmySQL.def \ | ||
2036 | --dllname libmysql.dll \ | ||
2037 | --output-lib libmysqlclient.a -k | ||
2038 | @end example | ||
2039 | |||
2040 | @item Copy include\* to include\mysql\ | ||
2041 | |||
2042 | @item Pass @code{--with-mysql=/c/mysql} to | ||
2043 | @command{./configure} and copy @file{libmysql.dll} | ||
2044 | to your PATH or GNUnet's @file{bin} directory | ||
2045 | @end itemize | ||
2046 | |||
2047 | |||
2048 | @item @strong{GTK+}@ | ||
2049 | @command{gnunet-fs-gtk} and @command{libextractor} depend on GTK. | ||
2050 | Get the the binary and developer packages of @command{atk}, | ||
2051 | @command{glib}, @command{gtk}, @command{iconv}, | ||
2052 | @command{gettext-runtime}, @command{pango} from | ||
2053 | @uref{ftp://ftp.gtk.org/pub/gtk/v2.6/win32, gtk.org} and unpack them | ||
2054 | to the MinGW directory (@file{c:\mingw\mingw}). | ||
2055 | @c FIXME: The URL below for pkg-config seems wrong. | ||
2056 | Get @uref{http://www.gtk.org/download/win32.php, pkg-config} and | ||
2057 | @command{libpng} and unpack them to the MinGW directory | ||
2058 | (@file{c:\mingw\mingw}). | ||
2059 | Here is an all-in-one package for the | ||
2060 | @uref{http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+/2.24/gtk+-bundle_2.24.10-20120208_win32.zip, gtk+dependencies} | ||
2061 | . Do not overwrite any existing files! | ||
2062 | |||
2063 | @item @strong{Glade}@ | ||
2064 | @command{gnunet-*-gtk} and @command{gnunet-setup} were created using | ||
2065 | this interface builder | ||
2066 | |||
2067 | @itemize @bullet | ||
2068 | |||
2069 | @item Get the Glade and libglade (-bin and -devel) packages | ||
2070 | (without GTK!) from | ||
2071 | @uref{http://gladewin32.sourceforge.net/, GladeWin32} and unpack them to | ||
2072 | the MinGW directory (@file{c:\mingw\mingw}). | ||
2073 | |||
2074 | @item Get @command{libxml} from here and unpack it to the MinGW | ||
2075 | directory (@file{c:\mingw\mingw}). | ||
2076 | @end itemize | ||
2077 | |||
2078 | @c FIXME: URLs | ||
2079 | @item @strong{zLib}@ | ||
2080 | @command{libextractor} requires @command{zLib} to decompress some file | ||
2081 | formats. GNUnet uses it to (de)compress meta-data. | ||
2082 | Get zLib from here (Signature) and unpack it to the MinGW directory | ||
2083 | (@file{c:\mingw\mingw}). | ||
2084 | |||
2085 | @item @strong{Bzip2}@ | ||
2086 | @command{libextractor} also requires @command{Bzip2} to | ||
2087 | decompress some file formats. | ||
2088 | Get the Bzip2 (binary and developer package) from | ||
2089 | @uref{http://gnuwin32.sourceforge.net/packages/bzip2.htm, GnuWin32} and | ||
2090 | unpack it to the MinGW directory (@file{c:\mingw\mingw}). | ||
2091 | |||
2092 | @item @strong{Libgcrypt}@ | ||
2093 | @command{Libgcrypt} provides the cryptographic functions used by GNUnet. | ||
2094 | Get Libgcrypt from @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, here}, | ||
2095 | compile and place it in the MinGW directory | ||
2096 | (@file{c:\mingw\mingw}). Currently libgcrypt @geq{} 1.4.2 is required to | ||
2097 | compile GNUnet. | ||
2098 | |||
2099 | @item @strong{PlibC}@ | ||
2100 | PlibC emulates Unix functions under Windows. Get PlibC from here and | ||
2101 | unpack it to the MinGW directory (c:\mingw\mingw) | ||
2102 | |||
2103 | @item @strong{OGG Vorbis}@ | ||
2104 | @command{OGG Vorbis} is used to extract meta-data from @file{.ogg} files. | ||
2105 | Get the packages | ||
2106 | @uref{http://www.gnunet.org/libextractor/download/win/libogg-1.1.4.zip, libogg} | ||
2107 | and | ||
2108 | @uref{http://www.gnunet.org/libextractor/download/win/libvorbis-1.2.3.zip, libvorbis} | ||
2109 | from the | ||
2110 | @uref{http://ftp.gnu.org/gnu/libextractor/libextractor-w32-1.0.0.zip, libextractor win32 build} | ||
2111 | and unpack them to the MinGW directory (c:\mingw\mingw). | ||
2112 | |||
2113 | @item @strong{Exiv2}@ | ||
2114 | (lib)Exiv2 is used to extract meta-data from files with Exiv2 meta-data. | ||
2115 | Download | ||
2116 | @uref{http://www.gnunet.org/libextractor/download/win/exiv2-0.18.2.zip, Exiv2} | ||
2117 | and unpack it to the MSYS directory (c:\mingw). | ||
2118 | @end itemize | ||
2119 | |||
2120 | @node Building libextractor and GNUnet | ||
2121 | @subsubsection Building libextractor and GNUnet | ||
2122 | |||
2123 | Before you compile @command{libextractor} or @command{GNUnet}, | ||
2124 | be sure to set @code{PKG_CONFIG_PATH}: | ||
2125 | |||
2126 | @example | ||
2127 | export PKG_CONFIG_PATH=/mingw/lib/pkgconfig | ||
2128 | @end example | ||
2129 | |||
2130 | @noindent | ||
2131 | @xref{GNUnet Installation Handbook}, for basic instructions on building | ||
2132 | @command{libextractor} and @command{GNUnet}. | ||
2133 | By default, all modules that are created in this way contain | ||
2134 | debug information and are quite large. To compile release versions | ||
2135 | (small and fast) set the variable @code{CFLAGS}: | ||
2136 | |||
2137 | @example | ||
2138 | export CFLAGS='-O2 -march=pentium -fomit-frame-pointer' | ||
2139 | ./configure --prefix=$HOME --with-extractor=$HOME | ||
2140 | @end example | ||
2141 | |||
2142 | @node Installer | ||
2143 | @subsubsection Installer | ||
2144 | |||
2145 | The GNUnet installer is made with | ||
2146 | @uref{http://nsis.sourceforge.net/, NSIS}. The installer script is | ||
2147 | located in @file{contrib\win} in the GNUnet source tree. | ||
2148 | |||
2149 | @node Source | ||
2150 | @subsubsection Source | ||
2151 | |||
2152 | @c FIXME: URL | ||
2153 | The sources of all dependencies are available here. | ||
2154 | |||
2155 | @c @node Portable GNUnet | ||
2156 | @c @section Portable GNUnet | ||
2157 | |||
2158 | @c Quick instructions on how to use the most recent GNUnet on most GNU/Linux | ||
2159 | @c distributions | ||
2160 | |||
2161 | @c Currently this has only been tested on Ubuntu 12.04, 12.10, 13.04, Debian | ||
2162 | @c and CentOS 6, but it should work on almost any GNU/Linux distribution. | ||
2163 | @c More in-detail information can be found in the handbook. | ||
2164 | |||
2165 | @c Note 2017-10: Currently this section assumes the old SVN repo of GNUnet | ||
2166 | @c which no longer exists. | ||
2167 | |||
2168 | @c @menu | ||
2169 | @c * Prerequisites:: | ||
2170 | @c * Download & set up gnunet-update:: | ||
2171 | @c * Install GNUnet:: | ||
2172 | @c @end menu | ||
2173 | |||
2174 | @c @node Prerequisites | ||
2175 | @c @subsection Prerequisites | ||
2176 | |||
2177 | @c Open a terminal and paste this line into it to install all required tools | ||
2178 | @c needed: | ||
2179 | |||
2180 | @c @example | ||
2181 | @c sudo apt-get install python-gpgme subversion | ||
2182 | @c @end example | ||
2183 | |||
2184 | @c @node Download & set up gnunet-update | ||
2185 | @c @subsection Download & set up gnunet-update | ||
2186 | |||
2187 | @c The following command will download a working version of gnunet-update | ||
2188 | @c with the subversion tool and import the public key which is needed for | ||
2189 | @c authentication: | ||
2190 | |||
2191 | @c @example | ||
2192 | @c svn checkout -r24905 https://gnunet.org/svn/gnunet-update ~/gnunet-update | ||
2193 | @c cd ~/gnunet-update | ||
2194 | @c gpg --keyserver "hkp://keys.gnupg.net" --recv-keys 7C613D78 | ||
2195 | @c @end example | ||
2196 | |||
2197 | @c @node Install GNUnet | ||
2198 | @c @subsection Install GNUnet | ||
2199 | |||
2200 | @c Download and install GNUnet binaries which can be found here and set | ||
2201 | @c library paths: | ||
2202 | |||
2203 | @c @example | ||
2204 | @c wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-`uname -m`.tgz | ||
2205 | @c ./bin/gnunet-update install /tmp/gnunet-0.9*.tgz ~ | ||
2206 | @c echo "PATH DEFAULT=$@{PATH@}:$HOME/bin" >> ~/.pam_environment | ||
2207 | @c echo -e "$@{HOME@}/lib\n$@{HOME@}/lib/gnunet-deps" | sudo tee \ | ||
2208 | @c /etc/ld.so.conf.d/gnunet.conf > /dev/null | ||
2209 | @c sudo ldconfig | ||
2210 | @c @end example | ||
2211 | |||
2212 | @c You may need to re-login once after executing these last commands | ||
2213 | |||
2214 | @c That's it, GNUnet is installed in your home directory now. GNUnet can be | ||
2215 | @c configured and afterwards started by executing: | ||
2216 | |||
2217 | @c @example | ||
2218 | @c gnunet-arm -s | ||
2219 | @c @end example | ||
2220 | |||
2221 | @node The graphical configuration interface | ||
2222 | @section The graphical configuration interface | ||
2223 | |||
2224 | If you also would like to use @command{gnunet-gtk} and | ||
2225 | @command{gnunet-setup} (highly recommended for beginners), do: | ||
2226 | |||
2227 | @example | ||
2228 | wget -P /tmp \ | ||
2229 | https://gnunet.org/install/packs/gnunet-0.9.4-gtk-0.9.4-`uname -m`.tgz | ||
2230 | sh ~/gnunet-update/bin/gnunet-update install /tmp/gnunet-*gtk*.tgz ~ | ||
2231 | sudo ldconfig | ||
2232 | @end example | ||
2233 | |||
2234 | Now you can run @command{gnunet-setup} for easy configuration of your | ||
2235 | GNUnet peer. | ||
2236 | |||
2237 | @menu | ||
2238 | * Configuring your peer:: | ||
2239 | * Configuring the Friend-to-Friend (F2F) mode:: | ||
2240 | * Configuring the hostlist to bootstrap:: | ||
2241 | * Configuration of the HOSTLIST proxy settings:: | ||
2242 | * Configuring your peer to provide a hostlist :: | ||
2243 | * Configuring the datastore:: | ||
2244 | * Configuring the MySQL database:: | ||
2245 | * Reasons for using MySQL:: | ||
2246 | * Reasons for not using MySQL:: | ||
2247 | * Setup Instructions:: | ||
2248 | * Testing:: | ||
2249 | * Performance Tuning:: | ||
2250 | * Setup for running Testcases:: | ||
2251 | * Configuring the Postgres database:: | ||
2252 | * Reasons to use Postgres:: | ||
2253 | * Reasons not to use Postgres:: | ||
2254 | * Manual setup instructions:: | ||
2255 | * Testing the setup manually:: | ||
2256 | * Configuring the datacache:: | ||
2257 | * Configuring the file-sharing service:: | ||
2258 | * Configuring logging:: | ||
2259 | * Configuring the transport service and plugins:: | ||
2260 | * Configuring the wlan transport plugin:: | ||
2261 | * Configuring HTTP(S) reverse proxy functionality using Apache or nginx:: | ||
2262 | * Blacklisting peers:: | ||
2263 | * Configuration of the HTTP and HTTPS transport plugins:: | ||
2264 | * Configuring the GNU Name System:: | ||
2265 | * Configuring the GNUnet VPN:: | ||
2266 | * Bandwidth Configuration:: | ||
2267 | * Configuring NAT:: | ||
2268 | * Peer configuration for distributions:: | ||
2269 | @end menu | ||
2270 | |||
2271 | @node Configuring your peer | ||
2272 | @subsection Configuring your peer | ||
2273 | |||
2274 | This chapter will describe the various configuration options in GNUnet. | ||
2275 | |||
2276 | The easiest way to configure your peer is to use the | ||
2277 | @command{gnunet-setup} tool. | ||
2278 | @command{gnunet-setup} is part of the @command{gnunet-gtk} | ||
2279 | application. You might have to install it separately. | ||
2280 | |||
2281 | Many of the specific sections from this chapter actually are linked from | ||
2282 | within @command{gnunet-setup} to help you while using the setup tool. | ||
2283 | |||
2284 | While you can also configure your peer by editing the configuration | ||
2285 | file by hand, this is not recommended for anyone except for developers | ||
2286 | as it requires a more in-depth understanding of the configuration files | ||
2287 | and internal dependencies of GNUnet. | ||
2288 | |||
2289 | @node Configuring the Friend-to-Friend (F2F) mode | ||
2290 | @subsection Configuring the Friend-to-Friend (F2F) mode | ||
2291 | |||
2292 | GNUnet knows three basic modes of operation: | ||
2293 | @itemize @bullet | ||
2294 | @item In standard "peer-to-peer" mode, | ||
2295 | your peer will connect to any peer. | ||
2296 | @item In the pure "friend-to-friend" | ||
2297 | mode, your peer will ONLY connect to peers from a list of friends | ||
2298 | specified in the configuration. | ||
2299 | @item Finally, in mixed mode, | ||
2300 | GNUnet will only connect to arbitrary peers if it | ||
2301 | has at least a specified number of connections to friends. | ||
2302 | @end itemize | ||
2303 | |||
2304 | When configuring any of the F2F ("friend-to-friend") modes, | ||
2305 | you first need to create a file with the peer identities | ||
2306 | of your friends. Ask your friends to run | ||
2307 | |||
2308 | @example | ||
2309 | $ gnunet-peerinfo -sq | ||
2310 | @end example | ||
2311 | |||
2312 | @noindent | ||
2313 | The resulting output of this command needs to be added to your | ||
2314 | @file{friends} file, which is simply a plain text file with one line | ||
2315 | per friend with the output from the above command. | ||
2316 | |||
2317 | You then specify the location of your @file{friends} file in the | ||
2318 | @code{FRIENDS} option of the "topology" section. | ||
2319 | |||
2320 | Once you have created the @file{friends} file, you can tell GNUnet to only | ||
2321 | connect to your friends by setting the @code{FRIENDS-ONLY} option | ||
2322 | (again in the "topology" section) to YES. | ||
2323 | |||
2324 | If you want to run in mixed-mode, set "FRIENDS-ONLY" to NO and configure a | ||
2325 | minimum number of friends to have (before connecting to arbitrary peers) | ||
2326 | under the "MINIMUM-FRIENDS" option. | ||
2327 | |||
2328 | If you want to operate in normal P2P-only mode, simply set | ||
2329 | @code{MINIMUM-FRIENDS} to zero and @code{FRIENDS_ONLY} to NO. | ||
2330 | This is the default. | ||
2331 | |||
2332 | @node Configuring the hostlist to bootstrap | ||
2333 | @subsection Configuring the hostlist to bootstrap | ||
2334 | |||
2335 | After installing the software you need to get connected to the GNUnet | ||
2336 | network. The configuration file included in your download is already | ||
2337 | configured to connect you to the GNUnet network. | ||
2338 | In this section the relevant configuration settings are explained. | ||
2339 | |||
2340 | To get an initial connection to the GNUnet network and to get to know | ||
2341 | peers already connected to the network you can use the so called | ||
2342 | "bootstrap servers". | ||
2343 | These servers can give you a list of peers connected to the network. | ||
2344 | To use these bootstrap servers you have to configure the hostlist daemon | ||
2345 | to activate bootstrapping. | ||
2346 | |||
2347 | To activate bootstrapping, edit the @code{[hostlist]}-section in your | ||
2348 | configuration file. You have to set the argument @command{-b} in the | ||
2349 | options line: | ||
2350 | |||
2351 | @example | ||
2352 | [hostlist] | ||
2353 | OPTIONS = -b | ||
2354 | @end example | ||
2355 | |||
2356 | Additionally you have to specify which server you want to use. | ||
2357 | The default bootstrapping server is | ||
2358 | "@uref{http://v10.gnunet.org/hostlist, http://v10.gnunet.org/hostlist}". | ||
2359 | [^] To set the server you have to edit the line "SERVERS" in the hostlist | ||
2360 | section. To use the default server you should set the lines to | ||
2361 | |||
2362 | @example | ||
2363 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2364 | @end example | ||
2365 | |||
2366 | @noindent | ||
2367 | To use bootstrapping your configuration file should include these lines: | ||
2368 | |||
2369 | @example | ||
2370 | [hostlist] | ||
2371 | OPTIONS = -b | ||
2372 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2373 | @end example | ||
2374 | |||
2375 | @noindent | ||
2376 | Besides using bootstrap servers you can configure your GNUnet peer to | ||
2377 | recieve hostlist advertisements. | ||
2378 | Peers offering hostlists to other peers can send advertisement messages | ||
2379 | to peers that connect to them. If you configure your peer to receive these | ||
2380 | messages, your peer can download these lists and connect to the peers | ||
2381 | included. These lists are persistent, which means that they are saved to | ||
2382 | your hard disk regularly and are loaded during startup. | ||
2383 | |||
2384 | To activate hostlist learning you have to add the @command{-e} | ||
2385 | switch to the @code{OPTIONS} line in the hostlist section: | ||
2386 | |||
2387 | @example | ||
2388 | [hostlist] | ||
2389 | OPTIONS = -b -e | ||
2390 | @end example | ||
2391 | |||
2392 | @noindent | ||
2393 | Furthermore you can specify in which file the lists are saved. | ||
2394 | To save the lists in the file @file{hostlists.file} just add the line: | ||
2395 | |||
2396 | @example | ||
2397 | HOSTLISTFILE = hostlists.file | ||
2398 | @end example | ||
2399 | |||
2400 | @noindent | ||
2401 | Best practice is to activate both bootstrapping and hostlist learning. | ||
2402 | So your configuration file should include these lines: | ||
2403 | |||
2404 | @example | ||
2405 | [hostlist] | ||
2406 | OPTIONS = -b -e | ||
2407 | HTTPPORT = 8080 | ||
2408 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2409 | HOSTLISTFILE = $SERVICEHOME/hostlists.file | ||
2410 | @end example | ||
2411 | |||
2412 | @node Configuration of the HOSTLIST proxy settings | ||
2413 | @subsection Configuration of the HOSTLIST proxy settings | ||
2414 | |||
2415 | The hostlist client can be configured to use a proxy to connect to the | ||
2416 | hostlist server. | ||
2417 | This functionality can be configured in the configuration file directly | ||
2418 | or using the @command{gnunet-setup} tool. | ||
2419 | |||
2420 | The hostlist client supports the following proxy types at the moment: | ||
2421 | |||
2422 | @itemize @bullet | ||
2423 | @item HTTP and HTTP 1.0 only proxy | ||
2424 | @item SOCKS 4/4a/5/5 with hostname | ||
2425 | @end itemize | ||
2426 | |||
2427 | In addition authentication at the proxy with username and password can be | ||
2428 | configured. | ||
2429 | |||
2430 | To configure proxy support for the hostlist client in the | ||
2431 | @command{gnunet-setup} tool, select the "hostlist" tab and select | ||
2432 | the appropriate proxy type. | ||
2433 | The hostname or IP address (including port if required) has to be entered | ||
2434 | in the "Proxy hostname" textbox. If required, enter username and password | ||
2435 | in the "Proxy username" and "Proxy password" boxes. | ||
2436 | Be aware that this information will be stored in the configuration in | ||
2437 | plain text (TODO: Add explanation and generalize the part in Chapter 3.6 | ||
2438 | about the encrypted home). | ||
2439 | |||
2440 | To provide these options directly in the configuration, you can | ||
2441 | enter the following settings in the @code{[hostlist]} section of | ||
2442 | the configuration: | ||
2443 | |||
2444 | @example | ||
2445 | # Type of proxy server, | ||
2446 | # Valid values: HTTP, HTTP_1_0, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME | ||
2447 | # Default: HTTP | ||
2448 | # PROXY_TYPE = HTTP | ||
2449 | |||
2450 | # Hostname or IP of proxy server | ||
2451 | # PROXY = | ||
2452 | # User name for proxy server | ||
2453 | # PROXY_USERNAME = | ||
2454 | # User password for proxy server | ||
2455 | # PROXY_PASSWORD = | ||
2456 | @end example | ||
2457 | |||
2458 | @node Configuring your peer to provide a hostlist | ||
2459 | @subsection Configuring your peer to provide a hostlist | ||
2460 | |||
2461 | If you operate a peer permanently connected to GNUnet you can configure | ||
2462 | your peer to act as a hostlist server, providing other peers the list of | ||
2463 | peers known to him. | ||
2464 | |||
2465 | Your server can act as a bootstrap server and peers needing to obtain a | ||
2466 | list of peers can contact it to download this list. | ||
2467 | To download this hostlist the peer uses HTTP. | ||
2468 | For this reason you have to build your peer with libgnurl (or libcurl) | ||
2469 | and microhttpd support. | ||
2470 | How you build your peer with these options can be found here: | ||
2471 | @xref{Generic installation instructions}. | ||
2472 | |||
2473 | To configure your peer to act as a bootstrap server you have to add the | ||
2474 | @command{-p} option to @code{OPTIONS} in the @code{[hostlist]} section | ||
2475 | of your configuration file. | ||
2476 | Besides that you have to specify a port number for the http server. | ||
2477 | In conclusion you have to add the following lines: | ||
2478 | |||
2479 | @example | ||
2480 | [hostlist] | ||
2481 | HTTPPORT = 12980 | ||
2482 | OPTIONS = -p | ||
2483 | @end example | ||
2484 | |||
2485 | @noindent | ||
2486 | If your peer acts as a bootstrap server other peers should know about | ||
2487 | that. You can advertise the hostlist your are providing to other peers. | ||
2488 | Peers connecting to your peer will get a message containing an | ||
2489 | advertisement for your hostlist and the URL where it can be downloaded. | ||
2490 | If this peer is in learning mode, it will test the hostlist and, in the | ||
2491 | case it can obtain the list successfully, it will save it for | ||
2492 | bootstrapping. | ||
2493 | |||
2494 | To activate hostlist advertisement on your peer, you have to set the | ||
2495 | following lines in your configuration file: | ||
2496 | |||
2497 | @example | ||
2498 | [hostlist] | ||
2499 | EXTERNAL_DNS_NAME = example.org | ||
2500 | HTTPPORT = 12981 | ||
2501 | OPTIONS = -p -a | ||
2502 | @end example | ||
2503 | |||
2504 | @noindent | ||
2505 | With this configuration your peer will a act as a bootstrap server and | ||
2506 | advertise this hostlist to other peers connecting to it. | ||
2507 | The URL used to download the list will be | ||
2508 | @code{@uref{http://example.org:12981/, http://example.org:12981/}}. | ||
2509 | |||
2510 | Please notice: | ||
2511 | |||
2512 | @itemize @bullet | ||
2513 | @item The hostlist is @b{not} human readable, so you should not try to | ||
2514 | download it using your webbrowser. Just point your GNUnet peer to the | ||
2515 | address! | ||
2516 | @item Advertising without providing a hostlist does not make sense and | ||
2517 | will not work. | ||
2518 | @end itemize | ||
2519 | |||
2520 | @node Configuring the datastore | ||
2521 | @subsection Configuring the datastore | ||
2522 | |||
2523 | The datastore is what GNUnet uses for long-term storage of file-sharing | ||
2524 | data. Note that long-term does not mean 'forever' since content does have | ||
2525 | an expiration date, and of course storage space is finite (and hence | ||
2526 | sometimes content may have to be discarded). | ||
2527 | |||
2528 | Use the @code{QUOTA} option to specify how many bytes of storage space | ||
2529 | you are willing to dedicate to GNUnet. | ||
2530 | |||
2531 | In addition to specifying the maximum space GNUnet is allowed to use for | ||
2532 | the datastore, you need to specify which database GNUnet should use to do | ||
2533 | so. Currently, you have the choice between sqLite, MySQL and Postgres. | ||
2534 | |||
2535 | @node Configuring the MySQL database | ||
2536 | @subsection Configuring the MySQL database | ||
2537 | |||
2538 | This section describes how to setup the MySQL database for GNUnet. | ||
2539 | |||
2540 | Note that the mysql plugin does NOT work with mysql before 4.1 since we | ||
2541 | need prepared statements. | ||
2542 | We are generally testing the code against MySQL 5.1 at this point. | ||
2543 | |||
2544 | @node Reasons for using MySQL | ||
2545 | @subsection Reasons for using MySQL | ||
2546 | |||
2547 | @itemize @bullet | ||
2548 | |||
2549 | @item On up-to-date hardware wher | ||
2550 | mysql can be used comfortably, this module | ||
2551 | will have better performance than the other database choices (according | ||
2552 | to our tests). | ||
2553 | |||
2554 | @item Its often possible to recover the mysql database from internal | ||
2555 | inconsistencies. Some of the other databases do not support repair. | ||
2556 | @end itemize | ||
2557 | |||
2558 | @node Reasons for not using MySQL | ||
2559 | @subsection Reasons for not using MySQL | ||
2560 | |||
2561 | @itemize @bullet | ||
2562 | @item Memory usage (likely not an issue if you have more than 1 GB) | ||
2563 | @item Complex manual setup | ||
2564 | @end itemize | ||
2565 | |||
2566 | @node Setup Instructions | ||
2567 | @subsection Setup Instructions | ||
2568 | |||
2569 | @itemize @bullet | ||
2570 | |||
2571 | @item In @file{gnunet.conf} set in section @code{DATASTORE} the value for | ||
2572 | @code{DATABASE} to @code{mysql}. | ||
2573 | |||
2574 | @item Access mysql as root: | ||
2575 | |||
2576 | @example | ||
2577 | $ mysql -u root -p | ||
2578 | @end example | ||
2579 | |||
2580 | @noindent | ||
2581 | and issue the following commands, replacing $USER with the username | ||
2582 | that will be running @command{gnunet-arm} (so typically "gnunet"): | ||
2583 | |||
2584 | @example | ||
2585 | CREATE DATABASE gnunet; | ||
2586 | GRANT select,insert,update,delete,create,alter,drop,create \ | ||
2587 | temporary tables ON gnunet.* TO $USER@@localhost; | ||
2588 | SET PASSWORD FOR $USER@@localhost=PASSWORD('$the_password_you_like'); | ||
2589 | FLUSH PRIVILEGES; | ||
2590 | @end example | ||
2591 | |||
2592 | @item | ||
2593 | In the $HOME directory of $USER, create a @file{.my.cnf} file with the | ||
2594 | following lines | ||
2595 | |||
2596 | @example | ||
2597 | [client] | ||
2598 | user=$USER | ||
2599 | password=$the_password_you_like | ||
2600 | @end example | ||
2601 | |||
2602 | @end itemize | ||
2603 | |||
2604 | Thats it. Note that @file{.my.cnf} file is a slight security risk unless | ||
2605 | its on a safe partition. The @file{$HOME/.my.cnf} can of course be | ||
2606 | a symbolic link. | ||
2607 | Luckily $USER has only priviledges to mess up GNUnet's tables, | ||
2608 | which should be pretty harmless. | ||
2609 | |||
2610 | @node Testing | ||
2611 | @subsection Testing | ||
2612 | |||
2613 | You should briefly try if the database connection works. First, login | ||
2614 | as $USER. Then use: | ||
2615 | |||
2616 | @example | ||
2617 | $ mysql -u $USER | ||
2618 | mysql> use gnunet; | ||
2619 | @end example | ||
2620 | |||
2621 | @noindent | ||
2622 | If you get the message | ||
2623 | |||
2624 | @example | ||
2625 | Database changed | ||
2626 | @end example | ||
2627 | |||
2628 | @noindent | ||
2629 | it probably works. | ||
2630 | |||
2631 | If you get | ||
2632 | |||
2633 | @example | ||
2634 | ERROR 2002: Can't connect to local MySQL server | ||
2635 | through socket '/tmp/mysql.sock' (2) | ||
2636 | @end example | ||
2637 | |||
2638 | @noindent | ||
2639 | it may be resolvable by | ||
2640 | |||
2641 | @example | ||
2642 | ln -s /var/run/mysqld/mysqld.sock /tmp/mysql.sock | ||
2643 | @end example | ||
2644 | |||
2645 | @noindent | ||
2646 | so there may be some additional trouble depending on your mysql setup. | ||
2647 | |||
2648 | @node Performance Tuning | ||
2649 | @subsection Performance Tuning | ||
2650 | |||
2651 | For GNUnet, you probably want to set the option | ||
2652 | |||
2653 | @example | ||
2654 | innodb_flush_log_at_trx_commit = 0 | ||
2655 | @end example | ||
2656 | |||
2657 | @noindent | ||
2658 | for a rather dramatic boost in MySQL performance. However, this reduces | ||
2659 | the "safety" of your database as with this options you may loose | ||
2660 | transactions during a power outage. | ||
2661 | While this is totally harmless for GNUnet, the option applies to all | ||
2662 | applications using MySQL. So you should set it if (and only if) GNUnet is | ||
2663 | the only application on your system using MySQL. | ||
2664 | |||
2665 | @node Setup for running Testcases | ||
2666 | @subsection Setup for running Testcases | ||
2667 | |||
2668 | If you want to run the testcases, you must create a second database | ||
2669 | "gnunetcheck" with the same username and password. This database will | ||
2670 | then be used for testing (@command{make check}). | ||
2671 | |||
2672 | @node Configuring the Postgres database | ||
2673 | @subsection Configuring the Postgres database | ||
2674 | |||
2675 | This text describes how to setup the Postgres database for GNUnet. | ||
2676 | |||
2677 | This Postgres plugin was developed for Postgres 8.3 but might work for | ||
2678 | earlier versions as well. | ||
2679 | |||
2680 | @node Reasons to use Postgres | ||
2681 | @subsection Reasons to use Postgres | ||
2682 | |||
2683 | @itemize @bullet | ||
2684 | @item Easier to setup than MySQL | ||
2685 | @item Real database | ||
2686 | @end itemize | ||
2687 | |||
2688 | @node Reasons not to use Postgres | ||
2689 | @subsection Reasons not to use Postgres | ||
2690 | |||
2691 | @itemize @bullet | ||
2692 | @item Quite slow | ||
2693 | @item Still some manual setup required | ||
2694 | @end itemize | ||
2695 | |||
2696 | @node Manual setup instructions | ||
2697 | @subsection Manual setup instructions | ||
2698 | |||
2699 | @itemize @bullet | ||
2700 | @item In @file{gnunet.conf} set in section @code{DATASTORE} the value for | ||
2701 | @code{DATABASE} to @code{postgres}. | ||
2702 | @item Access Postgres to create a user: | ||
2703 | |||
2704 | @table @asis | ||
2705 | @item with Postgres 8.x, use: | ||
2706 | |||
2707 | @example | ||
2708 | # su - postgres | ||
2709 | $ createuser | ||
2710 | @end example | ||
2711 | |||
2712 | @noindent | ||
2713 | and enter the name of the user running GNUnet for the role interactively. | ||
2714 | Then, when prompted, do not set it to superuser, allow the creation of | ||
2715 | databases, and do not allow the creation of new roles. | ||
2716 | |||
2717 | @item with Postgres 9.x, use: | ||
2718 | |||
2719 | @example | ||
2720 | # su - postgres | ||
2721 | $ createuser -d $GNUNET_USER | ||
2722 | @end example | ||
2723 | |||
2724 | @noindent | ||
2725 | where $GNUNET_USER is the name of the user running GNUnet. | ||
2726 | |||
2727 | @end table | ||
2728 | |||
2729 | |||
2730 | @item | ||
2731 | As that user (so typically as user "gnunet"), create a database (or two): | ||
2732 | |||
2733 | @example | ||
2734 | $ createdb gnunet | ||
2735 | # this way you can run "make check" | ||
2736 | $ createdb gnunetcheck | ||
2737 | @end example | ||
2738 | |||
2739 | @end itemize | ||
2740 | |||
2741 | Now you should be able to start @code{gnunet-arm}. | ||
2742 | |||
2743 | @node Testing the setup manually | ||
2744 | @subsection Testing the setup manually | ||
2745 | |||
2746 | You may want to try if the database connection works. First, again login | ||
2747 | as the user who will run @command{gnunet-arm}. Then use: | ||
2748 | |||
2749 | @example | ||
2750 | $ psql gnunet # or gnunetcheck | ||
2751 | gnunet=> \dt | ||
2752 | @end example | ||
2753 | |||
2754 | @noindent | ||
2755 | If, after you have started @command{gnunet-arm} at least once, you get | ||
2756 | a @code{gn090} table here, it probably works. | ||
2757 | |||
2758 | @node Configuring the datacache | ||
2759 | @subsection Configuring the datacache | ||
2760 | @c %**end of header | ||
2761 | |||
2762 | The datacache is what GNUnet uses for storing temporary data. This data is | ||
2763 | expected to be wiped completely each time GNUnet is restarted (or the | ||
2764 | system is rebooted). | ||
2765 | |||
2766 | You need to specify how many bytes GNUnet is allowed to use for the | ||
2767 | datacache using the @code{QUOTA} option in the section @code{[dhtcache]}. | ||
2768 | Furthermore, you need to specify which database backend should be used to | ||
2769 | store the data. Currently, you have the choice between | ||
2770 | sqLite, MySQL and Postgres. | ||
2771 | |||
2772 | @node Configuring the file-sharing service | ||
2773 | @subsection Configuring the file-sharing service | ||
2774 | |||
2775 | In order to use GNUnet for file-sharing, you first need to make sure | ||
2776 | that the file-sharing service is loaded. | ||
2777 | This is done by setting the @code{AUTOSTART} option in | ||
2778 | section @code{[fs]} to "YES". Alternatively, you can run | ||
2779 | |||
2780 | @example | ||
2781 | $ gnunet-arm -i fs | ||
2782 | @end example | ||
2783 | |||
2784 | @noindent | ||
2785 | to start the file-sharing service by hand. | ||
2786 | |||
2787 | Except for configuring the database and the datacache the only important | ||
2788 | option for file-sharing is content migration. | ||
2789 | |||
2790 | Content migration allows your peer to cache content from other peers as | ||
2791 | well as send out content stored on your system without explicit requests. | ||
2792 | This content replication has positive and negative impacts on both system | ||
2793 | performance and privacy. | ||
2794 | |||
2795 | FIXME: discuss the trade-offs. Here is some older text about it... | ||
2796 | |||
2797 | Setting this option to YES allows gnunetd to migrate data to the local | ||
2798 | machine. Setting this option to YES is highly recommended for efficiency. | ||
2799 | Its also the default. If you set this value to YES, GNUnet will store | ||
2800 | content on your machine that you cannot decrypt. | ||
2801 | While this may protect you from liability if the judge is sane, it may | ||
2802 | not (IANAL). If you put illegal content on your machine yourself, setting | ||
2803 | this option to YES will probably increase your chances to get away with it | ||
2804 | since you can plausibly deny that you inserted the content. | ||
2805 | Note that in either case, your anonymity would have to be broken first | ||
2806 | (which may be possible depending on the size of the GNUnet network and the | ||
2807 | strength of the adversary). | ||
2808 | |||
2809 | @node Configuring logging | ||
2810 | @subsection Configuring logging | ||
2811 | |||
2812 | Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options. | ||
2813 | Using @code{-L}, a log level can be specified. With log level | ||
2814 | @code{ERROR} only serious errors are logged. | ||
2815 | The default log level is @code{WARNING} which causes anything of | ||
2816 | concern to be logged. | ||
2817 | Log level @code{INFO} can be used to log anything that might be | ||
2818 | interesting information whereas | ||
2819 | @code{DEBUG} can be used by developers to log debugging messages | ||
2820 | (but you need to run @code{./configure} with | ||
2821 | @code{--enable-logging=verbose} to get them compiled). | ||
2822 | The @code{-l} option is used to specify the log file. | ||
2823 | |||
2824 | Since most GNUnet services are managed by @code{gnunet-arm}, using the | ||
2825 | @code{-l} or @code{-L} options directly is not possible. | ||
2826 | Instead, they can be specified using the @code{OPTIONS} configuration | ||
2827 | value in the respective section for the respective service. | ||
2828 | In order to enable logging globally without editing the @code{OPTIONS} | ||
2829 | values for each service, @command{gnunet-arm} supports a | ||
2830 | @code{GLOBAL_POSTFIX} option. | ||
2831 | The value specified here is given as an extra option to all services for | ||
2832 | which the configuration does contain a service-specific @code{OPTIONS} | ||
2833 | field. | ||
2834 | |||
2835 | @code{GLOBAL_POSTFIX} can contain the special sequence "@{@}" which | ||
2836 | is replaced by the name of the service that is being started. | ||
2837 | Furthermore, @code{GLOBAL_POSTFIX} is special in that sequences | ||
2838 | starting with "$" anywhere in the string are expanded (according | ||
2839 | to options in @code{PATHS}); this expansion otherwise is | ||
2840 | only happening for filenames and then the "$" must be the | ||
2841 | first character in the option. Both of these restrictions do | ||
2842 | not apply to @code{GLOBAL_POSTFIX}. | ||
2843 | Note that specifying @code{%} anywhere in the @code{GLOBAL_POSTFIX} | ||
2844 | disables both of these features. | ||
2845 | |||
2846 | In summary, in order to get all services to log at level | ||
2847 | @code{INFO} to log-files called @code{SERVICENAME-logs}, the | ||
2848 | following global prefix should be used: | ||
2849 | |||
2850 | @example | ||
2851 | GLOBAL_POSTFIX = -l $SERVICEHOME/@{@}-logs -L INFO | ||
2852 | @end example | ||
2853 | |||
2854 | @node Configuring the transport service and plugins | ||
2855 | @subsection Configuring the transport service and plugins | ||
2856 | |||
2857 | The transport service in GNUnet is responsible to maintain basic | ||
2858 | connectivity to other peers. | ||
2859 | Besides initiating and keeping connections alive it is also responsible | ||
2860 | for address validation. | ||
2861 | |||
2862 | The GNUnet transport supports more than one transport protocol. | ||
2863 | These protocols are configured together with the transport service. | ||
2864 | |||
2865 | The configuration section for the transport service itself is quite | ||
2866 | similar to all the other services | ||
2867 | |||
2868 | @example | ||
2869 | AUTOSTART = YES | ||
2870 | @@UNIXONLY@@ PORT = 2091 | ||
2871 | HOSTNAME = localhost | ||
2872 | HOME = $SERVICEHOME | ||
2873 | CONFIG = $DEFAULTCONFIG | ||
2874 | BINARY = gnunet-service-transport | ||
2875 | #PREFIX = valgrind | ||
2876 | NEIGHBOUR_LIMIT = 50 | ||
2877 | ACCEPT_FROM = 127.0.0.1; | ||
2878 | ACCEPT_FROM6 = ::1; | ||
2879 | PLUGINS = tcp udp | ||
2880 | UNIXPATH = /tmp/gnunet-service-transport.sock | ||
2881 | @end example | ||
2882 | |||
2883 | Different are the settings for the plugins to load @code{PLUGINS}. | ||
2884 | The first setting specifies which transport plugins to load. | ||
2885 | |||
2886 | @itemize @bullet | ||
2887 | @item transport-unix | ||
2888 | A plugin for local only communication with UNIX domain sockets. Used for | ||
2889 | testing and available on unix systems only. Just set the port | ||
2890 | |||
2891 | @example | ||
2892 | [transport-unix] | ||
2893 | PORT = 22086 | ||
2894 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2895 | @end example | ||
2896 | |||
2897 | @item transport-tcp | ||
2898 | A plugin for communication with TCP. Set port to 0 for client mode with | ||
2899 | outbound only connections | ||
2900 | |||
2901 | @example | ||
2902 | [transport-tcp] | ||
2903 | # Use 0 to ONLY advertise as a peer behind NAT (no port binding) | ||
2904 | PORT = 2086 | ||
2905 | ADVERTISED_PORT = 2086 | ||
2906 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2907 | # Maximum number of open TCP connections allowed | ||
2908 | MAX_CONNECTIONS = 128 | ||
2909 | @end example | ||
2910 | |||
2911 | @item transport-udp | ||
2912 | A plugin for communication with UDP. Supports peer discovery using | ||
2913 | broadcasts. | ||
2914 | |||
2915 | @example | ||
2916 | [transport-udp] | ||
2917 | PORT = 2086 | ||
2918 | BROADCAST = YES | ||
2919 | BROADCAST_INTERVAL = 30 s | ||
2920 | MAX_BPS = 1000000 | ||
2921 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2922 | @end example | ||
2923 | |||
2924 | @item transport-http | ||
2925 | HTTP and HTTPS support is split in two part: a client plugin initiating | ||
2926 | outbound connections and a server part accepting connections from the | ||
2927 | client. The client plugin just takes the maximum number of connections as | ||
2928 | an argument. | ||
2929 | |||
2930 | @example | ||
2931 | [transport-http_client] | ||
2932 | MAX_CONNECTIONS = 128 | ||
2933 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2934 | @end example | ||
2935 | |||
2936 | @example | ||
2937 | [transport-https_client] | ||
2938 | MAX_CONNECTIONS = 128 | ||
2939 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2940 | @end example | ||
2941 | |||
2942 | @noindent | ||
2943 | The server has a port configured and the maximum nunber of connections. | ||
2944 | The HTTPS part has two files with the certificate key and the certificate | ||
2945 | file. | ||
2946 | |||
2947 | The server plugin supports reverse proxies, so a external hostname can be | ||
2948 | set using the @code{EXTERNAL_HOSTNAME} setting. | ||
2949 | The webserver under this address should forward the request to the peer | ||
2950 | and the configure port. | ||
2951 | |||
2952 | @example | ||
2953 | [transport-http_server] | ||
2954 | EXTERNAL_HOSTNAME = fulcrum.net.in.tum.de/gnunet | ||
2955 | PORT = 1080 | ||
2956 | MAX_CONNECTIONS = 128 | ||
2957 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2958 | @end example | ||
2959 | |||
2960 | @example | ||
2961 | [transport-https_server] | ||
2962 | PORT = 4433 | ||
2963 | CRYPTO_INIT = NORMAL | ||
2964 | KEY_FILE = https.key | ||
2965 | CERT_FILE = https.cert | ||
2966 | MAX_CONNECTIONS = 128 | ||
2967 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2968 | @end example | ||
2969 | |||
2970 | @item transport-wlan | ||
2971 | |||
2972 | The next section describes how to setup the WLAN plugin, | ||
2973 | so here only the settings. Just specify the interface to use: | ||
2974 | |||
2975 | @example | ||
2976 | [transport-wlan] | ||
2977 | # Name of the interface in monitor mode (typically monX) | ||
2978 | INTERFACE = mon0 | ||
2979 | # Real hardware, no testing | ||
2980 | TESTMODE = 0 | ||
2981 | TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
2982 | @end example | ||
2983 | @end itemize | ||
2984 | |||
2985 | @node Configuring the wlan transport plugin | ||
2986 | @subsection Configuring the wlan transport plugin | ||
2987 | |||
2988 | The wlan transport plugin enables GNUnet to send and to receive data on a | ||
2989 | wlan interface. | ||
2990 | It has not to be connected to a wlan network as long as sender and | ||
2991 | receiver are on the same channel. This enables you to get connection to | ||
2992 | GNUnet where no internet access is possible, for example during | ||
2993 | catastrophes or when censorship cuts you off from the internet. | ||
2994 | |||
2995 | |||
2996 | @menu | ||
2997 | * Requirements for the WLAN plugin:: | ||
2998 | * Configuration:: | ||
2999 | * Before starting GNUnet:: | ||
3000 | * Limitations and known bugs:: | ||
3001 | @end menu | ||
3002 | |||
3003 | |||
3004 | @node Requirements for the WLAN plugin | ||
3005 | @subsubsection Requirements for the WLAN plugin | ||
3006 | |||
3007 | @itemize @bullet | ||
3008 | |||
3009 | @item wlan network card with monitor support and packet injection | ||
3010 | (see @uref{http://www.aircrack-ng.org/, aircrack-ng.org}) | ||
3011 | |||
3012 | @item Linux kernel with mac80211 stack, introduced in 2.6.22, tested with | ||
3013 | 2.6.35 and 2.6.38 | ||
3014 | |||
3015 | @item Wlantools to create the a monitor interface, tested with airmon-ng | ||
3016 | of the aircrack-ng package | ||
3017 | @end itemize | ||
3018 | |||
3019 | @node Configuration | ||
3020 | @subsubsection Configuration | ||
3021 | |||
3022 | There are the following options for the wlan plugin (they should be like | ||
3023 | this in your default config file, you only need to adjust them if the | ||
3024 | values are incorrect for your system) | ||
3025 | |||
3026 | @example | ||
3027 | # section for the wlan transport plugin | ||
3028 | [transport-wlan] | ||
3029 | # interface to use, more information in the | ||
3030 | # "Before starting GNUnet" section of the handbook. | ||
3031 | INTERFACE = mon0 | ||
3032 | # testmode for developers: | ||
3033 | # 0 use wlan interface, | ||
3034 | #1 or 2 use loopback driver for tests 1 = server, 2 = client | ||
3035 | TESTMODE = 0 | ||
3036 | @end example | ||
3037 | |||
3038 | @node Before starting GNUnet | ||
3039 | @subsubsection Before starting GNUnet | ||
3040 | |||
3041 | Before starting GNUnet, you have to make sure that your wlan interface is | ||
3042 | in monitor mode. | ||
3043 | One way to put the wlan interface into monitor mode (if your interface | ||
3044 | name is wlan0) is by executing: | ||
3045 | |||
3046 | @example | ||
3047 | sudo airmon-ng start wlan0 | ||
3048 | @end example | ||
3049 | |||
3050 | @noindent | ||
3051 | Here is an example what the result should look like: | ||
3052 | |||
3053 | @example | ||
3054 | Interface Chipset Driver | ||
3055 | wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0] | ||
3056 | (monitor mode enabled on mon0) | ||
3057 | @end example | ||
3058 | |||
3059 | @noindent | ||
3060 | The monitor interface is mon0 is the one that you have to put into the | ||
3061 | configuration file. | ||
3062 | |||
3063 | @node Limitations and known bugs | ||
3064 | @subsubsection Limitations and known bugs | ||
3065 | |||
3066 | Wlan speed is at the maximum of 1 Mbit/s because support for choosing the | ||
3067 | wlan speed with packet injection was removed in newer kernels. | ||
3068 | Please pester the kernel developers about fixing this. | ||
3069 | |||
3070 | The interface channel depends on the wlan network that the card is | ||
3071 | connected to. If no connection has been made since the start of the | ||
3072 | computer, it is usually the first channel of the card. | ||
3073 | Peers will only find each other and communicate if they are on the same | ||
3074 | channel. Channels must be set manually, i.e. using: | ||
3075 | |||
3076 | @example | ||
3077 | iwconfig wlan0 channel 1 | ||
3078 | @end example | ||
3079 | |||
3080 | @node Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
3081 | @subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
3082 | |||
3083 | The HTTP plugin supports data transfer using reverse proxies. A reverse | ||
3084 | proxy forwards the HTTP request he receives with a certain URL to another | ||
3085 | webserver, here a GNUnet peer. | ||
3086 | |||
3087 | So if you have a running Apache or nginx webserver you can configure it to | ||
3088 | be a GNUnet reverse proxy. Especially if you have a well-known webiste | ||
3089 | this improves censorship resistance since it looks as normal surfing | ||
3090 | behaviour. | ||
3091 | |||
3092 | To do so, you have to do two things: | ||
3093 | |||
3094 | @itemize @bullet | ||
3095 | @item Configure your webserver to forward the GNUnet HTTP traffic | ||
3096 | @item Configure your GNUnet peer to announce the respective address | ||
3097 | @end itemize | ||
3098 | |||
3099 | As an example we want to use GNUnet peer running: | ||
3100 | |||
3101 | @itemize @bullet | ||
3102 | |||
3103 | @item HTTP server plugin on @code{gnunet.foo.org:1080} | ||
3104 | |||
3105 | @item HTTPS server plugin on @code{gnunet.foo.org:4433} | ||
3106 | |||
3107 | @item A apache or nginx webserver on | ||
3108 | @uref{http://www.foo.org/, http://www.foo.org:80/} | ||
3109 | |||
3110 | @item A apache or nginx webserver on https://www.foo.org:443/ | ||
3111 | @end itemize | ||
3112 | |||
3113 | And we want the webserver to accept GNUnet traffic under | ||
3114 | @code{http://www.foo.org/bar/}. The required steps are described here: | ||
3115 | |||
3116 | @menu | ||
3117 | * Reverse Proxy - Configure your Apache2 HTTP webserver:: | ||
3118 | * Reverse Proxy - Configure your Apache2 HTTPS webserver:: | ||
3119 | * Reverse Proxy - Configure your nginx HTTPS webserver:: | ||
3120 | * Reverse Proxy - Configure your nginx HTTP webserver:: | ||
3121 | * Reverse Proxy - Configure your GNUnet peer:: | ||
3122 | @end menu | ||
3123 | |||
3124 | @node Reverse Proxy - Configure your Apache2 HTTP webserver | ||
3125 | @subsubsection Reverse Proxy - Configure your Apache2 HTTP webserver | ||
3126 | |||
3127 | First of all you need mod_proxy installed. | ||
3128 | |||
3129 | Edit your webserver configuration. Edit | ||
3130 | @code{/etc/apache2/apache2.conf} or the site-specific configuration file. | ||
3131 | |||
3132 | In the respective @code{server config},@code{virtual host} or | ||
3133 | @code{directory} section add the following lines: | ||
3134 | |||
3135 | @example | ||
3136 | ProxyTimeout 300 | ||
3137 | ProxyRequests Off | ||
3138 | <Location /bar/ > | ||
3139 | ProxyPass http://gnunet.foo.org:1080/ | ||
3140 | ProxyPassReverse http://gnunet.foo.org:1080/ | ||
3141 | </Location> | ||
3142 | @end example | ||
3143 | |||
3144 | @node Reverse Proxy - Configure your Apache2 HTTPS webserver | ||
3145 | @subsubsection Reverse Proxy - Configure your Apache2 HTTPS webserver | ||
3146 | |||
3147 | We assume that you already have an HTTPS server running, if not please | ||
3148 | check how to configure a HTTPS host. An uncomplicated to use example | ||
3149 | is the example configuration file for Apache2/HTTPD provided in | ||
3150 | @file{apache2/sites-available/default-ssl}. | ||
3151 | |||
3152 | In the respective HTTPS @code{server config},@code{virtual host} or | ||
3153 | @code{directory} section add the following lines: | ||
3154 | |||
3155 | @example | ||
3156 | SSLProxyEngine On | ||
3157 | ProxyTimeout 300 | ||
3158 | ProxyRequests Off | ||
3159 | <Location /bar/ > | ||
3160 | ProxyPass https://gnunet.foo.org:4433/ | ||
3161 | ProxyPassReverse https://gnunet.foo.org:4433/ | ||
3162 | </Location> | ||
3163 | @end example | ||
3164 | |||
3165 | @noindent | ||
3166 | More information about the apache mod_proxy configuration can be found | ||
3167 | in the Apache documentation@footnote{@uref{http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass, http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass}} | ||
3168 | |||
3169 | @node Reverse Proxy - Configure your nginx HTTPS webserver | ||
3170 | @subsubsection Reverse Proxy - Configure your nginx HTTPS webserver | ||
3171 | |||
3172 | Since nginx does not support chunked encoding, you first of all have to | ||
3173 | install the @code{chunkin} module@footnote{@uref{http://wiki.nginx.org/HttpChunkinModule, http://wiki.nginx.org/HttpChunkinModule}} | ||
3174 | |||
3175 | To enable chunkin add: | ||
3176 | |||
3177 | @example | ||
3178 | chunkin on; | ||
3179 | error_page 411 = @@my_411_error; | ||
3180 | location @@my_411_error @{ | ||
3181 | chunkin_resume; | ||
3182 | @} | ||
3183 | @end example | ||
3184 | |||
3185 | @noindent | ||
3186 | Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or | ||
3187 | the site-specific configuration file. | ||
3188 | |||
3189 | In the @code{server} section add: | ||
3190 | |||
3191 | @example | ||
3192 | location /bar/ @{ | ||
3193 | proxy_pass http://gnunet.foo.org:1080/; | ||
3194 | proxy_buffering off; | ||
3195 | proxy_connect_timeout 5; # more than http_server | ||
3196 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout | ||
3197 | proxy_http_version 1.1; # 1.0 default | ||
3198 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504; | ||
3199 | @} | ||
3200 | @end example | ||
3201 | |||
3202 | @node Reverse Proxy - Configure your nginx HTTP webserver | ||
3203 | @subsubsection Reverse Proxy - Configure your nginx HTTP webserver | ||
3204 | |||
3205 | Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or | ||
3206 | the site-specific configuration file. | ||
3207 | |||
3208 | In the @code{server} section add: | ||
3209 | |||
3210 | @example | ||
3211 | ssl_session_timeout 6m; | ||
3212 | location /bar/ | ||
3213 | @{ | ||
3214 | proxy_pass https://gnunet.foo.org:4433/; | ||
3215 | proxy_buffering off; | ||
3216 | proxy_connect_timeout 5; # more than http_server | ||
3217 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout | ||
3218 | proxy_http_version 1.1; # 1.0 default | ||
3219 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504; | ||
3220 | @} | ||
3221 | @end example | ||
3222 | |||
3223 | @node Reverse Proxy - Configure your GNUnet peer | ||
3224 | @subsubsection Reverse Proxy - Configure your GNUnet peer | ||
3225 | |||
3226 | To have your GNUnet peer announce the address, you have to specify the | ||
3227 | @code{EXTERNAL_HOSTNAME} option in the @code{[transport-http_server]} | ||
3228 | section: | ||
3229 | |||
3230 | @example | ||
3231 | [transport-http_server] | ||
3232 | EXTERNAL_HOSTNAME = http://www.foo.org/bar/ | ||
3233 | @end example | ||
3234 | |||
3235 | @noindent | ||
3236 | and/or @code{[transport-https_server]} section: | ||
3237 | |||
3238 | @example | ||
3239 | [transport-https_server] | ||
3240 | EXTERNAL_HOSTNAME = https://www.foo.org/bar/ | ||
3241 | @end example | ||
3242 | |||
3243 | @noindent | ||
3244 | Now restart your webserver and your peer... | ||
3245 | |||
3246 | @node Blacklisting peers | ||
3247 | @subsection Blacklisting peers | ||
3248 | |||
3249 | Transport service supports to deny connecting to a specific peer of to a | ||
3250 | specific peer with a specific transport plugin using te blacklisting | ||
3251 | component of transport service. With@ blacklisting it is possible to deny | ||
3252 | connections to specific peers of@ to use a specific plugin to a specific | ||
3253 | peer. Peers can be blacklisted using@ the configuration or a blacklist | ||
3254 | client can be asked. | ||
3255 | |||
3256 | To blacklist peers using the configuration you have to add a section to | ||
3257 | your configuration containing the peer id of the peer to blacklist and | ||
3258 | the plugin@ if required. | ||
3259 | |||
3260 | Examples: | ||
3261 | |||
3262 | To blacklist connections to P565... on peer AG2P... using tcp add: | ||
3263 | |||
3264 | @c FIXME: This is too long and produces errors in the pdf. | ||
3265 | @example | ||
3266 | [transport-blacklist AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520] | ||
3267 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp | ||
3268 | @end example | ||
3269 | |||
3270 | To blacklist connections to P565... on peer AG2P... using all plugins add: | ||
3271 | |||
3272 | @example | ||
3273 | [transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520] | ||
3274 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = | ||
3275 | @end example | ||
3276 | |||
3277 | You can also add a blacklist client usign the blacklist API. On a | ||
3278 | blacklist check, blacklisting first checks internally if the peer is | ||
3279 | blacklisted and if not, it asks the blacklisting clients. Clients are | ||
3280 | asked if it is OK to connect to a peer ID, the plugin is omitted. | ||
3281 | |||
3282 | On blacklist check for (peer, plugin) | ||
3283 | @itemize @bullet | ||
3284 | @item Do we have a local blacklist entry for this peer and this plugin?@ | ||
3285 | @item YES: disallow connection@ | ||
3286 | @item Do we have a local blacklist entry for this peer and all plugins?@ | ||
3287 | @item YES: disallow connection@ | ||
3288 | @item Does one of the clients disallow?@ | ||
3289 | @item YES: disallow connection | ||
3290 | @end itemize | ||
3291 | |||
3292 | @node Configuration of the HTTP and HTTPS transport plugins | ||
3293 | @subsection Configuration of the HTTP and HTTPS transport plugins | ||
3294 | |||
3295 | The client parts of the http and https transport plugins can be configured | ||
3296 | to use a proxy to connect to the hostlist server. This functionality can | ||
3297 | be configured in the configuration file directly or using the | ||
3298 | gnunet-setup tool. | ||
3299 | |||
3300 | Both the HTTP and HTTPS clients support the following proxy types at | ||
3301 | the moment: | ||
3302 | |||
3303 | @itemize @bullet | ||
3304 | @item HTTP 1.1 proxy | ||
3305 | @item SOCKS 4/4a/5/5 with hostname | ||
3306 | @end itemize | ||
3307 | |||
3308 | In addition authentication at the proxy with username and password can be | ||
3309 | configured. | ||
3310 | |||
3311 | To configure proxy support for the clients in the gnunet-setup tool, | ||
3312 | select the "transport" tab and activate the respective plugin. Now you | ||
3313 | can select the appropriate proxy type. The hostname or IP address | ||
3314 | (including port if required) has to be entered in the "Proxy hostname" | ||
3315 | textbox. If required, enter username and password in the "Proxy username" | ||
3316 | and "Proxy password" boxes. Be aware that these information will be stored | ||
3317 | in the configuration in plain text. | ||
3318 | |||
3319 | To configure these options directly in the configuration, you can | ||
3320 | configure the following settings in the @code{[transport-http_client]} | ||
3321 | and @code{[transport-https_client]} section of the configuration: | ||
3322 | |||
3323 | @example | ||
3324 | # Type of proxy server, | ||
3325 | # Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME | ||
3326 | # Default: HTTP | ||
3327 | # PROXY_TYPE = HTTP | ||
3328 | |||
3329 | # Hostname or IP of proxy server | ||
3330 | # PROXY = | ||
3331 | # User name for proxy server | ||
3332 | # PROXY_USERNAME = | ||
3333 | # User password for proxy server | ||
3334 | # PROXY_PASSWORD = | ||
3335 | @end example | ||
3336 | |||
3337 | @node Configuring the GNU Name System | ||
3338 | @subsection Configuring the GNU Name System | ||
3339 | |||
3340 | @menu | ||
3341 | * Configuring system-wide DNS interception:: | ||
3342 | * Configuring the GNS nsswitch plugin:: | ||
3343 | * Configuring GNS on W32:: | ||
3344 | * GNS Proxy Setup:: | ||
3345 | * Setup of the GNS CA:: | ||
3346 | * Testing the GNS setup:: | ||
3347 | @end menu | ||
3348 | |||
3349 | |||
3350 | @node Configuring system-wide DNS interception | ||
3351 | @subsubsection Configuring system-wide DNS interception | ||
3352 | |||
3353 | Before you install GNUnet, make sure you have a user and group 'gnunet' | ||
3354 | as well as an empty group 'gnunetdns'. | ||
3355 | |||
3356 | When using GNUnet with system-wide DNS interception, it is absolutely | ||
3357 | necessary for all GNUnet service processes to be started by | ||
3358 | @code{gnunet-service-arm} as user and group 'gnunet'. You also need to be | ||
3359 | sure to run @code{make install} as root (or use the @code{sudo} option to | ||
3360 | configure) to grant GNUnet sufficient privileges. | ||
3361 | |||
3362 | With this setup, all that is required for enabling system-wide DNS | ||
3363 | interception is for some GNUnet component (VPN or GNS) to request it. | ||
3364 | The @code{gnunet-service-dns} will then start helper programs that will | ||
3365 | make the necessary changes to your firewall (@code{iptables}) rules. | ||
3366 | |||
3367 | Note that this will NOT work if your system sends out DNS traffic to a | ||
3368 | link-local IPv6 address, as in this case GNUnet can intercept the traffic, | ||
3369 | but not inject the responses from the link-local IPv6 address. Hence you | ||
3370 | cannot use system-wide DNS interception in conjunction with link-local | ||
3371 | IPv6-based DNS servers. If such a DNS server is used, it will bypass | ||
3372 | GNUnet's DNS traffic interception. | ||
3373 | |||
3374 | Using the GNU Name System (GNS) requires two different configuration | ||
3375 | steps. | ||
3376 | First of all, GNS needs to be integrated with the operating system. Most | ||
3377 | of this section is about the operating system level integration. | ||
3378 | |||
3379 | The remainder of this chapter will detail the various methods for | ||
3380 | configuring the use of GNS with your operating system. | ||
3381 | |||
3382 | At this point in time you have different options depending on your OS: | ||
3383 | |||
3384 | @table @asis | ||
3385 | |||
3386 | @item Use the gnunet-gns-proxy This approach works for all operating | ||
3387 | systems and is likely the easiest. However, it enables GNS only for | ||
3388 | browsers, not for other applications that might be using DNS, such as SSH. | ||
3389 | Still, using the proxy is required for using HTTP with GNS and is thus | ||
3390 | recommended for all users. To do this, you simply have to run the | ||
3391 | @code{gnunet-gns-proxy-setup-ca} script as the user who will run the | ||
3392 | browser (this will create a GNS certificate authority (CA) on your system | ||
3393 | and import its key into your browser), then start @code{gnunet-gns-proxy} | ||
3394 | and inform your browser to use the Socks5 proxy which | ||
3395 | @code{gnunet-gns-proxy} makes available by default on port 7777. | ||
3396 | @item Use a nsswitch plugin (recommended on GNU systems) | ||
3397 | This approach has the advantage of offering fully personalized resolution | ||
3398 | even on multi-user systems. A potential disadvantage is that some | ||
3399 | applications might be able to bypass GNS. | ||
3400 | @item Use a W32 resolver plugin (recommended on W32) | ||
3401 | This is currently the only option on W32 systems. | ||
3402 | @item Use system-wide DNS packet interception | ||
3403 | This approach is recommended for the GNUnet VPN. It can be used to handle | ||
3404 | GNS at the same time; however, if you only use this method, you will only | ||
3405 | get one root zone per machine (not so great for multi-user systems). | ||
3406 | @end table | ||
3407 | |||
3408 | You can combine system-wide DNS packet interception with the nsswitch | ||
3409 | plugin. | ||
3410 | The setup of the system-wide DNS interception is described here. All of | ||
3411 | the other GNS-specific configuration steps are described in the following | ||
3412 | sections. | ||
3413 | |||
3414 | @node Configuring the GNS nsswitch plugin | ||
3415 | @subsubsection Configuring the GNS nsswitch plugin | ||
3416 | |||
3417 | The Name Service Switch (NSS) is a facility in Unix-like operating systems | ||
3418 | @footnote{More accurate: NSS is a functionality of the GNU C Library} | ||
3419 | that provides a variety of sources for common configuration databases and | ||
3420 | name resolution mechanisms. | ||
3421 | A superuser (system administrator) usually configures the | ||
3422 | operating system's name services using the file | ||
3423 | @file{/etc/nsswitch.conf}. | ||
3424 | |||
3425 | GNS provides a NSS plugin to integrate GNS name resolution with the | ||
3426 | operating system's name resolution process. | ||
3427 | To use the GNS NSS plugin you have to either | ||
3428 | |||
3429 | @itemize @bullet | ||
3430 | @item install GNUnet as root or | ||
3431 | @item compile GNUnet with the @code{--with-sudo=yes} switch. | ||
3432 | @end itemize | ||
3433 | |||
3434 | Name resolution is controlled by the @emph{hosts} section in the NSS | ||
3435 | configuration. By default this section first performs a lookup in the | ||
3436 | @file{/etc/hosts} file and then in DNS. | ||
3437 | The nsswitch file should contain a line similar to: | ||
3438 | |||
3439 | @example | ||
3440 | hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4 | ||
3441 | @end example | ||
3442 | |||
3443 | @noindent | ||
3444 | Here the GNS NSS plugin can be added to perform a GNS lookup before | ||
3445 | performing a DNS lookup. | ||
3446 | The GNS NSS plugin has to be added to the "hosts" section in | ||
3447 | @file{/etc/nsswitch.conf} file before DNS related plugins: | ||
3448 | |||
3449 | @example | ||
3450 | ... | ||
3451 | hosts: files gns [NOTFOUND=return] dns mdns4_minimal mdns4 | ||
3452 | ... | ||
3453 | @end example | ||
3454 | |||
3455 | @noindent | ||
3456 | The @code{NOTFOUND=return} will ensure that if a @code{.gnu} name is not | ||
3457 | found in GNS it will not be queried in DNS. | ||
3458 | |||
3459 | @node Configuring GNS on W32 | ||
3460 | @subsubsection Configuring GNS on W32 | ||
3461 | |||
3462 | This document is a guide to configuring GNU Name System on W32-compatible | ||
3463 | platforms. | ||
3464 | |||
3465 | After GNUnet is installed, run the w32nsp-install tool: | ||
3466 | |||
3467 | @example | ||
3468 | w32nsp-install.exe libw32nsp-0.dll | ||
3469 | @end example | ||
3470 | |||
3471 | @noindent | ||
3472 | ('0' is the library version of W32 NSP; it might increase in the future, | ||
3473 | change the invocation accordingly). | ||
3474 | |||
3475 | This will install GNS namespace provider into the system and allow other | ||
3476 | applications to resolve names that end in '@strong{gnu}' | ||
3477 | and '@strong{zkey}'. Note that namespace provider requires | ||
3478 | gnunet-gns-helper-service-w32 to be running, as well as gns service | ||
3479 | itself (and its usual dependencies). | ||
3480 | |||
3481 | Namespace provider is hardcoded to connect to @strong{127.0.0.1:5353}, | ||
3482 | and this is where gnunet-gns-helper-service-w32 should be listening to | ||
3483 | (and is configured to listen to by default). | ||
3484 | |||
3485 | To uninstall the provider, run: | ||
3486 | |||
3487 | @example | ||
3488 | w32nsp-uninstall.exe | ||
3489 | @end example | ||
3490 | |||
3491 | @noindent | ||
3492 | (uses provider GUID to uninstall it, does not need a dll name). | ||
3493 | |||
3494 | Note that while MSDN claims that other applications will only be able to | ||
3495 | use the new namespace provider after re-starting, in reality they might | ||
3496 | stat to use it without that. Conversely, they might stop using the | ||
3497 | provider after it's been uninstalled, even if they were not re-started. | ||
3498 | W32 will not permit namespace provider library to be deleted or | ||
3499 | overwritten while the provider is installed, and while there is at least | ||
3500 | one process still using it (even after it was uninstalled). | ||
3501 | |||
3502 | @node GNS Proxy Setup | ||
3503 | @subsubsection GNS Proxy Setup | ||
3504 | |||
3505 | When using the GNU Name System (GNS) to browse the WWW, there are several | ||
3506 | issues that can be solved by adding the GNS Proxy to your setup: | ||
3507 | |||
3508 | @itemize @bullet | ||
3509 | |||
3510 | @item If the target website does not support GNS, it might assume that it | ||
3511 | is operating under some name in the legacy DNS system (such as | ||
3512 | example.com). It may then attempt to set cookies for that domain, and the | ||
3513 | web server might expect a @code{Host: example.com} header in the request | ||
3514 | from your browser. | ||
3515 | However, your browser might be using @code{example.gnu} for the | ||
3516 | @code{Host} header and might only accept (and send) cookies for | ||
3517 | @code{example.gnu}. The GNS Proxy will perform the necessary translations | ||
3518 | of the hostnames for cookies and HTTP headers (using the LEHO record for | ||
3519 | the target domain as the desired substitute). | ||
3520 | |||
3521 | @item If using HTTPS, the target site might include an SSL certificate | ||
3522 | which is either only valid for the LEHO domain or might match a TLSA | ||
3523 | record in GNS. However, your browser would expect a valid certificate for | ||
3524 | @code{example.gnu}, not for some legacy domain name. The proxy will | ||
3525 | validate the certificate (either against LEHO or TLSA) and then | ||
3526 | on-the-fly produce a valid certificate for the exchange, signed by your | ||
3527 | own CA. Assuming you installed the CA of your proxy in your browser's | ||
3528 | certificate authority list, your browser will then trust the | ||
3529 | HTTPS/SSL/TLS connection, as the hostname mismatch is hidden by the proxy. | ||
3530 | |||
3531 | @item Finally, the proxy will in the future indicate to the server that it | ||
3532 | speaks GNS, which will enable server operators to deliver GNS-enabled web | ||
3533 | sites to your browser (and continue to deliver legacy links to legacy | ||
3534 | browsers) | ||
3535 | @end itemize | ||
3536 | |||
3537 | @node Setup of the GNS CA | ||
3538 | @subsubsection Setup of the GNS CA | ||
3539 | |||
3540 | First you need to create a CA certificate that the proxy can use. | ||
3541 | To do so use the provided script gnunet-gns-proxy-ca: | ||
3542 | |||
3543 | @example | ||
3544 | $ gnunet-gns-proxy-setup-ca | ||
3545 | @end example | ||
3546 | |||
3547 | @noindent | ||
3548 | This will create a personal certification authority for you and add this | ||
3549 | authority to the firefox and chrome database. The proxy will use the this | ||
3550 | CA certificate to generate @code{*.gnu} client certificates on the fly. | ||
3551 | |||
3552 | Note that the proxy uses libcurl. Make sure your version of libcurl uses | ||
3553 | GnuTLS and NOT OpenSSL. The proxy will @b{not} work with libcurl compiled | ||
3554 | against OpenSSL. | ||
3555 | |||
3556 | You can check the configuration your libcurl was build with by | ||
3557 | running: | ||
3558 | |||
3559 | @example | ||
3560 | curl --version | ||
3561 | @end example | ||
3562 | |||
3563 | the output will look like this (without the linebreaks): | ||
3564 | |||
3565 | @example | ||
3566 | gnurl --version | ||
3567 | curl 7.56.0 (x86_64-unknown-linux-gnu) libcurl/7.56.0 \ | ||
3568 | GnuTLS/3.5.13 zlib/1.2.11 libidn2/2.0.4 | ||
3569 | Release-Date: 2017-10-08 | ||
3570 | Protocols: http https | ||
3571 | Features: AsynchDNS IDN IPv6 Largefile NTLM SSL libz \ | ||
3572 | TLS-SRP UnixSockets HTTPS-proxy | ||
3573 | @end example | ||
3574 | |||
3575 | @node Testing the GNS setup | ||
3576 | @subsubsection Testing the GNS setup | ||
3577 | |||
3578 | Now for testing purposes we can create some records in our zone to test | ||
3579 | the SSL functionality of the proxy: | ||
3580 | |||
3581 | @example | ||
3582 | $ gnunet-identity -C test | ||
3583 | $ gnunet-namestore -a -e "1 d" -n "homepage" \ | ||
3584 | -t A -V 131.159.74.67 -z test | ||
3585 | $ gnunet-namestore -a -e "1 d" -n "homepage" \ | ||
3586 | -t LEHO -V "gnunet.org" -z test | ||
3587 | @end example | ||
3588 | |||
3589 | @noindent | ||
3590 | At this point we can start the proxy. Simply execute | ||
3591 | |||
3592 | @example | ||
3593 | $ gnunet-gns-proxy | ||
3594 | @end example | ||
3595 | |||
3596 | @noindent | ||
3597 | Configure your browser to use this SOCKSv5 proxy on port 7777 and visit | ||
3598 | this link. | ||
3599 | If you use @command{Firefox} (or one of its deriviates/forks such as | ||
3600 | Icecat) you also have to go to @code{about:config} and set the key | ||
3601 | @code{network.proxy.socks_remote_dns} to @code{true}. | ||
3602 | |||
3603 | When you visit @code{https://homepage.test/}, you should get to the | ||
3604 | @code{https://gnunet.org/} frontpage and the browser (with the correctly | ||
3605 | configured proxy) should give you a valid SSL certificate for | ||
3606 | @code{homepage.gnu} and no warnings. It should look like this: | ||
3607 | |||
3608 | @c FIXME: Image does not exist, create it or save it from Drupal? | ||
3609 | @c @image{images/gnunethpgns.png,5in,, picture of homepage.gnu in Webbrowser} | ||
3610 | |||
3611 | |||
3612 | @node Configuring the GNUnet VPN | ||
3613 | @subsection Configuring the GNUnet VPN | ||
3614 | |||
3615 | @menu | ||
3616 | * IPv4 address for interface:: | ||
3617 | * IPv6 address for interface:: | ||
3618 | * Configuring the GNUnet VPN DNS:: | ||
3619 | * Configuring the GNUnet VPN Exit Service:: | ||
3620 | * IP Address of external DNS resolver:: | ||
3621 | * IPv4 address for Exit interface:: | ||
3622 | * IPv6 address for Exit interface:: | ||
3623 | @end menu | ||
3624 | |||
3625 | Before configuring the GNUnet VPN, please make sure that system-wide DNS | ||
3626 | interception is configured properly as described in the section on the | ||
3627 | GNUnet DNS setup. @pxref{Configuring the GNU Name System}, | ||
3628 | if you haven't done so already. | ||
3629 | |||
3630 | The default options for the GNUnet VPN are usually sufficient to use | ||
3631 | GNUnet as a Layer 2 for your Internet connection. | ||
3632 | However, what you always have to specify is which IP protocol you want | ||
3633 | to tunnel: IPv4, IPv6 or both. | ||
3634 | Furthermore, if you tunnel both, you most likely should also tunnel | ||
3635 | all of your DNS requests. | ||
3636 | You theoretically can tunnel "only" your DNS traffic, but that usually | ||
3637 | makes little sense. | ||
3638 | |||
3639 | The other options as shown on the gnunet-setup tool are: | ||
3640 | |||
3641 | @node IPv4 address for interface | ||
3642 | @subsubsection IPv4 address for interface | ||
3643 | |||
3644 | This is the IPv4 address the VPN interface will get. You should pick an | ||
3645 | 'private' IPv4 network that is not yet in use for you system. For example, | ||
3646 | if you use @code{10.0.0.1/255.255.0.0} already, you might use | ||
3647 | @code{10.1.0.1/255.255.0.0}. | ||
3648 | If you use @code{10.0.0.1/255.0.0.0} already, then you might use | ||
3649 | @code{192.168.0.1/255.255.0.0}. | ||
3650 | If your system is not in a private IP-network, using any of the above will | ||
3651 | work fine. | ||
3652 | You should try to make the mask of the address big enough | ||
3653 | (@code{255.255.0.0} or, even better, @code{255.0.0.0}) to allow more | ||
3654 | mappings of remote IP Addresses into this range. | ||
3655 | However, even a @code{255.255.255.0} mask will suffice for most users. | ||
3656 | |||
3657 | @node IPv6 address for interface | ||
3658 | @subsubsection IPv6 address for interface | ||
3659 | |||
3660 | The IPv6 address the VPN interface will get. Here you can specify any | ||
3661 | non-link-local address (the address should not begin with @code{fe80:}). | ||
3662 | A subnet Unique Local Unicast (@code{fd00::/8} prefix) that you are | ||
3663 | currently not using would be a good choice. | ||
3664 | |||
3665 | @node Configuring the GNUnet VPN DNS | ||
3666 | @subsubsection Configuring the GNUnet VPN DNS | ||
3667 | |||
3668 | To resolve names for remote nodes, activate the DNS exit option. | ||
3669 | |||
3670 | @node Configuring the GNUnet VPN Exit Service | ||
3671 | @subsubsection Configuring the GNUnet VPN Exit Service | ||
3672 | |||
3673 | If you want to allow other users to share your Internet connection (yes, | ||
3674 | this may be dangerous, just as running a Tor exit node) or want to | ||
3675 | provide access to services on your host (this should be less dangerous, | ||
3676 | as long as those services are secure), you have to enable the GNUnet exit | ||
3677 | daemon. | ||
3678 | |||
3679 | You then get to specify which exit functions you want to provide. By | ||
3680 | enabling the exit daemon, you will always automatically provide exit | ||
3681 | functions for manually configured local services (this component of the | ||
3682 | system is under | ||
3683 | development and not documented further at this time). As for those | ||
3684 | services you explicitly specify the target IP address and port, there is | ||
3685 | no significant security risk in doing so. | ||
3686 | |||
3687 | Furthermore, you can serve as a DNS, IPv4 or IPv6 exit to the Internet. | ||
3688 | Being a DNS exit is usually pretty harmless. However, enabling IPv4 or | ||
3689 | IPv6-exit without further precautions may enable adversaries to access | ||
3690 | your local network, send spam, attack other systems from your Internet | ||
3691 | connection and to other mischief that will appear to come from your | ||
3692 | machine. This may or may not get you into legal trouble. | ||
3693 | If you want to allow IPv4 or IPv6-exit functionality, you should strongly | ||
3694 | consider adding additional firewall rules manually to protect your local | ||
3695 | network and to restrict outgoing TCP traffic (i.e. by not allowing access | ||
3696 | to port 25). While we plan to improve exit-filtering in the future, | ||
3697 | you're currently on your own here. | ||
3698 | Essentially, be prepared for any kind of IP-traffic to exit the respective | ||
3699 | TUN interface (and GNUnet will enable IP-forwarding and NAT for the | ||
3700 | interface automatically). | ||
3701 | |||
3702 | Additional configuration options of the exit as shown by the gnunet-setup | ||
3703 | tool are: | ||
3704 | |||
3705 | @node IP Address of external DNS resolver | ||
3706 | @subsubsection IP Address of external DNS resolver | ||
3707 | |||
3708 | If DNS traffic is to exit your machine, it will be send to this DNS | ||
3709 | resolver. You can specify an IPv4 or IPv6 address. | ||
3710 | |||
3711 | @node IPv4 address for Exit interface | ||
3712 | @subsubsection IPv4 address for Exit interface | ||
3713 | |||
3714 | This is the IPv4 address the Interface will get. Make the mask of the | ||
3715 | address big enough (255.255.0.0 or, even better, 255.0.0.0) to allow more | ||
3716 | mappings of IP addresses into this range. As for the VPN interface, any | ||
3717 | unused, private IPv4 address range will do. | ||
3718 | |||
3719 | @node IPv6 address for Exit interface | ||
3720 | @subsubsection IPv6 address for Exit interface | ||
3721 | |||
3722 | The public IPv6 address the interface will get. If your kernel is not a | ||
3723 | very recent kernel and you are willing to manually enable IPv6-NAT, the | ||
3724 | IPv6 address you specify here must be a globally routed IPv6 address of | ||
3725 | your host. | ||
3726 | |||
3727 | Suppose your host has the address @code{2001:4ca0::1234/64}, then | ||
3728 | using @code{2001:4ca0::1:0/112} would be fine (keep the first 64 bits, | ||
3729 | then change at least one bit in the range before the bitmask, in the | ||
3730 | example above we changed bit 111 from 0 to 1). | ||
3731 | |||
3732 | You may also have to configure your router to route traffic for the entire | ||
3733 | subnet (@code{2001:4ca0::1:0/112} for example) through your computer (this | ||
3734 | should be automatic with IPv6, but obviously anything can be | ||
3735 | disabled). | ||
3736 | |||
3737 | @node Bandwidth Configuration | ||
3738 | @subsection Bandwidth Configuration | ||
3739 | |||
3740 | You can specify how many bandwidth GNUnet is allowed to use to receive | ||
3741 | and send data. This is important for users with limited bandwidth or | ||
3742 | traffic volume. | ||
3743 | |||
3744 | @node Configuring NAT | ||
3745 | @subsection Configuring NAT | ||
3746 | |||
3747 | Most hosts today do not have a normal global IP address but instead are | ||
3748 | behind a router performing Network Address Translation (NAT) which assigns | ||
3749 | each host in the local network a private IP address. | ||
3750 | As a result, these machines cannot trivially receive inbound connections | ||
3751 | from the Internet. GNUnet supports NAT traversal to enable these machines | ||
3752 | to receive incoming connections from other peers despite their | ||
3753 | limitations. | ||
3754 | |||
3755 | In an ideal world, you can press the "Attempt automatic configuration" | ||
3756 | button in gnunet-setup to automatically configure your peer correctly. | ||
3757 | Alternatively, your distribution might have already triggered this | ||
3758 | automatic configuration during the installation process. | ||
3759 | However, automatic configuration can fail to determine the optimal | ||
3760 | settings, resulting in your peer either not receiving as many connections | ||
3761 | as possible, or in the worst case it not connecting to the network at all. | ||
3762 | |||
3763 | To manually configure the peer, you need to know a few things about your | ||
3764 | network setup. First, determine if you are behind a NAT in the first | ||
3765 | place. | ||
3766 | This is always the case if your IP address starts with "10.*" or | ||
3767 | "192.168.*". Next, if you have control over your NAT router, you may | ||
3768 | choose to manually configure it to allow GNUnet traffic to your host. | ||
3769 | If you have configured your NAT to forward traffic on ports 2086 (and | ||
3770 | possibly 1080) to your host, you can check the "NAT ports have been opened | ||
3771 | manually" option, which corresponds to the "PUNCHED_NAT" option in the | ||
3772 | configuration file. If you did not punch your NAT box, it may still be | ||
3773 | configured to support UPnP, which allows GNUnet to automatically | ||
3774 | configure it. In that case, you need to install the "upnpc" command, | ||
3775 | enable UPnP (or PMP) on your NAT box and set the "Enable NAT traversal | ||
3776 | via UPnP or PMP" option (corresponding to "ENABLE_UPNP" in the | ||
3777 | configuration file). | ||
3778 | |||
3779 | Some NAT boxes can be traversed using the autonomous NAT traversal method. | ||
3780 | This requires certain GNUnet components to be installed with "SUID" | ||
3781 | prividledges on your system (so if you're installing on a system you do | ||
3782 | not have administrative rights to, this will not work). | ||
3783 | If you installed as 'root', you can enable autonomous NAT traversal by | ||
3784 | checking the "Enable NAT traversal using ICMP method". | ||
3785 | The ICMP method requires a way to determine your NAT's external (global) | ||
3786 | IP address. This can be done using either UPnP, DynDNS, or by manual | ||
3787 | configuration. If you have a DynDNS name or know your external IP address, | ||
3788 | you should enter that name under "External (public) IPv4 address" (which | ||
3789 | corresponds to the "EXTERNAL_ADDRESS" option in the configuration file). | ||
3790 | If you leave the option empty, GNUnet will try to determine your external | ||
3791 | IP address automatically (which may fail, in which case autonomous | ||
3792 | NAT traversal will then not work). | ||
3793 | |||
3794 | Finally, if you yourself are not behind NAT but want to be able to | ||
3795 | connect to NATed peers using autonomous NAT traversal, you need to check | ||
3796 | the "Enable connecting to NATed peers using ICMP method" box. | ||
3797 | |||
3798 | |||
3799 | @node Peer configuration for distributions | ||
3800 | @subsection Peer configuration for distributions | ||
3801 | |||
3802 | The "GNUNET_DATA_HOME" in "[path]" in @file{/etc/gnunet.conf} should be | ||
3803 | manually set to "/var/lib/gnunet/data/" as the default | ||
3804 | "~/.local/share/gnunet/" is probably not that appropriate in this case. | ||
3805 | Similarly, distributions may consider pointing "GNUNET_RUNTIME_DIR" to | ||
3806 | "/var/run/gnunet/" and "GNUNET_HOME" to "/var/lib/gnunet/". Also, should a | ||
3807 | distribution decide to override system defaults, all of these changes | ||
3808 | should be done in a custom @file{/etc/gnunet.conf} and not in the files | ||
3809 | in the @file{config.d/} directory. | ||
3810 | |||
3811 | Given the proposed access permissions, the "gnunet-setup" tool must be | ||
3812 | run as use "gnunet" (and with option "-c /etc/gnunet.conf" so that it | ||
3813 | modifies the system configuration). As always, gnunet-setup should be run | ||
3814 | after the GNUnet peer was stopped using "gnunet-arm -e". Distributions | ||
3815 | might want to include a wrapper for gnunet-setup that allows the | ||
3816 | desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account | ||
3817 | and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in | ||
3818 | sequence. | ||
3819 | |||
3820 | @node How to start and stop a GNUnet peer | ||
3821 | @section How to start and stop a GNUnet peer | ||
3822 | |||
3823 | This section describes how to start a GNUnet peer. It assumes that you | ||
3824 | have already compiled and installed GNUnet and its' dependencies. | ||
3825 | Before you start a GNUnet peer, you may want to create a configuration | ||
3826 | file using gnunet-setup (but you do not have to). | ||
3827 | Sane defaults should exist in your | ||
3828 | @file{$GNUNET_PREFIX/share/gnunet/config.d/} directory, so in practice | ||
3829 | you could simply start without any configuration. If you want to | ||
3830 | configure your peer later, you need to stop it before invoking the | ||
3831 | @code{gnunet-setup} tool to customize further and to test your | ||
3832 | configuration (@code{gnunet-setup} has build-in test functions). | ||
3833 | |||
3834 | The most important option you might have to still set by hand is in | ||
3835 | [PATHS]. Here, you use the option "GNUNET_HOME" to specify the path where | ||
3836 | GNUnet should store its data. | ||
3837 | It defaults to @code{$HOME/}, which again should work for most users. | ||
3838 | Make sure that the directory specified as GNUNET_HOME is writable to | ||
3839 | the user that you will use to run GNUnet (note that you can run frontends | ||
3840 | using other users, GNUNET_HOME must only be accessible to the user used to | ||
3841 | run the background processes). | ||
3842 | |||
3843 | You will also need to make one central decision: should all of GNUnet be | ||
3844 | run under your normal UID, or do you want distinguish between system-wide | ||
3845 | (user-independent) GNUnet services and personal GNUnet services. The | ||
3846 | multi-user setup is slightly more complicated, but also more secure and | ||
3847 | generally recommended. | ||
3848 | |||
3849 | @menu | ||
3850 | * The Single-User Setup:: | ||
3851 | * The Multi-User Setup:: | ||
3852 | * Killing GNUnet services:: | ||
3853 | * Access Control for GNUnet:: | ||
3854 | @end menu | ||
3855 | |||
3856 | @node The Single-User Setup | ||
3857 | @subsection The Single-User Setup | ||
3858 | |||
3859 | For the single-user setup, you do not need to do anything special and can | ||
3860 | just start the GNUnet background processes using @code{gnunet-arm}. | ||
3861 | By default, GNUnet looks in @file{~/.config/gnunet.conf} for a | ||
3862 | configuration (or @code{$XDG_CONFIG_HOME/gnunet.conf} if@ | ||
3863 | @code{$XDG_CONFIG_HOME} is defined). If your configuration lives | ||
3864 | elsewhere, you need to pass the @code{-c FILENAME} option to all GNUnet | ||
3865 | commands. | ||
3866 | |||
3867 | Assuming the configuration file is called @file{~/.config/gnunet.conf}, | ||
3868 | you start your peer using the @code{gnunet-arm} command (say as user | ||
3869 | @code{gnunet}) using: | ||
3870 | |||
3871 | @example | ||
3872 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3873 | @end example | ||
3874 | |||
3875 | @noindent | ||
3876 | The "-s" option here is for "start". The command should return almost | ||
3877 | instantly. If you want to stop GNUnet, you can use: | ||
3878 | |||
3879 | @example | ||
3880 | gnunet-arm -c ~/.config/gnunet.conf -e | ||
3881 | @end example | ||
3882 | |||
3883 | @noindent | ||
3884 | The "-e" option here is for "end". | ||
3885 | |||
3886 | Note that this will only start the basic peer, no actual applications | ||
3887 | will be available. | ||
3888 | If you want to start the file-sharing service, use (after starting | ||
3889 | GNUnet): | ||
3890 | |||
3891 | @example | ||
3892 | gnunet-arm -c ~/.config/gnunet.conf -i fs | ||
3893 | @end example | ||
3894 | |||
3895 | @noindent | ||
3896 | The "-i fs" option here is for "initialize" the "fs" (file-sharing) | ||
3897 | application. You can also selectively kill only file-sharing support using | ||
3898 | |||
3899 | @example | ||
3900 | gnunet-arm -c ~/.config/gnunet.conf -k fs | ||
3901 | @end example | ||
3902 | |||
3903 | @noindent | ||
3904 | Assuming that you want certain services (like file-sharing) to be always | ||
3905 | automatically started whenever you start GNUnet, you can activate them by | ||
3906 | setting "FORCESTART=YES" in the respective section of the configuration | ||
3907 | file (for example, "[fs]"). Then GNUnet with file-sharing support would | ||
3908 | be started whenever you@ enter: | ||
3909 | |||
3910 | @example | ||
3911 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3912 | @end example | ||
3913 | |||
3914 | @noindent | ||
3915 | Alternatively, you can combine the two options: | ||
3916 | |||
3917 | @example | ||
3918 | gnunet-arm -c ~/.config/gnunet.conf -s -i fs | ||
3919 | @end example | ||
3920 | |||
3921 | @noindent | ||
3922 | Using @code{gnunet-arm} is also the preferred method for initializing | ||
3923 | GNUnet from @code{init}. | ||
3924 | |||
3925 | Finally, you should edit your @code{crontab} (using the @code{crontab} | ||
3926 | command) and insert a line@ | ||
3927 | |||
3928 | @example | ||
3929 | @@reboot gnunet-arm -c ~/.config/gnunet.conf -s | ||
3930 | @end example | ||
3931 | |||
3932 | to automatically start your peer whenever your system boots. | ||
3933 | |||
3934 | @node The Multi-User Setup | ||
3935 | @subsection The Multi-User Setup | ||
3936 | |||
3937 | This requires you to create a user @code{gnunet} and an additional group | ||
3938 | @code{gnunetdns}, prior to running @code{make install} during | ||
3939 | installation. | ||
3940 | Then, you create a configuration file @file{/etc/gnunet.conf} which should | ||
3941 | contain the lines:@ | ||
3942 | |||
3943 | @example | ||
3944 | [arm] | ||
3945 | SYSTEM_ONLY = YES | ||
3946 | USER_ONLY = NO | ||
3947 | @end example | ||
3948 | |||
3949 | @noindent | ||
3950 | Then, perform the same steps to run GNUnet as in the per-user | ||
3951 | configuration, except as user @code{gnunet} (including the | ||
3952 | @code{crontab} installation). | ||
3953 | You may also want to run @code{gnunet-setup} to configure your peer | ||
3954 | (databases, etc.). | ||
3955 | Make sure to pass @code{-c /etc/gnunet.conf} to all commands. If you | ||
3956 | run @code{gnunet-setup} as user @code{gnunet}, you might need to change | ||
3957 | permissions on @file{/etc/gnunet.conf} so that the @code{gnunet} user can | ||
3958 | write to the file (during setup). | ||
3959 | |||
3960 | Afterwards, you need to perform another setup step for each normal user | ||
3961 | account from which you want to access GNUnet. First, grant the normal user | ||
3962 | (@code{$USER}) permission to the group gnunet: | ||
3963 | |||
3964 | @example | ||
3965 | # adduser $USER gnunet | ||
3966 | @end example | ||
3967 | |||
3968 | @noindent | ||
3969 | Then, create a configuration file in @file{~/.config/gnunet.conf} for the | ||
3970 | $USER with the lines: | ||
3971 | |||
3972 | @example | ||
3973 | [arm] | ||
3974 | SYSTEM_ONLY = NO | ||
3975 | USER_ONLY = YES | ||
3976 | @end example | ||
3977 | |||
3978 | @noindent | ||
3979 | This will ensure that @code{gnunet-arm} when started by the normal user | ||
3980 | will only run services that are per-user, and otherwise rely on the | ||
3981 | system-wide services. | ||
3982 | Note that the normal user may run gnunet-setup, but the | ||
3983 | configuration would be ineffective as the system-wide services will use | ||
3984 | @file{/etc/gnunet.conf} and ignore options set by individual users. | ||
3985 | |||
3986 | Again, each user should then start the peer using | ||
3987 | @file{gnunet-arm -s} --- and strongly consider adding logic to start | ||
3988 | the peer automatically to their crontab. | ||
3989 | |||
3990 | Afterwards, you should see two (or more, if you have more than one USER) | ||
3991 | @code{gnunet-service-arm} processes running in your system. | ||
3992 | |||
3993 | @node Killing GNUnet services | ||
3994 | @subsection Killing GNUnet services | ||
3995 | |||
3996 | It is not necessary to stop GNUnet services explicitly when shutting | ||
3997 | down your computer. | ||
3998 | |||
3999 | It should be noted that manually killing "most" of the | ||
4000 | @code{gnunet-service} processes is generally not a successful method for | ||
4001 | stopping a peer (since @code{gnunet-service-arm} will instantly restart | ||
4002 | them). The best way to explicitly stop a peer is using | ||
4003 | @code{gnunet-arm -e}; note that the per-user services may need to be | ||
4004 | terminated before the system-wide services will terminate normally. | ||
4005 | |||
4006 | @node Access Control for GNUnet | ||
4007 | @subsection Access Control for GNUnet | ||
4008 | |||
4009 | This chapter documents how we plan to make access control work within the | ||
4010 | GNUnet system for a typical peer. It should be read as a best-practice | ||
4011 | installation guide for advanced users and builders of binary | ||
4012 | distributions. The recommendations in this guide apply to POSIX-systems | ||
4013 | with full support for UNIX domain sockets only. | ||
4014 | |||
4015 | Note that this is an advanced topic. The discussion presumes a very good | ||
4016 | understanding of users, groups and file permissions. Normal users on | ||
4017 | hosts with just a single user can just install GNUnet under their own | ||
4018 | account (and possibly allow the installer to use SUDO to grant additional | ||
4019 | permissions for special GNUnet tools that need additional rights). | ||
4020 | The discussion below largely applies to installations where multiple users | ||
4021 | share a system and to installations where the best possible security is | ||
4022 | paramount. | ||
4023 | |||
4024 | A typical GNUnet system consists of components that fall into four | ||
4025 | categories: | ||
4026 | |||
4027 | @table @asis | ||
4028 | |||
4029 | @item User interfaces | ||
4030 | User interfaces are not security sensitive and are supposed to be run and | ||
4031 | used by normal system users. | ||
4032 | The GTK GUIs and most command-line programs fall into this category. | ||
4033 | Some command-line tools (like gnunet-transport) should be excluded as they | ||
4034 | offer low-level access that normal users should not need. | ||
4035 | @item System services and support tools | ||
4036 | System services should always run and offer services that can then be | ||
4037 | accessed by the normal users. | ||
4038 | System services do not require special permissions, but as they are not | ||
4039 | specific to a particular user, they probably should not run as a | ||
4040 | particular user. Also, there should typically only be one GNUnet peer per | ||
4041 | host. System services include the gnunet-service and gnunet-daemon | ||
4042 | programs; support tools include command-line programs such as gnunet-arm. | ||
4043 | @item Priviledged helpers | ||
4044 | Some GNUnet components require root rights to open raw sockets or perform | ||
4045 | other special operations. These gnunet-helper binaries are typically | ||
4046 | installed SUID and run from services or daemons. | ||
4047 | @item Critical services | ||
4048 | Some GNUnet services (such as the DNS service) can manipulate the service | ||
4049 | in deep and possibly highly security sensitive ways. For example, the DNS | ||
4050 | service can be used to intercept and alter any DNS query originating from | ||
4051 | the local machine. Access to the APIs of these critical services and their | ||
4052 | priviledged helpers must be tightly controlled. | ||
4053 | @end table | ||
4054 | |||
4055 | @c FIXME: The titles of these chapters are too long in the index. | ||
4056 | |||
4057 | @menu | ||
4058 | * Recommendation - Disable access to services via TCP:: | ||
4059 | * Recommendation - Run most services as system user "gnunet":: | ||
4060 | * Recommendation - Control access to services using group "gnunet":: | ||
4061 | * Recommendation - Limit access to certain SUID binaries by group "gnunet":: | ||
4062 | * Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns":: | ||
4063 | * Differences between "make install" and these recommendations:: | ||
4064 | @end menu | ||
4065 | |||
4066 | @node Recommendation - Disable access to services via TCP | ||
4067 | @subsubsection Recommendation - Disable access to services via TCP | ||
4068 | |||
4069 | GNUnet services allow two types of access: via TCP socket or via UNIX | ||
4070 | domain socket. | ||
4071 | If the service is available via TCP, access control can only be | ||
4072 | implemented by restricting connections to a particular range of IP | ||
4073 | addresses. | ||
4074 | This is acceptable for non-critical services that are supposed to be | ||
4075 | available to all users on the local system or local network. | ||
4076 | However, as TCP is generally less efficient and it is rarely the case | ||
4077 | that a single GNUnet peer is supposed to serve an entire local network, | ||
4078 | the default configuration should disable TCP access to all GNUnet | ||
4079 | services on systems with support for UNIX domain sockets. | ||
4080 | As of GNUnet 0.9.2, configuration files with TCP access disabled should be | ||
4081 | generated by default. Users can re-enable TCP access to particular | ||
4082 | services simply by specifying a non-zero port number in the section of | ||
4083 | the respective service. | ||
4084 | |||
4085 | |||
4086 | @node Recommendation - Run most services as system user "gnunet" | ||
4087 | @subsubsection Recommendation - Run most services as system user "gnunet" | ||
4088 | |||
4089 | GNUnet's main services should be run as a separate user "gnunet" in a | ||
4090 | special group "gnunet". | ||
4091 | The user "gnunet" should start the peer using "gnunet-arm -s" during | ||
4092 | system startup. The home directory for this user should be | ||
4093 | @file{/var/lib/gnunet} and the configuration file should be | ||
4094 | @file{/etc/gnunet.conf}. | ||
4095 | Only the @code{gnunet} user should have the right to access | ||
4096 | @file{/var/lib/gnunet} (@emph{mode: 700}). | ||
4097 | |||
4098 | @node Recommendation - Control access to services using group "gnunet" | ||
4099 | @subsubsection Recommendation - Control access to services using group "gnunet" | ||
4100 | |||
4101 | Users that should be allowed to use the GNUnet peer should be added to the | ||
4102 | group "gnunet". Using GNUnet's access control mechanism for UNIX domain | ||
4103 | sockets, those services that are considered useful to ordinary users | ||
4104 | should be made available by setting "UNIX_MATCH_GID=YES" for those | ||
4105 | services. | ||
4106 | Again, as shipped, GNUnet provides reasonable defaults. | ||
4107 | Permissions to access the transport and core subsystems might additionally | ||
4108 | be granted without necessarily causing security concerns. | ||
4109 | Some services, such as DNS, must NOT be made accessible to the "gnunet" | ||
4110 | group (and should thus only be accessible to the "gnunet" user and | ||
4111 | services running with this UID). | ||
4112 | |||
4113 | @node Recommendation - Limit access to certain SUID binaries by group "gnunet" | ||
4114 | @subsubsection Recommendation - Limit access to certain SUID binaries by group "gnunet" | ||
4115 | |||
4116 | Most of GNUnet's SUID binaries should be safe even if executed by normal | ||
4117 | users. However, it is possible to reduce the risk a little bit more by | ||
4118 | making these binaries owned by the group "gnunet" and restricting their | ||
4119 | execution to user of the group "gnunet" as well (4750). | ||
4120 | |||
4121 | @node Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
4122 | @subsubsection Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
4123 | |||
4124 | A special group "gnunetdns" should be created for controlling access to | ||
4125 | the "gnunet-helper-dns". | ||
4126 | The binary should then be owned by root and be in group "gnunetdns" and | ||
4127 | be installed SUID and only be group-executable (2750). | ||
4128 | @b{Note that the group "gnunetdns" should have no users in it at all, | ||
4129 | ever.} | ||
4130 | The "gnunet-service-dns" program should be executed by user "gnunet" (via | ||
4131 | gnunet-service-arm) with the binary owned by the user "root" and the group | ||
4132 | "gnunetdns" and be SGID (2700). This way, @strong{only} | ||
4133 | "gnunet-service-dns" can change its group to "gnunetdns" and execute the | ||
4134 | helper, and the helper can then run as root (as per SUID). | ||
4135 | Access to the API offered by "gnunet-service-dns" is in turn restricted | ||
4136 | to the user "gnunet" (not the group!), which means that only | ||
4137 | "benign" services can manipulate DNS queries using "gnunet-service-dns". | ||
4138 | |||
4139 | @node Differences between "make install" and these recommendations | ||
4140 | @subsubsection Differences between "make install" and these recommendations | ||
4141 | |||
4142 | The current build system does not set all permissions automatically based | ||
4143 | on the recommendations above. In particular, it does not use the group | ||
4144 | "gnunet" at all (so setting gnunet-helpers other than the | ||
4145 | gnunet-helper-dns to be owned by group "gnunet" must be done manually). | ||
4146 | Furthermore, 'make install' will silently fail to set the DNS binaries to | ||
4147 | be owned by group "gnunetdns" unless that group already exists (!). | ||
4148 | An alternative name for the "gnunetdns" group can be specified using the | ||
4149 | @code{--with-gnunetdns=GRPNAME} configure option. | ||
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 22ee8206a..13c3aa9c8 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi | |||
@@ -113,22 +113,6 @@ Philosophy | |||
113 | * Backup of Identities and Egos:: | 113 | * Backup of Identities and Egos:: |
114 | * Revocation:: | 114 | * Revocation:: |
115 | 115 | ||
116 | GNUnet Installation Handbook | ||
117 | |||
118 | * Dependencies:: | ||
119 | * Pre-installation notes:: | ||
120 | * Generic installation instructions:: | ||
121 | * Build instructions for Ubuntu 12.04 using Git:: | ||
122 | * Build instructions for software builds from source:: | ||
123 | * Build Instructions for Microsoft Windows Platforms:: | ||
124 | * Build instructions for Debian 7.5:: | ||
125 | * Installing GNUnet from Git on Ubuntu 14.4:: | ||
126 | * Build instructions for Debian 8:: | ||
127 | * Outdated build instructions for previous revisions:: | ||
128 | @c * Portable GNUnet:: | ||
129 | * The graphical configuration interface:: | ||
130 | * How to start and stop a GNUnet peer:: | ||
131 | |||
132 | Using GNUnet | 116 | Using GNUnet |
133 | 117 | ||
134 | * Checking the Installation:: | 118 | * Checking the Installation:: |
@@ -140,8 +124,6 @@ Using GNUnet | |||
140 | * The GNU Name System:: | 124 | * The GNU Name System:: |
141 | * Using the Virtual Public Network:: | 125 | * Using the Virtual Public Network:: |
142 | 126 | ||
143 | @c Configuration Handbook | ||
144 | |||
145 | GNUnet Contributors Handbook | 127 | GNUnet Contributors Handbook |
146 | 128 | ||
147 | * Contributing to GNUnet:: | 129 | * Contributing to GNUnet:: |
@@ -152,6 +134,7 @@ GNUnet Contributors Handbook | |||
152 | GNUnet Developer Handbook | 134 | GNUnet Developer Handbook |
153 | 135 | ||
154 | * Developer Introduction:: | 136 | * Developer Introduction:: |
137 | * Internal Dependencies:: | ||
155 | * Code overview:: | 138 | * Code overview:: |
156 | * System Architecture:: | 139 | * System Architecture:: |
157 | * Subsystem stability:: | 140 | * Subsystem stability:: |
@@ -159,6 +142,7 @@ GNUnet Developer Handbook | |||
159 | * Build-system:: | 142 | * Build-system:: |
160 | * Developing extensions for GNUnet using the gnunet-ext template:: | 143 | * Developing extensions for GNUnet using the gnunet-ext template:: |
161 | * Writing testcases:: | 144 | * Writing testcases:: |
145 | * Building GNUNet and its dependencies:: | ||
162 | * TESTING library:: | 146 | * TESTING library:: |
163 | * Performance regression analysis with Gauger:: | 147 | * Performance regression analysis with Gauger:: |
164 | * TESTBED Subsystem:: | 148 | * TESTBED Subsystem:: |