aboutsummaryrefslogtreecommitdiff
path: root/doc/handbook/chapters
diff options
context:
space:
mode:
Diffstat (limited to 'doc/handbook/chapters')
-rw-r--r--doc/handbook/chapters/installation.texi88
1 files changed, 61 insertions, 27 deletions
diff --git a/doc/handbook/chapters/installation.texi b/doc/handbook/chapters/installation.texi
index 9caf3cded..72fe19b24 100644
--- a/doc/handbook/chapters/installation.texi
+++ b/doc/handbook/chapters/installation.texi
@@ -6,6 +6,16 @@ source. For instructions on how to install GNUnet as a binary package
6please refer to the official documentation of your operating system or 6please refer to the official documentation of your operating system or
7package manager. 7package manager.
8 8
9For understanding this guide properly it is important to know that
10there are two different ways of running GNUnet:
11
12* Running the @emph{user services only}
13* Running both @emph{user and system services}
14
15The latter variant has a better security model and requires extra preparation
16before running @code{make install} and a different configuration. Beginners who want to
17quickly try out GNUnet can use the @emph{user services only} variant.
18
9@menu 19@menu
10* Installing dependencies:: 20* Installing dependencies::
11* Getting the Source Code:: 21* Getting the Source Code::
@@ -125,22 +135,37 @@ In the next chapter we will assume that the source code is available
125in the home directory at @code{~/gnunet}. 135in the home directory at @code{~/gnunet}.
126 136
127@c ----------------------------------------------------------------------- 137@c -----------------------------------------------------------------------
128@node Create @code{gnunet} user and group 138@node Create user and groups for the GNUnet services
129@section Create @code{gnunet} user and group 139@section Create user and groups for the GNUnet services
130The GNUnet services should be run as a dedicated user called
131@code{gnunet}. For using them a user should be in the same group as
132this system user.
133 140
134Create user @code{gnunet} who is member of the group @code{gnunet} and 141@cartouche{If only user services shall be used this section can be skipped}.
135specify a home directory where the GNUnet services will store 142
136persistant data such as information about peers. 143For using both user and system services, a dedicated user called @code{gnunet}
144is needed. The system services will run as that user and the user services
145will communicate with them over unix domain sockets. That's why the user
146running GNUnet applications will need to be in the @code{gnunet} group.
147In addition the group @code{gnunetdns} may be needed (see below).
148
149Create user @code{gnunet} who is member of the group @code{gnunet}
150(automatically created) and specify a home directory where the GNUnet
151services will store persistant data such as information about peers.
137@example 152@example
138$ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet 153$ sudo useradd --system --home-dir /var/lib/gnunet --create-home gnunet
139@end example 154@end example
140 155
141Now add your own user to the @code{gnunet} group. 156Now add your own user to the @code{gnunet} group.
157
142@example 158@example
143$ sudo adduser alice gnunet 159$ sudo usermod -aG gnunet alice
160@end example
161
162Create a group @code{gnunetdns}. This allows using @code{setgid} in a way
163that only the DNS service can run the @code{gnunet-helper-dns} binary. This
164is only needed if @emph{system-wide DNS interception} will be used. For more
165information see @xref{Configuring system-wide DNS interception}.
166
167@example
168$ sudo groupadd gnunetdns
144@end example 169@end example
145 170
146@c ----------------------------------------------------------------------- 171@c -----------------------------------------------------------------------
@@ -190,13 +215,19 @@ $ make -j5
190@section Installation 215@section Installation
191The compiled binaries can be installed using @code{make install}. It 216The compiled binaries can be installed using @code{make install}. It
192needs to be run as root (or with sudo) because some binaries need the 217needs to be run as root (or with sudo) because some binaries need the
193@code{suid} bit set. Without that some GNUnet subsystems (such as VPN) 218@code{suid} bit set. Without that some features (e.g. the VPN service,
194will not work. 219system-wide DNS interception, NAT traversal using ICMP) will not work.
195 220
196@example 221@example
197$ sudo make install 222$ sudo make install
198@end example 223@end example
199 224
225@node Extra Installation step: NSS plugin
226
227@cartouche{The installation of the NSS plugin can be skipped if GNS
228 resolution shall be used with legacy applications (that only
229 support DNS).}
230
200One important library is the GNS plugin for NSS (the name services 231One important library is the GNS plugin for NSS (the name services
201switch) which allows using GNS (the GNU name system) in the normal DNS 232switch) which allows using GNS (the GNU name system) in the normal DNS
202resolution process. Unfortunately NSS expects it in a specific 233resolution process. Unfortunately NSS expects it in a specific
@@ -234,29 +265,32 @@ The exact details may differ a bit, which is fine. Add the text
234hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 265hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
235@end example 266@end example
236 267
237Optionally, if GNS shall be used with a browser, execute the GNS 268@node Extra installation step: installing the GNS Certificate Authority
238CA-setup script. It will isetup the GNS Certificate Authority with the 269@subsection Extra installation step: installing the GNS Certificate Authority
239user's browser. 270
271@cartouche{Installing the GNS certificate authority is only necessary if GNS shall
272 be used in a browser.}
273
274The GNS Certificate authority can provide TLS certificates for GNS names while
275downloading webpages from legacy webservers. This allows browsers to use HTTPS
276in combinations with GNS name resolution.
277
278To install it execute the GNS CA-setup script. So far Firefox and Chromium are
279supported.
280
240@example 281@example
241$ gnunet-gns-proxy-setup-ca 282$ gnunet-gns-proxy-setup-ca
242@end example 283@end example
243 284
244Finally install a configuration file in 285A local proxy server, that takes care of the name resolution and provides
245@code{~/.config/gnunet.conf}. Below you find an example config which 286certificates on-the-fly needs to be started:
246allows you to start GNUnet.
247 287
248@example 288@example
249[arm] 289$ /usr/lib/gnunet/libexec/gnunet-gns-proxy
250SYSTEM_ONLY = NO
251USER_ONLY = NO
252
253[transport]
254PLUGINS = tcp
255@end example 290@end example
256 291
257 292Now GNS should work in browsers that are configured to use a SOCKS proxy on
258 293@code{localhost:7777}.
259
260 294
261 295
262@node Checking the Installation 296@node Checking the Installation