gnunet-handbook

The GNUnet Handbook
Log | Files | Refs
commit 8bee397cada705b70959c0cb851e6edb51ce8f0b
parent 4ba72c1d3f22b8dc41a6c4417c61f5f76e197b3a
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Sun, 31 Jul 2022 13:58:52 +0200

more text

Diffstat:

Minstalling.md | 60++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 60 insertions(+), 0 deletions(-)

diff --git a/installing.md b/installing.md
@@ -165,3 +165,63 @@ $ make install
 The latter command may need to be run as root (or with sudo) because some
 binaries need the suid bit set.
 Without that some features (e.g. the VPN service, system-wide DNS interception, NAT traversal using ICMP) will not work.
+
+### NSS plugin (optional)
+
+**NOTE: The installation of the NSS plugin is only necessary if GNS resolution shall be used with legacy applications (that only support DNS) and if you cannot do not want to use the DNS2GNS service.**
+
+One important library is the GNS plugin for NSS (the name services switch) which allows using GNS (the GNU name system) in the normal DNS resolution process.
+Unfortunately NSS expects it in a specific location (probably `/lib`) which may differ from the installation prefix (see `--prefix` option in the previous section). This is why the plugin has to be installed manually.
+
+Find the directory where nss plugins are installed on your system, e.g.:
+
+```
+$ ls -l /lib/libnss_*
+/lib/libnss_mymachines.so.2
+/lib/libnss_resolve.so.2
+/lib/libnss_myhostname.so.2
+/lib/libnss_systemd.so.2
+```
+
+Copy the GNS NSS plugin to that directory:
+
+```
+cp ~/gnunet/src/gns/nss/.libs/libnss_gns.so.2 /lib
+```
+
+Now, to activate the plugin, you need to edit your `/etc/nsswitch.conf` where you should find a line like this:
+
+```
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+```
+
+The exact details may differ a bit, which is fine.
+Add the text `gns [NOTFOUND=return]` after `files`:
+
+```
+hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
+```
+
+### Installing the GNS Certificate Authority (Optional)
+
+**NOTE: Installing the GNS certificate authority is only necessary if GNS shall be used in a browser and if you cannot or do not want to use the DNS2GNS service.**
+
+The GNS Certificate authority can provide TLS certificates for GNS names while downloading webpages from legacy webservers. This allows browsers to use HTTPS in combinations with GNS name resolution.
+
+To install it execute the GNS CA-setup script. So far Firefox and Chromium are supported.
+
+```
+$ gnunet-gns-proxy-setup-ca
+```
+
+A local proxy server, that takes care of the name resolution and provides certificates on-the-fly needs to be started:
+
+```
+$ /usr/lib/gnunet/libexec/gnunet-gns-proxy
+```
+
+Now GNS should work in browsers that are configured to use a SOCKS proxy on localhost:7777.
+
+## Minimal configuration
+
+TODO