diff options
author | lurchi <lurchi@strangeplace.net> | 2018-11-16 23:02:50 +0100 |
---|---|---|
committer | lurchi <lurchi@strangeplace.net> | 2018-11-16 23:02:50 +0100 |
commit | 1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7 (patch) | |
tree | 02f5c69627aa1321222ea9d47250fa95eac11ced | |
parent | 247676e55ec314357d6955934dc646c557c93bfc (diff) | |
download | www-1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7.tar.gz www-1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7.zip |
improve and extend the debian tutorial
-rw-r--r-- | tutorial-debian9.html.j2 | 153 |
1 files changed, 107 insertions, 46 deletions
diff --git a/tutorial-debian9.html.j2 b/tutorial-debian9.html.j2 index 330af8ec..25f59a56 100644 --- a/tutorial-debian9.html.j2 +++ b/tutorial-debian9.html.j2 | |||
@@ -26,7 +26,7 @@ painlessly. Optional dependencies are listed in Appendix A. They are required | |||
26 | for some experimental GNUnet features.</p> | 26 | for some experimental GNUnet features.</p> |
27 | 27 | ||
28 | <p><code> | 28 | <p><code> |
29 | $ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev | 29 | $ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl |
30 | </code></p> | 30 | </code></p> |
31 | 31 | ||
32 | <h3>{{ _("Make an installation directory") }}</h3> | 32 | <h3>{{ _("Make an installation directory") }}</h3> |
@@ -40,8 +40,10 @@ $ mkdir ~/gnunet_installation | |||
40 | <h3>{{ _("Get the source code") }}</h3> | 40 | <h3>{{ _("Get the source code") }}</h3> |
41 | 41 | ||
42 | <p>We download the GNUnet source code using git. On Debian 9 we need the | 42 | <p>We download the GNUnet source code using git. On Debian 9 we need the |
43 | sources of another library (libmicrohttpd). There exists a Debian 9 package for | 43 | sources of another library (libmicrohttpd).</p> |
44 | libmicrohttpd too, but it is too old.</p> | 44 | |
45 | <p><b>Attention: The official libmicrohttpsd package for Debian 9 is too old, we need | ||
46 | at least version 0.9.52.</b></p> | ||
45 | 47 | ||
46 | <p><code> | 48 | <p><code> |
47 | $ cd ~/gnunet_installation<br> | 49 | $ cd ~/gnunet_installation<br> |
@@ -51,11 +53,8 @@ $ git clone --depth 1 https://gnunet.org/git/libmicrohttpd.git | |||
51 | 53 | ||
52 | <h3>{{ _("Compile and Install") }}</h3> | 54 | <h3>{{ _("Compile and Install") }}</h3> |
53 | 55 | ||
54 | <p>Installing GNUnet is not hard, it only requires one little nasty step which | ||
55 | involves modifying an important config file of the operating system. So we'll | ||
56 | pay extra attention while doing this.</p> | ||
57 | 56 | ||
58 | <p>Before we can compile GNUnet, we compile and install libmicrohttpd.</p> | 57 | <p>Before we can compile GNUnet on Debian 9, we compile and install libmicrohttp</p> |
59 | 58 | ||
60 | <p><code> | 59 | <p><code> |
61 | $ cd ~/gnunet_installation/libmicrohttpd<br> | 60 | $ cd ~/gnunet_installation/libmicrohttpd<br> |
@@ -66,7 +65,7 @@ $ make -j$(nproc || echo -n 1)<br> | |||
66 | $ sudo make install<br> | 65 | $ sudo make install<br> |
67 | </code></p> | 66 | </code></p> |
68 | 67 | ||
69 | <p>Now it's finally time to compile and install GNUnet. We have two options: | 68 | <p>Installing GNUnet is not hard. We have two options: |
70 | installing a *production version* and installing a *development version*. If | 69 | installing a *production version* and installing a *development version*. If |
71 | you want to start writing GNUnet applications or join the GNUnet development | 70 | you want to start writing GNUnet applications or join the GNUnet development |
72 | choose the development version (it will print more debug output and contains | 71 | choose the development version (it will print more debug output and contains |
@@ -96,7 +95,7 @@ $ make -j$(nproc || echo -n 1)<br> | |||
96 | $ sudo make install<br> | 95 | $ sudo make install<br> |
97 | </p></code> | 96 | </p></code> |
98 | 97 | ||
99 | <h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> | 98 | <!--<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> |
100 | So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Debian 9 we have to do | 99 | So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Debian 9 we have to do |
101 | 100 | ||
102 | <p><code> | 101 | <p><code> |
@@ -131,7 +130,7 @@ $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch | |||
131 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns | 130 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns |
132 | </p></code> | 131 | </p></code> |
133 | 132 | ||
134 | <p>That's it. It wasn't that nasty, was it?</p> | 133 | <p>That's it. It wasn't that nasty, was it?</p>--> |
135 | 134 | ||
136 | <h3>{{ _("Configuration") }}</h3> | 135 | <h3>{{ _("Configuration") }}</h3> |
137 | Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now: | 136 | Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now: |
@@ -184,48 +183,22 @@ $ gnunet-arm -e | |||
184 | 183 | ||
185 | <h3>{{ _("Make sure it works") }}</h3> | 184 | <h3>{{ _("Make sure it works") }}</h3> |
186 | 185 | ||
187 | <p>Let's try some of GNUnet's components: gns, filesharing, CADET and VPN.</p> | 186 | <p>Let's try out some of GNUnet's use cases. Some should be done before others: |
188 | |||
189 | <h4>{{ _("GNS") }}</h4> | ||
190 | |||
191 | <p>First let's try out GNS, the GNU name service. We'll publish an IP address | ||
192 | in a GNS record and try to resolve it using our browser. First we need an | ||
193 | identity which is the equivalent to a zone in DNS. We'll call it "myself" and | ||
194 | create it using the `gnunet-identity` command line tool. | ||
195 | Instead of "myself" you can surely use your nick or any other name. </p> | ||
196 | 187 | ||
197 | <p><code> | 188 | <ul> |
198 | $ gnunet-identity -C myself | 189 | <li>filesharing (easy)</li> |
199 | </p></code> | 190 | <li>A simple chat using CADET</li> |
191 | <li>Name resolution using GNS on the command line</li> | ||
192 | <li>Name resolution using GNS with a browser (do it on the command line first)</li> | ||
193 | <li>Serving a website using VPN (do name resolution with a browser first)</li> | ||
194 | </ul> | ||
200 | 195 | ||
201 | <p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> | 196 | </p> |
202 | |||
203 | <p><code> | ||
204 | $ gnunet-identity -d<br> | ||
205 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | ||
206 | </p></code> | ||
207 | |||
208 | <p>Now we add a public `A` record to our zone. It has the name "ccc", a value | ||
209 | of "195.54.164.39" and it never expires.</p> | ||
210 | <p><code> | ||
211 | $ gnunet-namestore -z myself -a -e never -p -t A -n ccc -V 195.54.164.39 | ||
212 | </p></code> | ||
213 | |||
214 | <p>Now we can query that record using the command line tool `gnunet-gns`.</p> | ||
215 | |||
216 | <p><code> | ||
217 | $ gnunet-gns -u ccc.myself<br> | ||
218 | ccc.myself:<br> | ||
219 | Got `A' record: 195.54.164.39 | ||
220 | </p></code> | ||
221 | 197 | ||
222 | <p>So it worked! Now you can try to type "ccc.myself" into your browser and see | ||
223 | what website is behind the IP address. (If it doesnt work use the IP directly | ||
224 | ;p)</p> | ||
225 | 198 | ||
226 | <h4>{{ _("filesharing") }}</h4> | 199 | <h4>{{ _("filesharing") }}</h4> |
227 | 200 | ||
228 | <p>Let's publish a file in the GNUnet filesharing network. We use tow keywords | 201 | <p>Let's publish a file in the GNUnet filesharing network. We use the keywords |
229 | ("commons" and "state") so other people will be able to search for the file. | 202 | ("commons" and "state") so other people will be able to search for the file. |
230 | </p> | 203 | </p> |
231 | 204 | ||
@@ -273,6 +246,94 @@ $ gnunet-cadet -o my-secret-port | |||
273 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port | 246 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port |
274 | </p></code> | 247 | </p></code> |
275 | 248 | ||
249 | |||
250 | <h4>{{ _("Name resolution using GNS on the command line") }}</h4> | ||
251 | |||
252 | <p>GNS is the GNU name service, a fully decentralized alternatice to DNS. We'll publish an IP address in a GNS record try to resolve it on the command line. First we need an identity which is the | ||
253 | equivalent to a zone in DNS. We'll call it "myself" and create it using the | ||
254 | `gnunet-identity` command line tool. Instead of "myself" you can surely use your | ||
255 | nick or any other name. </p> | ||
256 | |||
257 | <p><code> | ||
258 | $ gnunet-identity -C myself | ||
259 | </code></p> | ||
260 | |||
261 | <p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> | ||
262 | |||
263 | <p><code> | ||
264 | $ gnunet-identity -d<br> | ||
265 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | ||
266 | </code></p> | ||
267 | |||
268 | <p>Now we add a public `A` record to our zone. It has the name "ccc", a value | ||
269 | of "195.54.164.39" and it expires after one day.</p> | ||
270 | <p><code> | ||
271 | $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39 | ||
272 | </code></p> | ||
273 | |||
274 | <p>Now we can query that record using the command line tool `gnunet-gns`.</p> | ||
275 | |||
276 | <p><code> | ||
277 | $ gnunet-gns -u ccc.myself<br> | ||
278 | ccc.myself:<br> | ||
279 | Got `A' record: 195.54.164.39 | ||
280 | </code></p> | ||
281 | |||
282 | <p>So it worked! But only resolving our own records is boring. So we can give our | ||
283 | identity (the public key of it to be precise) to someone else so they can try to | ||
284 | resolve our records, too. The other person (Bob) has to add it to his namestore like | ||
285 | this:<p> | ||
286 | |||
287 | <p><code> | ||
288 | $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | ||
289 | </code></p> | ||
290 | |||
291 | <p>Our identity in Bobs namestore is a public record (-p) and never expires (-e never). Now Bob (let's assume he has called his identity myself, too) should be able to resolve our "ccc" record, too!</p> | ||
292 | |||
293 | <p><code> | ||
294 | $ gnunet-gns -u ccc.alice.myself | ||
295 | ccc.alice.myself: | ||
296 | Got `A' record: 195.54.164.39 | ||
297 | </code></p> | ||
298 | |||
299 | <p>It can continue like this. A friend of Bob would be able to resolve our records too because Bob published our identity in a public record. Bobs friend would simply use "ccc.alice.bob.myself" to resolve our "ccc" record. | ||
300 | |||
301 | |||
302 | <h4>{{ _("Name resolution using GNS with a browser") }}</h4> | ||
303 | |||
304 | <p>In the previous use case "Name resolution using GNS on the command line" we got an idea | ||
305 | about what GNS is about, but now let's use it with a browser, to make it actually useful. Currently Firefox is known to work.</p> | ||
306 | |||
307 | <p>Many websites enforce HTTPS and thus provide certificates for their hostnames (and not our GNS names). Browsers don't like wrong hostnames in certificates and will present error messages. So GNUnet has to trick them by generating own certificates for our GNS names. This means we need to create our own certificate authority and tell our browser about it. Luckily there's a script for it:</p> | ||
308 | |||
309 | <p><code> | ||
310 | $ gnunet-gns-proxy-setup-ca | ||
311 | </code></p> | ||
312 | |||
313 | <p>Enter <b>gnunet-gns-proxy</b>. It's a proxy service that the browser can send DNS and HTTP traffic to. It will try to resolve names with GNS first and forward the rest of the DNS traffic to the system's DNS resolver. It will also take care of the HTTP traffic, so the browser gets valid certificates and the web server will not be confused by our GNS hostnames. Our GNS namestore doesn't know about any DNS hostnames yet, so we have to store them, too. For our "ccc" A record, we have to store a LEHO (legacy hostname) record, too. It must contain the website's original DNS hostname:</p> | ||
314 | |||
315 | <p><code> | ||
316 | $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -C www.ccc.de | ||
317 | </code></p> | ||
318 | |||
319 | Now let's start gnunet-gns-proxy. | ||
320 | |||
321 | <p><code> | ||
322 | $ gnunet-gns-proxy | ||
323 | </code></p> | ||
324 | |||
325 | <p>Our browser has to be configured so it uses our proxy. In firefox we have to set theese options under "about:config":</p> | ||
326 | |||
327 | <p><code> | ||
328 | network.proxy.socks: localhost | ||
329 | network.proxy.socks_port: 7777 | ||
330 | network.proxy.socks_remote_dns true | ||
331 | network.proxy.socks.type: 1 | ||
332 | </code></p> | ||
333 | |||
334 | <p>Now we should be able to resolve our GNS names in the browser! We just have to type "https://ccc.myself" into the address bar. If our friend Bob prepared his system, too, he can resolve our record by typing "ccc.alice.myself".</p> | ||
335 | |||
336 | |||
276 | <h4>{{ _("VPN") }}</h4> | 337 | <h4>{{ _("VPN") }}</h4> |
277 | 338 | ||
278 | <p>TBD</p> | 339 | <p>TBD</p> |