aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlurchi <lurchi@strangeplace.net>2018-11-16 23:02:50 +0100
committerlurchi <lurchi@strangeplace.net>2018-11-16 23:02:50 +0100
commit1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7 (patch)
tree02f5c69627aa1321222ea9d47250fa95eac11ced
parent247676e55ec314357d6955934dc646c557c93bfc (diff)
downloadwww-1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7.tar.gz
www-1a4f42c00fc7ff6da6a093c9637b2c352bbf3ec7.zip
improve and extend the debian tutorial
-rw-r--r--tutorial-debian9.html.j2153
1 files changed, 107 insertions, 46 deletions
diff --git a/tutorial-debian9.html.j2 b/tutorial-debian9.html.j2
index 330af8ec..25f59a56 100644
--- a/tutorial-debian9.html.j2
+++ b/tutorial-debian9.html.j2
@@ -26,7 +26,7 @@ painlessly. Optional dependencies are listed in Appendix A. They are required
26for some experimental GNUnet features.</p> 26for some experimental GNUnet features.</p>
27 27
28<p><code> 28<p><code>
29$ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev 29$ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl
30</code></p> 30</code></p>
31 31
32<h3>{{ _("Make an installation directory") }}</h3> 32<h3>{{ _("Make an installation directory") }}</h3>
@@ -40,8 +40,10 @@ $ mkdir ~/gnunet_installation
40<h3>{{ _("Get the source code") }}</h3> 40<h3>{{ _("Get the source code") }}</h3>
41 41
42<p>We download the GNUnet source code using git. On Debian 9 we need the 42<p>We download the GNUnet source code using git. On Debian 9 we need the
43sources of another library (libmicrohttpd). There exists a Debian 9 package for 43sources of another library (libmicrohttpd).</p>
44libmicrohttpd too, but it is too old.</p> 44
45<p><b>Attention: The official libmicrohttpsd package for Debian 9 is too old, we need
46at least version 0.9.52.</b></p>
45 47
46<p><code> 48<p><code>
47$ cd ~/gnunet_installation<br> 49$ cd ~/gnunet_installation<br>
@@ -51,11 +53,8 @@ $ git clone --depth 1 https://gnunet.org/git/libmicrohttpd.git
51 53
52<h3>{{ _("Compile and Install") }}</h3> 54<h3>{{ _("Compile and Install") }}</h3>
53 55
54<p>Installing GNUnet is not hard, it only requires one little nasty step which
55involves modifying an important config file of the operating system. So we'll
56pay extra attention while doing this.</p>
57 56
58<p>Before we can compile GNUnet, we compile and install libmicrohttpd.</p> 57<p>Before we can compile GNUnet on Debian 9, we compile and install libmicrohttp</p>
59 58
60<p><code> 59<p><code>
61$ cd ~/gnunet_installation/libmicrohttpd<br> 60$ cd ~/gnunet_installation/libmicrohttpd<br>
@@ -66,7 +65,7 @@ $ make -j$(nproc || echo -n 1)<br>
66$ sudo make install<br> 65$ sudo make install<br>
67</code></p> 66</code></p>
68 67
69<p>Now it's finally time to compile and install GNUnet. We have two options: 68<p>Installing GNUnet is not hard. We have two options:
70installing a *production version* and installing a *development version*. If 69installing a *production version* and installing a *development version*. If
71you want to start writing GNUnet applications or join the GNUnet development 70you want to start writing GNUnet applications or join the GNUnet development
72choose the development version (it will print more debug output and contains 71choose the development version (it will print more debug output and contains
@@ -96,7 +95,7 @@ $ make -j$(nproc || echo -n 1)<br>
96$ sudo make install<br> 95$ sudo make install<br>
97</p></code> 96</p></code>
98 97
99<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> 98<!--<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4>
100So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Debian 9 we have to do 99So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Debian 9 we have to do
101 100
102<p><code> 101<p><code>
@@ -131,7 +130,7 @@ $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch
131hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns 130hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns
132</p></code> 131</p></code>
133 132
134<p>That's it. It wasn't that nasty, was it?</p> 133<p>That's it. It wasn't that nasty, was it?</p>-->
135 134
136<h3>{{ _("Configuration") }}</h3> 135<h3>{{ _("Configuration") }}</h3>
137Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now: 136Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now:
@@ -184,48 +183,22 @@ $ gnunet-arm -e
184 183
185<h3>{{ _("Make sure it works") }}</h3> 184<h3>{{ _("Make sure it works") }}</h3>
186 185
187<p>Let's try some of GNUnet's components: gns, filesharing, CADET and VPN.</p> 186<p>Let's try out some of GNUnet's use cases. Some should be done before others:
188
189<h4>{{ _("GNS") }}</h4>
190
191<p>First let's try out GNS, the GNU name service. We'll publish an IP address
192in a GNS record and try to resolve it using our browser. First we need an
193identity which is the equivalent to a zone in DNS. We'll call it "myself" and
194create it using the `gnunet-identity` command line tool.
195Instead of "myself" you can surely use your nick or any other name. </p>
196 187
197<p><code> 188<ul>
198$ gnunet-identity -C myself 189 <li>filesharing (easy)</li>
199</p></code> 190 <li>A simple chat using CADET</li>
191 <li>Name resolution using GNS on the command line</li>
192 <li>Name resolution using GNS with a browser (do it on the command line first)</li>
193 <li>Serving a website using VPN (do name resolution with a browser first)</li>
194</ul>
200 195
201<p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> 196</p>
202
203<p><code>
204$ gnunet-identity -d<br>
205myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG
206</p></code>
207
208<p>Now we add a public `A` record to our zone. It has the name "ccc", a value
209of "195.54.164.39" and it never expires.</p>
210<p><code>
211$ gnunet-namestore -z myself -a -e never -p -t A -n ccc -V 195.54.164.39
212</p></code>
213
214<p>Now we can query that record using the command line tool `gnunet-gns`.</p>
215
216<p><code>
217$ gnunet-gns -u ccc.myself<br>
218ccc.myself:<br>
219Got `A' record: 195.54.164.39
220</p></code>
221 197
222<p>So it worked! Now you can try to type "ccc.myself" into your browser and see
223what website is behind the IP address. (If it doesnt work use the IP directly
224;p)</p>
225 198
226<h4>{{ _("filesharing") }}</h4> 199<h4>{{ _("filesharing") }}</h4>
227 200
228<p>Let's publish a file in the GNUnet filesharing network. We use tow keywords 201<p>Let's publish a file in the GNUnet filesharing network. We use the keywords
229("commons" and "state") so other people will be able to search for the file. 202("commons" and "state") so other people will be able to search for the file.
230</p> 203</p>
231 204
@@ -273,6 +246,94 @@ $ gnunet-cadet -o my-secret-port
273$ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port 246$ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port
274</p></code> 247</p></code>
275 248
249
250<h4>{{ _("Name resolution using GNS on the command line") }}</h4>
251
252<p>GNS is the GNU name service, a fully decentralized alternatice to DNS. We'll publish an IP address in a GNS record try to resolve it on the command line. First we need an identity which is the
253equivalent to a zone in DNS. We'll call it "myself" and create it using the
254`gnunet-identity` command line tool. Instead of "myself" you can surely use your
255nick or any other name. </p>
256
257<p><code>
258$ gnunet-identity -C myself
259</code></p>
260
261<p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p>
262
263<p><code>
264$ gnunet-identity -d<br>
265myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG
266</code></p>
267
268<p>Now we add a public `A` record to our zone. It has the name "ccc", a value
269of "195.54.164.39" and it expires after one day.</p>
270<p><code>
271$ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39
272</code></p>
273
274<p>Now we can query that record using the command line tool `gnunet-gns`.</p>
275
276<p><code>
277$ gnunet-gns -u ccc.myself<br>
278ccc.myself:<br>
279Got `A' record: 195.54.164.39
280</code></p>
281
282<p>So it worked! But only resolving our own records is boring. So we can give our
283identity (the public key of it to be precise) to someone else so they can try to
284resolve our records, too. The other person (Bob) has to add it to his namestore like
285this:<p>
286
287<p><code>
288$ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG
289</code></p>
290
291<p>Our identity in Bobs namestore is a public record (-p) and never expires (-e never). Now Bob (let's assume he has called his identity myself, too) should be able to resolve our "ccc" record, too!</p>
292
293<p><code>
294$ gnunet-gns -u ccc.alice.myself
295ccc.alice.myself:
296Got `A' record: 195.54.164.39
297</code></p>
298
299<p>It can continue like this. A friend of Bob would be able to resolve our records too because Bob published our identity in a public record. Bobs friend would simply use "ccc.alice.bob.myself" to resolve our "ccc" record.
300
301
302<h4>{{ _("Name resolution using GNS with a browser") }}</h4>
303
304<p>In the previous use case "Name resolution using GNS on the command line" we got an idea
305about what GNS is about, but now let's use it with a browser, to make it actually useful. Currently Firefox is known to work.</p>
306
307<p>Many websites enforce HTTPS and thus provide certificates for their hostnames (and not our GNS names). Browsers don't like wrong hostnames in certificates and will present error messages. So GNUnet has to trick them by generating own certificates for our GNS names. This means we need to create our own certificate authority and tell our browser about it. Luckily there's a script for it:</p>
308
309<p><code>
310$ gnunet-gns-proxy-setup-ca
311</code></p>
312
313<p>Enter <b>gnunet-gns-proxy</b>. It's a proxy service that the browser can send DNS and HTTP traffic to. It will try to resolve names with GNS first and forward the rest of the DNS traffic to the system's DNS resolver. It will also take care of the HTTP traffic, so the browser gets valid certificates and the web server will not be confused by our GNS hostnames. Our GNS namestore doesn't know about any DNS hostnames yet, so we have to store them, too. For our "ccc" A record, we have to store a LEHO (legacy hostname) record, too. It must contain the website's original DNS hostname:</p>
314
315<p><code>
316$ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -C www.ccc.de
317</code></p>
318
319Now let's start gnunet-gns-proxy.
320
321<p><code>
322$ gnunet-gns-proxy
323</code></p>
324
325<p>Our browser has to be configured so it uses our proxy. In firefox we have to set theese options under "about:config":</p>
326
327<p><code>
328network.proxy.socks: localhost
329network.proxy.socks_port: 7777
330network.proxy.socks_remote_dns true
331network.proxy.socks.type: 1
332</code></p>
333
334<p>Now we should be able to resolve our GNS names in the browser! We just have to type "https://ccc.myself" into the address bar. If our friend Bob prepared his system, too, he can resolve our record by typing "ccc.alice.myself".</p>
335
336
276<h4>{{ _("VPN") }}</h4> 337<h4>{{ _("VPN") }}</h4>
277 338
278<p>TBD</p> 339<p>TBD</p>