diff options
author | ng0 <ng0@n0.is> | 2018-12-17 16:21:51 +0000 |
---|---|---|
committer | ng0 <ng0@n0.is> | 2018-12-17 16:21:51 +0000 |
commit | 69351da70104de8167e7d4cf6b75eed683303c27 (patch) | |
tree | 2225d2e02dda373f6e31d0c11d1857a484c2cde0 | |
parent | 5b881d13ca3d38869a4042db88c558d2d3f2bdbd (diff) | |
download | www-69351da70104de8167e7d4cf6b75eed683303c27.tar.gz www-69351da70104de8167e7d4cf6b75eed683303c27.zip |
ubuntu: html5 spec compliance
-rw-r--r-- | tutorial-ubuntu1804.html.j2 | 870 |
1 files changed, 486 insertions, 384 deletions
diff --git a/tutorial-ubuntu1804.html.j2 b/tutorial-ubuntu1804.html.j2 index cc03257c..4dd9d765 100644 --- a/tutorial-ubuntu1804.html.j2 +++ b/tutorial-ubuntu1804.html.j2 | |||
@@ -2,390 +2,492 @@ | |||
2 | {% block body_content %} | 2 | {% block body_content %} |
3 | <div class="container"> | 3 | <div class="container"> |
4 | 4 | ||
5 | <h2>{{ _("Tutorial: GNUnet on Ubuntu 18.04") }}</h2> | 5 | <h2>{{ _("Tutorial: GNUnet on Ubuntu 18.04") }}</h2> |
6 | 6 | ||
7 | <h3>{{ _("Introduction") }}</h3> | 7 | <h3>{{ _("Introduction") }}</h3> |
8 | 8 | ||
9 | <p>Welcome to the hopefully painless GNUnet tutorial for Ubuntu 18.04! It provides | 9 | <p> |
10 | very concrete instructions on how to compile, install and configure a current | 10 | Welcome to the hopefully painless GNUnet tutorial for Ubuntu 18.04! It provides |
11 | version of GNUnet. The goal is to support newcomers, either end users or | 11 | very concrete instructions on how to compile, install and configure a current |
12 | developers, who want to get in touch with GNUnet for the first time. After | 12 | version of GNUnet. The goal is to support newcomers, either end users or |
13 | installing GNUnet we will make sure that out new GNUnet installation is working | 13 | developers, who want to get in touch with GNUnet for the first time. After |
14 | correctly.</p> | 14 | installing GNUnet we will make sure that out new GNUnet installation is working |
15 | 15 | correctly. | |
16 | <p><b>Attention: If you came across the official gnunet package for Ubuntu 18.04, | 16 | </p> |
17 | ignore it! It is ancient and not compatible with current GNUnet | 17 | |
18 | installations.</b></p> | 18 | <p> |
19 | 19 | <b>Attention: If you came across the official gnunet package for Ubuntu 18.04, | |
20 | <p>Now let's start!</p> | 20 | ignore it! It is ancient and not compatible with current GNUnet |
21 | 21 | installations.</b> | |
22 | <h3>{{ _("Requirements") }}</h3> | 22 | </p> |
23 | 23 | ||
24 | <p>First let's install the following Ubuntu 18.04 packages to use GNUnet | 24 | <p> |
25 | painlessly. Optional dependencies are listed in Appendix A. They are required | 25 | Now let's start! |
26 | for some experimental GNUnet features.</p> | 26 | </p> |
27 | 27 | ||
28 | <p><code> | 28 | <h3>{{ _("Requirements") }}</h3> |
29 | $ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl libnss3-tools libmicrohttpd | 29 | |
30 | </code></p> | 30 | <p> |
31 | 31 | First let's install the following Ubuntu 18.04 packages to use GNUnet | |
32 | <h3>{{ _("Make an installation directory") }}</h3> | 32 | painlessly. Optional dependencies are listed in Appendix A. They are required |
33 | 33 | for some experimental GNUnet features. | |
34 | <p>Next we create a directory in our home directory where we store the source code later. We should keep this directory after installation because it contains Makefiles that can be used for uninstalling GNUnet again (see chapter *Uninstall GNUnet and its dependencies*).</p> | 34 | </p> |
35 | 35 | ||
36 | <p><code> | 36 | <code> |
37 | $ mkdir ~/gnunet_installation | 37 | $ sudo apt install git libtool autoconf autopoint \<br> |
38 | </code></p> | 38 | build-essential libgcrypt-dev libidn11-dev zlib1g-dev \<br> |
39 | 39 | libunistring-dev libglpk-dev miniupnpc libextractor-dev \<br> | |
40 | <h3>{{ _("Get the source code") }}</h3> | 40 | libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl \<br> |
41 | 41 | libnss3-tools libmicrohttpd | |
42 | <p>We download the GNUnet source code using git.</p> | 42 | </code> |
43 | 43 | ||
44 | <p><code> | 44 | <h3>{{ _("Make an installation directory") }}</h3> |
45 | $ cd ~/gnunet_installation<br> | 45 | |
46 | $ git clone --depth 1 https://gnunet.org/git/gnunet.git<br> | 46 | <p> |
47 | </code></p> | 47 | Next we create a directory in our home directory where we store |
48 | 48 | the source code later. We should keep this directory after | |
49 | <h3>{{ _("Compile and Install") }}</h3> | 49 | installation because it contains Makefiles that can be used for |
50 | 50 | uninstalling GNUnet again (see chapter *Uninstall GNUnet and its | |
51 | <p>Installing GNUnet is not hard. We have two options: | 51 | dependencies*). |
52 | installing a *production version* and installing a *development version*. If | 52 | </p> |
53 | you want to start writing GNUnet applications or join the GNUnet development | 53 | |
54 | choose the development version (it will print more debug output and contains | 54 | <code> |
55 | debug symbols that can be displayed with a debugger). Otherwise choose the | 55 | $ mkdir ~/gnunet_installation |
56 | production version.</p> | 56 | </code> |
57 | 57 | ||
58 | <h4>{{ _("Option 1: GNUnet for production / usage") }}</h4> | 58 | <h3>{{ _("Get the source code") }}</h3> |
59 | <p><code> | 59 | |
60 | $ cd ~/gnunet_installation/gnunet<br> | 60 | <p> |
61 | $ ./bootstrap<br> | 61 | We download the GNUnet source code using git. |
62 | $ export GNUNET_PREFIX=/usr<br> | 62 | </p> |
63 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --with-microhttpd=/opt/libmicrohttpd<br> | 63 | |
64 | $ sudo addgroup gnunetdns<br> | 64 | <code> |
65 | $ sudo adduser --system --group --disabled-login --home /var/lib/gnunet gnunet<br> | 65 | $ cd ~/gnunet_installation<br> |
66 | $ make -j$(nproc || echo -n 1)<br> | 66 | $ git clone --depth 1 https://gnunet.org/git/gnunet.git<br> |
67 | $ sudo make install | 67 | </code> |
68 | </code></p> | 68 | |
69 | 69 | <h3>{{ _("Compile and Install") }}</h3> | |
70 | <h4>{{ _("Option 2: GNUnet for development") }}</h4> | 70 | |
71 | <p><code> | 71 | <p> |
72 | $ cd ~/gnunet_installation/gnunet<br> | 72 | Installing GNUnet is not hard. We have two options: |
73 | $ ./bootstrap<br> | 73 | installing a *production version* and installing a *development version*. If |
74 | $ export GNUNET_PREFIX=/usr<br> | 74 | you want to start writing GNUnet applications or join the GNUnet development |
75 | $ export CFLAGS="-g -Wall -O0"<br> | 75 | choose the development version (it will print more debug output and contains |
76 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --enable-logging=verbose <br> | 76 | debug symbols that can be displayed with a debugger). Otherwise choose the |
77 | $ make -j$(nproc || echo -n 1)<br> | 77 | production version. |
78 | $ sudo make install | 78 | </p> |
79 | </p></code> | 79 | |
80 | 80 | <h4>{{ _("Option 1: GNUnet for production / usage") }}</h4> | |
81 | <!--<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> | 81 | |
82 | So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Ubuntu 18.04 we have to do | 82 | <code> |
83 | 83 | $ cd ~/gnunet_installation/gnunet<br> | |
84 | <p><code> | 84 | $ ./bootstrap<br> |
85 | $ sudo cp /usr/lib/gnunet/nss/libnss_gns.so.2 /lib/$(uname -m)-linux-gnu/ | 85 | $ export GNUNET_PREFIX=/usr<br> |
86 | </p></code> | 86 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --with-microhttpd=/opt/libmicrohttpd<br> |
87 | 87 | $ sudo addgroup gnunetdns<br> | |
88 | <p>The next step is activating the GNUnet plugin we just copied in the NSS | 88 | $ sudo adduser --system --group --disabled-login --home /var/lib/gnunet gnunet<br> |
89 | config. It is located in `/etc/nsswitch.conf`. It should contain a line | 89 | $ make -j$(nproc || echo -n 1)<br> |
90 | starting with "hosts" similar to this (at least "files" and "dns" should be | 90 | $ sudo make install |
91 | there):</p> | 91 | </code> |
92 | 92 | ||
93 | <p><code> | 93 | <h4>{{ _("Option 2: GNUnet for development") }}</h4> |
94 | $ cat /etc/nsswitch.conf<br> | 94 | |
95 | hosts: files mdns4_minimal [NOTFOUND=return] dns | 95 | <code> |
96 | </p></code> | 96 | $ cd ~/gnunet_installation/gnunet<br> |
97 | 97 | $ ./bootstrap<br> | |
98 | <p><b>Attention: Once we modified `etc/nsswitch.conf` DNS resolution will only | 98 | $ export GNUNET_PREFIX=/usr<br> |
99 | be possible as long as is GNUnet is running. We can leave the next step out, | 99 | $ export CFLAGS="-g -Wall -O0"<br> |
100 | but then we will not be able to use GNUnet's name resolution in external | 100 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --enable-logging=verbose <br> |
101 | applications.</b></p> | 101 | $ make -j$(nproc || echo -n 1)<br> |
102 | 102 | $ sudo make install | |
103 | <p>We save a copy of the original file and then modify the line using sed:</p> | 103 | </code> |
104 | 104 | ||
105 | <p><code> | 105 | <!--<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> |
106 | $ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.original<br> | 106 | So now it gets a bit nasty. It's not so bad. All we have to do is copy a file and edit another one. The file we need to copy is GNUnet's plugin for the Name Service Switch (NSS) in unix systems. Different unixes expect it in different locations and GNUnet's build system does not try to guess. On Ubuntu 18.04 we have to do |
107 | $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch.conf | 107 | |
108 | </p></code> | 108 | <code> |
109 | 109 | $ sudo cp /usr/lib/gnunet/nss/libnss_gns.so.2 /lib/$(uname -m)-linux-gnu/ | |
110 | <p>Now in the line starting with "hosts" should contain an entry "gns [NOTFOUND=return]" before the "dns" entry like this:</p> | 110 | </code> |
111 | 111 | ||
112 | <p><code> | 112 | <p>The next step is activating the GNUnet plugin we just copied in the NSS |
113 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns | 113 | config. It is located in `/etc/nsswitch.conf`. It should contain a line |
114 | </p></code> | 114 | starting with "hosts" similar to this (at least "files" and "dns" should be |
115 | 115 | there):</p> | |
116 | <p>That's it. It wasn't that nasty, was it?</p>--> | 116 | |
117 | 117 | <code> | |
118 | <h3>{{ _("Configuration") }}</h3> | 118 | $ cat /etc/nsswitch.conf<br> |
119 | Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now: | 119 | hosts: files mdns4_minimal [NOTFOUND=return] dns |
120 | 120 | </code> | |
121 | <p><code> | 121 | |
122 | $ touch ~/.config/gnunet.conf | 122 | <p><b>Attention: Once we modified `etc/nsswitch.conf` DNS resolution will only |
123 | </p></code> | 123 | be possible as long as is GNUnet is running. We can leave the next step out, |
124 | 124 | but then we will not be able to use GNUnet's name resolution in external | |
125 | <p>Now we can start it with the command line tool `gnunet-arm` (Automatic Restart Manager).</p> | 125 | applications.</b></p> |
126 | 126 | ||
127 | <p><code> | 127 | <p>We save a copy of the original file and then modify the line using sed:</p> |
128 | $ gnunet-arm -s | 128 | |
129 | </p></code> | 129 | <code> |
130 | 130 | $ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.original<br> | |
131 | <p>It starts the default GNUnet services. We can list them with the `-I` option:</p> | 131 | $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch.conf |
132 | 132 | </code> | |
133 | <p><code> | 133 | |
134 | $ gnunet-arm -I<br> | 134 | <p>Now in the line starting with "hosts" should contain an entry "gns [NOTFOUND=return]" before the "dns" entry like this:</p> |
135 | Running services:<br> | 135 | |
136 | ats (gnunet-service-ats)<br> | 136 | <code> |
137 | revocation (gnunet-service-revocation)<br> | 137 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns |
138 | set (gnunet-service-set)<br> | 138 | </code> |
139 | nat (gnunet-service-nat)<br> | 139 | |
140 | transport (gnunet-service-transport)<br> | 140 | <p>That's it. It wasn't that nasty, was it?</p>--> |
141 | peerstore (gnunet-service-peerstore)<br> | 141 | |
142 | hostlist (gnunet-daemon-hostlist)<br> | 142 | <h3>{{ _("Configuration") }}</h3> |
143 | identity (gnunet-service-identity)<br> | 143 | |
144 | namecache (gnunet-service-namecache)<br> | 144 | <p> |
145 | peerinfo (gnunet-service-peerinfo)<br> | 145 | Congratulations! GNUnet is now installed! Before we start it we |
146 | datastore (gnunet-service-datastore)<br> | 146 | need to create a configuration file. By default GNUnet looks in |
147 | zonemaster (gnunet-service-zonemaster)<br> | 147 | our home directory for the file `~/.gnunet/gnunet.conf`. We can |
148 | zonemaster-monitor (gnunet-service-zonemaster-monitor)<br> | 148 | start with an empty file for now: |
149 | nse (gnunet-service-nse)<br> | 149 | </p> |
150 | cadet (gnunet-service-cadet)<br> | 150 | |
151 | dht (gnunet-service-dht)<br> | 151 | <code> |
152 | core (gnunet-service-core)<br> | 152 | $ touch ~/.config/gnunet.conf |
153 | gns (gnunet-service-gns)<br> | 153 | </code> |
154 | statistics (gnunet-service-statistics)<br> | 154 | |
155 | topology (gnunet-daemon-topology)<br> | 155 | <p> |
156 | fs (gnunet-service-fs)<br> | 156 | Now we can start it with the command line tool `gnunet-arm` |
157 | namestore (gnunet-service-namestore)<br> | 157 | (Automatic Restart Manager). |
158 | vpn (gnunet-service-vpn) | 158 | </p> |
159 | </p></code> | 159 | |
160 | 160 | <code> | |
161 | <p>For stopping GNUnet again we can use the `-e` option.</p> | 161 | $ gnunet-arm -s |
162 | 162 | </code> | |
163 | <p><code> | 163 | |
164 | $ gnunet-arm -e | 164 | <p> |
165 | </p></code> | 165 | It starts the default GNUnet services. We can list them with the `-I` option: |
166 | 166 | </p> | |
167 | <h3>{{ _("Make sure it works") }}</h3> | 167 | |
168 | 168 | <code> | |
169 | <p>Let's try out some of GNUnet's use cases. Some should be done before others: | 169 | $ gnunet-arm -I<br> |
170 | 170 | Running services:<br> | |
171 | <ul> | 171 | ats (gnunet-service-ats)<br> |
172 | <li>filesharing</li> | 172 | revocation (gnunet-service-revocation)<br> |
173 | <li>A simple chat using CADET</li> | 173 | set (gnunet-service-set)<br> |
174 | <li>Name resolution using GNS on the command line</li> | 174 | nat (gnunet-service-nat)<br> |
175 | <li>Name resolution using GNS with a browser (do it on the command line first)</li> | 175 | transport (gnunet-service-transport)<br> |
176 | <li>Serving a website using VPN (do name resolution with a browser first)</li> | 176 | peerstore (gnunet-service-peerstore)<br> |
177 | </ul> | 177 | hostlist (gnunet-daemon-hostlist)<br> |
178 | 178 | identity (gnunet-service-identity)<br> | |
179 | </p> | 179 | namecache (gnunet-service-namecache)<br> |
180 | 180 | peerinfo (gnunet-service-peerinfo)<br> | |
181 | 181 | datastore (gnunet-service-datastore)<br> | |
182 | <h4>{{ _("filesharing") }}</h4> | 182 | zonemaster (gnunet-service-zonemaster)<br> |
183 | 183 | zonemaster-monitor (gnunet-service-zonemaster-monitor)<br> | |
184 | <p>Let's publish a file in the GNUnet filesharing network. We use the keywords | 184 | nse (gnunet-service-nse)<br> |
185 | ("commons" and "state") so other people will be able to search for the file. | 185 | cadet (gnunet-service-cadet)<br> |
186 | </p> | 186 | dht (gnunet-service-dht)<br> |
187 | 187 | core (gnunet-service-core)<br> | |
188 | <p>We can choose any file and describe it with meaningful keywords (using the | 188 | gns (gnunet-service-gns)<br> |
189 | `-k` command line option).</p> | 189 | statistics (gnunet-service-statistics)<br> |
190 | 190 | topology (gnunet-daemon-topology)<br> | |
191 | <p><code> | 191 | fs (gnunet-service-fs)<br> |
192 | $ gnunet-publish -k commons -k state ostrom.pdf<br> | 192 | namestore (gnunet-service-namestore)<br> |
193 | Publishing `/home/myself/ostrom.pdf' done.<br> | 193 | vpn (gnunet-service-vpn) |
194 | URI is `gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237'. | 194 | </code> |
195 | </p></code> | 195 | |
196 | 196 | <p> | |
197 | <p>Finding the file by keyword works with `gnunet-search`.</p> | 197 | For stopping GNUnet again we can use the `-e` option. |
198 | 198 | </p> | |
199 | <p><code> | 199 | |
200 | $ gnunet-search commons<br> | 200 | <code> |
201 | #1:<br> | 201 | $ gnunet-arm -e |
202 | gnunet-download -o "ostrom.pdf" gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237 | 202 | </code> |
203 | </p></code> | 203 | |
204 | 204 | <h3>{{ _("Make sure it works") }}</h3> | |
205 | <p>It gives us the command line call to download the file (and store it as | 205 | |
206 | ostrom.pdf)!</p> | 206 | <p> |
207 | 207 | Let's try out some of GNUnet's use cases. Some should be done before others: | |
208 | 208 | </p> | |
209 | <h4>{{ _("CADET (and Chat)") }}</h4> | 209 | |
210 | 210 | <ul> | |
211 | <p>We can use the `gnunet-cadet` command line tool to open a port and from | 211 | <li>filesharing</li> |
212 | another machine connect to this port and chat or transfer data. First we need | 212 | <li>A simple chat using CADET</li> |
213 | our *peer ID* of the GNUnet peer opening the port.</p> | 213 | <li>Name resolution using GNS on the command line</li> |
214 | 214 | <li>Name resolution using GNS with a browser (do it on the command line first)</li> | |
215 | <p><code> | 215 | <li>Serving a website using VPN (do name resolution with a browser first)</li> |
216 | $ gnunet-peerinfo -s<br> | 216 | </ul> |
217 | I am peer `P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG'. | 217 | |
218 | </p></code> | 218 | <h4>{{ _("filesharing") }}</h4> |
219 | 219 | ||
220 | <p>Now we open the port (it can be any string!):</p> | 220 | <p> |
221 | 221 | Let's publish a file in the GNUnet filesharing network. We use the keywords | |
222 | <p><code> | 222 | ("commons" and "state") so other people will be able to search for the file. |
223 | $ gnunet-cadet -o my-secret-port | 223 | </p> |
224 | </p></code> | 224 | |
225 | 225 | <p> | |
226 | <p>On the other machine we can connect using the peer ID and the port and start chatting!</p> | 226 | We can choose any file and describe it with meaningful keywords (using the |
227 | 227 | `-k` command line option). | |
228 | <p><code> | 228 | </p> |
229 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port | 229 | |
230 | </p></code> | 230 | <code> |
231 | 231 | $ gnunet-publish -k commons -k state ostrom.pdf<br> | |
232 | 232 | Publishing `/home/myself/ostrom.pdf' done.<br> | |
233 | <h4>{{ _("Name resolution using GNS on the command line") }}</h4> | 233 | URI is `gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237'. |
234 | 234 | </code> | |
235 | <p>GNS is the GNU name service, a fully decentralized alternatice to DNS. We'll publish an IP address in a GNS record try to resolve it on the command line. First we need an identity which is the | 235 | |
236 | equivalent to a zone in DNS. We'll call it "myself" and create it using the | 236 | <p> |
237 | `gnunet-identity` command line tool. Instead of "myself" you can surely use your | 237 | Finding the file by keyword works with `gnunet-search`. |
238 | nick or any other name. </p> | 238 | </p> |
239 | 239 | ||
240 | <p><code> | 240 | <code> |
241 | $ gnunet-identity -C myself | 241 | $ gnunet-search commons<br> |
242 | </code></p> | 242 | #1:<br> |
243 | 243 | gnunet-download -o "ostrom.pdf" gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237 | |
244 | <p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> | 244 | </code> |
245 | 245 | ||
246 | <p><code> | 246 | <p> |
247 | $ gnunet-identity -d<br> | 247 | It gives us the command line call to download the file (and store it as |
248 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | 248 | ostrom.pdf)! |
249 | </code></p> | 249 | </p> |
250 | 250 | ||
251 | <p>Now we add a public `A` record to our zone. It has the name "ccc", a value | 251 | <h4>{{ _("CADET (and Chat)") }}</h4> |
252 | of "195.54.164.39" and it expires after one day.</p> | 252 | |
253 | <p><code> | 253 | <p> |
254 | $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39 | 254 | We can use the `gnunet-cadet` command line tool to open a port and from |
255 | </code></p> | 255 | another machine connect to this port and chat or transfer data. First we need |
256 | 256 | our *peer ID* of the GNUnet peer opening the port. | |
257 | <p>Now we can query that record using the command line tool `gnunet-gns`.</p> | 257 | </p> |
258 | 258 | ||
259 | <p><code> | 259 | <code> |
260 | $ gnunet-gns -t A -u ccc.myself<br> | 260 | $ gnunet-peerinfo -s<br> |
261 | ccc.myself:<br> | 261 | I am peer `P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG'. |
262 | Got `A' record: 195.54.164.39 | 262 | </code> |
263 | </code></p> | 263 | |
264 | 264 | <p> | |
265 | <p>So it worked! But only resolving our own records is boring. So we can give our | 265 | Now we open the port (it can be any string!): |
266 | identity (the public key of it to be precise) to someone else so they can try to | 266 | </p> |
267 | resolve our records, too. The other person (Bob) has to add it to his namestore like | 267 | |
268 | this:<p> | 268 | <code> |
269 | 269 | $ gnunet-cadet -o my-secret-port | |
270 | <p><code> | 270 | </code> |
271 | $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | 271 | |
272 | </code></p> | 272 | <p>On the other machine we can connect using the peer ID and the port and start chatting!</p> |
273 | 273 | ||
274 | <p>Our identity in Bobs namestore is a public record (-p) and never expires (-e never). Now Bob (let's assume he has called his identity myself, too) should be able to resolve our "ccc" record, too!</p> | 274 | <code> |
275 | 275 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port | |
276 | <p><code> | 276 | </code> |
277 | $ gnunet-gns -t A -u ccc.alice.myself<br> | 277 | |
278 | ccc.alice.myself:<br> | 278 | |
279 | Got `A' record: 195.54.164.39 | 279 | <h4>{{ _("Name resolution using GNS on the command line") }}</h4> |
280 | </code></p> | 280 | |
281 | 281 | <p>GNS is the GNU name service, a fully decentralized alternatice to DNS. We'll publish an IP address in a GNS record try to resolve it on the command line. First we need an identity which is the | |
282 | <p>It can continue like this. A friend of Bob would be able to resolve our records too because Bob published our identity in a public record. Bobs friend would simply use "ccc.alice.bob.myself" to resolve our "ccc" record. | 282 | equivalent to a zone in DNS. We'll call it "myself" and create it using the |
283 | 283 | `gnunet-identity` command line tool. Instead of "myself" you can surely use your | |
284 | 284 | nick or any other name. </p> | |
285 | <h4>{{ _("Name resolution using GNS with a browser") }}</h4> | 285 | |
286 | 286 | <code> | |
287 | <p>In the previous use case "Name resolution using GNS on the command line" we got an idea | 287 | $ gnunet-identity -C myself |
288 | about what GNS is about, but now let's use it with a browser, to make it actually useful. Currently Firefox and Chromium are known to work.</p> | 288 | </code> |
289 | 289 | ||
290 | <p>Many websites enforce HTTPS and thus provide certificates for their hostnames (and not our GNS names). Browsers don't like wrong hostnames in certificates and will present error messages. So GNUnet has to trick them by generating own certificates for our GNS names. This means we need to create our own certificate authority and tell our browser about it. Luckily there's a script for it:</p> | 290 | <p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> |
291 | 291 | ||
292 | <p><code> | 292 | <code> |
293 | $ gnunet-gns-proxy-setup-ca | 293 | $ gnunet-identity -d<br> |
294 | </code></p> | 294 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG |
295 | 295 | </code> | |
296 | <p>After executing this script the Browser has to be restarted.</p> | 296 | |
297 | 297 | <p> | |
298 | <p>GNUnet provides a proxy service (gnunet-gns-proxy) that the browser can send DNS and HTTP traffic to. It will try to resolve names with GNS first and forward the rest of the DNS traffic to the system's DNS resolver. It will also take care of the HTTP traffic, so the browser gets valid certificates and the web server will not be confused by our GNS hostnames. Our GNS namestore doesn't know about any DNS hostnames yet, so we have to store them, too. For our "ccc" A record, we have to store a LEHO (legacy hostname) record, too. It must contain the website's original DNS hostname:</p> | 298 | Now we add a public `A` record to our zone. It has the name "ccc", a value |
299 | 299 | of "195.54.164.39" and it expires after one day. | |
300 | <p><code> | 300 | </p> |
301 | $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -V www.ccc.de | 301 | |
302 | </code></p> | 302 | <code> |
303 | 303 | $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39 | |
304 | <p>Now let's start gnunet-gns-proxy.</p> | 304 | </code> |
305 | 305 | ||
306 | <p><code> | 306 | <p>Now we can query that record using the command line tool `gnunet-gns`.</p> |
307 | $ /usr/lib/gnunet/libexec/gnunet-gns-proxy | 307 | |
308 | </code></p> | 308 | <code> |
309 | 309 | $ gnunet-gns -t A -u ccc.myself<br> | |
310 | <p>Our browser has to be configured so it uses our proxy. In Firefox we have to set these options under "about:config":</p> | 310 | ccc.myself:<br> |
311 | 311 | Got `A' record: 195.54.164.39 | |
312 | <p><code> | 312 | </code> |
313 | network.proxy.socks: localhost<br> | 313 | |
314 | network.proxy.socks_port: 7777<br> | 314 | <p> |
315 | network.proxy.socks_remote_dns true<br> | 315 | So it worked! But only resolving our own records is boring. So we |
316 | network.proxy.type: 1 | 316 | can give our identity (the public key of it to be precise) to |
317 | </code></p> | 317 | someone else so they can try to resolve our records, too. The |
318 | 318 | other person (Bob) has to add it to his namestore like this: | |
319 | <p>To tell Chromium to use the proxy, it has to be started with the "--proxy-server" command line option:</p> | 319 | </p> |
320 | 320 | ||
321 | <p><code> | 321 | <code> |
322 | $ chromium --proxy-server="socks5://127.0.0.1:7777" | 322 | $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG |
323 | </code></p> | 323 | </code> |
324 | 324 | ||
325 | <p>Now we should be able to resolve our GNS names in the browser! We just have to type "https://ccc.myself" into the address bar. If our friend Bob prepared his system, too, he can resolve our record by typing "ccc.alice.myself".</p> | 325 | <p> |
326 | 326 | Our identity in Bobs namestore is a public record (-p) and never | |
327 | 327 | expires (-e never). Now Bob (let's assume he has called his | |
328 | <h4>{{ _("VPN") }}</h4> | 328 | identity myself, too) should be able to resolve our "ccc" record, |
329 | 329 | too! | |
330 | <p>TBD</p> | 330 | </p> |
331 | 331 | ||
332 | <h3>{{ _("Uninstall GNUnet and its dependencies") }}</h3> | 332 | <code> |
333 | 333 | $ gnunet-gns -t A -u ccc.alice.myself<br> | |
334 | <p><code> | 334 | ccc.alice.myself:<br> |
335 | $ cd ~/gnunet_installation/gnunet<br> | 335 | Got `A' record: 195.54.164.39 |
336 | $ sudo make uninstall<br> | 336 | </code> |
337 | $ cd ~/gnunet_installation/libmicrohttpd<br> | 337 | |
338 | $ sudo make uninstall<br> | 338 | <p> |
339 | $ sudo apt remove git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev<br> | 339 | It can continue like this. A friend of Bob would be able to |
340 | $ sudo apt autoremove<br> | 340 | resolve our records too because Bob published our identity in a |
341 | $ sudo userdel -r gnunet<br> | 341 | public record. Bobs friend would simply use "ccc.alice.bob.myself" |
342 | $ sudo groupdel gnunet<br> | 342 | to resolve our "ccc" record. |
343 | $ sudo groupdel gnunetdns<br> | 343 | </p> |
344 | $ sudo mv /etc/nsswitch.conf.original /etc/nsswitch.conf<br> | 344 | |
345 | $ sudo rm /lib/$(uname -m)-linux-gnu/libnss_gns.so.2 | 345 | |
346 | </p></code> | 346 | <h4>{{ _("Name resolution using GNS with a browser") }}</h4> |
347 | 347 | ||
348 | 348 | <p> | |
349 | <h3>{{ _("Appendix A: Optional GNUnet features") }}</h3> | 349 | In the previous use case "Name resolution using GNS on the command line" we got an idea |
350 | 350 | about what GNS is about, but now let's use it with a browser, to make it actually useful. Currently Firefox and Chromium are known to work. | |
351 | <p>TBD</p> | 351 | </p> |
352 | 352 | ||
353 | <h3>{{ _("Troubleshooting") }}</h3> | 353 | <p> |
354 | 354 | Many websites enforce HTTPS and thus provide certificates for | |
355 | <h4>{{ _("You can't reach other people's nodes") }}</h4> | 355 | their hostnames (and not our GNS names). Browsers don't like wrong |
356 | 356 | hostnames in certificates and will present error messages. So GNUnet | |
357 | <p>Should our computer not have reached the open GNUnet network automatically, | 357 | has to trick them by generating own certificates for our GNS |
358 | we can manually instruct our node how to reach the nodes of our friends. This | 358 | names. This means we need to create our own certificate authority |
359 | works by exchanging HELLO strings. This is how we get a hello string for our | 359 | and tell our browser about it. Luckily there's a script for it: |
360 | computer.</p> | 360 | </p> |
361 | 361 | ||
362 | <p><code> | 362 | <code> |
363 | $ gnunet-peerinfo -gn | 363 | $ gnunet-gns-proxy-setup-ca |
364 | </p></code> | 364 | </code> |
365 | 365 | ||
366 | <p>We can now pass this string to our friends "out of band" (using whatever | 366 | <p>After executing this script the Browser has to be restarted.</p> |
367 | existing chat or messaging technology). If the string contains some private IP | 367 | |
368 | networks we don't want to share, we can carefully edit them out.</p> | 368 | <p> |
369 | 369 | GNUnet provides a proxy service (gnunet-gns-proxy) that the | |
370 | <p>Once we receive such strings from our friends, we can add them like | 370 | browser can send DNS and HTTP traffic to. It will try to resolve |
371 | this:</p> | 371 | names with GNS first and forward the rest of the DNS traffic to |
372 | 372 | the system's DNS resolver. It will also take care of the HTTP | |
373 | <p><code> | 373 | traffic, so the browser gets valid certificates and the web server |
374 | gnunet-peerinfo -p <string> | 374 | will not be confused by our GNS hostnames. Our GNS namestore |
375 | </p></code> | 375 | doesn't know about any DNS hostnames yet, so we have to store |
376 | 376 | them, too. For our "ccc" A record, we have to store a LEHO (legacy | |
377 | <p>Now our GNUnet nodes can attempt reaching each other directly. This may | 377 | hostname) record, too. It must contain the website's original DNS |
378 | still fail due to NAT traversal issues.</p> | 378 | hostname: |
379 | 379 | </p> | |
380 | <!--<h4>{{ _("OMG you guys broke my internet") }}</h4> | 380 | |
381 | 381 | <code> | |
382 | <p>We can replace `/etc/nsswitch.conf` with the backup we made earlier | 382 | $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -V www.ccc.de |
383 | (`/etc/nsswitch.conf.original`). Now DNS resolution should work again without a | 383 | </code> |
384 | running GNUnet.</p> | 384 | |
385 | 385 | <p>Now let's start gnunet-gns-proxy.</p> | |
386 | <p><code> | 386 | |
387 | $ cp /etc/nsswitch.conf.original /etc/nsswitch.conf | 387 | <code> |
388 | </p></code>--> | 388 | $ /usr/lib/gnunet/libexec/gnunet-gns-proxy |
389 | </code> | ||
390 | |||
391 | <p> | ||
392 | Our browser has to be configured so it uses our proxy. In Firefox | ||
393 | we have to set these options under "about:config": | ||
394 | </p> | ||
395 | |||
396 | <code> | ||
397 | network.proxy.socks: localhost<br> | ||
398 | network.proxy.socks_port: 7777<br> | ||
399 | network.proxy.socks_remote_dns true<br> | ||
400 | network.proxy.type: 1 | ||
401 | </code> | ||
402 | |||
403 | <p> | ||
404 | To tell Chromium to use the proxy, it has to be started with the | ||
405 | "--proxy-server" command line option: | ||
406 | </p> | ||
407 | |||
408 | <code> | ||
409 | $ chromium --proxy-server="socks5://127.0.0.1:7777" | ||
410 | </code> | ||
411 | |||
412 | <p> | ||
413 | Now we should be able to resolve our GNS names in the browser! We | ||
414 | just have to type "https://ccc.myself" into the address bar. If | ||
415 | our friend Bob prepared his system, too, he can resolve our record | ||
416 | by typing "ccc.alice.myself". | ||
417 | </p> | ||
418 | |||
419 | |||
420 | <h4>{{ _("VPN") }}</h4> | ||
421 | |||
422 | <p> | ||
423 | TBD | ||
424 | </p> | ||
425 | |||
426 | <h3>{{ _("Uninstall GNUnet and its dependencies") }}</h3> | ||
427 | |||
428 | <code> | ||
429 | $ cd ~/gnunet_installation/gnunet<br> | ||
430 | $ sudo make uninstall<br> | ||
431 | $ cd ~/gnunet_installation/libmicrohttpd<br> | ||
432 | $ sudo make uninstall<br> | ||
433 | $ sudo apt remove git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev<br> | ||
434 | $ sudo apt autoremove<br> | ||
435 | $ sudo userdel -r gnunet<br> | ||
436 | $ sudo groupdel gnunet<br> | ||
437 | $ sudo groupdel gnunetdns<br> | ||
438 | $ sudo mv /etc/nsswitch.conf.original /etc/nsswitch.conf<br> | ||
439 | $ sudo rm /lib/$(uname -m)-linux-gnu/libnss_gns.so.2 | ||
440 | </code> | ||
441 | |||
442 | |||
443 | <h3>{{ _("Appendix A: Optional GNUnet features") }}</h3> | ||
444 | |||
445 | <p> | ||
446 | TBD | ||
447 | </p> | ||
448 | |||
449 | <h3>{{ _("Troubleshooting") }}</h3> | ||
450 | |||
451 | <h4>{{ _("You can't reach other people's nodes") }}</h4> | ||
452 | |||
453 | <p> | ||
454 | Should our computer not have reached the open GNUnet network automatically, | ||
455 | we can manually instruct our node how to reach the nodes of our friends. This | ||
456 | works by exchanging HELLO strings. This is how we get a hello string for our | ||
457 | computer. | ||
458 | </p> | ||
459 | |||
460 | <code> | ||
461 | $ gnunet-peerinfo -gn | ||
462 | </code> | ||
463 | |||
464 | <p> | ||
465 | We can now pass this string to our friends "out of band" (using whatever | ||
466 | existing chat or messaging technology). If the string contains some private IP | ||
467 | networks we don't want to share, we can carefully edit them out. | ||
468 | </p> | ||
469 | |||
470 | <p> | ||
471 | Once we receive such strings from our friends, we can add them like | ||
472 | this: | ||
473 | </p> | ||
474 | |||
475 | <code> | ||
476 | gnunet-peerinfo -p <string> | ||
477 | </code> | ||
478 | |||
479 | <p>Now our GNUnet nodes can attempt reaching each other directly. This may | ||
480 | still fail due to NAT traversal issues.</p> | ||
481 | |||
482 | <!--<h4>{{ _("OMG you guys broke my internet") }}</h4> | ||
483 | |||
484 | <p>We can replace `/etc/nsswitch.conf` with the backup we made earlier | ||
485 | (`/etc/nsswitch.conf.original`). Now DNS resolution should work again without a | ||
486 | running GNUnet.</p> | ||
487 | |||
488 | <code> | ||
489 | $ cp /etc/nsswitch.conf.original /etc/nsswitch.conf | ||
490 | </code>--> | ||
389 | 491 | ||
390 | </div> | 492 | </div> |
391 | {% endblock body_content %} | 493 | {% endblock body_content %} |