summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2019-02-22 20:26:38 +0100
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2019-02-22 20:26:38 +0100
commitbcde55cd8e29132ca7ce3b6f277d17585c3dd995 (patch)
treeb9fbf2d4b4b9f9c5ff476ff9c3965f1d412aaeb3
parentc890b2bd4a42f86fd00b5d943e9ca2bb11018d44 (diff)
update
-rw-r--r--template/tutorial-macos.html.j2318
1 files changed, 5 insertions, 313 deletions
diff --git a/template/tutorial-macos.html.j2 b/template/tutorial-macos.html.j2
index 8bca8f50..fd86c750 100644
--- a/template/tutorial-macos.html.j2
+++ b/template/tutorial-macos.html.j2
@@ -120,7 +120,6 @@
<p>
Perform the same steps as for Option 1, but add the configure flat '--enable-experimental'
</p>
- <!--
<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4>
<p>
@@ -185,320 +184,13 @@ vpn (gnunet-service-vpn)
</code>
- <h3>{{ _("Make sure it works") }}</h3>
+ <h3>{{ _("Further information") }}</h3>
- <p>
- Let's try out some of GNUnet's use cases. Some should be done
- before others:
- </p>
-
- <ul>
- <li>filesharing</li>
- <li>A simple chat using CADET</li>
- <li>Name resolution using GNS on the command line</li>
- <li>Name resolution using GNS with a browser (do it on the command line first)</li>
- <li>Serving a website using VPN (do name resolution with a browser first)</li>
- </ul>
-
- <h4>{{ _("filesharing") }}</h4>
-
- <p>
- Let's publish a file in the GNUnet filesharing network. We use the keywords
- ("commons" and "state") so other people will be able to search for the file.
- </p>
-
- <p>
- We can choose any file and describe it with meaningful keywords (using the
- `-k` command line option).
- </p>
-
- <code>
- $ gnunet-publish -k commons -k state ostrom.pdf<br>
- Publishing `/home/myself/ostrom.pdf' done.<br>
- URI is `gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237'.
- </code>
-
-
- <p>Finding the file by keyword works with `gnunet-search`.</p>
-
- <code>
- $ gnunet-search commons<br>
-#1:<br>
- gnunet-download -o "ostrom.pdf" gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237
- </code>
-
- <p>
- It gives us the command line call to download the file (and store it as
- ostrom.pdf)!
+ <p>GNUnet has a number of services and features.
+ Please check <a href="https://docs.gnunnet.org">our documentation</a>
+ to learn how to use them. If you find anything odd or bugs, please
+ <a href="https://gnunet.org/bugs">let us know</a>.
</p>
- <h4>{{ _("CADET (and Chat)") }}</h4>
-
- <p>
- We can use the `gnunet-cadet` command line tool to open a port and from
- another machine connect to this port and chat or transfer data. First we need
- our *peer ID* of the GNUnet peer opening the port.
- </p>
-
- <code>
- $ gnunet-peerinfo -s<br>
- I am peer `P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG'.
- </code>
-
-
- <p>
- Now we open the port (it can be any string!):
- </p>
-
- <code>
- $ gnunet-cadet -o my-secret-port
- </code>
-
- <p>
- On the other machine we can connect using the peer ID and the port
- and start chatting!
- </p>
-
- <code>
- $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port
- </code>
-
- <h4>{{ _("Name resolution using GNS on the command line") }}</h4>
-
- <p>
- GNS is the GNU name service, a fully decentralized alternatice to
- DNS. We'll publish an IP address in a GNS record try to resolve it
- on the command line. First we need an identity which is the
- equivalent to a zone in DNS. We'll call it "myself" and create it
- using the `gnunet-identity` command line tool. Instead of "myself"
- you can surely use your nick or any other name.
- </p>
-
- <code>
- $ gnunet-identity -C myself
- </code>
-
- <p>
- We can check if it worked using the same tool. We expect the name
- of our identity and the corresponding public key to be
- displayed.
- </p>
-
- <code>
- $ gnunet-identity -d<br>
- myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG
- </code>
-
- <p>
- Now we add a public `A` record to our zone. It has the name "ccc", a value
- of "195.54.164.39" and it expires after one day.
- </p>
-
- <code>
- $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39
- </code>
-
- <p>
- Now we can query that record using the command line tool `gnunet-gns`.
- </p>
-
- <code>
- $ gnunet-gns -t A -u ccc.myself<br>
- ccc.myself:<br>
- Got `A' record: 195.54.164.39
- </code>
-
- <p>
- So it worked! But only resolving our own records is boring. So we
- can give our identity (the public key of it to be precise) to
- someone else so they can try to resolve our records, too. The
- other person (Bob) has to add it to his namestore like this:
- <p>
-
- <code>
- $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG
- </code>
-
- <p>
- Our identity in Bobs namestore is a public record (-p) and never
- expires (-e never). Now Bob (let's assume he has called his identity
- myself, too) should be able to resolve our "ccc" record, too!
- </p>
-
- <code>
- $ gnunet-gns -t A -u ccc.alice.myself<br>
- ccc.alice.myself:<br>
- Got `A' record: 195.54.164.39
- </code>
-
- <p>
- It can continue like this. A friend of Bob would be able to
- resolve our records too because Bob published our identity in a
- public record. Bobs friend would simply use "ccc.alice.bob.myself"
- to resolve our "ccc" record.
- </p>
-
-
- <h4>{{ _("Name resolution using GNS with a browser") }}</h4>
-
- <p>
- In the previous use case "Name resolution using GNS on the
- command line" we got an idea about what GNS is about, but now
- let's use it with a browser, to make it actually useful. Currently
- Firefox and Chromium are known to work.
- </p>
-
- <p>
- Many websites enforce HTTPS and thus provide certificates for
- their hostnames (and not our GNS names). Browsers don't like wrong
- hostnames in certificates and will present error messages. So
- GNUnet has to trick them by generating own certificates for our
- GNS names. This means we need to create our own certificate
- authority and tell our browser about it. Luckily there's a script
- for it:
- </p>
-
- <code>
- $ gnunet-gns-proxy-setup-ca
- </code>
-
- <p>
- After executing this script the Browser has to be restarted.
- </p>
-
- <p>
- GNUnet provides a proxy service (gnunet-gns-proxy) that the
- browser can send DNS and HTTP traffic to. It will try to resolve
- names with GNS first and forward the rest of the DNS traffic to
- the system's DNS resolver. It will also take care of the HTTP
- traffic, so the browser gets valid certificates and the web server
- will not be confused by our GNS hostnames. Our GNS namestore
- doesn't know about any DNS hostnames yet, so we have to store
- them, too. For our "ccc" A record, we have to store a LEHO (legacy
- hostname) record, too. It must contain the website's original DNS
- hostname:
- </p>
-
- <code>
- $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -V www.ccc.de
- </code>
-
- <p>
- Now let's start gnunet-gns-proxy.
- </p>
-
- <code>
- $ /usr/lib/gnunet/libexec/gnunet-gns-proxy
- </code>
-
- <p>
- Our browser has to be configured so it uses our proxy. In Firefox
- we have to set these options under "about:config":
- </p>
-
- <code>
- network.proxy.socks: localhost<br>
- network.proxy.socks_port: 7777<br>
- network.proxy.socks_remote_dns true<br>
- network.proxy.type: 1
- </code>
-
- <p>
- To tell Chromium to use the proxy, it has to be started with the
- "--proxy-server" command line option:
- </p>
-
- <code>
- $ chromium --proxy-server="socks5://127.0.0.1:7777"
- </code>
-
- <p>
- Now we should be able to resolve our GNS names in the browser! We
- just have to type "https://ccc.myself" into the address bar. If
- our friend Bob prepared his system, too, he can resolve our record
- by typing "ccc.alice.myself".
- </p>
-
-
- <h4>{{ _("VPN") }}</h4>
-
- <p>
- TBD
- </p>
-
- <h3>{{ _("Uninstall GNUnet and its dependencies") }}</h3>
-
- <code>
- $ cd ~/gnunet_installation/gnunet<br>
- $ sudo make uninstall<br>
- $ cd ~/gnunet_installation/libmicrohttpd<br>
- $ sudo make uninstall<br>
- $ sudo apt remove git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev<br>
- $ sudo apt autoremove<br>
- $ sudo userdel -r gnunet<br>
- $ sudo groupdel gnunet<br>
- $ sudo groupdel gnunetdns<br>
- $ sudo mv /etc/nsswitch.conf.original /etc/nsswitch.conf<br>
- $ sudo rm /lib/$(uname -m)-linux-gnu/libnss_gns.so.2
- </code>
-
- <h3>{{ _("Appendix A: Optional GNUnet features") }}</h3>
-
- <p>
- TBD
- </p>
-
- <h3>{{ _("Troubleshooting") }}</h3>
-
- <h4>{{ _("You can't reach other people's nodes") }}</h4>
-
- <p>
- Should our computer not have reached the open GNUnet network automatically,
- we can manually instruct our node how to reach the nodes of our friends. This
- works by exchanging HELLO strings. This is how we get a hello string for our
- computer.
- </p>
-
- <code>
- $ gnunet-peerinfo -gn
- </code>
-
- <p>
- We can now pass this string to our friends "out of band" (using
- whatever existing chat or messaging technology). If the string
- contains some private IP networks we don't want to share, we can
- carefully edit them out.
- </p>
-
- <p>
- Once we receive such strings from our friends, we can add them
- like this:
- </p>
-
- <code>
- gnunet-peerinfo -p <string>
- </code>
-
-
- <p>
- Now our GNUnet nodes can attempt reaching each other directly. This may
- still fail due to NAT traversal issues.
- </p>
-
-
- <!--
- <h4>{{ _("OMG you guys broke my internet") }}</h4>
-
- <p>
- We can replace `/etc/nsswitch.conf` with the backup we made earlier
- (`/etc/nsswitch.conf.original`). Now DNS resolution should work again without a
- running GNUnet.
- </p>
-
- <code>
- $ cp /etc/nsswitch.conf.original /etc/nsswitch.conf
- </code>
- -->
-
</div>
{% endblock body_content %}