diff options
Diffstat (limited to 'tutorial-debian9.html.j2')
-rw-r--r-- | tutorial-debian9.html.j2 | 1039 |
1 files changed, 600 insertions, 439 deletions
diff --git a/tutorial-debian9.html.j2 b/tutorial-debian9.html.j2 index 42583073..950725e6 100644 --- a/tutorial-debian9.html.j2 +++ b/tutorial-debian9.html.j2 | |||
@@ -2,103 +2,138 @@ | |||
2 | {% block body_content %} | 2 | {% block body_content %} |
3 | <div class="container"> | 3 | <div class="container"> |
4 | 4 | ||
5 | <h2>{{ _("Tutorial: GNUnet on Debian 9") }}</h2> | 5 | <h2>{{ _("Tutorial: GNUnet on Debian 9") }}</h2> |
6 | 6 | ||
7 | <h3>{{ _("Introduction") }}</h3> | 7 | <h3>{{ _("Introduction") }}</h3> |
8 | 8 | ||
9 | <p>Welcome to the hopefully painless GNUnet tutorial for Debian 9! It provides | 9 | <p> |
10 | very concrete instructions on how to compile, install and configure a current | 10 | Welcome to the hopefully painless GNUnet tutorial for Debian 9! It provides |
11 | version of GNUnet. The goal is to support newcomers, either end users or | 11 | very concrete instructions on how to compile, install and configure a current |
12 | developers, who want to get in touch with GNUnet for the first time. After | 12 | version of GNUnet. The goal is to support newcomers, either end users or |
13 | installing GNUnet we will make sure that out new GNUnet installation is working | 13 | developers, who want to get in touch with GNUnet for the first time. After |
14 | correctly.</p> | 14 | installing GNUnet we will make sure that out new GNUnet installation is working |
15 | 15 | correctly. | |
16 | <p><b>Attention: If you came across the official gnunet package for Debian 9, | 16 | </p> |
17 | ignore it! It is ancient and not compatible with current GNUnet | 17 | |
18 | installations.</b></p> | 18 | <p> |
19 | 19 | <b>Attention: If you came across the official gnunet package for Debian 9, | |
20 | <p>Now let's start!</p> | 20 | ignore it! It is ancient and not compatible with current GNUnet |
21 | 21 | installations.</b> | |
22 | <h3>{{ _("Requirements") }}</h3> | 22 | </p> |
23 | 23 | ||
24 | <p>First let's install the following Debian 9 packages to use GNUnet | 24 | <p> |
25 | painlessly. Optional dependencies are listed in Appendix A. They are required | 25 | Now let's start! |
26 | for some experimental GNUnet features.</p> | 26 | </p> |
27 | 27 | ||
28 | <p><code> | 28 | <h3>{{ _("Requirements") }}</h3> |
29 | $ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl libnss3-tools | 29 | |
30 | </code></p> | 30 | <p> |
31 | 31 | First let's install the following Debian 9 packages to use GNUnet | |
32 | <h3>{{ _("Make an installation directory") }}</h3> | 32 | painlessly. Optional dependencies are listed in Appendix A. They are required |
33 | 33 | for some experimental GNUnet features. | |
34 | <p>Next we create a directory in our home directory where we store the source code later. We should keep this directory after installation because it contains Makefiles that can be used for uninstalling GNUnet again (see chapter *Uninstall GNUnet and its dependencies*).</p> | 34 | </p> |
35 | 35 | ||
36 | <p><code> | 36 | <p> |
37 | $ mkdir ~/gnunet_installation | 37 | <code> |
38 | </code></p> | 38 | $ sudo apt install git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev openssl libnss3-tools |
39 | 39 | </code> | |
40 | <h3>{{ _("Get the source code") }}</h3> | 40 | </p> |
41 | 41 | ||
42 | <p>We download the GNUnet source code using git. On Debian 9 we need the | 42 | <h3>{{ _("Make an installation directory") }}</h3> |
43 | sources of another library (libmicrohttpd).</p> | 43 | |
44 | 44 | <p> | |
45 | <p><b>Attention: The official libmicrohttpsd package for Debian 9 is too old, we need | 45 | Next we create a directory in our home directory where we store |
46 | at least version 0.9.52.</b></p> | 46 | the source code later. We should keep this directory after |
47 | 47 | installation because it contains Makefiles that can be used for | |
48 | <p><code> | 48 | uninstalling GNUnet again (see chapter *Uninstall GNUnet and its |
49 | $ cd ~/gnunet_installation<br> | 49 | dependencies*). |
50 | $ git clone --depth 1 https://gnunet.org/git/gnunet.git<br> | 50 | </p> |
51 | $ git clone --depth 1 https://gnunet.org/git/libmicrohttpd.git | 51 | |
52 | </code></p> | 52 | <p> |
53 | 53 | <code> | |
54 | <h3>{{ _("Compile and Install") }}</h3> | 54 | $ mkdir ~/gnunet_installation |
55 | 55 | </code> | |
56 | 56 | </p> | |
57 | <p>Before we can compile GNUnet on Debian 9, we compile and install libmicrohttp</p> | 57 | |
58 | 58 | <h3>{{ _("Get the source code") }}</h3> | |
59 | <p><code> | 59 | |
60 | $ cd ~/gnunet_installation/libmicrohttpd<br> | 60 | <p> |
61 | $ autoreconf -fi<br> | 61 | We download the GNUnet source code using git. On Debian 9 we need the |
62 | $ sudo apt install libgnutls28-dev<br> | 62 | sources of another library (libmicrohttpd). |
63 | $ ./configure --disable-doc --prefix=/opt/libmicrohttpd<br> | 63 | </p> |
64 | $ make -j$(nproc || echo -n 1)<br> | 64 | |
65 | $ sudo make install<br> | 65 | <p> |
66 | </code></p> | 66 | <b>Attention: The official libmicrohttpsd package for Debian 9 is too old, we need |
67 | 67 | at least version 0.9.52.</b> | |
68 | <p>Installing GNUnet is not hard. We have two options: | 68 | </p> |
69 | installing a *production version* and installing a *development version*. If | 69 | |
70 | you want to start writing GNUnet applications or join the GNUnet development | 70 | <p> |
71 | choose the development version (it will print more debug output and contains | 71 | <code> |
72 | debug symbols that can be displayed with a debugger). Otherwise choose the | 72 | $ cd ~/gnunet_installation<br> |
73 | production version.</p> | 73 | $ git clone --depth 1 https://gnunet.org/git/gnunet.git<br> |
74 | 74 | $ git clone --depth 1 https://gnunet.org/git/libmicrohttpd.git | |
75 | <h4>{{ _("Option 1: GNUnet for production / usage") }}</h4> | 75 | </code> |
76 | <p><code> | 76 | </p> |
77 | $ cd ~/gnunet_installation/gnunet<br> | 77 | |
78 | $ ./bootstrap<br> | 78 | <h3>{{ _("Compile and Install") }}</h3> |
79 | $ export GNUNET_PREFIX=/usr<br> | 79 | |
80 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --with-microhttpd=/opt/libmicrohttpd<br> | 80 | |
81 | $ sudo addgroup gnunetdns<br> | 81 | <p> |
82 | $ sudo adduser --system --group --disabled-login --home /var/lib/gnunet gnunet<br> | 82 | Before we can compile GNUnet on Debian 9, we compile and install libmicrohttp |
83 | $ make -j$(nproc || echo -n 1)<br> | 83 | </p> |
84 | $ sudo make install | 84 | |
85 | </code></p> | 85 | <p> |
86 | 86 | <code> | |
87 | <h4>{{ _("Option 2: GNUnet for development") }}</h4> | 87 | $ cd ~/gnunet_installation/libmicrohttpd<br> |
88 | <p> | 88 | $ autoreconf -fi<br> |
89 | <code> | 89 | $ sudo apt install libgnutls28-dev<br> |
90 | $ cd ~/gnunet_installation/gnunet<br> | 90 | $ ./configure --disable-doc --prefix=/opt/libmicrohttpd<br> |
91 | $ ./bootstrap<br> | 91 | $ make -j$(nproc || echo -n 1)<br> |
92 | $ export GNUNET_PREFIX=/usr<br> | 92 | $ sudo make install<br> |
93 | $ export CFLAGS="-g -Wall -O0"<br> | 93 | </code> |
94 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --enable-logging=verbose --with-microhttpd=/opt/libmicrohttpd<br> | 94 | </p> |
95 | $ make -j$(nproc || echo -n 1)<br> | 95 | |
96 | $ sudo make install | 96 | <p> |
97 | </code> | 97 | Installing GNUnet is not hard. We have two options: |
98 | </p> | 98 | installing a *production version* and installing a *development version*. If |
99 | 99 | you want to start writing GNUnet applications or join the GNUnet development | |
100 | <!--<h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> | 100 | choose the development version (it will print more debug output and contains |
101 | <p> | 101 | debug symbols that can be displayed with a debugger). Otherwise choose the |
102 | production version. | ||
103 | </p> | ||
104 | |||
105 | <h4>{{ _("Option 1: GNUnet for production / usage") }}</h4> | ||
106 | |||
107 | <p> | ||
108 | <code> | ||
109 | $ cd ~/gnunet_installation/gnunet<br> | ||
110 | $ ./bootstrap<br> | ||
111 | $ export GNUNET_PREFIX=/usr<br> | ||
112 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --with-microhttpd=/opt/libmicrohttpd<br> | ||
113 | $ sudo addgroup gnunetdns<br> | ||
114 | $ sudo adduser --system --group --disabled-login --home /var/lib/gnunet gnunet<br> | ||
115 | $ make -j$(nproc || echo -n 1)<br> | ||
116 | $ sudo make install | ||
117 | </code> | ||
118 | </p> | ||
119 | |||
120 | <h4>{{ _("Option 2: GNUnet for development") }}</h4> | ||
121 | |||
122 | <p> | ||
123 | <code> | ||
124 | $ cd ~/gnunet_installation/gnunet<br> | ||
125 | $ ./bootstrap<br> | ||
126 | $ export GNUNET_PREFIX=/usr<br> | ||
127 | $ export CFLAGS="-g -Wall -O0"<br> | ||
128 | $ ./configure --prefix=$GNUNET_PREFIX --disable-documentation --enable-logging=verbose --with-microhttpd=/opt/libmicrohttpd<br> | ||
129 | $ make -j$(nproc || echo -n 1)<br> | ||
130 | $ sudo make install | ||
131 | </code> | ||
132 | </p> | ||
133 | |||
134 | <!-- | ||
135 | <h4>{{ _("Install GNUnet plugin for name resolution") }}</h4> | ||
136 | <p> | ||
102 | So now it gets a bit nasty. It's not so bad. All we have to do | 137 | So now it gets a bit nasty. It's not so bad. All we have to do |
103 | is copy a file and edit another one. The file we need to copy | 138 | is copy a file and edit another one. The file we need to copy |
104 | is GNUnet's plugin for the Name Service Switch (NSS) in unix | 139 | is GNUnet's plugin for the Name Service Switch (NSS) in unix |
@@ -106,349 +141,475 @@ production version.</p> | |||
106 | GNUnet's build system does not try to guess. On Debian 9 we | 141 | GNUnet's build system does not try to guess. On Debian 9 we |
107 | have to do | 142 | have to do |
108 | <code> | 143 | <code> |
109 | $ sudo cp /usr/lib/gnunet/nss/libnss_gns.so.2 /lib/$(uname -m)-linux-gnu/ | 144 | $ sudo cp /usr/lib/gnunet/nss/libnss_gns.so.2 /lib/$(uname -m)-linux-gnu/ |
110 | </code> | ||
111 | </p> | ||
112 | |||
113 | <p> | ||
114 | The next step is activating the GNUnet plugin we just copied | ||
115 | in the NSS config. It is located in `/etc/nsswitch.conf`. It should | ||
116 | contain a line starting with "hosts" similar to this (at least "files" | ||
117 | and "dns" should be there): | ||
118 | </p> | ||
119 | |||
120 | <p> | ||
121 | <code> | ||
122 | $ cat /etc/nsswitch.conf<br> | ||
123 | hosts: files mdns4_minimal [NOTFOUND=return] dns | ||
124 | </code> | ||
125 | </p> | ||
126 | |||
127 | <p> | ||
128 | <b>Attention: Once we modified `etc/nsswitch.conf` DNS resolution will only | ||
129 | be possible as long as is GNUnet is running. We can leave the next step out, | ||
130 | but then we will not be able to use GNUnet's name resolution in external | ||
131 | applications.</b> | ||
132 | </p> | ||
133 | |||
134 | <p>We save a copy of the original file and then modify the line using sed:</p> | ||
135 | |||
136 | <p> | ||
137 | <code> | ||
138 | $ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.original<br> | ||
139 | $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch.conf | ||
140 | </code> | ||
141 | </p> | ||
142 | |||
143 | <p>Now in the line starting with "hosts" should contain an entry "gns [NOTFOUND=return]" before the "dns" entry like this:</p> | ||
144 | |||
145 | <p> | ||
146 | <code> | ||
147 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns | ||
148 | </code> | ||
149 | </p> | ||
150 | |||
151 | <p>That's it. It wasn't that nasty, was it?</p>--> | ||
152 | |||
153 | <h3>{{ _("Configuration") }}</h3> | ||
154 | Congratulations! GNUnet is now installed! Before we start it we need to create a configuration file. By default GNUnet looks in our home directory for the file `~/.gnunet/gnunet.conf`. We can start with an empty file for now: | ||
155 | |||
156 | <p> | ||
157 | <code> | ||
158 | $ touch ~/.config/gnunet.conf | ||
159 | </code> | ||
160 | </p> | ||
161 | |||
162 | <p>Now we can start it with the command line tool `gnunet-arm` (Automatic Restart Manager).</p> | ||
163 | |||
164 | <p> | ||
165 | <code> | ||
166 | $ gnunet-arm -s | ||
167 | </code> | ||
168 | </p> | ||
169 | |||
170 | <p>It starts the default GNUnet services. We can list them with the `-I` option:</p> | ||
171 | |||
172 | <p> | ||
173 | <code> | ||
174 | $ gnunet-arm -I<br> | ||
175 | Running services:<br> | ||
176 | ats (gnunet-service-ats)<br> | ||
177 | revocation (gnunet-service-revocation)<br> | ||
178 | set (gnunet-service-set)<br> | ||
179 | nat (gnunet-service-nat)<br> | ||
180 | transport (gnunet-service-transport)<br> | ||
181 | peerstore (gnunet-service-peerstore)<br> | ||
182 | hostlist (gnunet-daemon-hostlist)<br> | ||
183 | identity (gnunet-service-identity)<br> | ||
184 | namecache (gnunet-service-namecache)<br> | ||
185 | peerinfo (gnunet-service-peerinfo)<br> | ||
186 | datastore (gnunet-service-datastore)<br> | ||
187 | zonemaster (gnunet-service-zonemaster)<br> | ||
188 | zonemaster-monitor (gnunet-service-zonemaster-monitor)<br> | ||
189 | nse (gnunet-service-nse)<br> | ||
190 | cadet (gnunet-service-cadet)<br> | ||
191 | dht (gnunet-service-dht)<br> | ||
192 | core (gnunet-service-core)<br> | ||
193 | gns (gnunet-service-gns)<br> | ||
194 | statistics (gnunet-service-statistics)<br> | ||
195 | topology (gnunet-daemon-topology)<br> | ||
196 | fs (gnunet-service-fs)<br> | ||
197 | namestore (gnunet-service-namestore)<br> | ||
198 | vpn (gnunet-service-vpn) | ||
199 | </code> | ||
200 | </p> | ||
201 | |||
202 | <p>For stopping GNUnet again we can use the `-e` option.</p> | ||
203 | |||
204 | <p> | ||
205 | <code> | ||
206 | $ gnunet-arm -e | ||
207 | </code> | ||
208 | </p> | ||
209 | |||
210 | <h3>{{ _("Make sure it works") }}</h3> | ||
211 | |||
212 | <p> | ||
213 | Let's try out some of GNUnet's use cases. Some should be done | ||
214 | before others: | ||
215 | |||
216 | <ul> | ||
217 | <li>filesharing</li> | ||
218 | <li>A simple chat using CADET</li> | ||
219 | <li>Name resolution using GNS on the command line</li> | ||
220 | <li>Name resolution using GNS with a browser (do it on the command line first)</li> | ||
221 | <li>Serving a website using VPN (do name resolution with a browser first)</li> | ||
222 | </ul> | ||
223 | </p> | ||
224 | |||
225 | |||
226 | <h4>{{ _("filesharing") }}</h4> | ||
227 | |||
228 | <p> | ||
229 | Let's publish a file in the GNUnet filesharing network. We use the keywords | ||
230 | ("commons" and "state") so other people will be able to search for the file. | ||
231 | </p> | ||
232 | |||
233 | <p> | ||
234 | We can choose any file and describe it with meaningful keywords (using the | ||
235 | `-k` command line option). | ||
236 | </p> | ||
237 | |||
238 | <p> | ||
239 | <code> | ||
240 | $ gnunet-publish -k commons -k state ostrom.pdf<br> | ||
241 | Publishing `/home/myself/ostrom.pdf' done.<br> | ||
242 | URI is `gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237'. | ||
243 | </code> | ||
244 | </p> | ||
245 | |||
246 | <p>Finding the file by keyword works with `gnunet-search`.</p> | ||
247 | |||
248 | <p> | ||
249 | <code> | ||
250 | $ gnunet-search commons<br> | ||
251 | #1:<br> | ||
252 | gnunet-download -o "ostrom.pdf" gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237 | ||
253 | </code> | ||
254 | </p> | ||
255 | |||
256 | <p>It gives us the command line call to download the file (and store it as | ||
257 | ostrom.pdf)!</p> | ||
258 | |||
259 | |||
260 | <h4>{{ _("CADET (and Chat)") }}</h4> | ||
261 | |||
262 | <p>We can use the `gnunet-cadet` command line tool to open a port and from | ||
263 | another machine connect to this port and chat or transfer data. First we need | ||
264 | our *peer ID* of the GNUnet peer opening the port.</p> | ||
265 | |||
266 | <p> | ||
267 | <code> | ||
268 | $ gnunet-peerinfo -s<br> | ||
269 | I am peer `P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG'. | ||
270 | </code> | ||
271 | </p> | ||
272 | |||
273 | <p>Now we open the port (it can be any string!):</p> | ||
274 | |||
275 | <p> | ||
276 | <code> | ||
277 | $ gnunet-cadet -o my-secret-port | ||
278 | </code> | 145 | </code> |
279 | </p> | 146 | </p> |
280 | 147 | ||
281 | <p>On the other machine we can connect using the peer ID and the port and start chatting!</p> | 148 | <p> |
282 | 149 | The next step is activating the GNUnet plugin we just copied | |
283 | <p> | 150 | in the NSS config. It is located in `/etc/nsswitch.conf`. It should |
284 | <code> | 151 | contain a line starting with "hosts" similar to this (at least "files" |
285 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port | 152 | and "dns" should be there): |
286 | </code> | 153 | </p> |
287 | </p> | 154 | |
288 | 155 | <p> | |
289 | 156 | <code> | |
290 | <h4>{{ _("Name resolution using GNS on the command line") }}</h4> | 157 | $ cat /etc/nsswitch.conf<br> |
291 | 158 | hosts: files mdns4_minimal [NOTFOUND=return] dns | |
292 | <p>GNS is the GNU name service, a fully decentralized alternatice to DNS. We'll publish an IP address in a GNS record try to resolve it on the command line. First we need an identity which is the | 159 | </code> |
293 | equivalent to a zone in DNS. We'll call it "myself" and create it using the | 160 | </p> |
294 | `gnunet-identity` command line tool. Instead of "myself" you can surely use your | 161 | |
295 | nick or any other name. </p> | 162 | <p> |
296 | 163 | <b>Attention: Once we modified `etc/nsswitch.conf` DNS resolution will only | |
297 | <p> | 164 | be possible as long as is GNUnet is running. We can leave the next step out, |
298 | <code> | 165 | but then we will not be able to use GNUnet's name resolution in external |
299 | $ gnunet-identity -C myself | 166 | applications.</b> |
300 | </code> | 167 | </p> |
301 | </p> | 168 | |
302 | 169 | <p>We save a copy of the original file and then modify the line using sed:</p> | |
303 | <p>We can check if it worked using the same tool. We expect the name of our identity and the corresponding public key to be displayed.</p> | 170 | |
304 | 171 | <p> | |
305 | <p> | 172 | <code> |
306 | <code> | 173 | $ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.original<br> |
307 | $ gnunet-identity -d<br> | 174 | $ sudo sed -i -E 's/^(hosts:.*) dns/\1 gns [NOTFOUND=return] dns/' /etc/nsswitch.conf |
308 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | 175 | </code> |
309 | </code> | 176 | </p> |
310 | </p> | 177 | |
311 | 178 | <p>Now in the line starting with "hosts" should contain an entry "gns [NOTFOUND=return]" before the "dns" entry like this:</p> | |
312 | <p>Now we add a public `A` record to our zone. It has the name "ccc", a value | 179 | |
313 | of "195.54.164.39" and it expires after one day.</p> | 180 | <p> |
314 | <p><code> | 181 | <code> |
315 | $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39 | 182 | hosts: files mdns4_minimal [NOTFOUND=return] gns [NOTFOUND=return] dns |
316 | </code></p> | 183 | </code> |
317 | 184 | </p> | |
318 | <p>Now we can query that record using the command line tool `gnunet-gns`.</p> | 185 | |
319 | 186 | <p>That's it. It wasn't that nasty, was it?</p> | |
320 | <p><code> | 187 | --> |
321 | $ gnunet-gns -t A -u ccc.myself<br> | 188 | |
322 | ccc.myself:<br> | 189 | <h3>{{ _("Configuration") }}</h3> |
323 | Got `A' record: 195.54.164.39 | 190 | |
324 | </code></p> | 191 | <p> |
325 | 192 | Congratulations! GNUnet is now installed! Before we start it we | |
326 | <p>So it worked! But only resolving our own records is boring. So we can give our | 193 | need to create a configuration file. By default GNUnet looks in |
327 | identity (the public key of it to be precise) to someone else so they can try to | 194 | our home directory for the file `~/.gnunet/gnunet.conf`. We can |
328 | resolve our records, too. The other person (Bob) has to add it to his namestore like | 195 | start with an empty file for now: |
329 | this:<p> | 196 | </p> |
330 | 197 | ||
331 | <p><code> | 198 | <p> |
332 | $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | 199 | <code> |
333 | </code></p> | 200 | $ touch ~/.config/gnunet.conf |
334 | 201 | </code> | |
335 | <p>Our identity in Bobs namestore is a public record (-p) and never expires (-e never). Now Bob (let's assume he has called his identity myself, too) should be able to resolve our "ccc" record, too!</p> | 202 | </p> |
336 | 203 | ||
337 | <p><code> | 204 | <p> |
338 | $ gnunet-gns -t A -u ccc.alice.myself<br> | 205 | Now we can start it with the command line tool |
339 | ccc.alice.myself:<br> | 206 | `gnunet-arm` (Automatic Restart Manager). |
340 | Got `A' record: 195.54.164.39 | 207 | </p> |
341 | </code></p> | 208 | |
342 | 209 | <p> | |
343 | <p>It can continue like this. A friend of Bob would be able to resolve our records too because Bob published our identity in a public record. Bobs friend would simply use "ccc.alice.bob.myself" to resolve our "ccc" record. | 210 | <code> |
344 | 211 | $ gnunet-arm -s | |
345 | 212 | </code> | |
346 | <h4>{{ _("Name resolution using GNS with a browser") }}</h4> | 213 | </p> |
347 | 214 | ||
348 | <p>In the previous use case "Name resolution using GNS on the command line" we got an idea | 215 | <p> |
349 | about what GNS is about, but now let's use it with a browser, to make it actually useful. Currently Firefox and Chromium are known to work.</p> | 216 | It starts the default GNUnet services. We can list them with the |
350 | 217 | `-I` option: | |
351 | <p>Many websites enforce HTTPS and thus provide certificates for their hostnames (and not our GNS names). Browsers don't like wrong hostnames in certificates and will present error messages. So GNUnet has to trick them by generating own certificates for our GNS names. This means we need to create our own certificate authority and tell our browser about it. Luckily there's a script for it:</p> | 218 | </p> |
352 | 219 | ||
353 | <p><code> | 220 | <p> |
354 | $ gnunet-gns-proxy-setup-ca | 221 | <code> |
355 | </code></p> | 222 | $ gnunet-arm -I<br> |
356 | 223 | Running services:<br> | |
357 | <p>After executing this script the Browser has to be restarted.</p> | 224 | ats (gnunet-service-ats)<br> |
358 | 225 | revocation (gnunet-service-revocation)<br> | |
359 | <p>GNUnet provides a proxy service (gnunet-gns-proxy) that the browser can send DNS and HTTP traffic to. It will try to resolve names with GNS first and forward the rest of the DNS traffic to the system's DNS resolver. It will also take care of the HTTP traffic, so the browser gets valid certificates and the web server will not be confused by our GNS hostnames. Our GNS namestore doesn't know about any DNS hostnames yet, so we have to store them, too. For our "ccc" A record, we have to store a LEHO (legacy hostname) record, too. It must contain the website's original DNS hostname:</p> | 226 | set (gnunet-service-set)<br> |
360 | 227 | nat (gnunet-service-nat)<br> | |
361 | <p><code> | 228 | transport (gnunet-service-transport)<br> |
362 | $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -V www.ccc.de | 229 | peerstore (gnunet-service-peerstore)<br> |
363 | </code></p> | 230 | hostlist (gnunet-daemon-hostlist)<br> |
364 | 231 | identity (gnunet-service-identity)<br> | |
365 | <p>Now let's start gnunet-gns-proxy.</p> | 232 | namecache (gnunet-service-namecache)<br> |
366 | 233 | peerinfo (gnunet-service-peerinfo)<br> | |
367 | <p><code> | 234 | datastore (gnunet-service-datastore)<br> |
368 | $ /usr/lib/gnunet/libexec/gnunet-gns-proxy | 235 | zonemaster (gnunet-service-zonemaster)<br> |
369 | </code></p> | 236 | zonemaster-monitor (gnunet-service-zonemaster-monitor)<br> |
370 | 237 | nse (gnunet-service-nse)<br> | |
371 | <p>Our browser has to be configured so it uses our proxy. In Firefox we have to set these options under "about:config":</p> | 238 | cadet (gnunet-service-cadet)<br> |
372 | 239 | dht (gnunet-service-dht)<br> | |
373 | <p><code> | 240 | core (gnunet-service-core)<br> |
374 | network.proxy.socks: localhost<br> | 241 | gns (gnunet-service-gns)<br> |
375 | network.proxy.socks_port: 7777<br> | 242 | statistics (gnunet-service-statistics)<br> |
376 | network.proxy.socks_remote_dns true<br> | 243 | topology (gnunet-daemon-topology)<br> |
377 | network.proxy.type: 1 | 244 | fs (gnunet-service-fs)<br> |
378 | </code></p> | 245 | namestore (gnunet-service-namestore)<br> |
379 | 246 | vpn (gnunet-service-vpn) | |
380 | <p>To tell Chromium to use the proxy, it has to be started with the "--proxy-server" command line option:</p> | 247 | </code> |
381 | 248 | </p> | |
382 | <p><code> | 249 | |
383 | $ chromium --proxy-server="socks5://127.0.0.1:7777" | 250 | <p> |
384 | </code></p> | 251 | For stopping GNUnet again we can use the `-e` option. |
385 | 252 | </p> | |
386 | <p>Now we should be able to resolve our GNS names in the browser! We just have to type "https://ccc.myself" into the address bar. If our friend Bob prepared his system, too, he can resolve our record by typing "ccc.alice.myself".</p> | 253 | |
387 | 254 | <p> | |
388 | 255 | <code> | |
389 | <h4>{{ _("VPN") }}</h4> | 256 | $ gnunet-arm -e |
390 | 257 | </code> | |
391 | <p>TBD</p> | 258 | </p> |
392 | 259 | ||
393 | <h3>{{ _("Uninstall GNUnet and its dependencies") }}</h3> | 260 | <h3>{{ _("Make sure it works") }}</h3> |
394 | 261 | ||
395 | <p><code> | 262 | <p> |
396 | $ cd ~/gnunet_installation/gnunet<br> | 263 | Let's try out some of GNUnet's use cases. Some should be done |
397 | $ sudo make uninstall<br> | 264 | before others: |
398 | $ cd ~/gnunet_installation/libmicrohttpd<br> | 265 | |
399 | $ sudo make uninstall<br> | 266 | <ul> |
400 | $ sudo apt remove git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev<br> | 267 | <li>filesharing</li> |
401 | $ sudo apt autoremove<br> | 268 | <li>A simple chat using CADET</li> |
402 | $ sudo userdel -r gnunet<br> | 269 | <li>Name resolution using GNS on the command line</li> |
403 | $ sudo groupdel gnunet<br> | 270 | <li>Name resolution using GNS with a browser (do it on the command line first)</li> |
404 | $ sudo groupdel gnunetdns<br> | 271 | <li>Serving a website using VPN (do name resolution with a browser first)</li> |
405 | $ sudo mv /etc/nsswitch.conf.original /etc/nsswitch.conf<br> | 272 | </ul> |
406 | $ sudo rm /lib/$(uname -m)-linux-gnu/libnss_gns.so.2 | 273 | </p> |
407 | </code></p> | 274 | |
408 | 275 | ||
409 | 276 | <h4>{{ _("filesharing") }}</h4> | |
410 | <h3>{{ _("Appendix A: Optional GNUnet features") }}</h3> | 277 | |
411 | 278 | <p> | |
412 | <p>TBD</p> | 279 | Let's publish a file in the GNUnet filesharing network. We use the keywords |
413 | 280 | ("commons" and "state") so other people will be able to search for the file. | |
414 | <h3>{{ _("Troubleshooting") }}</h3> | 281 | </p> |
415 | 282 | ||
416 | <h4>{{ _("You can't reach other people's nodes") }}</h4> | 283 | <p> |
417 | 284 | We can choose any file and describe it with meaningful keywords (using the | |
418 | <p>Should our computer not have reached the open GNUnet network automatically, | 285 | `-k` command line option). |
419 | we can manually instruct our node how to reach the nodes of our friends. This | 286 | </p> |
420 | works by exchanging HELLO strings. This is how we get a hello string for our | 287 | |
421 | computer.</p> | 288 | <p> |
422 | 289 | <code> | |
423 | <p><code> | 290 | $ gnunet-publish -k commons -k state ostrom.pdf<br> |
424 | $ gnunet-peerinfo -gn | 291 | Publishing `/home/myself/ostrom.pdf' done.<br> |
425 | </code></p> | 292 | URI is `gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237'. |
426 | 293 | </code> | |
427 | <p>We can now pass this string to our friends "out of band" (using whatever | 294 | </p> |
428 | existing chat or messaging technology). If the string contains some private IP | 295 | |
429 | networks we don't want to share, we can carefully edit them out.</p> | 296 | <p>Finding the file by keyword works with `gnunet-search`.</p> |
430 | 297 | ||
431 | <p>Once we receive such strings from our friends, we can add them like | 298 | <p> |
432 | this:</p> | 299 | <code> |
433 | 300 | $ gnunet-search commons<br> | |
434 | <p> | 301 | #1:<br> |
435 | <code> | 302 | gnunet-download -o "ostrom.pdf" gnunet://fs/chk/M57SXDJ72EWS25CT6307KKJ8K0GCNSPTAZ649NA1NS10MJB4A1GZ9EN4Y02KST9VA5BHE8B335RPXQVBWVZ587Y83WQ7J3DHMBX30Q8.DHNGBN4CB2DBX1QRZ1R0B1Q18WTEAK4R94S9D57C9JMJJ3H7SSQDCV4D1218C4S2VP085AMQQSMG18FCP6NQMZQZJ91XR5NBX7YF0V0.42197237 |
436 | gnunet-peerinfo -p <string> | 303 | </code> |
437 | </code> | 304 | </p> |
438 | </p> | 305 | |
439 | 306 | <p> | |
440 | <p>Now our GNUnet nodes can attempt reaching each other directly. This may | 307 | It gives us the command line call to download the file (and store it as |
441 | still fail due to NAT traversal issues.</p> | 308 | ostrom.pdf)! |
442 | 309 | </p> | |
443 | <!--<h4>{{ _("OMG you guys broke my internet") }}</h4> | 310 | |
444 | 311 | <h4>{{ _("CADET (and Chat)") }}</h4> | |
445 | <p>We can replace `/etc/nsswitch.conf` with the backup we made earlier | 312 | |
446 | (`/etc/nsswitch.conf.original`). Now DNS resolution should work again without a | 313 | <p> |
447 | running GNUnet.</p> | 314 | We can use the `gnunet-cadet` command line tool to open a port and from |
448 | 315 | another machine connect to this port and chat or transfer data. First we need | |
449 | <p><code> | 316 | our *peer ID* of the GNUnet peer opening the port. |
450 | $ cp /etc/nsswitch.conf.original /etc/nsswitch.conf | 317 | </p> |
451 | </code></p>--> | 318 | |
319 | <p> | ||
320 | <code> | ||
321 | $ gnunet-peerinfo -s<br> | ||
322 | I am peer `P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG'. | ||
323 | </code> | ||
324 | </p> | ||
325 | |||
326 | <p> | ||
327 | Now we open the port (it can be any string!): | ||
328 | </p> | ||
329 | |||
330 | <p> | ||
331 | <code> | ||
332 | $ gnunet-cadet -o my-secret-port | ||
333 | </code> | ||
334 | </p> | ||
335 | |||
336 | <p> | ||
337 | On the other machine we can connect using the peer ID and the port | ||
338 | and start chatting! | ||
339 | </p> | ||
340 | |||
341 | <p> | ||
342 | <code> | ||
343 | $ gnunet-cadet P4T5GHS1PCZ06R82D3KW8Z8J1113BQZWAWGYHTZ8G1ZXMWXQGAVG my-secret-port | ||
344 | </code> | ||
345 | </p> | ||
346 | |||
347 | |||
348 | <h4>{{ _("Name resolution using GNS on the command line") }}</h4> | ||
349 | |||
350 | <p> | ||
351 | GNS is the GNU name service, a fully decentralized alternatice to | ||
352 | DNS. We'll publish an IP address in a GNS record try to resolve it | ||
353 | on the command line. First we need an identity which is the | ||
354 | equivalent to a zone in DNS. We'll call it "myself" and create it | ||
355 | using the `gnunet-identity` command line tool. Instead of "myself" | ||
356 | you can surely use your nick or any other name. | ||
357 | </p> | ||
358 | |||
359 | <p> | ||
360 | <code> | ||
361 | $ gnunet-identity -C myself | ||
362 | </code> | ||
363 | </p> | ||
364 | |||
365 | <p> | ||
366 | We can check if it worked using the same tool. We expect the name | ||
367 | of our identity and the corresponding public key to be | ||
368 | displayed. | ||
369 | </p> | ||
370 | |||
371 | <p> | ||
372 | <code> | ||
373 | $ gnunet-identity -d<br> | ||
374 | myself - HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | ||
375 | </code> | ||
376 | </p> | ||
377 | |||
378 | <p> | ||
379 | Now we add a public `A` record to our zone. It has the name "ccc", a value | ||
380 | of "195.54.164.39" and it expires after one day. | ||
381 | </p> | ||
382 | |||
383 | <p> | ||
384 | <code> | ||
385 | $ gnunet-namestore -z myself -a -e "1 d" -p -t A -n ccc -V 195.54.164.39 | ||
386 | </code> | ||
387 | </p> | ||
388 | |||
389 | <p> | ||
390 | Now we can query that record using the command line tool `gnunet-gns`. | ||
391 | </p> | ||
392 | |||
393 | <p> | ||
394 | <code> | ||
395 | $ gnunet-gns -t A -u ccc.myself<br> | ||
396 | ccc.myself:<br> | ||
397 | Got `A' record: 195.54.164.39 | ||
398 | </code> | ||
399 | </p> | ||
400 | |||
401 | <p> | ||
402 | So it worked! But only resolving our own records is boring. So we | ||
403 | can give our identity (the public key of it to be precise) to | ||
404 | someone else so they can try to resolve our records, too. The | ||
405 | other person (Bob) has to add it to his namestore like this: | ||
406 | <p> | ||
407 | |||
408 | <p> | ||
409 | <code> | ||
410 | $ gnunet-namestore -z myself -a -e never -p -t PKEY -n alice -V HWTYD3P5D77JVFNVMZ1M5T10V4SZYNMY3PCGQCSVENKD6ZCRKPMG | ||
411 | </code> | ||
412 | </p> | ||
413 | |||
414 | <p> | ||
415 | Our identity in Bobs namestore is a public record (-p) and never | ||
416 | expires (-e never). Now Bob (let's assume he has called his identity | ||
417 | myself, too) should be able to resolve our "ccc" record, too! | ||
418 | </p> | ||
419 | |||
420 | <p> | ||
421 | <code> | ||
422 | $ gnunet-gns -t A -u ccc.alice.myself<br> | ||
423 | ccc.alice.myself:<br> | ||
424 | Got `A' record: 195.54.164.39 | ||
425 | </code> | ||
426 | </p> | ||
427 | |||
428 | <p> | ||
429 | It can continue like this. A friend of Bob would be able to | ||
430 | resolve our records too because Bob published our identity in a | ||
431 | public record. Bobs friend would simply use "ccc.alice.bob.myself" | ||
432 | to resolve our "ccc" record. | ||
433 | </p> | ||
434 | |||
435 | |||
436 | <h4>{{ _("Name resolution using GNS with a browser") }}</h4> | ||
437 | |||
438 | <p> | ||
439 | In the previous use case "Name resolution using GNS on the | ||
440 | command line" we got an idea about what GNS is about, but now | ||
441 | let's use it with a browser, to make it actually useful. Currently | ||
442 | Firefox and Chromium are known to work. | ||
443 | </p> | ||
444 | |||
445 | <p> | ||
446 | Many websites enforce HTTPS and thus provide certificates for | ||
447 | their hostnames (and not our GNS names). Browsers don't like wrong | ||
448 | hostnames in certificates and will present error messages. So | ||
449 | GNUnet has to trick them by generating own certificates for our | ||
450 | GNS names. This means we need to create our own certificate | ||
451 | authority and tell our browser about it. Luckily there's a script | ||
452 | for it: | ||
453 | </p> | ||
454 | |||
455 | <p> | ||
456 | <code> | ||
457 | $ gnunet-gns-proxy-setup-ca | ||
458 | </code> | ||
459 | </p> | ||
460 | |||
461 | <p> | ||
462 | After executing this script the Browser has to be restarted. | ||
463 | </p> | ||
464 | |||
465 | <p> | ||
466 | GNUnet provides a proxy service (gnunet-gns-proxy) that the | ||
467 | browser can send DNS and HTTP traffic to. It will try to resolve | ||
468 | names with GNS first and forward the rest of the DNS traffic to | ||
469 | the system's DNS resolver. It will also take care of the HTTP | ||
470 | traffic, so the browser gets valid certificates and the web server | ||
471 | will not be confused by our GNS hostnames. Our GNS namestore | ||
472 | doesn't know about any DNS hostnames yet, so we have to store | ||
473 | them, too. For our "ccc" A record, we have to store a LEHO (legacy | ||
474 | hostname) record, too. It must contain the website's original DNS | ||
475 | hostname: | ||
476 | </p> | ||
477 | |||
478 | <p> | ||
479 | <code> | ||
480 | $ gnunet-namestore -z myself -a -e "1 d" -p -t LEHO -n ccc -V www.ccc.de | ||
481 | </code> | ||
482 | </p> | ||
483 | |||
484 | <p> | ||
485 | Now let's start gnunet-gns-proxy. | ||
486 | </p> | ||
487 | |||
488 | <p> | ||
489 | <code> | ||
490 | $ /usr/lib/gnunet/libexec/gnunet-gns-proxy | ||
491 | </code> | ||
492 | </p> | ||
493 | |||
494 | <p> | ||
495 | Our browser has to be configured so it uses our proxy. In Firefox | ||
496 | we have to set these options under "about:config": | ||
497 | </p> | ||
498 | |||
499 | <p> | ||
500 | <code> | ||
501 | network.proxy.socks: localhost<br> | ||
502 | network.proxy.socks_port: 7777<br> | ||
503 | network.proxy.socks_remote_dns true<br> | ||
504 | network.proxy.type: 1 | ||
505 | </code> | ||
506 | </p> | ||
507 | |||
508 | <p> | ||
509 | To tell Chromium to use the proxy, it has to be started with the | ||
510 | "--proxy-server" command line option: | ||
511 | </p> | ||
512 | |||
513 | <p> | ||
514 | <code> | ||
515 | $ chromium --proxy-server="socks5://127.0.0.1:7777" | ||
516 | </code> | ||
517 | </p> | ||
518 | |||
519 | <p> | ||
520 | Now we should be able to resolve our GNS names in the browser! We | ||
521 | just have to type "https://ccc.myself" into the address bar. If | ||
522 | our friend Bob prepared his system, too, he can resolve our record | ||
523 | by typing "ccc.alice.myself". | ||
524 | </p> | ||
525 | |||
526 | |||
527 | <h4>{{ _("VPN") }}</h4> | ||
528 | |||
529 | <p> | ||
530 | TBD | ||
531 | </p> | ||
532 | |||
533 | <h3>{{ _("Uninstall GNUnet and its dependencies") }}</h3> | ||
534 | |||
535 | <p> | ||
536 | <code> | ||
537 | $ cd ~/gnunet_installation/gnunet<br> | ||
538 | $ sudo make uninstall<br> | ||
539 | $ cd ~/gnunet_installation/libmicrohttpd<br> | ||
540 | $ sudo make uninstall<br> | ||
541 | $ sudo apt remove git libtool autoconf autopoint build-essential libgcrypt-dev libidn11-dev zlib1g-dev libunistring-dev libglpk-dev miniupnpc libextractor-dev libjansson-dev libcurl4-gnutls-dev libsqlite3-dev<br> | ||
542 | $ sudo apt autoremove<br> | ||
543 | $ sudo userdel -r gnunet<br> | ||
544 | $ sudo groupdel gnunet<br> | ||
545 | $ sudo groupdel gnunetdns<br> | ||
546 | $ sudo mv /etc/nsswitch.conf.original /etc/nsswitch.conf<br> | ||
547 | $ sudo rm /lib/$(uname -m)-linux-gnu/libnss_gns.so.2 | ||
548 | </code> | ||
549 | </p> | ||
550 | |||
551 | <h3>{{ _("Appendix A: Optional GNUnet features") }}</h3> | ||
552 | |||
553 | <p> | ||
554 | TBD | ||
555 | </p> | ||
556 | |||
557 | <h3>{{ _("Troubleshooting") }}</h3> | ||
558 | |||
559 | <h4>{{ _("You can't reach other people's nodes") }}</h4> | ||
560 | |||
561 | <p> | ||
562 | Should our computer not have reached the open GNUnet network automatically, | ||
563 | we can manually instruct our node how to reach the nodes of our friends. This | ||
564 | works by exchanging HELLO strings. This is how we get a hello string for our | ||
565 | computer. | ||
566 | </p> | ||
567 | |||
568 | <p> | ||
569 | <code> | ||
570 | $ gnunet-peerinfo -gn | ||
571 | </code> | ||
572 | </p> | ||
573 | |||
574 | <p> | ||
575 | We can now pass this string to our friends "out of band" (using | ||
576 | whatever existing chat or messaging technology). If the string | ||
577 | contains some private IP networks we don't want to share, we can | ||
578 | carefully edit them out. | ||
579 | </p> | ||
580 | |||
581 | <p> | ||
582 | Once we receive such strings from our friends, we can add them | ||
583 | like this: | ||
584 | </p> | ||
585 | |||
586 | <p> | ||
587 | <code> | ||
588 | gnunet-peerinfo -p <string> | ||
589 | </code> | ||
590 | </p> | ||
591 | |||
592 | <p> | ||
593 | Now our GNUnet nodes can attempt reaching each other directly. This may | ||
594 | still fail due to NAT traversal issues. | ||
595 | </p> | ||
596 | |||
597 | |||
598 | <!-- | ||
599 | <h4>{{ _("OMG you guys broke my internet") }}</h4> | ||
600 | |||
601 | <p> | ||
602 | We can replace `/etc/nsswitch.conf` with the backup we made earlier | ||
603 | (`/etc/nsswitch.conf.original`). Now DNS resolution should work again without a | ||
604 | running GNUnet. | ||
605 | </p> | ||
606 | |||
607 | <p> | ||
608 | <code> | ||
609 | $ cp /etc/nsswitch.conf.original /etc/nsswitch.conf | ||
610 | </code> | ||
611 | </p> | ||
612 | --> | ||
452 | 613 | ||
453 | </div> | 614 | </div> |
454 | {% endblock body_content %} | 615 | {% endblock body_content %} |