[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet-texinfo] branch master updated: start to move every
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet-texinfo] branch master updated: start to move everything as inputs into gnunet.texi via (@import). |
Date: |
Sun, 02 Apr 2017 12:47:48 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnunet-texinfo.
The following commit(s) were added to refs/heads/master by this push:
new bc2b7d8 start to move everything as inputs into gnunet.texi via
(@import).
bc2b7d8 is described below
commit bc2b7d8217213eb8cfdede61868bca180b1aa5a8
Author: ng0 <address@hidden>
AuthorDate: Fri Feb 17 16:58:21 2017 +0000
start to move everything as inputs into gnunet.texi via (@import).
---
developer.texi | 72 +-----
gnunet.texi | 21 +-
installation.texi | 756 +++++++++++++++++++-----------------------------------
philosophy.texi | 78 ------
user.texi | 185 +++++--------
5 files changed, 352 insertions(+), 760 deletions(-)
diff --git a/developer.texi b/developer.texi
index b30da76..843cf20 100644
--- a/developer.texi
+++ b/developer.texi
@@ -1,46 +1,3 @@
-\input texinfo
address@hidden -*-texinfo-*-
address@hidden %**start of header
address@hidden developer
address@hidden Developer Handbook
address@hidden %**end of header
-
address@hidden version.texi
-
address@hidden
-Copyright @copyright{} 2017 ng0
-
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.3 or
-any later version published by the Free Software Foundation; with no
-Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
-copy of the license is included in the section entitled ``GNU Free
-Documentation License''.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/fdl.html}.
-
-Alternately, this document is also available under the General
-Public License, version 3 or later, as published by the Free Software
-Foundation.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/gpl.html}.
address@hidden copying
-
address@hidden
address@hidden GNUnet Developer Handbook
address@hidden The GNUnet Developers
-
address@hidden
address@hidden 0pt plus 1filll
-Edition @value{EDITION} @*
address@hidden @*
-
address@hidden
address@hidden titlepage
-
address@hidden
@c ***************************************************************************
@node Top
@top GNUnet Developer Handbook
@@ -6833,7 +6790,7 @@ REGEX_PREFIX = "GNVPN-0001-PAD"
When running the profiler with a large scale deployment, you probably want to
reduce the workload of each peer. Use the following options to do this.@
address@hidden
address@hidden
[dht]@
# Force network size estimation@
FORCE_NSE = 1
@@ -6848,7 +6805,8 @@ DISABLE_BF = YES
[nse]@
# Minimize proof-of-work CPU consumption by NSE@
-WORKBITS = 1}
+WORKBITS = 1
address@hidden example
@strong{Options}
@@ -6885,27 +6843,3 @@ routeviews prefix2as} data files for this. Run
@code{create_regex.py <filename>
<output path>} to create the regular expressions and @code{create_strings.py
<input path> <outfile>} to create a search strings file from the previously
created regular expressions.
-
address@hidden
*****************************************************************************
address@hidden GNU Free Documentation License
address@hidden GNU Free Documentation License
address@hidden license, GNU Free Documentation License
address@hidden fdl-1.3.texi
-
address@hidden
*****************************************************************************
address@hidden GNU General Public License
address@hidden GNU General Public License
address@hidden license, GNU General Public License
address@hidden gpl-3.0.texi
-
address@hidden
*****************************************************************************
address@hidden Concept Index
address@hidden Concept Index
address@hidden cp
-
address@hidden
*****************************************************************************
address@hidden Contents
address@hidden Contents
address@hidden
-
address@hidden
diff --git a/gnunet.texi b/gnunet.texi
index 6db79cb..9d3e76b 100644
--- a/gnunet.texi
+++ b/gnunet.texi
@@ -1,6 +1,4 @@
-\input texinfo
address@hidden -*-texinfo-*-
-
+\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename gnunet.info
@documentencoding UTF-8
@@ -47,6 +45,23 @@ Edition @value{EDITION} @*
@contents
@c *********************************************************************
address@hidden philosophy.texi
address@hidden
*********************************************************************
+
address@hidden
*********************************************************************
address@hidden installation.texi
address@hidden
*********************************************************************
+
address@hidden
*********************************************************************
address@hidden user.texi
address@hidden
*********************************************************************
+
address@hidden
*********************************************************************
address@hidden developer.texi
address@hidden
*********************************************************************
+
+
address@hidden
*********************************************************************
@node GNU Free Documentation License
@appendix GNU Free Documentation License
@cindex license, GNU Free Documentation License
diff --git a/installation.texi b/installation.texi
index 2b069b9..5df13eb 100644
--- a/installation.texi
+++ b/installation.texi
@@ -1,49 +1,5 @@
-\input texinfo
address@hidden -*-texinfo-*-
address@hidden %**start of header
address@hidden installation
address@hidden GNUnet Installation Handbook
address@hidden %**end of header
-
address@hidden version.texi
-
address@hidden
-Copyright @copyright{} 2017 ng0
-
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.3 or
-any later version published by the Free Software Foundation; with no
-Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
-copy of the license is included in the section entitled ``GNU Free
-Documentation License''.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/fdl.html}.
-
-Alternately, this document is also available under the General
-Public License, version 3 or later, as published by the Free Software
-Foundation.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/gpl.html}.
address@hidden copying
-
address@hidden
address@hidden GNUnet Installation Handbook
address@hidden The GNUnet Developers
-
address@hidden
address@hidden 0pt plus 1filll
-Edition @value{EDITION} @*
address@hidden @*
-
address@hidden
address@hidden titlepage
-
address@hidden
address@hidden
***************************************************************************
@node Top
address@hidden GNUnet Installation Handbook
address@hidden GNUnet Installation Handbook
This handbook describes how to install (build setup, compilation) and setup
(configuration, start) GNUnet 0.10.x. After following these instructions you
@@ -94,7 +50,7 @@ higher
@item GnuTLS
@uref{ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz, 3.2.7} or
higher, compile with libunbound for DANE support; GnuTLS also requires GNU
-nettle ⥠2.7 (update: GnuTLS 3.2.7 appears NOT to work against GNU nettle
+nettle 2.7 (update: GnuTLS 3.2.7 appears NOT to work against GNU nettle
> 2.7, due to some API updatings done by nettle. Thus it should be compiled
against nettle 2.7 and, in case you get some error on the reference to
`rpl_strerror' being undefined, follow the instructions on@
@@ -2062,7 +2018,7 @@ GDB (snapshot)
@item
Install MSYS (to c:\mingw, for example.)@
- address@hidden use spaces in the pathname (c:\program files\mingw).
+Do @strong{not} use spaces in the pathname (c:\program files\mingw).
@item
Install MinGW runtime, utilities and GCC to a subdirectory (to c:\mingw\mingw,
@@ -2722,48 +2678,32 @@ versions as well.
@node Reasons to use Postgres
@subsection Reasons to use Postgres
address@hidden %**end of header
-
address@hidden Top
-
@itemize @bullet
-
-
@item
Easier to setup than MySQL
-
@item
Real database
@end itemize
address@hidden Reasons not to use Postgres
address@hidden %**end of header
-
address@hidden Top
address@hidden Reasons not to use Postgres
address@hidden Reasons not to use Postgres
@itemize @bullet
-
-
@item
Quite slow
-
@item
Still some manual setup required
@end itemize
address@hidden Manual setup instructions
address@hidden %**end of header
-
address@hidden Top
address@hidden Manual setup instructions
address@hidden Manual setup instructions
@itemize @bullet
-
@item
In @code{gnunet.conf} set in section "DATASTORE" the value for@
- "DATABASE" to "postgres".
-
+"DATABASE" to "postgres".
@item
Access Postgres to create a user:@
@@ -2771,16 +2711,19 @@ Access Postgres to create a user:@
@item with Postgres 8.x, use:
address@hidden su - postgres
address@hidden
+# su - postgres
$ createuser
@end example
+and enter the name of the user running GNUnet for the role interactively.
+Then, when prompted, do not set it to superuser, allow the creation of
+databases, and do not allow the creation of new roles.@
-and enter the name of the user running GNUnet for the role interactively.
Then, when prompted, do not set it to superuser, allow the creation of
databases, and do not allow the creation of new roles.@
-
address@hidden with Postgres 9.x, use:
address@hidden with Postgres 9.x, use:
address@hidden su - postgres
address@hidden
+# su - postgres
$ createuser -d $GNUNET_USER
@end example
@@ -2793,134 +2736,127 @@ where $GNUNET_USER is the name of the user running
GNUnet.@
@item
As that user (so typically as user "gnunet"), create a database (or two):@
address@hidden createdb gnunet
address@hidden
+$ createdb gnunet
$ createdb gnunetcheck # this way you can run "make check"
@end example
@end itemize
-Now you should be able to start @address@hidden Testing the setup manually
address@hidden %**end of header
-
address@hidden Top
-
+Now you should be able to start @code{gnunet-arm}.
address@hidden Testing the setup manually
address@hidden Testing the setup manually
-You may want to try if the database connection works. First, again login as
the user who will run gnunet-arm. Then use,
address@hidden psql gnunet # or gnunetcheck
+You may want to try if the database connection works. First, again login as
+the user who will run gnunet-arm. Then use,
address@hidden
+$ psql gnunet # or gnunetcheck
gnunet=> \dt
@end example
- If, after you have started gnunet-arm at least once, you get a @code{gn090}
table here, it probably works.
address@hidden @bullet
-
-
address@hidden
-
+If, after you have started gnunet-arm at least once, you get a @code{gn090}
+table here, it probably works.
address@hidden
-Français
address@hidden itemize
address@hidden Configuring the datacache
address@hidden Configuring the datacache
address@hidden Configuring the datacache
@c %**end of header
@node Top
-The datacache is what GNUnet uses for storing temporary data. This data is
expected to be wiped completely each time GNUnet is restarted (or the system is
rebooted).
+The datacache is what GNUnet uses for storing temporary data. This data is
+expected to be wiped completely each time GNUnet is restarted (or the system
+is rebooted).
-You need to specify how many bytes GNUnet is allowed to use for the datacache
using the "QUOTA" option in the section "dhtcache". Furthermore, you need to
specify which database backend should be used to store the data. Currently, you
have the choice between sqLite, MySQL and Postgres.
address@hidden @bullet
+You need to specify how many bytes GNUnet is allowed to use for the datacache
+using the "QUOTA" option in the section "dhtcache". Furthermore, you need to
+specify which database backend should be used to store the data. Currently,
+you have the choice between sqLite, MySQL and Postgres.
address@hidden Configuring the file-sharing service
address@hidden Configuring the file-sharing service
address@hidden
-
-
address@hidden
-Español
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring the file-sharing service
address@hidden %**end of header
-
address@hidden Top
-
-
-
-In order to use GNUnet for file-sharing, you first need to make sure that the
file-sharing service is loaded. This is done by setting the AUTOSTART option in
section "fs" to "YES". Alternatively, you can run
-
+In order to use GNUnet for file-sharing, you first need to make sure that the
+file-sharing service is loaded. This is done by setting the AUTOSTART option in
+section "fs" to "YES". Alternatively, you can run
address@hidden
$ gnunet-arm -i fs
address@hidden example
to start the file-sharing service by hand.
-Except for configuring the database and the datacache the only important
option for file-sharing is content migration.
+Except for configuring the database and the datacache the only important option
+for file-sharing is content migration.
-Content migration allows your peer to cache content from other peers as well
as send out content stored on your system without explicit requests. This
content replication has positive and negative impacts on both system
performance an privacy.
+Content migration allows your peer to cache content from other peers as well as
+send out content stored on your system without explicit requests. This content
+replication has positive and negative impacts on both system performance an
+privacy.
FIXME: discuss the trade-offs. Here is some older text about it...
-Setting this option to YES allows gnunetd to migrate data to the local
machine. Setting this option to YES is highly recommended for efficiency. Its
also the default. If you set this value to YES, GNUnet will store content on
your machine that you cannot decrypt. While this may protect you from liability
if the judge is sane, it may not (IANAL). If you put illegal content on your
machine yourself, setting this option to YES will probably increase your
chances to get away with it since yo [...]
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Español
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring logging
address@hidden %**end of header
-
address@hidden Top
-
-
-
-Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options. Using
"-L", a log level can be specified. With log level "ERROR" only serious errors
are logged. The default log level is "WARNING" which causes anything of concern
to be logged. Log level "INFO" can be used to log anything that might be
interesting information whereas "DEBUG" can be used by developers to log
debugging messages (but you need to run configure with
@code{--enable-logging=verbose} to get them compiled). Th [...]
-
-Since most GNUnet services are managed by @code{gnunet-arm}, using the "-l" or
"-L" options directly is not possible. Instead, they can be specified using the
"OPTIONS" configuration value in the respective section for the respective
service. In order to enable logging globally without editing the "OPTIONS"
values for each service, @code{gnunet-arm} supports a "GLOBAL_POSTFIX" option.
The value specified here is given as an extra option to all services for which
the configuration does co [...]
-
- "GLOBAL_POSTFIX" can contain the special sequence "@address@hidden" which is
replaced by the name of the service that is being started. Furthermore,
@code{GLOBAL_POSTFIX} is special in that sequences starting with "$" anywhere
in the string are expanded (according to options in "PATHS"); this expansion
otherwise is only happening for filenames and then the "$" must be the first
character in the option. Both of these restrictions do not apply to
"GLOBAL_POSTFIX". Note that specifying @code{%} anywh [...]
-
- In summary, in order to get all services to log at level "INFO" to log-files
called @code{SERVICENAME-logs}, the following global prefix should be used:
address@hidden = -l $SERVICEHOME/@address@hidden -L INFO
+Setting this option to YES allows gnunetd to migrate data to the local machine.
+Setting this option to YES is highly recommended for efficiency. Its also the
+default. If you set this value to YES, GNUnet will store content on your
+machine that you cannot decrypt. While this may protect you from liability if
+the judge is sane, it may not (IANAL). If you put illegal content on your
+machine yourself, setting this option to YES will probably increase your
chances
+to get away with it since you can plausibly deny that you inserted the content.
+Note that in either case, your anonymity would have to be broken first (which
+may be possible depending on the size of the GNUnet network and the strength of
+the adversary).
+
address@hidden Configuring logging
address@hidden Configuring logging
+
+Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options.
+Using "-L", a log level can be specified. With log level "ERROR" only serious
+errors are logged. The default log level is "WARNING" which causes anything of
+concern to be logged. Log level "INFO" can be used to log anything that might
+be interesting information whereas "DEBUG" can be used by developers to log
+debugging messages (but you need to run configure with
address@hidden to get them compiled). The "-l" option is used
+to specify the log file.
+
+Since most GNUnet services are managed by @code{gnunet-arm}, using the "-l" or
+"-L" options directly is not possible. Instead, they can be specified using the
+"OPTIONS" configuration value in the respective section for the respective
+service. In order to enable logging globally without editing the "OPTIONS"
+values for each service, @code{gnunet-arm} supports a "GLOBAL_POSTFIX" option.
+The value specified here is given as an extra option to all services for which
+the configuration does contain a service-specific "OPTIONS" field.
+
+"GLOBAL_POSTFIX" can contain the special sequence "@address@hidden" which is
replaced by
+the name of the service that is being started. Furthermore,
address@hidden is special in that sequences starting with "$" anywhere
+in the string are expanded (according to options in "PATHS"); this expansion
+otherwise is only happening for filenames and then the "$" must be the first
+character in the option. Both of these restrictions do not apply to
+"GLOBAL_POSTFIX". Note that specifying @code{%} anywhere in the
"GLOBAL_POSTFIX"
+disables both of these features.
+
+In summary, in order to get all services to log at level "INFO" to log-files
+called @code{SERVICENAME-logs}, the following global prefix should be used:
address@hidden
+GLOBAL_POSTFIX = -l $SERVICEHOME/@address@hidden -L INFO
@end example
address@hidden @bullet
-
-
address@hidden
address@hidden Configuring the transport service and plugins
address@hidden Configuring the transport service and plugins
+The transport service in GNUnet is responsible to maintain basic connectivity
+to other peers. Besides initiating and keeping connections alive it is also
+responsible for address validation.
address@hidden
-Deutsch
+The GNUnet transport supports more than one transport protocol. These protocols
+are configured together with the transport service.
address@hidden
-Español
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring the transport service and plugins
address@hidden %**end of header
-
address@hidden Top
-
-
-
-The transport service in GNUnet is responsible to maintain basic connectivity
to other peers. Besides initiating and keeping connections alive it is also
responsible for address validation.
-
-The GNUnet transport supports more than one transport protocol. These
protocols are configured together with the transport service.
-
-The configuration section for the transport service itself is quite similar to
all the other services
+The configuration section for the transport service itself is quite similar to
+all the other services
@code{@
AUTOSTART = YES@
@@ -2937,14 +2873,16 @@ The configuration section for the transport service
itself is quite similar to a
UNIXPATH = /tmp/gnunet-service-transport.sock@
}
-Different are the settings for the plugins to load @code{PLUGINS}. The first
setting specifies which transport plugins to load.
+Different are the settings for the plugins to load @code{PLUGINS}. The first
+setting specifies which transport plugins to load.
@itemize @bullet
@item
transport-unix
-A plugin for local only communication with UNIX domain sockets. Used for
testing and available on unix systems only. Just set the port
+A plugin for local only communication with UNIX domain sockets. Used for
+testing and available on unix systems only. Just set the port
@code{@
[transport-unix]@
@@ -2955,7 +2893,8 @@ A plugin for local only communication with UNIX domain
sockets. Used for testing
@item
transport-tcp
-A plugin for communication with TCP. Set port to 0 for client mode with
outbound only connections
+A plugin for communication with TCP. Set port to 0 for client mode with
+outbound only connections
@code{@
[transport-tcp]@
@@ -2983,7 +2922,9 @@ A plugin for communication with UDP. Supports peer
discovery using broadcasts.@
@item
transport-http
-HTTP and HTTPS support is split in two part: a client plugin initiating
outbound connections and a server part accepting connections from the client.
The client plugin just takes the maximum number of connections as an argument.@
+HTTP and HTTPS support is split in two part: a client plugin initiating
+outbound connections and a server part accepting connections from the client.
+The client plugin just takes the maximum number of connections as an argument.@
@code{@
[transport-http_client]@
MAX_CONNECTIONS = 128@
@@ -2998,8 +2939,10 @@ HTTP and HTTPS support is split in two part: a client
plugin initiating outbound
The server has a port configured and the maximum nunber of connections.@
The HTTPS part has two files with the certificate key and the certificate
file.
-The server plugin supports reverse proxies, so a external hostname can be set
using@
- the @code{EXTERNAL_HOSTNAME} setting. The webserver under this address should
forward the request to the peer and the configure port.
+The server plugin supports reverse proxies, so a external hostname can be set
+using@
+the @code{EXTERNAL_HOSTNAME} setting. The webserver under this address should
+forward the request to the peer and the configure port.
@code{@
[transport-http_server]@
@@ -3033,31 +2976,14 @@ settings. Just specify the interface to use:@
}
@end itemize
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring the wlan transport plugin
address@hidden %**end of header
-
address@hidden Top
-
address@hidden User Manual for the wlan transport plugin
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Introduction
address@hidden %**end of header
-
address@hidden Top
address@hidden Configuring the wlan transport plugin
address@hidden Configuring the wlan transport plugin
address@hidden User Manual for the wlan transport plugin
address@hidden User Manual for the wlan transport plugin
address@hidden Introduction
address@hidden Introduction
The wlan transport plugin enables GNUnet to send and to receive data on a wlan
interface. It has not to be connected to a wlan network as long as sender and
@@ -3065,30 +2991,26 @@ receiver are on the same channel. This enables you to
get connection to the
GNUnet where no internet access is possible, for example while catastrophes or
when censorship cuts you off the internet.
address@hidden Requirements
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Requirements
address@hidden Requirements
@itemize @bullet
-
@item
-wlan network card with monitor support and packet injection (see
@uref{http://www.aircrack-ng.org/, aircrack-ng.org})
+wlan network card with monitor support and packet injection
+(see @uref{http://www.aircrack-ng.org/, aircrack-ng.org})
@item
-Linux kernel with mac80211 stack, introduced in 2.6.22, tested with 2.6.35 and
2.6.38
+Linux kernel with mac80211 stack, introduced in 2.6.22, tested with 2.6.35
+and 2.6.38
@item
-Wlantools to create the a monitor interface, tested with airmon-ng of the
aircrack-ng package
+Wlantools to create the a monitor interface, tested with airmon-ng of the
+aircrack-ng package
@end itemize
address@hidden Configuration
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Configuration
address@hidden Configuration
There are the following options for the wlan plugin (they should be like this
in your default config file, you only need to adjust them if the values are
@@ -3105,7 +3027,8 @@ INTERFACE = mon0@
TESTMODE = 0@
}
address@hidden Before starting GNUnet
address@hidden Before starting GNUnet
address@hidden Before starting GNUnet
Before starting GNUnet, you have to make sure that your wlan interface is in
monitor mode. One way to put the wlan interface into monitor mode (if your
@@ -3123,12 +3046,8 @@ Here is an example what the result should look like:@
The monitor interface is mon0 is the one that you have to put into the
configuration file.
address@hidden Limitations and known bugs
address@hidden %**end of header
-
address@hidden Top
-
-
address@hidden Limitations and known bugs
address@hidden Limitations and known bugs
Wlan speed is at the maximum of 1 Mbit/s because support for choosing the wlan
speed with packet injection was removed in newer kernels. Please pester the
@@ -3139,24 +3058,9 @@ to. If no connection has been made since the start of
the computer, it is
usually the first channel of the card. Peers will only find each other and
communicate if they are on the same channel. Channels must be set manually
(i.e. using @code{iwconfig wlan0 channel 1}).
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Español
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring HTTP(S) reverse proxy functionality using Apache or
nginx
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Configuring HTTP(S) reverse proxy functionality using Apache or
nginx
address@hidden Configuring HTTP(S) reverse proxy functionality using Apache or
nginx
The HTTP plugin supports data transfer using reverse proxies. A reverse proxy
forwards the HTTP request he receives with a certain URL to another webserver,
@@ -3167,8 +3071,8 @@ GNUnet reverse proxy. Especially if you have a well-known
webiste this improves
censorship resistance since it looks as normal surfing behaviour.
To do so, you have to do two things:
address@hidden @bullet
address@hidden @bullet
@item
Configure your webserver to forward the GNUnet HTTP traffic
@@ -3177,10 +3081,9 @@ Configure your webserver to forward the GNUnet HTTP
traffic
Configure your GNUnet peer to announce the respective address
@end itemize
-
As an example we want to use GNUnet peer running:
address@hidden @bullet
address@hidden @bullet
@item
HTTP server plugin on @code{gnunet.foo.org:1080}
@@ -3195,16 +3098,18 @@ A apache or nginx webserver on
@uref{http://www.foo.org/, http://www.foo.org:80/
A apache or nginx webserver on https://www.foo.org:443/
@end itemize
-
-And we want the webserver to accept GNUnet traffic under
@code{http://www.foo.org/bar/}. The required steps are described here:
+And we want the webserver to accept GNUnet traffic under
address@hidden://www.foo.org/bar/}. The required steps are described here:
@strong{Configure your Apache2 HTTP webserver}
First of all you need mod_proxy installed.
-Edit your webserver configuration. Edit @code{/etc/apache2/apache2.conf} or
the site-specific configuration file.
+Edit your webserver configuration. Edit @code{/etc/apache2/apache2.conf} or
+the site-specific configuration file.
-In the respective @code{server config},@code{virtual host} or @code{directory}
section add the following lines:@
+In the respective @code{server config},@code{virtual host} or
address@hidden section add the following lines:@
@code{@
ProxyTimeout 300@
ProxyRequests Off@
@@ -3218,7 +3123,7 @@ In the respective @code{server config},@code{virtual
host} or @code{directory} s
We assume that you already have an HTTPS server running, if not please check
how to configure a HTTPS host. An easy to use example is the
-"apache2/sites-available/default-ssl" example configuration file.
address@hidden/sites-available/default-ssl} example configuration file.
In the respective HTTPS @code{server config},@code{virtual host} or
@code{directory} section add the following lines:@
@@ -3237,7 +3142,8 @@ More information about the apache mod_proxy configuration
can be found unter:@
@strong{Configure your nginx HTTPS webserver}
-Since nginx does not support chunked encoding, you first of all have to
install @code{chunkin}:@
+Since nginx does not support chunked encoding, you first of all have to
+install @code{chunkin}:@
@uref{http://wiki.nginx.org/HttpChunkinModule,
http://wiki.nginx.org/HttpChunkinModule}
To enable chunkin add:@
@@ -3249,7 +3155,8 @@ To enable chunkin add:@
@}@
}
-Edit your webserver configuration. Edit @code{/etc/nginx/nginx.conf} or the
site-specific configuration file.
+Edit your webserver configuration. Edit @code{/etc/nginx/nginx.conf} or the
+site-specific configuration file.
In the @code{server} section add:@
@code{@
@@ -3301,12 +3208,8 @@ To have your GNUnet peer announce the address, you have
to specify the
Now restart your webserver and your peer...
address@hidden Blacklisting peers
address@hidden %**end of header
-
address@hidden Top
-
-
address@hidden Blacklisting peers
address@hidden Blacklisting peers
Transport service supports to deny connecting to a specific peer of to a
specific peer with a specific transport plugin using te blacklisting component
@@ -3331,9 +3234,9 @@ Example:@
}
You can also add a blacklist client usign the blacklist api. On a blacklist@
- check, blacklisting first checks internally if the peer is blacklisted and@
- if not, it asks the blacklisting clients. Clients are asked if it is OK to@
- connect to a peer ID, the plugin is omitted.
+check, blacklisting first checks internally if the peer is blacklisted and@
+if not, it asks the blacklisting clients. Clients are asked if it is OK to@
+connect to a peer ID, the plugin is omitted.
On blacklist check for (peer, plugin)
@itemize @bullet
@@ -3345,7 +3248,8 @@ On blacklist check for (peer, plugin)
@item YES: disallow connection
@end itemize
address@hidden Configuration of the HTTP and HTTPS transport plugins
address@hidden Configuration of the HTTP and HTTPS transport plugins
address@hidden Configuration of the HTTP and HTTPS transport plugins
The client part of the http and https transport plugins can be configured to
use a proxy to connect to the hostlist server. This functionality can be
@@ -3372,6 +3276,7 @@ these information will be stored in the configuration in
plain text.
To configure these options directly in the configuration, you can configure the
following settings in the [transport-http_client] and [transport-https_client]
section of the configuration:
+
@example
# Type of proxy server,@
# Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME@
@@ -3385,18 +3290,9 @@ section of the configuration:
# User password for proxy server@
# PROXY_PASSWORD =
@end example
address@hidden @bullet
-
-
address@hidden
-
address@hidden itemize
address@hidden Configuring system-wide DNS interception
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Configuring system-wide DNS interception
address@hidden Configuring system-wide DNS interception
Before you install GNUnet, make sure you have a user and group 'gnunet' as well
as an empty group 'gnunetdns'.
@@ -3419,12 +3315,8 @@ system-wide DNS interception in conjunction with
link-local IPv6-based DNS
servers. If such a DNS server is used, it will bypass GNUnet's DNS traffic
interception.
address@hidden Configuring the GNU Name System
address@hidden %**end of header
-
address@hidden Top
-
-
address@hidden Configuring the GNU Name System
address@hidden Configuring the GNU Name System
Using the GNU Name System (GNS) requires two different configuration steps.
First of all, GNS needs to be integrated with the operating system. Most of
@@ -3476,12 +3368,8 @@ You can combine system-wide DNS packet interception with
the nsswitch plugin.@
The setup of the system-wide DNS interception is described here. All of the
other GNS-specific configuration steps are described in the following sections.
address@hidden Configuring the GNS nsswitch plugin
address@hidden %**end of header
-
address@hidden Top
-
-
address@hidden Configuring the GNS nsswitch plugin
address@hidden Configuring the GNS nsswitch plugin
The Name Service Switch (NSS) is a facility in Unix-like operating systems that
provides a variety of sources for common configuration databases and name
@@ -3490,8 +3378,8 @@ system's name services using the file /etc/nsswitch.conf.
GNS provides a NSS plugin to integrate GNS name resolution with the operating
system's name resolution process. To use the GNS NSS plugin you have to either
address@hidden @bullet
address@hidden @bullet
@item
install GNUnet as root or
@@ -3500,7 +3388,6 @@ install GNUnet as root or
compile GNUnet with the @code{--with-sudo=yes} switch.
@end itemize
-
Name resolution is controlled by the @emph{hosts} section in the NSS
configuration. By default this section first performs a lookup in the
/etc/hosts file and then in DNS. The nsswitch file should contain a line
@@ -3520,27 +3407,17 @@ a DNS lookup. The GNS NSS plugin has to be added to the
"hosts" section in
The @code{NOTFOUND=return} will ensure that if a @code{.gnu} name is not found
in GNS it will not be queried in DNS.
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring GNS on W32
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Configuring GNS on W32
address@hidden Configuring GNS on W32
This document is a guide to configuring GNU Name System on W32-compatible
platforms.
After GNUnet is installed, run the w32nsp-install tool:
address@hidden address@hidden example
address@hidden
+w32nsp-install.exe libw32nsp-0.dll
address@hidden example
('0' is the library version of W32 NSP; it might increase in the future,
@@ -3556,7 +3433,9 @@ is where gnunet-gns-helper-service-w32 should be
listening to (and is
configured to listen to by default).
To uninstall the provider, run:
address@hidden@end example
address@hidden
+w32nsp-uninstall.exe
address@hidden example
(uses provider GUID to uninstall it, does not need a dll name).
@@ -3569,7 +3448,8 @@ provider library to be deleted or overwritten while the
provider is installed,
and while there is at least one process still using it (even after it was
uninstalled).
address@hidden GNS Proxy Setup
address@hidden GNS Proxy Setup
address@hidden GNS Proxy Setup
When using the GNU Name System (GNS) to browse the WWW, there are several
issues that can be solved by adding the GNS Proxy to your setup:
@@ -3601,7 +3481,8 @@ speaks GNS, which will enable server operators to deliver
GNS-enabled web sites
to your browser (and continue to deliver legacy links to legacy browsers)
@end itemize
address@hidden Setup
address@hidden Setup
address@hidden Setup
First you need to create a CA certificate that the proxy can use. To do so use
the provided script gnunet-gns-proxy-ca:@
@@ -3617,7 +3498,8 @@ Note that the proxy uses libcurl. Make sure your version
of libcurl uses GnuTLS
and NOT OpenSSL. The proxy will not work with libcurl compiled against
OpenSSL.
address@hidden Testing
address@hidden Testing
address@hidden Testing
Now for testing purposes we can create some records in our zone to test the SSL
functionality of the proxy:@
@@ -3643,20 +3525,14 @@ configured proxy) should give you a valid SSL
certificate for
@table @asis
-
@item Attachment
Size
-
@item gnunethpgns.png
64.19 KB
-
@end table
address@hidden Automatic Shortening in the GNU Name System
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Automatic Shortening in the GNU Name System
address@hidden Automatic Shortening in the GNU Name System
This page describes a possible option for 'automatic name shortening', which
you can choose to enable with the GNU Name System.
@@ -3674,8 +3550,8 @@ from the shorten-zone are assigned on a
first-come-first-serve basis and should
not be trusted. Furthermore, if you enable this feature, you will no longer see
the full delegation chain for zones once shortening has been applied.
address@hidden Configuring the GNUnet VPN
-
address@hidden Configuring the GNUnet VPN
address@hidden Configuring the GNUnet VPN
Before configuring the GNUnet VPN, please make sure that system-wide DNS
interception is configured properly as described in the section on the GNUnet
@@ -3689,12 +3565,9 @@ DNS requests. You theoretically can tunnel "only" your
DNS traffic, but that
usually makes little sense.
The other options as shown on the gnunet-setup tool are:
address@hidden IPv4 address for interface
address@hidden %**end of header
-
address@hidden Top
-
address@hidden IPv4 address for interface
address@hidden IPv4 address for interface
This is the IPv4 address the VPN interface will get. You should pick an
'private' IPv4 network that is not yet in use for you system. For example, if
@@ -3705,23 +3578,21 @@ fine.@ You should try to make the mask of the address
big enough (255.255.0.0
or, even better, 255.0.0.0) to allow more mappings of remote IP Addresses into
this range. However, even a 255.255.255.0-mask will suffice for most users.
address@hidden IPv6 address for interface
address@hidden %**end of header
-
address@hidden Top
-
-
address@hidden IPv6 address for interface
address@hidden IPv6 address for interface
The IPv6 address the VPN interface will get. Here you can specify any
non-link-local address (the address should not begin with "fe80:"). A subnet
Unique Local Unicast (fd00::/8-prefix) that you are currently not using would
be a good choice.
address@hidden Configuring the GNUnet VPN DNS
address@hidden %**end of header
address@hidden Configuring the GNUnet VPN DNS
address@hidden Configuring the GNUnet VPN DNS
To resolve names for remote nodes, activate the DNS exit option.
address@hidden Configuring the GNUnet VPN Exit Service
+
address@hidden Configuring the GNUnet VPN Exit Service
address@hidden Configuring the GNUnet VPN Exit Service
If you want to allow other users to share your Internet connection (yes, this
may be dangerous, just as running a Tor exit node) or want to provide access to
@@ -3750,31 +3621,27 @@ be prepared for any kind of IP-traffic to exit the
respective TUN interface
Additional configuration options of the exit as shown by the gnunet-setup tool
are:
address@hidden IP Address of external DNS resolver
address@hidden %**end of header
-
address@hidden Top
-
address@hidden IP Address of external DNS resolver
address@hidden IP Address of external DNS resolver
If DNS traffic is to exit your machine, it will be send to this DNS resolver.
You can specify an IPv4 or IPv6 address.
address@hidden IPv4 address for Exit interface
+
address@hidden IPv4 address for Exit interface
address@hidden IPv4 address for Exit interface
This is the IPv4 address the Interface will get. Make the mask of the address
big enough (255.255.0.0 or, even better, 255.0.0.0) to allow more mappings of
IP addresses into this range. As for the VPN interface, any unused, private
IPv4 address range will do.
address@hidden IPv6 address for Exit interface
address@hidden %**end of header
-
address@hidden Top
-
address@hidden IPv6 address for Exit interface
address@hidden IPv6 address for Exit interface
The public IPv6 address the interface will get. If your kernel is not a very
recent kernel and you are willing to manually enable IPv6-NAT, the IPv6 address
-you specify here must be a globally routed IPv6 address of your host.
+you specify here must be a globally routed IPv6 address of your host.
Suppose your host has the address @code{2001:4ca0::1234/64}, then using@
@code{2001:4ca0::1:0/112} would be fine (keep the first 64 bits, then change at
@@ -3785,30 +3652,15 @@ You may also have to configure your router to route
traffic for the entire
subnet (@code{2001:4ca0::1:0/112} for example) through your computer (this
should be automatic with IPv6, but obviously anything can be
disabled).
address@hidden Bandwidth Configuration
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Bandwidth Configuration
address@hidden Bandwidth Configuration
You can specify how many bandwidth GNUnet is allowed to use to receive and send
data. This is important for users with limited bandwidth or traffic volume.
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Français
address@hidden itemize
address@hidden Configuring NAT
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Configuring NAT
address@hidden Configuring NAT
Most hosts today do not have a normal global IP address but instead are behind
a router performing Network Address Translation (NAT) which assigns each host
@@ -3856,21 +3708,9 @@ not work).
Finally, if you yourself are not behind NAT but want to be able to connect to
NATed peers using autonomous NAT traversal, you need to check the "Enable
connecting to NATed peers using ICMP method" box.
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Français
address@hidden itemize
address@hidden How to start and stop a GNUnet peer
address@hidden %**end of header
-
address@hidden Top
-
address@hidden How to start and stop a GNUnet peer
address@hidden How to start and stop a GNUnet peer
This section describes how to start a GNUnet peer. It assumes that you have
already compiled and installed GNUnet and its' dependencies. Before you start a
@@ -3880,22 +3720,24 @@ GNUnet peer, you may want to create a configuration
file using gnunet-setup
simply start without any configuration. If you want to configure your peer
later, you need to stop it before invoking the @code{gnunet-setup} tool to
customize further and to test your configuration (@code{gnunet-setup} has
-build-in test functions).
+build-in test functions).
- The most important option you might have to still set by hand is in [PATHS].
- Here, you use the option "GNUNET_HOME" to specify the path where GNUnet should
- store its data. It defaults to @code{$HOME/}, which again should work for most
- users. Make sure that the directory specified as GNUNET_HOME is writable to
- the user that you will use to run GNUnet (note that you can run frontends
- using other users, GNUNET_HOME must only be accessible to the user used to run
- the background processes).
+The most important option you might have to still set by hand is in [PATHS].
+Here, you use the option "GNUNET_HOME" to specify the path where GNUnet should
+store its data. It defaults to @code{$HOME/}, which again should work for most
+users. Make sure that the directory specified as GNUNET_HOME is writable to
+the user that you will use to run GNUnet (note that you can run frontends
+using other users, GNUNET_HOME must only be accessible to the user used to run
+the background processes).
You will also need to make one central decision: should all of GNUnet be run
under your normal UID, or do you want distinguish between system-wide
(user-independent) GNUnet services and personal GNUnet services. The multi-user
setup is slightly more complicated, but also more secure and generally
recommended.
address@hidden The Single-User Setup
+
address@hidden The Single-User Setup
address@hidden The Single-User Setup
For the single-user setup, you do not need to do anything special and can just
start the GNUnet background processes using @code{gnunet-arm}. By default,
@@ -3904,39 +3746,46 @@ $XDG_CONFIG_HOME/gnunet.conf if@ $XDG_CONFIG_HOME is
defined). If your
configuration lives elsewhere, you need to pass the @code{-c FILENAME} option
to all GNUnet commands.
- Assuming the configuration file is called @code{~/.config/gnunet.conf}, you
- start your peer using the @code{gnunet-arm} command (say as user
- @code{gnunet}) using: @examplegnunet-arm -c ~/.config/gnunet.conf -s @end
- example
-
+Assuming the configuration file is called @code{~/.config/gnunet.conf}, you
+start your peer using the @code{gnunet-arm} command (say as user
address@hidden) using:
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -s
address@hidden example
The "-s" option here is for "start". The command should return almost
-instantly. If you want to stop GNUnet, you can use: @examplegnunet-arm -c
-~/.config/gnunet.conf -e @end example
-
+instantly. If you want to stop GNUnet, you can use:
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -e
address@hidden example
The "-e" option here is for "end".
- Note that this will only start the basic peer, no actual applications will be
- available. If you want to start the file-sharing service, use (after starting
- GNUnet): @examplegnunet-arm -c ~/.config/gnunet.conf -i fs @end example
-
+Note that this will only start the basic peer, no actual applications will be
+available. If you want to start the file-sharing service, use (after starting
+GNUnet):
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -i fs
address@hidden example
The "-i fs" option here is for "initialize" the "fs" (file-sharing)
application. You can also selectively kill only file-sharing support using
address@hidden -c ~/.config/gnunet.conf -k fs @end example
-
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -k fs
address@hidden example
Assuming that you want certain services (like file-sharing) to be always
automatically started whenever you start GNUnet, you can activate them by
setting "FORCESTART=YES" in the respective section of the configuration file
(for example, "[fs]"). Then GNUnet with file-sharing support would be started
-whenever you@ enter: @examplegnunet-arm -c ~/.config/gnunet.conf -s @end
-example
-
+whenever you@ enter:
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -s
address@hidden example
Alternatively, you can combine the two options:
address@hidden -c ~/.config/gnunet.conf -s -i fs
address@hidden
+gnunet-arm -c ~/.config/gnunet.conf -s -i fs
@end example
@@ -3949,12 +3798,9 @@ and insert a line@
@@reboot gnunet-arm -c ~/.config/gnunet.conf -s@
}@
to automatically start your peer whenever your system boots.
address@hidden The Multi-User Setup
address@hidden %**end of header
-
address@hidden Top
-
address@hidden The Multi-User Setup
address@hidden The Multi-User Setup
This requires you to create a user @code{gnunet} and an additional group
@code{gnunetdns}, prior to running @code{make install} during installation.
@@ -3997,13 +3843,10 @@ strongly consider adding logic to start the peer
automatically to their
crontab.
Afterwards, you should see two (or more, if you have more than one USER)
address@hidden processes running in your system. @settitle Killing
-GNUnet services
address@hidden %**end of header
-
address@hidden Top
-
address@hidden processes running in your system.
address@hidden Killing GNUnet services
address@hidden Killing GNUnet services
It is not necessary to stop GNUnet services explicitly when shutting down your
computer.
@@ -4014,24 +3857,9 @@ processes is generally not a successful method for
stopping a peer (since
explicitly stop a peer is using @code{gnunet-arm -e}; note that the per-user
services may need to be terminated before the system-wide services will
terminate normally.
address@hidden @bullet
-
-
address@hidden
-
-
address@hidden
-Español
-
address@hidden
-Français
address@hidden itemize
address@hidden Access Control for GNUnet
address@hidden %**end of header
-
address@hidden Top
-
address@hidden Access Control for GNUnet
address@hidden Access Control for GNUnet
This chapter documents how we plan to make access control work within the
GNUnet system for a typical peer. It should be read as a best-practice
@@ -4048,6 +3876,7 @@ applies to installations where multiple users share a
system and to
installations where the best possible security is paramount.
A typical GNUnet system consists of components that fall into four categories:
+
@table @asis
@item User interfaces
@@ -4074,8 +3903,8 @@ machine. Access to the APIs of these critical services
and their priviledged
helpers must be tightly controlled.
@end table
address@hidden Recommendation: Disable access to GNUnet services via TCP
address@hidden Recommendation: Disable access to GNUnet services via TCP
address@hidden Recommendation: Disable access to GNUnet services via TCP
address@hidden Recommendation: Disable access to GNUnet services via TCP
GNUnet services allow two types of access: via TCP socket or via UNIX domain
socket. If the service is available via TCP, access control can only be
@@ -4088,26 +3917,19 @@ access to all GNUnet services on systems with support
for UNIX domain sockets.
As of GNUnet 0.9.2, configuration files with TCP access disabled should be
generated by default. Users can re-enable TCP access to particular services
simply by specifying a non-zero port number in the section of the respective
address@hidden Recommendation: Run most GNUnet services as system user
-"gnunet"
address@hidden %**end of header
-
address@hidden Top
-
-
+service.
address@hidden Recommendation: Run most GNUnet services as system user "gnunet"
address@hidden Recommendation: Run most GNUnet services as system user "gnunet"
GNUnet's main services should be run as a separate user "gnunet" in a special
group "gnunet". The user "gnunet" should start the peer using "gnunet-arm -s"
during system startup. The home directory for this user should be
"/var/lib/gnunet" and the configuration file should be "/etc/gnunet.conf". Only
the "gnunet" user should have the right to access "/var/lib/gnunet" (mode:
-700)address@hidden Recommendation: Control access to GNUnet services using
group
-"gnunet"
address@hidden %**end of header
-
address@hidden Top
-
+700).
address@hidden Recommendation: Control access to GNUnet services using group
"gnunet"
address@hidden Recommendation: Control access to GNUnet services using group
"gnunet"
Users that should be allowed to use the GNUnet peer should be added to the
group "gnunet". Using GNUnet's access control mechanism for UNIX domain
@@ -4117,24 +3939,18 @@ shipped, GNUnet provides reasonable defaults.
Permissions to access the
transport and core subsystems might additionally be granted without necessarily
causing security concerns. Some services, such as DNS, must NOT be made
accessible to the "gnunet" group (and should thus only be accessible to the
-"gnunet" user and services running with this UID)address@hidden Recommendation:
-Limit access to certain SUID binaries by group "gnunet"
address@hidden %**end of header
-
address@hidden Top
-
+"gnunet" user and services running with this UID).
address@hidden Recommendation: Limit access to certain SUID binaries by group
"gnunet"
address@hidden Recommendation: Limit access to certain SUID binaries by group
"gnunet"
Most of GNUnet's SUID binaries should be safe even if executed by normal users.
However, it is possible to reduce the risk a little bit more by making these
binaries owned by the group "gnunet" and restricting their execution to user of
-the group "gnunet" as well (4750)address@hidden Recommendation: Limit access to
-critical gnunet-helper-dns to group "gnunetdns"
address@hidden %**end of header
-
address@hidden Top
-
+the group "gnunet" as well (4750).
address@hidden Recommendation: Limit access to critical gnunet-helper-dns to
group "gnunetdns"
address@hidden Recommendation: Limit access to critical gnunet-helper-dns to
group "gnunetdns"
A special group "gnunetdns" should be created for controlling access to the
"gnunet-helper-dns". The binary should then be owned by root and be in group
@@ -4147,13 +3963,10 @@ can change its group to "gnunetdns" and execute the
helper, and the helper can
then run as root (as per SUID). Access to the API offered by
"gnunet-service-dns" is in turn restricted to the user "gnunet" (not the
group!), which means that only "benign" services can manipulate DNS queries
-using "gnunet-service-dns"address@hidden Differences between "make install" and
-these recommendations
address@hidden %**end of header
-
address@hidden Top
-
+using "gnunet-service-dns".
address@hidden Differences between "make install" and these recommendations
address@hidden Differences between "make install" and these recommendations
The current build system does not set all permissions automatically based on
the recommendations above. In particular, it does not use the group "gnunet" at
@@ -4162,12 +3975,9 @@ group "gnunet" must be done manually). Furthermore,
'make install' will
silently fail to set the DNS binaries to be owned by group "gnunetdns" unless
that group already exists (!). An alternative name for the "gnunetdns" group
can be specified using the "--with-gnunetdns=GRPNAME" configure
address@hidden Peer Configuration
address@hidden %**end of header
-
address@hidden Top
-
-
+option.
address@hidden Peer Configuration
address@hidden Peer Configuration
The "GNUNET_DATA_HOME" in "[path]" in /etc/gnunet.conf should be manually set
to "/var/lib/gnunet/data/" as the default "~/.local/share/gnunet/" is probably
@@ -4175,7 +3985,7 @@ not that appropriate in this case. Similarly,
distributions may consider
pointing "GNUNET_RUNTIME_DIR" to "/var/run/gnunet/" and "GNUNET_HOME" to
"/var/lib/gnunet/". Also, should a distribution decide to override system
defaults, all of these changes should be done in a custom "/etc/gnunet.conf"
-and not in the files in the "config.d/" directory.
+and not in the files in the "config.d/" directory.
Given the proposed access permissions, the "gnunet-setup" tool must be run as
use "gnunet" (and with option "-c /etc/gnunet.conf" so that it modifies the
@@ -4184,27 +3994,3 @@ peer was stopped using "gnunet-arm -e". Distributions
might want to include a
wrapper for gnunet-setup that allows the desktop-user to "sudo" (i.e. using
gtksudo) to the "gnunet" user account and then runs "gnunet-arm -e",
"gnunet-setup" and "gnunet-arm -s" in sequence.
-
address@hidden
*****************************************************************************
address@hidden GNU Free Documentation License
address@hidden GNU Free Documentation License
address@hidden license, GNU Free Documentation License
address@hidden fdl-1.3.texi
-
address@hidden
*****************************************************************************
address@hidden GNU General Public License
address@hidden GNU General Public License
address@hidden license, GNU General Public License
address@hidden gpl-3.0.texi
-
address@hidden
*****************************************************************************
address@hidden Concept Index
address@hidden Concept Index
address@hidden cp
-
address@hidden
*****************************************************************************
address@hidden Contents
address@hidden Contents
address@hidden
-
address@hidden
diff --git a/philosophy.texi b/philosophy.texi
index cc2caf3..0a232fc 100644
--- a/philosophy.texi
+++ b/philosophy.texi
@@ -1,56 +1,3 @@
-\input texinfo @c -*-texinfo-*-
address@hidden %**start of header
address@hidden philosophy
address@hidden Philosophy of GNUnet
address@hidden %**end of header
-
address@hidden
-Copyright @copyright{} 2017 ng0
-
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.3 or
-any later version published by the Free Software Foundation; with no
-Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
-copy of the license is included in the section entitled ``GNU Free
-Documentation License''.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/fdl.html}.
-
-Alternately, this document is also available under the General
-Public License, version 3 or later, as published by the Free Software
-Foundation.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/gpl.html}.
address@hidden copying
-
address@hidden Philosophy of GNUnet
address@hidden
-* Introduction
-* Copyright and Contributions
-* Design Goals
-* Key Concepts
address@hidden direntry
-
address@hidden
address@hidden GNUnet Philosophy
address@hidden The GNUnet Developers
-
address@hidden
address@hidden 0pt plus 1filll
-Edition @value{EDITION} @*
address@hidden @*
-
address@hidden
address@hidden titlepage
-
address@hidden
address@hidden
***************************************************************************
address@hidden Top
address@hidden GNUnet Philosophy
-
-
@c ***************************************************************************
@node Philosophy
@chapter Philosophy
@@ -483,28 +430,3 @@ the revocation).
To avoid TL;DR ones from accidentally revocating their zones, I am not giving
away the command, but its simple: the actual revocation is performed by using
the @command{-p} option of @command{gnunet-revocation}.
-
address@hidden
*****************************************************************************
address@hidden GNU Free Documentation License
address@hidden GNU Free Documentation License
address@hidden license, GNU Free Documentation License
address@hidden fdl-1.3.texi
-
address@hidden
*****************************************************************************
address@hidden GNU General Public License
address@hidden GNU General Public License
address@hidden license, GNU General Public License
address@hidden gpl-3.0.texi
-
address@hidden
*****************************************************************************
address@hidden Concept Index
address@hidden Concept Index
address@hidden cp
-
address@hidden
*****************************************************************************
address@hidden Contents
address@hidden Contents
address@hidden Contents
address@hidden
-
address@hidden
diff --git a/user.texi b/user.texi
index da3e704..cfc488f 100644
--- a/user.texi
+++ b/user.texi
@@ -1,54 +1,3 @@
-\input texinfo @c -*-texinfo-*-
address@hidden %**start of header
address@hidden user
address@hidden User Handbook of GNUnet
address@hidden %**end of header
-
address@hidden
-Copyright @copyright{} 2017 ng0
-
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.3 or
-any later version published by the Free Software Foundation; with no
-Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
-copy of the license is included in the section entitled ``GNU Free
-Documentation License''.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/fdl.html}.
-
-Alternately, this document is also available under the General
-Public License, version 3 or later, as published by the Free Software
-Foundation.
-
-A copy of the license is also available from the Free Software
-Foundation Web site at @url{http://www.gnu.org/licenses/gpl.html}.
address@hidden copying
-
address@hidden User Handbook of GNUnet
address@hidden
-* Introduction
-* Tutorial: using GNUnet
- * Checking the Installation
- * gnunet-gtk
- * Statistics
- * Peer Information
address@hidden direntry
-
address@hidden
address@hidden User Handbook of GNUnet
address@hidden The GNUnet Developers
-
address@hidden
address@hidden 0pt plus 1filll
-Edition @value{EDITION} @*
address@hidden @*
-
address@hidden
address@hidden titlepage
-
address@hidden
address@hidden
***************************************************************************
@node Top
@top Introduction
@@ -82,7 +31,7 @@ that the installation works, and then dive into simple,
concrete practical
things that can be done with the network.
@node Checking the Installation
address@hidden Checking the Installation
address@hidden Checking the Installation
@c %**end of header
This chapter describes a quick casual way to check if your GNUnet installation
@@ -90,7 +39,7 @@ works. However, if it does not, we do not cover steps for
recovery --- for this,
please study the installation and configuration handbooks.
@node gnunet-gtk
address@hidden gnunet-gtk
address@hidden gnunet-gtk
@c %**end of header
First, you should launch @code{gnunet-gtk}, the graphical user interface for
@@ -114,7 +63,7 @@ you can use within @code{gnunet-gtk}. They are (from left to
right):
@end itemize
@node Statistics
address@hidden Statistics
address@hidden Statistics
@c %**end of header
When @code{gnunet-gtk} is started, the statistics area should be selected at
@@ -131,7 +80,7 @@ used by your peer. Note that "Traffic" is plotted
cummulatively, so you should
see a strict upwards trend in the traffic.
@node Peer Information
address@hidden Peer Information
address@hidden Peer Information
@c %**end of header
You should now click on the Australian Aboriginal Flag. Once you have done
this,
@@ -143,7 +92,7 @@ are listed and/or if there are very few peers with a green
light for
connectivity, there is likely a problem with your network configuration.
@node First steps: File-sharing
address@hidden First steps: File-sharing
address@hidden First steps: File-sharing
@c %**end of header
This chapter describes first steps for file-sharing with GNUnet. To start, you
@@ -154,7 +103,7 @@ As we want to be sure that the network contains the data
that we are looking for
for testing, we need to begin by publishing a file.
@node Publishing
address@hidden Publishing
address@hidden Publishing
@c %**end of header
To publish a file, select "File Sharing" in the menu bar just below the
@@ -203,7 +152,7 @@ list of published files (or ongoing publishing operations
with progress
indicators):
@node Searching
address@hidden Searching
address@hidden Searching
@c %**end of header
Below the menu bar, there are four entry widges labeled "Namespace",
"Keywords",
@@ -226,7 +175,7 @@ Once a file is selected, at the bottom of the search result
list a little area
for downloading appears.
@node Downloading
address@hidden Downloading
address@hidden Downloading
@c %**end of header
In the downloading area, you can select the target directory (default is
@@ -250,11 +199,11 @@ respective download and selecting "Abort download" from
the menu.
That's it, you now know the basics for file-sharing with GNUnet!
@node First steps: Using the GNU Name System
address@hidden First steps: Using the GNU Name System
address@hidden First steps: Using the GNU Name System
@c %**end of header
@node Preliminaries
address@hidden Preliminaries
address@hidden Preliminaries
@c %**end of header
First, we will check if the GNU Name System installation was completed
normally.
@@ -277,7 +226,7 @@ learns automatically. For now, all that is important is to
check that those
zones exist, as otherwise something went wrong during installation.
@node The GNS Tab
address@hidden The GNS Tab
address@hidden The GNS Tab
@c %**end of header
Next, we switch to the GNS tab, which is the tab in the middle with the letters
@@ -300,7 +249,7 @@ and "private" are pointers from your master zone to your
shorten and private
zones respectively.
@node Creating a Record
address@hidden Creating a Record
address@hidden Creating a Record
@c %**end of header
We will begin by creating a simple record in your master zone. To do this,
click
@@ -326,7 +275,7 @@ triangle left of the "test" label. By doing so, you get to
see all of the
records under "test". Note that you can right-click a record to edit it later.
@node Creating a Business Card
address@hidden Creating a Business Card
address@hidden Creating a Business Card
@c %**end of header
Before we can really use GNS, you should create a business card. Note that this
@@ -354,7 +303,7 @@ back to the shell running @code{gnunet-bcd} and press
CTRL-C to shut down the
web server.
@node Resolving GNS records
address@hidden Resolving GNS records
address@hidden Resolving GNS records
@c %**end of header
Next, you should try resolving your own GNS records. The simplest method is to
@@ -367,7 +316,7 @@ do this by explicitly resolving using @code{gnunet-gns}. In
the shell, type:@
That shows that resolution works, once GNS is integrated with the application.
@node Integration with Browsers
address@hidden Integration with Browsers
address@hidden Integration with Browsers
@c %**end of header
While we recommend integrating GNS using the NSS module in the GNU libc Name
@@ -424,7 +373,7 @@ experimental feature and not really our primary goal at
this time. Still, it is
a possible use-case and we welcome help with testing and development.
@node Be Social
address@hidden Be Social
address@hidden Be Social
@c %**end of header
Next, you should print out your business card and be social. Find a friend,
help
@@ -449,7 +398,7 @@ nickname is "Bob". Then, type@
to check if your friend was as good at following instructions as you were.
@node What's Next?
address@hidden What's Next?
address@hidden What's Next?
@c %**end of header
This may seem not like much of an application yet, but you have just been one
of
@@ -465,7 +414,7 @@ with the next GNUnet release for even more applications
using this new
public key infrastructure.
@node First steps: Using GNUnet Conversation
address@hidden First steps: Using GNUnet Conversation
address@hidden First steps: Using GNUnet Conversation
@c %**end of header
Before starting the tutorial, you should be aware that
@@ -475,7 +424,7 @@ steps necessary to use it. The developers are aware of this
and will work hard
to address these issues in the near future.
@node Testing your Audio Equipment
address@hidden Testing your Audio Equipment
address@hidden Testing your Audio Equipment
@c %**end of header
First, you should use @code{gnunet-conversation-test} to check that your
@@ -487,7 +436,7 @@ you have multiple input/output devices, that the correct
device is being
associated with GNUnet's audio tools.
@node GNS Zones
address@hidden GNS Zones
address@hidden GNS Zones
@c %**end of header
@code{gnunet-conversation} uses GNS for addressing. This means that you need to
@@ -495,7 +444,7 @@ have a GNS zone created before using it. Information about
how to create GNS
zones can be found here.
@node Picking an Identity
address@hidden Picking an Identity
address@hidden Picking an Identity
@c %**end of header
To make a call with @code{gnunet-conversation}, you first need to choose an
@@ -536,7 +485,7 @@ the "Save" button will not work; you might want to use
copy-and-paste instead of
typing in the peer identity manually. Save the record.
@node Calling somebody
address@hidden Calling somebody
address@hidden Calling somebody
@c %**end of header
Now you can call a buddy. Obviously, your buddy will have to have GNUnet
@@ -560,7 +509,7 @@ can end the call using "/cancel". You can exit
@code{gnunet-converation} using
"/quit".
@node Future Directions
address@hidden Future Directions
address@hidden Future Directions
@c %**end of header
Note that we do not envision people to use gnunet-conversation like this
@@ -568,11 +517,11 @@ forever. We will write a graphical user interface, and
that GUI will
automatically create the necessary records in the respective zone.
@node First steps: Using the GNUnet VPN
address@hidden First steps: Using the GNUnet VPN
address@hidden First steps: Using the GNUnet VPN
@c %**end of header
@node Preliminaries
address@hidden Preliminaries
address@hidden Preliminaries
@c %**end of header
To test the GNUnet VPN, we should first run a web server. The easiest way to do
@@ -604,7 +553,7 @@ $ cd src/gns/nss; sudo make install
to install the NSS plugins in the proper location.
@node Exit configuration
address@hidden Exit configuration
address@hidden Exit configuration
@c %**end of header
Stop your peer (as user @code{gnunet}, run @code{gnunet-arm -e}) and run
@@ -619,7 +568,7 @@ the 8888 port accordingly).
Now exit @code{gnunet-setup} and restart your peer (@code{gnunet-arm -s}).
@node GNS configuration
address@hidden GNS configuration
address@hidden GNS configuration
@c %**end of header
Now, using your normal user (not the @code{gnunet} system user), run
@@ -639,7 +588,7 @@ public. For non-public services, you should use a
passphrase instead of the
string "bcd". Save the record and exit @code{gnunet-gtk}.
@node Accessing the service
address@hidden Accessing the service
address@hidden Accessing the service
@c %**end of header
You should now be able to access your webserver. Type in:@
@@ -657,7 +606,7 @@ need a way to access your GNS zone first, for example by
learning your public
key from a QR code on your business card.
@node Using a Browser
address@hidden Using a Browser
address@hidden Using a Browser
@c %**end of header
Sadly, modern browsers tend to bypass the Name Services Switch and attempt DNS
@@ -668,7 +617,7 @@ autoblunder of changing @code{.gnu} to ".gnu.com". Still,
using the HTTP proxy
with Chrome does work.
@node File-sharing
address@hidden File-sharing
address@hidden File-sharing
@c %**end of header
This chapter documents the GNUnet file-sharing application. The original
@@ -688,7 +637,7 @@ file-sharing implementation. Then, we will discuss
specifics as to how they
impact users that publish, search or download files.
@node File-sharing: Concepts
address@hidden File-sharing: Concepts
address@hidden File-sharing: Concepts
@c %**end of header
Sharing files in GNUnet is not quite as simple as in traditional file sharing
@@ -704,7 +653,7 @@ available. This section is supposed to introduce users to
the concepts that are
used to achive these goals.
@node Files
address@hidden Files
address@hidden Files
@c %**end of header
A file in GNUnet is just a sequence of bytes. Any file-format is allowed and
the
@@ -714,7 +663,7 @@ the contents of shared files, except when using GNU
libextractor to obtain
keywords.
@node Keywords
address@hidden Keywords
address@hidden Keywords
@c %**end of header
Keywords are the most simple mechanism to find files on GNUnet. Keywords are
@@ -729,7 +678,7 @@ since the keyword search involves computing a fresh RSA key
to formulate the
request.
@node Directories
address@hidden Directories
address@hidden Directories
@c %**end of header
A directory in GNUnet is a list of file identifiers with meta data. The file
@@ -740,7 +689,7 @@ kilobytes) can be inlined in the directory, so that a
separate download becomes
unnecessary.
@node Pseudonyms
address@hidden Pseudonyms
address@hidden Pseudonyms
@c %**end of header
Pseudonyms in GNUnet are essentially public-private (RSA) key pairs that allow
a
@@ -755,7 +704,7 @@ pseudonym keys (currently only out-of-band by knowing which
files to copy
around).
@node Namespaces
address@hidden Namespaces
address@hidden Namespaces
@c %**end of header
A namespace is a set of files that were signed by the same pseudonym. Files (or
@@ -766,7 +715,7 @@ content in the namespace comes from the same entity (which
does not have to be
the same person).
@node Advertisements
address@hidden Advertisements
address@hidden Advertisements
@c %**end of header
Advertisements are used to notify other users about the existence of a
@@ -786,7 +735,7 @@ pseudonyms and namespaces. This will likely change in the
future to reduce the
potential for confusion.
@node Anonymity level
address@hidden Anonymity level
address@hidden Anonymity level
@c %**end of header
The anonymity level determines how hard it should be for an adversary to
@@ -800,7 +749,7 @@ required. While this offers better privacy, it can also
significantly hurt
performance.
@node Content Priority
address@hidden Content Priority
address@hidden Content Priority
@c %**end of header
Depending on the peer's configuration, GNUnet peers migrate content between
@@ -816,7 +765,7 @@ base-priority that was specified by the user when the block
was published
initially.
@node Replication
address@hidden Replication
address@hidden Replication
@c %**end of header
When peers migrate content to other systems, the replication level of a block
is
@@ -826,7 +775,7 @@ then decrement the replication level by one. If all blocks
reach replication
level zero, the selection is simply random.
@node File-sharing: Publishing
address@hidden File-sharing: Publishing
address@hidden File-sharing: Publishing
@c %**end of header
The command @code{gnunet-publish} can be used to add content to the network.
@@ -836,7 +785,7 @@ $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE]
FILENAME
@end example
@node Important command-line options
address@hidden Important command-line options
address@hidden Important command-line options
@c %**end of header
The option -k is used to specify keywords for the file that should be inserted.
@@ -856,7 +805,7 @@ directories.
See the man-page for details.
@node Indexing vs. Inserting
address@hidden Indexing vs Inserting
address@hidden Indexing vs Inserting
@c %**end of header
By default, GNUnet indexes a file instead of making a full copy. This is much
@@ -890,7 +839,7 @@ drive and the adversary is able to crack the encryption
(e.g. by guessing the
keyword.
@node File-sharing: Searching
address@hidden File-sharing: Searching
address@hidden File-sharing: Searching
@c %**end of header
The command @code{gnunet-search} can be used to search for content on GNUnet.
@@ -937,7 +886,7 @@ The second line contains the description of the file; here
this is
on how to specify these).
@node File-sharing: Downloading
address@hidden File-sharing: Downloading
address@hidden File-sharing: Downloading
@c %**end of header
In order to download a file, you need the three values returned by
@@ -969,7 +918,7 @@ turn on verbose reporting. In this case,
@code{gnunet-download} will print the
current number of bytes downloaded whenever new data was received.
@node File-sharing: Directories
address@hidden File-sharing: Directories
address@hidden File-sharing: Directories
@c %**end of header
Directories are shared just like ordinary files. If you download a directory
@@ -983,7 +932,7 @@ a filename and other meta information, and possibly even
the full original file
(if it was small).
@node File-sharing: Namespace Management
address@hidden File-sharing: Namespace Management
address@hidden File-sharing: Namespace Management
@c %**end of header
THIS TEXT IS OUTDATED AND NEEDS TO BE REWRITTEN FOR 0.10!
@@ -993,7 +942,7 @@ namespaces. By default, gnunet-pseudonym simply lists all
locally available
pseudonyms.
@node Creating Pseudonyms
address@hidden Creating Pseudonyms
address@hidden Creating Pseudonyms
@c %**end of header
With the @code{-C NICK} option it can also be used to create a new pseudonym.
@@ -1002,7 +951,7 @@ Anyone can create any number of pseudonyms. Note that
creating a pseudonym can
take a few minutes depending on the performance of the machine used.
@node Deleting Pseudonyms
address@hidden Deleting Pseudonyms
address@hidden Deleting Pseudonyms
@c %**end of header
With the @code{-D NICK} option pseudonyms can be deleted. Once the pseudonym
has
@@ -1011,6 +960,7 @@ Deleting the pseudonym does not make the namespace or any
content in it
unavailable.
@node Advertising namespaces
address@hidden Advertising namespaces
@c %**end of header
Each namespace is associated with meta-data that describes the namespace.
@@ -1024,6 +974,7 @@ stored in a local list of known namespaces. Users can then
associate a rank with
the namespace to remember the quality of the content found in it.
@node Namespace names
address@hidden Namespace names
@c %**end of header
While the namespace is uniquely identified by its ID, another way to refer to
@@ -1033,6 +984,7 @@ learns about more than one namespace using the same
NICKNAME, the ID is appended
to the NICKNAME to get a unique identifier.
@node Namespace root
address@hidden Namespace root
@c %**end of header
An item of particular interest in the namespace advertisement is the ROOT.
@@ -1041,6 +993,7 @@ that the ROOT can be used to advertise an entry point to
the content of the
namespace.
@node File-Sharing URIs
address@hidden File-Sharing URIs
@c %**end of header
GNUnet (currently) uses four different types of URIs for file-sharing. They all
@@ -1048,12 +1001,14 @@ begin with "gnunet://fs/". This section describes the
four different URI types
in detail.
@node Encoding of hash values in URIs
address@hidden Encoding of hash values in URIs
@c %**end of header
Most URIs include some hash values. Hashes are encoded using base32hex
(RFC 2938).
@node Content Hash Key (chk)
address@hidden Content Hash Key (chk)
@c %**end of header
A chk-URI is used to (uniquely) identify a file or directory and to allow peers
@@ -1066,6 +1021,7 @@ plaintext of the top block) and QUERYHASH is the query
used to request the
top-level block (also the hash of the encrypted block).
@node Location identifiers (loc)
address@hidden Location identifiers (loc)
@c %**end of header
For non-anonymous file-sharing, loc-URIs are used to specify which peer is
@@ -1078,6 +1034,7 @@ public key of the peer (in GNUnet format in base32hex),
SIG is the RSA signature
(in milliseconds after 1970).
@node Keyword queries (ksk)
address@hidden Keyword queries (ksk)
@c %**end of header
A keyword-URI is used to specify that the desired operation is the search using
@@ -1088,6 +1045,7 @@ logically "OR"-ed in the search, results matching both
keywords are given a
higher rank): "gnunet://fs/ksk/KEYWORD1+KEYWORD2".
@node Namespace content (sks)
address@hidden Namespace content (sks)
@c %**end of header
Namespaces are sets of files that have been approved by some (usually
@@ -1102,9 +1060,11 @@ is the public key for the namespace. "IDENTIFIER" is a
freely chosen keyword
to some kind of index or other entry point into the namespace.
@node GNS Configuration
address@hidden GNS Configuration
@c %**end of header
@node DNS Services Configuration
address@hidden DNS Services Configuration
@c %**end of header
This creates new hostnames in the form "example.gnu". The "example" is filled
in
@@ -1606,28 +1566,3 @@ nodes. So if you happen to know a peer and a service
offered by that peer, you
can create an IP tunnel to that peer by specifying the peer's identity, service
name and protocol (--tcp or --udp) and you will again receive an IP address
that
will terminate at the respective peer's service.
-
address@hidden
*****************************************************************************
address@hidden GNU Free Documentation License
address@hidden GNU Free Documentation License
address@hidden license, GNU Free Documentation License
address@hidden fdl-1.3.texi
-
address@hidden
*****************************************************************************
address@hidden GNU General Public License
address@hidden GNU General Public License
address@hidden license, GNU General Public License
address@hidden gpl-3.0.texi
-
address@hidden
*****************************************************************************
address@hidden Concept Index
address@hidden Concept Index
address@hidden cp
-
address@hidden
*****************************************************************************
address@hidden Contents
address@hidden Contents
address@hidden Contents
address@hidden
-
address@hidden
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet-texinfo] branch master updated: start to move everything as inputs into gnunet.texi via (@import).,
gnunet <=