1 ======================================================================
3 THIS SVN VERSION OF GNUNET IS INCOMPATIBLE TO ALL PREVIOUS RELEASES.
4 WE CHANGED PARTS IN THE CRYPTOGRAPHY OF THE SYSTEM.
6 You need to install libgcrypt from git master
7 for the code to compile.
9 =======================================================================
17 GNUnet is peer-to-peer framework focusing on security. The first and
18 primary application for GNUnet is anonymous file-sharing. GNUnet is
19 currently developed by a worldwide group of independent free software
20 developers. GNUnet is a GNU package (http://www.gnu.org/).
22 This is an ALPHA release. There are known and significant bugs as
23 well as many missing features in this release.
25 Additional documentation about GNUnet can be found at
32 Please note that for many of its dependencies GNUnet requires very
33 recent versions of the libraries which are often NOT to be found in
34 stable distributions in 2011. While using older packages may in some
35 cases on some operating systems may seem to work in some limited
36 fashion, we are in many cases aware of serious problems with older
37 packages. Hence please make sure to use the versions listed below.
39 These are the direct dependencies for running GNUnet:
41 - libextractor >= 0.6.1
42 - libmicrohttpd >= 0.9.31
44 - libgnurl >= 7.34.0 (available from https://gnunet.org/gnurl)
45 - libunistring >= 0.9.2
49 - openssl >= 1.0 (binary, used to generate X.509 certificate)
50 - libltdl >= 2.2 (part of GNU libtool)
51 - sqlite >= 3.8 (default database, required)
52 - mysql >= 5.1 (alternative to sqlite)
53 - postgres >= 8.3 (alternative to sqlite)
54 - libopus >= 0.9.14 (optional for experimental conversation tool)
55 - libpulse >= 2.0 (optional for experimental conversation tool)
56 - python-zbar >= 0.10 (optional for gnunet-qr)
57 - TeX Live >= 2012 (optional for gnunet-bcd)
59 Recommended autotools for compiling the SVN version are:
68 The fastest way is to use a binary package if it is available for your
69 system. For a more detailed description, read the installation
70 instructions on the webpage at https://gnunet.org/installation.
72 Note that some functions of GNUnet require "root" access. GNUnet will
73 install (tiny) SUID binaries for those functions is you run "make
74 install" as root. If you do not, GNUnet will still work, but some
75 functionality will not be available (including certain forms of NAT
78 GNUnet requires the GNU MP library (http://www.gnu.org/software/gmp/)
79 and libgcrypt (http://www.gnupg.org/). You can specify the path to
80 libgcrypt by passing "--with-gcrypt=PATH" to configure. You will also
81 need either sqlite (http://www.sqlite.org/), MySQL
82 (http://www.mysql.org/) or PostGres (http://www.postgres.org/).
84 If you install from source, you need to install GNU libextractor first
85 (download from http://www.gnu.org/software/libextractor/). We also
86 recommend installing GNU libmicrohttpd (download from
87 http://www.gnu.org/software/libmicrohttpd/). Then you can start the
88 actual GNUnet compilation and installation process with:
90 $ export GNUNET_PREFIX=/usr/local # or other directory of your choice
92 # adduser gnunet gnunet
93 # ./configure --prefix=$GNUNET_PREFIX --with-extractor=$LE_PREFIX
96 # sudo -u gnunet gnunet-arm -s
98 Note that running the 'configure' and 'make install' steps as
99 root (or with sudo) is required as some parts of the installation
100 require the creation of SUID binaries. The installation will
101 work if you do not run these steps as root, but some components
102 may not be installed in the perfect place or with the right
103 permissions and thus won't work.
105 This will create the users and groups needed for running GNUnet
106 securely and then compile and install GNUnet to $GNUNET_PREFIX/bin/,
107 $GNUNET_PREFIX/lib/ and $GNUNET_PREFIX/share/ and start the system
108 with the default configuration. It is strongly recommended that you
109 add a user "gnunet" to run "gnunet-arm". You can then still run the
110 end-user applications as another user.
112 If you create a system user "gnunet", it is recommended that you edit
113 the configuration file slightly so that data can be stored in the
114 system user home directory at "/var/lib/gnunet". Depending on what
115 the $HOME-directory of your "gnunet" user is, you might need to set
116 the SERVICEHOME option in section "[PATHS]" to "/var/lib/gnunet" to
117 do this. Depending on your personal preferences, you may also want to
118 use "/etc/gnunet.conf" for the location of the configuration file in
119 this case (instead of ~gnunet/.config/gnunet.conf"). In this case,
120 you need to start GNUnet using "gnunet-arm -s -c /etc/gnunet.conf" or
121 set "XDG_CONFIG_HOME=/etc/".
123 You can avoid running 'make install' as root if you run configure
124 with the "--with-sudo=yes" option and have extensive sudo rights
125 (can run "chmod +s" and "chown" via 'sudo'). If you run 'make install'
126 as a normal user without sudo rights (or the configure option),
127 certain binaries that require additional priviledges will not be
128 installed properly (and autonomous NAT traversal, WLAN, DNS/GNS and
129 the VPN will then not work).
131 If you run 'configure' and 'make install' as root or use the SUDO
132 option, GNUnet's build system will install "libnss_gns*" libraries to
133 "/lib/" regardless (!) of the $GNUNET_PREFIX you might have specified,
134 as those libraries must be in "/lib/". If you are packaging GNUnet
135 for binary distribution, this may cause your packaging script to miss
136 those plugins, so you might need to do some additional manual work to
137 include those libraries in your binary package(s). Similarly, if you
138 want to use the GNUnet naming system and did NOT run GNUnet's 'make
139 install' process with SUDO rights, the libraries will be installed to
140 "$GNUNET_PREFIX/lib" and you will have to move them to "/lib/"
143 Finally, if you are compiling the code from subversion, you have to
144 run ". bootstrap" before ./configure. If you receive an error during
145 the running of ". bootstrap" that looks like "macro `AM_PATH_GTK' not
146 found in library", you may need to run aclocal by hand with the -I
147 option, pointing to your aclocal m4 macros, i.e.
149 $ aclocal -I /usr/local/share/aclocal
155 Note that additional, per-user configuration files can be created by
156 each user. However, this is usually not necessary as there are few
157 per-user options that normal users would want to modify. The defaults
158 that are shipped with the installation are usually just fine.
160 The gnunet-setup tool is particularly useful to generate the master
161 configuration for the peer. gnunet-setup can be used to configure and
162 test (!) the network settings, choose which applications should be run
163 and configure databases. Other options you might want to control
164 include system limitations (such as disk space consumption, bandwidth,
165 etc.). The resulting configuration files are human-readable and can
166 theoretically be created or edited by hand.
168 gnunet-setup is a separate download and requires somewhat recent
169 versions of GTK+ and Glade. You can also create the configuration file
170 by hand, but this is not recommended. For more general information
171 about the GNU build process read the INSTALL file.
173 GNUnet uses two types of configuration files, one that specifies the
174 system-wide defaults (typically located in
175 $GNUNET_PREFIX/share/gnunet/config.d/) and a second one that overrides
176 default values with user-specific preferences. The user-specific
177 configuration file should be located in "~/.config/gnunet.conf" or its
178 location can be specified by giving the "-c" option to the respective
185 First, you must obtain an initial list of GNUnet hosts. Knowing a
186 single peer is sufficient since after that GNUnet propagates
187 information about other peers. Note that the default configuration
188 contains URLs from where GNUnet downloads an initial hostlist
189 whenever it is started. If you want to create an alternative URL for
190 others to use, the file can be generated on any machine running
191 GNUnet by periodically executing
193 $ cat $SERVICEHOME/data/hosts/* > the_file
195 and offering 'the_file' via your web server. Alternatively, you can
196 run the build-in web server by adding '-p' to the OPTIONS value
197 in the "hostlist" section of gnunet.conf and opening the respective
198 HTTPPORT to the public.
200 If the solution with the hostlist URL is not feasible for your
201 situation, you can also add hosts manually. Simply copy the hostkeys
202 to "$SERVICEHOME/data/hosts/" (where $SERVICEHOME is the directory
203 specified in the gnunet.conf configuration file). You can also use
204 "gnunet-peerinfo -g" to GET a URI for a peer and "gnunet-peerinfo -p
205 URI" to add a URI from another peer. Finally, GNUnet peers that use
206 UDP or WLAN will discover each other automatically (if they are in the
207 vicinity of each other) using broadcasts (IPv4/WLAN) or multicasts
210 The local node is started using "gnunet-arm -s". GNUnet should run
211 24/7 if you want to maximize your anonymity, as this makes partitioning
214 Once your peer is running, you should then be able to access GNUnet
217 $ gnunet-search KEYWORD
219 This will display a list of results to the console. You can abort
220 the command using "CTRL-C". Then use
222 $ gnunet-download -o FILENAME GNUNET_URI
224 to retrieve a file. The GNUNET_URI is printed by gnunet-search
225 together with a description. To publish files on GNUnet, use the
226 "gnunet-publish" command.
229 The GTK user interface is shipped separately. After downloading and
230 installing gnunet-gtk, you can invoke the setup tool and the
231 file-sharing GUI with:
236 For further documentation, see our webpage.
242 Contributions are welcome, please submit bugs to
243 https://gnunet.org/bugs/. Please make sure to run contrib/report.sh
244 and include the output with your bug reports. More about how to
245 report bugs can be found in the GNUnet FAQ on the webpage. Submit
246 patches via E-Mail to gnunet-developers@gnu.org.
248 In order to run the unit tests with "make check", you need to
249 set an environment variable ("GNUNET_PREFIX") to the directory
250 where GNUnet is installed (usually, GNUnet will use OS specific
251 tricks in order to try to figure out the PREFIX, but since the
252 testcase binaries are not installed, that trick does not work
253 for them). Also, before running any testcases, you must
254 complete the installation first. Quick summary:
256 $ ./configure --prefix=$SOMEWHERE
259 $ export GNUNET_PREFIX=$SOMEWHERE
262 Some of the testcases require python >= 2.6 and pexpect to be
263 installed. If any testcases fail to pass on your system, run
264 "contrib/report.sh" and report the output together with
265 information about the failing testcase to the Mantis bugtracking
266 system at https://gnunet.org/bugs/.
269 Running HTTP on port 80 and HTTPS on port 443
270 =============================================
272 In order to hide GNUnet's HTTP/HTTPS traffic perfectly, you might
273 consider running GNUnet's HTTP/HTTPS transport on port 80/443.
274 However, we do not recommend running GNUnet as root. Instead, forward
275 port 80 to say 1080 with this command (as root, in your startup
278 # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1080
282 # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4433
284 Then set in the HTTP section of gnunet.conf the "ADVERTISED_PORT" to
285 "80" and "PORT" to 1080 and similarly in the HTTPS section the
286 "ADVERTISED_PORT" to "443" and "PORT" to 4433.
288 You can do the same trick for the TCP and UDP transports if you want
289 to map them to a priviledged port (from the point of view of the
290 network). However, we are not aware of this providing any advantages
293 If you are already running an HTTP or HTTPS server on port 80 (or 443),
294 you may be able to configure it as a "ReverseProxy". Here, you tell
295 GNUnet that the externally visible URI is some sub-page on your website,
296 and GNUnet can then tunnel its traffic via your existing HTTP server.
297 This is particularly powerful if your existing server uses HTTPS, as
298 it makes it harder for an adversary to distinguish normal traffic to
299 your server from GNUnet traffic. Finally, even if you just use HTTP,
300 you might benefit (!) from ISP's traffic shaping as opposed to being
301 throttled by ISPs that dislike P2P. Details for configuring the
302 reverse proxy are documented on our website.
308 * https://gnunet.org/
309 * https://gnunet.org/bugs/
310 * https://gnunet.org/svn/
311 * http://www.gnu.org/software/gnunet/
312 * http://mail.gnu.org/mailman/listinfo/gnunet-developers
313 * http://mail.gnu.org/mailman/listinfo/help-gnunet
314 * http://mail.gnu.org/mailman/listinfo/info-gnunet
315 * http://mail.gnu.org/mailman/listinfo/gnunet-svn