GNUnet 0.13.0 Released With A New Protocol Version

From LinuxReviews
Jump to navigationJump to search
Gnu-head.jpg

GNUnet is a very old little-known little-used anonymous peer to peer file sharing network program developed by the GNU Project. The latest version uses a entirely new protocol which is incompatible with previous versions. GNUnet 0.13.0 is about as practically usable as the first GNUnet version was when it was released all the way back in 2001.

written by 林慧 (Wai Lin). published 2020-07-10last edited 2020-07-10

Gnunet-peerinfo.jpg
gnunet-peerinfo showing all kinds of incriminating information like IP addresses of others who are participating in the GNUNet network.

The GNU projects very secure anonymous peer to peer file sharing software is one of the oldest, perhaps the oldest, file sharing software project still alive. It was initially released on November 5, 2001. That's 18 years ago. It never really amounted to anything or got anywhere during those 18 years - much like the GNU Hurd kernel. The project is not dead, so there's that.

The latest release, version 0.13.0, a few larger changes. The most important change is a brand new protocol version which is incompatible with previous versions. Breaking compatibility with the existing network would be a problem if the user-base was larger than what you could fit in a one-person elevator so the compatibility breakage should be a non-issue.

The latest protocol can be used to create other networks on top of GNUNet. These networks could use TCP, UDP, HTTP or HTTPS. Object location data is shared using distributed hash tables (DHT). The GNUNet package includes a few ready to use services like a anonymous file sharing service, a VPN system, a prototype for a social networking platform (using the PSYC protocol) and a payment system called "GNU Taler".

Introducing the GNU Name System

GNUNet has its own DNS name system which is, naturally, called the The GNU Name System (GNS). The specification can be read in all its glory at lsd.gnunet.org/lsd0001/. GNUnet 0.13.0 has GNS support aligned with this specificaiton. There are, additionally, many underlying changes to related code.

GNS uses a self-designed ECDSA public/private key system based on elliptic curve25519 curves for security. Security researcher Soatok has questioned this decision in the "Dhole Moments" blog:

"The GNU Name System developers didn’t need to roll their own design, they could have used one that’s already seen real-world deployment instead. Why take on unnecessary risk?

Furthermore, trying to push through an implementation of ECDSA over edwards25519 isn’t just unnecessary and weird, it’s also probably dangerous "

GNU: A Heuristic for Bad Cryptography
Published July 8th, 2020

DNS, or GNS, is no good without a registry. GNUNet 0.13.0 brings a tyrannical new organization called "GNUnet Assigned Numbers Authority (GANA)" into the warmth as a new Internet authority.

"Neither IANA nor participants in the IETF"

{{{2}}}

will have any necessary expertise to evaluate registration requests in the sort of registry described, and no one will be well served by the creation of such a registry at IANA. It would be far better to have a registration process be described in this document involving experts from the industry as reviewers and maintenance of the registrations by an industry organization, rather than by IANA.|Barry Leiba wrote on April 4th, 2020
according to gana.git README

The industry "experts" will decide if you can or can't have a GNS entry that can be used with the newly released GNUNet software. The actual registration POLICY document is not yet written. It is therefore impossible to predict who these "experts" will be or what kind of guidelines they will follow.

The good news is that you do not need any GNS domain from the GANA overlords to try GNUNet. You can go right ahead and download and compile and install the server daemon and make it run. The separately released GUI package won't even ./configure so you won't be able to anything practical with it. You can make the server daemon connect to the network and get some statistics and even do some basic things using the command-line.

Building

Building is fairly strait-forward if you are a computer wizard. It is not for those who are afraid of the terminal as it requires you to enter many scary commands. You should know that you won't be able to build the GUI or do much with it before you proceed; read through to the bottom before you dive into the nearest terminal.

Building GNUnet 0.13.0 requires a lot of libraries you likely do not have: gettext, libgcrypt, libtool-ltdl, libidn2, libunistring, jansson, libsodium, texinfo and zbar in addition to the standard build toolchain (gettext-devel libgcrypt-devel libtool-ltdl-devel libidn2-devel libunistring-devel jansson-devel texinfo libsodium-devel zbar-devel). You should also, optionally, have libopus and libextractor (libextractor-devel libopusenc-devel) installed to get additional (more like basic) functionality.

Actually building GNUnet is done using the typical ./configure && make procedure:

wget http://ftpmirror.gnu.org/gnunet/gnunet-0.13.0.tar.gz
tar xfvz gnunet-0.13.0.tar.gz  
cd gnunet-0.13.0
./configure --prefix=/usr/local
# Make sure it did not complain about missing libraries
make -j$(nproc)  # or -j2 if you do not want to use all cores
su -c 'make install'

That's it, you should now have GNUnet installed. That is, sadly, not enough. There are some additional steps as root are required (just sudo -i if you are on a distribution where su doesn't work):

# Make a user group for gnunetdns:
gropuadd gnunetdns
# Make a user for GNUnet:
adduser --system  -s /bin/false -m -d /var/lib/gnunet gnunet

You will also have to add each system user (your own) to the gnunet group to (ab)use GNUnet.

Snubbelrisk.jpg
Warning: usermod -G will, if executed without -a for append, remove all groups not listed when usermod is executed. Make sure you are running usermod -a -G!!

You can add your username to the gnunet group with:

usermod -a -G gnunet yourusername

GNUnet will install a useless systemd file with ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm in /usr/local/share/gnunet/services/systemd/gnunet.service. We have no idea, not even a wild guess, why they would include a file with that hard-coded path in that location.

echo '[Unit]
Description=Service that runs a GNUnet for the user gnunet
After=network.target

[Service]
User=gnunet
Type=simple
ExecStart=/usr/local/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf' > /usr/lib/systemd/system/gnunet.service

systemctl daemon-reload

GNUNet does, of course, not come with any example configuration file. It will not start if one isn't present. It can be empty. You could just echo > /etc/gnunet.conf or, alternatively, use the gnunet-config tool:

gnunet-config -s PEER > /etc/gnunet.conf

then start the service

systemctl start gnunet.service

You can check if it actually started with systemctl status gnunet.service. It probably didn't if you are using a distribution with SELinux enabled. You could just turn all your precious security off with setenforce 0 and test it and stop it and re-enable SELinux with setenforce 1 if you are on a SELinux distribution and you just want to test it. Permanently turning security off is not recommended by leading computer security scientist.

Testing GNUNet

The command gnunet-peerinfo will show a list of connected IP addresses of machines running a compatible GNUNet version (only 0.13.0 as of now). gnunet-statistics will print a long list of mostly uninteresting statistics.

Files can be published (shared) on the network with gnunet-publish

The GUI

The GNUNet GUI comes as a separate package called gnunet-gtk. You need this to do something useful with it.

You should not waste time trying to install it with:

wget http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.13.0.tar.gz
tar xfvz gnunet-gtk-0.13.0.tar.gz 
cd gnunet-gtk-0.13.0
./configure  --prefix=/usr/local 

since it will just fail with config.status: error: cannot find input file: `src/conversation/Makefile.in'. This failure happens because the configure script has src/conversation/Makefile listed (hard-coded) even though the gnunet-gtk-0.13.0.tar.gz archive does not have any src/conversation folder in it (it does have src/.

You'd think someone would have tried to compile the thing before releasing it - in which case they would have noticed that it doesn't even ./configure.

The Bright Future

We expect another fine GNUNet release, perhaps with a gnunet-gtk package that isn't missing some of the files required to build it, in six to twelve months (given the projects track-record over the last 18 years).

Further Reading

You can read the full GNUNet 0.13.0 release-announcement in all its glory at gnunet.org/en/news/2020-07-0.13.0.html.

The Russians have a very in-depth and informative article about it on their opennet.ru site titled Выпуск P2P-платформы GNUnet 0.13. Продвижение GNS в качестве интернет-стандарта. It may be of interest if you read русский.

0.00
(0 votes)


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.