From 982e9e920a8e76c3ad62fef3ec25269efc9f3922 Mon Sep 17 00:00:00 2001 From: Stuart D. Gathman Date: Nov 07 2016 04:33:59 +0000 Subject: Update cjdns-online man page. --- diff --git a/cjdns.man.patch b/cjdns.man.patch index d70f39b..0258804 100644 --- a/cjdns.man.patch +++ b/cjdns.man.patch @@ -1,415 +1,13 @@ -diff -up ./contrib/doc/cjdnslog.md.man ./contrib/doc/cjdnslog.md ---- ./contrib/doc/cjdnslog.md.man 2016-05-10 18:55:17.289488599 -0400 -+++ ./contrib/doc/cjdnslog.md 2016-05-10 18:55:17.289488599 -0400 -@@ -0,0 +1,43 @@ -+cjdnslog(1) -- display cjdroute log messages -+============================================= -+ -+## SYNOPSIS -+ -+`/usr/bin/cjdnslog` [...] -+ -+## DESCRIPTION -+ -+Cjdroute sends continuous log messages to the bit bucket. Cjdnslog -+captures that information in real time and sends it to stdout. -+ -+##OPTIONS -+ -+With no options, cjdnslog logs everything. -+ -+ * `--help` -+ Print usage summary. -+ -+ * `-f source_file.c` -+ Restrict output to log messages generated in source_file.c. -+ -+ * `-v log_level` -+ Restrict output to messages at log_level or higher. Log levels -+ include DEBUG, INFO, WARN, ERROR. -+ -+ * `-l lineno` -+ Restrict output to message generated on source line lineno. Normally -+ used in conjunction with `-f`. -+ -+##USAGE -+ -+Running cjdnslog requires admin privilege. The cjdnsadmin lib will -+try to read `/etc/cjdroute.conf` for the admin password. This will -+normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` -+ -+##FILES -+ -+`~/.cjdnsadmin` -+ -+## SEE ALSO -+ -+cjdroute(1) diff -up ./contrib/doc/cjdns-online.md.man ./contrib/doc/cjdns-online.md ---- ./contrib/doc/cjdns-online.md.man 2016-05-10 18:55:17.289488599 -0400 -+++ ./contrib/doc/cjdns-online.md 2016-05-10 18:55:17.289488599 -0400 -@@ -0,0 +1,33 @@ -+cjdns-online(1) -- check whether cjdns tunnel devices are available -+============================================= -+ -+## SYNOPSIS -+ -+`cjdns-online` [...] -+ -+## DESCRIPTION -+ -+Cjdns-online waits for cjdns to make its tunnel device available so -+that services that listen on the cjdns IP can start. If you have -+configured services to listen on the cjdns IP, then you can use: -+ -+ systemctl enable cjdns-wait-online -+ -+to wait until this IP is available before starting network services. -+This will increase your boot time somewhat, but is needed to launch -+thttpd at boot, for example. -+ -+##OPTIONS -+ -+ * `-t`, `--timeout` : -+ time to wait in seconds, default 30 -+ -+ * `-x`, `--exit`: -+ Exit immediately if cjdns is not online -+ -+ * `-q`, `--quiet`: -+ Don't print anything -+ -+ * `-s`, `--wait-for-startup`: -+ Wait for full startup instead of just tun dev. This is not implemented. -+ -diff -up ./contrib/doc/cjdroute.md.man ./contrib/doc/cjdroute.md ---- ./contrib/doc/cjdroute.md.man 2016-05-10 18:55:17.289488599 -0400 -+++ ./contrib/doc/cjdroute.md 2016-05-10 18:55:17.289488599 -0400 -@@ -0,0 +1,76 @@ -+cjdroute(1) -- Cjdns packet switch -+============================================= -+ -+## SYNOPSIS -+ -+`/usr/sbin/cjdroute` [...] -+ -+## DESCRIPTION -+ -+Cjdns implements an encrypted IPv6 network using public-key cryptography for -+address allocation and a distributed hash table for routing. This provides -+near-zero-configuration networking, and prevents many of the security and -+scalability issues that plague existing networks. -+ -+cjdroute runs in the background and either decrypts packets addressed to -+this node, or sends them on to the next node in the route. -+ -+##OPTIONS -+ -+ * `--help`: -+ Print usage summary. -+ -+ * `--genconf` [--no-eth]: -+ Generate a configuration file, write it to stdout. -+ If --no-eth is specified then ethernet beaconing will be disabled. -+ -+ * `--bench`: -+ Run some cryptography performance benchmarks. -+ -+ * `--version`: -+ Print cjdroute version and the protocol version which this node speaks. -+ -+ * `--cleanconf` < conf: -+ Print a clean (valid json) version of the config. -+ -+ * `--nobg` -+ Never fork to the background no matter the config. -+ -+##USAGE -+ -+To get the router up and running: -+ -+ * Step 1: -+ Generate a new configuration file if one doesn't already exist. -+ -+ cjdroute --genconf > /etc/cjdroute.conf -+ -+ You can also simply: -+ -+ systemctl start cjdns -+ -+ which will tell cjdroute to generate a new config if needed. -+ -+ * Step 2: -+ Find somebody to connect to. -+ Check out the IRC channel or http://hyperboria.net/ -+ for information about how to meet new people and make connect to them. -+ Read more here: https://github.com/cjdelisle/cjdns/#2-find-a-friend -+ -+ By default, cjdroute will find any cjdns nodes on your local LAN -+ without any configuration. -+ -+ * Step 3: -+ Add that somebody's node to your cjdroute.conf file. -+ https://github.com/cjdelisle/cjdns/#3-connect-your-node-to-your-friends-node -+ -+ * Step 4: -+ Fire it up! -+ -+ systemctl start cjdns -+ -+ Or if you had already started cjdns: -+ -+ systemctl restart cjdns -+ -+For more information about other functions and non-standard setups, see README.md -diff -up ./contrib/doc/makekeys.md.man ./contrib/doc/makekeys.md ---- ./contrib/doc/makekeys.md.man 2016-05-10 18:55:17.289488599 -0400 -+++ ./contrib/doc/makekeys.md 2016-05-10 18:58:51.521907178 -0400 -@@ -0,0 +1,24 @@ -+makekeys(1) -- write cjdns keys generated via libnacl to stdout -+============================================= -+ -+## SYNOPSIS -+ -+`makekeys` -+ -+## DESCRIPTION -+ -+Generates cjdns private keys and writes them to stdout forever with -+corresponding IP6 address and public key. Sample: -+ -+ 9b5520e11b4e1aac4e54cf8382ca219b6942f75519dbe7cc71fc6c4bb636a2db fca1:43dc:9e20:68dc:df3f:6bf1:fbf9:37ab x70u0x6sfh0yuushlq7wvcdxj8rgb8lvss9t6f42zp60ftq71cm0.k -+ 579db68cfdeaeda1ff7f365c73e620bedb0f68cb443a0cd7ef6bae16d0e1e12e fc68:b272:3aa3:cb4a:a686:dab0:7df5:2fb5 fmurp2qrb0yqmcjmbjtuhuxuf6v3rgmdn9hgsfh47k20h68y2lz0.k -+ -+##USAGE -+ -+Example use: -+ -+ makekeys | head -20 >keys.txt -+ -+## SEE ALSO -+ -+publictoip6(1) -diff -up ./contrib/doc/peerStats.md.man ./contrib/doc/peerStats.md ---- ./contrib/doc/peerStats.md.man 2016-05-10 18:55:17.289488599 -0400 -+++ ./contrib/doc/peerStats.md 2016-05-10 18:55:17.289488599 -0400 -@@ -0,0 +1,25 @@ -+peerStats(1) -- show cjdns peers -+============================================= -+ -+## SYNOPSIS -+ -+`peerStats` -+ -+## DESCRIPTION -+ -+Cjdroute talks to a number of immediate peers configured in -+`/etc/cjdroute.conf`. These can be discovered dynamically on local -+networks if "beacon" is enabled. Peers are enabled to connect -+to cjdroute by adding a login in "authorizedPasswords". Connecting -+out to peers is configured in "connectTo" in either the IPv4 or IPv6 section. -+ -+No admin privilege is needed to run peerStats, but it looks in `~/.cjdnsadmin` -+for the IP and admin port of cjdroute. -+ -+##FILES -+ -+`~/.cjdnsadmin` -+ -+## SEE ALSO -+ -+cjdroute(1), sessionStats(1) -diff -up ./contrib/doc/privatetopublic.md.man ./contrib/doc/privatetopublic.md ---- ./contrib/doc/privatetopublic.md.man 2016-05-10 18:55:17.290488610 -0400 -+++ ./contrib/doc/privatetopublic.md 2016-05-10 18:55:17.290488610 -0400 -@@ -0,0 +1,25 @@ -+privatetopublic(8) -- convert cjdns private keys to public keys and IP6 -+============================================= -+ -+## SYNOPSIS -+ -+`/usr/libexec/cjdns/privatetopublic` -+ -+## DESCRIPTION -+ -+As private keys are very sensitive, /usr/libexec/cjdns/privatetopublic reads -+them from stdin. If your shell, terminal, or other program keeps history, -+please avoid `echo 'key' | /usr/libexec/cjdns/privatetopublic`, or similar -+constructs. A heredoc is suitable for use in scripts, and will avoid -+unwanted revealing of the key in process lists, like so: -+ -+ /usr/libexec/cjdns/privatetopublic < -+ -+## DESCRIPTION -+Get a cjdns IPv6 address from a public key and write to stdout. -+The key should be in Base32 and end in '.k'. -+ -+## SEE ALSO -+ -+randombytes(1) -diff -up ./contrib/doc/randombytes.md.man ./contrib/doc/randombytes.md ---- ./contrib/doc/randombytes.md.man 2016-05-10 18:55:17.290488610 -0400 -+++ ./contrib/doc/randombytes.md 2016-05-10 18:55:17.290488610 -0400 -@@ -0,0 +1,16 @@ -+randombytes(1) -- write random bytes generated via libnacl to stdout -+============================================= -+ -+## SYNOPSIS -+ -+`randombytes` -+ -+## DESCRIPTION -+ -+Writes random bytes to stdout forever using the cryptographically secure -+random generator in libnacl. In practice, the output is piped -+to a program like dd(1) or base64(1). -+ -+## SEE ALSO -+ -+makekeys(1) -diff -up ./contrib/doc/sessionStats.md.man ./contrib/doc/sessionStats.md ---- ./contrib/doc/sessionStats.md.man 2016-05-10 18:55:17.290488610 -0400 -+++ ./contrib/doc/sessionStats.md 2016-05-10 18:55:17.290488610 -0400 -@@ -0,0 +1,39 @@ -+sessionStats(1) -- show cjdns crypto sessions -+============================================= -+ -+## SYNOPSIS -+ -+`sessionStats` -+ -+## DESCRIPTION -+ -+Cjdroute always talks to other nodes over a "session" similar to -+a TLS session. A session is required not only to talk to each peer, -+but also when talking to intermediate nodes to ask them about their peers -+when planning a route. -+ -+The cjdns protocol offers Perfect Forward Secrecy. Each session has a random -+symmetric key that encrypts that session. If a node is compromised, -+the attacker can get the session keys and read current and future sessions. -+However, the session keys are securely erased when a session is destroyed, -+so that past sessions (before the compromise) cannot be read. The lifetime -+of a session is somewhat random. Cjdroute caches recently active sessions, -+and destroys sessions that have not been used for a while. -+ -+##USAGE -+ -+Running sessionStats requires admin privilege. The cjdnsadmin lib will -+try to read `/etc/cjdroute.conf` for the admin password. This will -+normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` -+ -+##FILES -+ -+`~/.cjdnsadmin` -+`/etc/cjdroute.conf` -+ -+##BUGS -+If you get a TypeError, you probably have the wrong admin password. -+ -+## SEE ALSO -+ -+cjdroute(1), peerStats(1) -diff -up ./contrib/doc/sybilsim.md.man ./contrib/doc/sybilsim.md ---- ./contrib/doc/sybilsim.md.man 2016-05-10 18:55:17.290488610 -0400 -+++ ./contrib/doc/sybilsim.md 2016-05-10 18:55:17.290488610 -0400 -@@ -0,0 +1,43 @@ -+sybilsim(8) -- Cjdns packet switch -+============================================= -+ -+## SYNOPSIS -+ -+`/usr/libexec/cjdns/sybilsim < config.json` -+ -+## DESCRIPTION -+ -+Sybilsim reads a list of nodes and peers from stdin and simulates the -+corresponding mesh without any actual networking using the same code -+as cjdroute. This is useful for testing and optimizing cjdroute. -+Every node must have a valid cjdns private key. The makekeys(1) utility can be -+useful for scripts that generate the config. -+ -+##USAGE -+ -+Example config: -+ -+ { -+ "nodes": { -+ "alice": { -+ "privateKey": -+ "5e2295679394e5e1db67c238abbc10292ad9b127904394c52cc5fff39383e920", -+ "peers": [] -+ }, -+ "bob": { -+ "privateKey": -+ "6569bf3f0d168faa6dfb2912f8ee5ee9b938319e97618fdf06caed73b1aad1cc", -+ "peers": [ "alice" ] -+ } -+ } -+ } -+ -+Example use: -+ -+ makekeys | head -20 >keys.txt -+ node /usr/libexec/cjdns/tools/lib/makesim.js keys.txt | -+ /usr/libexec/cjdns/sybilsim -+ -+## SEE ALSO -+ -+makekeys(1), cjdroute(1) -diff -up ./contrib/doc/traceroute.md.man ./contrib/doc/traceroute.md ---- ./contrib/doc/traceroute.md.man 2016-05-10 18:55:17.290488610 -0400 -+++ ./contrib/doc/traceroute.md 2016-05-10 18:55:17.290488610 -0400 -@@ -0,0 +1,33 @@ -+cjdns-traceroute(1) -- trace cjdns packet routing -+============================================= -+ -+## SYNOPSIS -+ -+`cjdns-traceroute` -+ -+## DESCRIPTION -+ -+Because cjdns is end to end encrypted, the standard traceroute always -+shows a direct connection. Cjdns-traceroute queries cjdroute to discover -+what route would be used to send a packet to the destination IP. -+Note that just as with the standard traceroute, there is no guarantee -+that that precise route will actually be used with the next packet. -+ -+Cjdns-traceroute requires admin privilege. The cjdnsadmin lib will -+try to read `/etc/cjdroute.conf` for the admin password. This will -+normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` -+ -+##USAGE -+ -+##FILES -+ -+`~/.cjdnsadmin` -+`/etc/cjdroute.conf` -+ -+##BUGS -+Cjdns-traceroute throws an ugly exception if you forget -+to pass an IP or have the wrong admin password. -+ -+## SEE ALSO -+ -+cjdroute(1) +--- ./contrib/doc/cjdns-online.md.man 2016-10-11 17:39:44.000000000 -0400 ++++ ./contrib/doc/cjdns-online.md 2016-11-06 23:15:32.528962680 -0500 +@@ -25,6 +25,9 @@ thttpd at boot, for example. + * `-x`, `--exit`: + Exit immediately if cjdns is not online + ++ * `-i`, `--interface`: ++ Output interface name instead of IP ++ + * `-q`, `--quiet`: + Don't print anything + diff --git a/cjdns.spec b/cjdns.spec index 67661ee..8b9e666 100644 --- a/cjdns.spec +++ b/cjdns.spec @@ -43,7 +43,7 @@ Name: cjdns # major version is cjdns protocol version: Version: 18 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The privacy-friendly network without borders Group: System Environment/Base # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC @@ -482,6 +482,9 @@ fi %{_bindir}/graphStats %changelog +* Sun Nov 6 2016 Stuart D. Gathman 18-4 +- update cjdns-online man page + * Fri Oct 14 2016 Stuart D. Gathman 18-3 - libstdc++ not needed with libsodium