Merge branch 'master' into epel7
This commit is contained in:
commit
e986b1e913
|
@ -14,3 +14,4 @@
|
|||
/cjdns-v20.4.tar.gz
|
||||
/python-cjdns-0.1.tar.gz
|
||||
/cjdns-v20.5.tar.gz
|
||||
/cjdns-v20.6.tar.gz
|
||||
|
|
|
@ -45,10 +45,11 @@ cannot [insert standard cryptography disclaimer] be spoofed. Most mesh VPNs
|
|||
decrypt packets before routing to a new node. This means that if a relay node
|
||||
is compromised in a conventional VPN, it can see and even alter packets. All
|
||||
cjdns packets are end to end encrypted - relay nodes are untrusted. Cjdns is
|
||||
source routed, there is no centralized routing. If a node is "blackholing"
|
||||
your packets for some reason - simply doesn't route through that node anymore.
|
||||
(But see Security below.) The usual security problems with source routing
|
||||
don't apply because cjdns IPs can't be (easily) spoofed.
|
||||
source routed, there is no centralized routing (an option for chosen route
|
||||
servers is slated for future implementation). If a node is "blackholing"
|
||||
your packets for some reason - cjdns simply doesn't route through that node
|
||||
anymore. (But see Security below.) The usual security problems with source
|
||||
routing don't apply because cjdns IPs can't be (easily) spoofed.
|
||||
|
||||
## Startup
|
||||
|
||||
|
@ -80,9 +81,6 @@ can speed this up dramatically with:
|
|||
|
||||
The resume service restarts cjdns when the system wakes up from sleep.
|
||||
|
||||
For rhel6, use ```start cjdns``` instead of systemctl - ditto for restart
|
||||
and stop.
|
||||
|
||||
## Security
|
||||
|
||||
By default, Fedora Workstation will treat the tun device created by cjdroute as
|
||||
|
@ -103,7 +101,8 @@ are more cumbersome.
|
|||
The Distributed Hash Table algorithm is a core component of cjdns - which is
|
||||
vulnerable to a Denial of Service attack known as "Sybil". This attack can
|
||||
block specific updates to the DHT - to prevent your node from joining a mesh,
|
||||
for instance.
|
||||
for instance. The Sybil attack is less effective because Cjdns uses
|
||||
chosen peers. Simply cut off abusive peers.
|
||||
|
||||
On the positive side, you can safely use telnet to cjdns IPs and the http
|
||||
protocol is automatically encrypted (but you need a secure DNS or raw ip to be
|
||||
|
@ -150,7 +149,7 @@ http_access allow adultpcs
|
|||
|
||||
You may install a network service that depends on cjdns, for instance you might
|
||||
install thttpd to serve up
|
||||
[nodeinfo.json](https://docs.meshwith.me/en/cjdns/nodeinfo.json.html). If
|
||||
[nodeinfo.json](https://github.com/hyperboria/docs/blob/master/cjdns/nodeinfo-json.md). If
|
||||
thttpd is configured to listen only on your cjdns IP, then it will not start
|
||||
until cjdns is up and running. Add ```After=cjdns-wait-online.service``` to
|
||||
```thttpd.service``` to hold off starting the service until cjdns has the
|
||||
|
|
|
@ -7,7 +7,7 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
|||
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
||||
- if ((now - ctx->startTime) > 5000) {
|
||||
- Assert_failure("Failed to link in 5 seconds");
|
||||
+ if ((now - ctx->startTime) > 100000) {
|
||||
+ if ((now - ctx->startTime) > 200000) {
|
||||
+ Assert_failure("Failed to link in 100 seconds");
|
||||
}
|
||||
}
|
||||
|
|
18
cjdns.spec
18
cjdns.spec
|
@ -83,7 +83,7 @@
|
|||
|
||||
Name: cjdns
|
||||
# major version is cjdns protocol version:
|
||||
Version: 20.5
|
||||
Version: 20.6
|
||||
Release: 1%{?dist}
|
||||
Summary: The privacy-friendly network without borders
|
||||
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
||||
|
@ -345,14 +345,14 @@ rm -rf node_build/dependencies/libuv
|
|||
%else
|
||||
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
||||
%ifarch s390x
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O1/' node_build/make.js
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||
%else
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O2/' node_build/make.js
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||
%endif
|
||||
%endif
|
||||
%patch19 -p1 -b .fuzz
|
||||
#patch20 -p1 -b .sysctl
|
||||
%patch22 -b .gcc10
|
||||
#patch22 -b .gcc10
|
||||
|
||||
cp %{SOURCE1} README_Fedora.md
|
||||
|
||||
|
@ -770,6 +770,16 @@ fi
|
|||
%{_bindir}/graphStats
|
||||
|
||||
%changelog
|
||||
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
|
||||
- New upstream release
|
||||
|
||||
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.5-3
|
||||
- Rebuilt for Fedora 33
|
||||
- Minor doc updates
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jan 22 2020 Stuart Gathman <stuart@gathman.org> - 20.5-1
|
||||
- New upstream release
|
||||
|
||||
|
|
1
sources
1
sources
|
@ -1,3 +1,4 @@
|
|||
SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6ae3b0c2f1e63ce738c52b34416f51f93c9752f6654ea95eac2c71897d2a1e19f4a6d1ca3bad46d
|
||||
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
||||
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
||||
SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
|
||||
|
|
Loading…
Reference in New Issue