Merge branch 'master' into epel7
This commit is contained in:
commit
e986b1e913
1
.gitignore
vendored
1
.gitignore
vendored
@ -14,3 +14,4 @@
|
|||||||
/cjdns-v20.4.tar.gz
|
/cjdns-v20.4.tar.gz
|
||||||
/python-cjdns-0.1.tar.gz
|
/python-cjdns-0.1.tar.gz
|
||||||
/cjdns-v20.5.tar.gz
|
/cjdns-v20.5.tar.gz
|
||||||
|
/cjdns-v20.6.tar.gz
|
||||||
|
@ -45,10 +45,11 @@ cannot [insert standard cryptography disclaimer] be spoofed. Most mesh VPNs
|
|||||||
decrypt packets before routing to a new node. This means that if a relay node
|
decrypt packets before routing to a new node. This means that if a relay node
|
||||||
is compromised in a conventional VPN, it can see and even alter packets. All
|
is compromised in a conventional VPN, it can see and even alter packets. All
|
||||||
cjdns packets are end to end encrypted - relay nodes are untrusted. Cjdns is
|
cjdns packets are end to end encrypted - relay nodes are untrusted. Cjdns is
|
||||||
source routed, there is no centralized routing. If a node is "blackholing"
|
source routed, there is no centralized routing (an option for chosen route
|
||||||
your packets for some reason - simply doesn't route through that node anymore.
|
servers is slated for future implementation). If a node is "blackholing"
|
||||||
(But see Security below.) The usual security problems with source routing
|
your packets for some reason - cjdns simply doesn't route through that node
|
||||||
don't apply because cjdns IPs can't be (easily) spoofed.
|
anymore. (But see Security below.) The usual security problems with source
|
||||||
|
routing don't apply because cjdns IPs can't be (easily) spoofed.
|
||||||
|
|
||||||
## Startup
|
## Startup
|
||||||
|
|
||||||
@ -80,9 +81,6 @@ can speed this up dramatically with:
|
|||||||
|
|
||||||
The resume service restarts cjdns when the system wakes up from sleep.
|
The resume service restarts cjdns when the system wakes up from sleep.
|
||||||
|
|
||||||
For rhel6, use ```start cjdns``` instead of systemctl - ditto for restart
|
|
||||||
and stop.
|
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
By default, Fedora Workstation will treat the tun device created by cjdroute as
|
By default, Fedora Workstation will treat the tun device created by cjdroute as
|
||||||
@ -103,7 +101,8 @@ are more cumbersome.
|
|||||||
The Distributed Hash Table algorithm is a core component of cjdns - which is
|
The Distributed Hash Table algorithm is a core component of cjdns - which is
|
||||||
vulnerable to a Denial of Service attack known as "Sybil". This attack can
|
vulnerable to a Denial of Service attack known as "Sybil". This attack can
|
||||||
block specific updates to the DHT - to prevent your node from joining a mesh,
|
block specific updates to the DHT - to prevent your node from joining a mesh,
|
||||||
for instance.
|
for instance. The Sybil attack is less effective because Cjdns uses
|
||||||
|
chosen peers. Simply cut off abusive peers.
|
||||||
|
|
||||||
On the positive side, you can safely use telnet to cjdns IPs and the http
|
On the positive side, you can safely use telnet to cjdns IPs and the http
|
||||||
protocol is automatically encrypted (but you need a secure DNS or raw ip to be
|
protocol is automatically encrypted (but you need a secure DNS or raw ip to be
|
||||||
@ -150,7 +149,7 @@ http_access allow adultpcs
|
|||||||
|
|
||||||
You may install a network service that depends on cjdns, for instance you might
|
You may install a network service that depends on cjdns, for instance you might
|
||||||
install thttpd to serve up
|
install thttpd to serve up
|
||||||
[nodeinfo.json](https://docs.meshwith.me/en/cjdns/nodeinfo.json.html). If
|
[nodeinfo.json](https://github.com/hyperboria/docs/blob/master/cjdns/nodeinfo-json.md). If
|
||||||
thttpd is configured to listen only on your cjdns IP, then it will not start
|
thttpd is configured to listen only on your cjdns IP, then it will not start
|
||||||
until cjdns is up and running. Add ```After=cjdns-wait-online.service``` to
|
until cjdns is up and running. Add ```After=cjdns-wait-online.service``` to
|
||||||
```thttpd.service``` to hold off starting the service until cjdns has the
|
```thttpd.service``` to hold off starting the service until cjdns has the
|
||||||
|
@ -7,7 +7,7 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
|||||||
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
||||||
- if ((now - ctx->startTime) > 5000) {
|
- if ((now - ctx->startTime) > 5000) {
|
||||||
- Assert_failure("Failed to link in 5 seconds");
|
- Assert_failure("Failed to link in 5 seconds");
|
||||||
+ if ((now - ctx->startTime) > 100000) {
|
+ if ((now - ctx->startTime) > 200000) {
|
||||||
+ Assert_failure("Failed to link in 100 seconds");
|
+ Assert_failure("Failed to link in 100 seconds");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
18
cjdns.spec
18
cjdns.spec
@ -83,7 +83,7 @@
|
|||||||
|
|
||||||
Name: cjdns
|
Name: cjdns
|
||||||
# major version is cjdns protocol version:
|
# major version is cjdns protocol version:
|
||||||
Version: 20.5
|
Version: 20.6
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The privacy-friendly network without borders
|
Summary: The privacy-friendly network without borders
|
||||||
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
||||||
@ -345,14 +345,14 @@ rm -rf node_build/dependencies/libuv
|
|||||||
%else
|
%else
|
||||||
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
||||||
%ifarch s390x
|
%ifarch s390x
|
||||||
sed -i -e '/optimizeLevel:/ s/-O0/-O1/' node_build/make.js
|
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||||
%else
|
%else
|
||||||
sed -i -e '/optimizeLevel:/ s/-O0/-O2/' node_build/make.js
|
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
%patch19 -p1 -b .fuzz
|
%patch19 -p1 -b .fuzz
|
||||||
#patch20 -p1 -b .sysctl
|
#patch20 -p1 -b .sysctl
|
||||||
%patch22 -b .gcc10
|
#patch22 -b .gcc10
|
||||||
|
|
||||||
cp %{SOURCE1} README_Fedora.md
|
cp %{SOURCE1} README_Fedora.md
|
||||||
|
|
||||||
@ -770,6 +770,16 @@ fi
|
|||||||
%{_bindir}/graphStats
|
%{_bindir}/graphStats
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.5-3
|
||||||
|
- Rebuilt for Fedora 33
|
||||||
|
- Minor doc updates
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20.5-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Jan 22 2020 Stuart Gathman <stuart@gathman.org> - 20.5-1
|
* Wed Jan 22 2020 Stuart Gathman <stuart@gathman.org> - 20.5-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
|
1
sources
1
sources
@ -1,3 +1,4 @@
|
|||||||
SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6ae3b0c2f1e63ce738c52b34416f51f93c9752f6654ea95eac2c71897d2a1e19f4a6d1ca3bad46d
|
SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6ae3b0c2f1e63ce738c52b34416f51f93c9752f6654ea95eac2c71897d2a1e19f4a6d1ca3bad46d
|
||||||
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
||||||
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
||||||
|
SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
|
||||||
|
Loading…
Reference in New Issue
Block a user