From 8462ba2f856867d775f2cb255401c4611526f4fb Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 30 Oct 2017 13:16:07 +0000 Subject: [PATCH 01/14] Can install nodejs on mesh routers --- src/freedombone-utils-nodejs | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/freedombone-utils-nodejs b/src/freedombone-utils-nodejs index 6ec4451c..eab687bc 100755 --- a/src/freedombone-utils-nodejs +++ b/src/freedombone-utils-nodejs @@ -63,9 +63,6 @@ function get_npm_arch { function mesh_install_nodejs { mesh_install_nodejs_prefix= if [ $rootdir ]; then - if [[ $VARIANT == "mesh" ]]; then - return - fi mesh_install_nodejs_prefix="chroot $rootdir" fi From 23f1bbb45226d17cf4c8e43a8512f88308053ffd Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 30 Oct 2017 14:24:50 +0000 Subject: [PATCH 02/14] Increase image size for mesh routers --- src/freedombone-image | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-image b/src/freedombone-image index 17a57ee8..d18c956a 100755 --- a/src/freedombone-image +++ b/src/freedombone-image @@ -533,7 +533,7 @@ if [[ $VARIANT == 'mesh' ]]; then IMAGE_NAME=$'mesh' # typically not much disk space is needed for a mesh node if [ ! $IMAGE_SIZE_SPECIFIED ]; then - IMAGE_SIZE=3G + IMAGE_SIZE=5G fi fi From e97168728b3ecb00f6c0762a9eeaed6969b540f1 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 30 Oct 2017 15:47:20 +0000 Subject: [PATCH 03/14] Updated hashes --- doc/EN/mesh_images.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/EN/mesh_images.org b/doc/EN/mesh_images.org index 5f7b3aa2..ffa99cb9 100644 --- a/doc/EN/mesh_images.org +++ b/doc/EN/mesh_images.org @@ -82,7 +82,7 @@ wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig sha256sum freedombone-mesh_beaglebone-armhf.img.xz -45f131995e2f77188e7ddaf2b42ca3d8d48d821d37c7a31a21e2e6dcceaf510d +60017999340a6559d1de76f3d78d9771c11de5eeefb3d3b812747ce306251e67 unxz freedombone-mesh_beaglebone-armhf.img.xz sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync #+end_src @@ -102,7 +102,7 @@ wget https://freedombone.net/downloads/current/freedombone.tar.gz wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig gpg --verify freedombone.tar.gz.sig sha256sum freedombone.tar.gz -024aedd3a264e963d791daaada347aba1295bc5caebba34ad9b19dc117a8cac9 +3d2a7f2bd7a3475832756b7bb63b96ba5fc4a4f4d7bffe86e685be9a3b41b958 tar -xzvf freedombone.tar.gz cd freedombone git checkout stretch From 6e64539c935e0df69a65b563b2401d614e8bd15b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 1 Nov 2017 10:45:19 +0000 Subject: [PATCH 04/14] Check that nextcloud encryption gets enabled --- src/freedombone-app-nextcloud | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/freedombone-app-nextcloud b/src/freedombone-app-nextcloud index 33c1639f..9f592c38 100755 --- a/src/freedombone-app-nextcloud +++ b/src/freedombone-app-nextcloud @@ -686,6 +686,11 @@ function install_nextcloud_main { ./occ status ./occ app:list ./occ app:enable encryption + ./occ encryption:enable + if [ ! "$?" = "0" ]; then + echo $'Encryption not enabled' + exit 73527 + fi ./occ config:system:set appstoreenabled --value=false chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs From fe28c12766a583ebe9ad99218f3f0da10743d6aa Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 1 Nov 2017 11:11:45 +0000 Subject: [PATCH 05/14] occ commands need sudo prefix --- src/freedombone-app-nextcloud | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/freedombone-app-nextcloud b/src/freedombone-app-nextcloud index 9f592c38..3de70611 100755 --- a/src/freedombone-app-nextcloud +++ b/src/freedombone-app-nextcloud @@ -682,16 +682,17 @@ function install_nextcloud_main { fi chown -R www-data:www-data config chown -R www-data:www-data data - ./occ check - ./occ status - ./occ app:list - ./occ app:enable encryption - ./occ encryption:enable + sudo -u www-data ./occ check + sudo -u www-data ./occ status + sudo -u www-data ./occ app:list + sudo -u www-data ./occ app:enable encryption + sudo -u www-data ./occ encryption:enable if [ ! "$?" = "0" ]; then echo $'Encryption not enabled' exit 73527 fi - ./occ config:system:set appstoreenabled --value=false + sudo -u www-data ./occ encryption:status + sudo -u www-data ./occ config:system:set appstoreenabled --value=false chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs chmod 0644 .htaccess From 15bbcccec73126ff883c3c840d7256fb45f97867 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 1 Nov 2017 18:59:17 +0000 Subject: [PATCH 06/14] mesh logo --- doc/EN/mesh.org | 2 +- img/mesh_logo.jpg | Bin 0 -> 10179 bytes website/EN/mesh.html | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 img/mesh_logo.jpg diff --git a/doc/EN/mesh.org b/doc/EN/mesh.org index 75587c3b..683392e8 100644 --- a/doc/EN/mesh.org +++ b/doc/EN/mesh.org @@ -23,7 +23,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected * [[./mesh_usage.html][How to use it]] #+BEGIN_CENTER -[[file:images/mesh_architecture1.jpg]] +[[file:images/mesh_logo.jpg]] #+END_CENTER Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. diff --git a/img/mesh_logo.jpg b/img/mesh_logo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3c5870092ef1e2a695bd22a3f500016003e2662f GIT binary patch literal 10179 zcmdscbySq!*Y7jK3>^c~kS| zJK*>J*7v=Cym#F{@7?QJ^PIEy=h-LrS^Mn0=X&OP8Gt>MSCR)nC}Ib(1Hkn>AOpZ~ zaPe`mVfc9XM1-(A+#}k?b9-r^bPE9B`6&!}ioklN^a2)Yts0yg5ouq9nbp6D zVyN6M41n1u)pUAF!9!A}D`+X!b?#(v&{38mK`gQ_> zqs}z7o8BHRt~CQF+f}vL`X5{EyAIQpNNp~Ng`upAkr?kIPJ#EHHL2fH)P`k}<7FUf z2oNyMcCUdkQ4PLF^J^4l%d85_Y%VKjvp6%^xk=2`w`zaheS|xG3lCmw>|Qn z`Dd+xpeI83@8CCBDQ%JU&+WP~Fr^l~5vc4oX%0d_m9^G3oxs{H&mn1bRR@2oR`CW2 zllr!tNl#!syE!J2vRY$-I^C`@T1`^RpPnKMjY?BGa|{V&189Ol6<{VlYKs6<0i0)t}{01R%sUn^+J)b9lB!XCPtsF97Dn zQuw+-uLBO?TETaytYu~yDc8N`#L1)j;Qt`BV(33T?*jl#USvV>%R_HQ3jD3*QBm2z zzjCSQ&S#0J?Yi}lV8mZ05QyRgpgboB3;=^cXkaJ=4RsOR2vI&30ze6g?!aNhByMv$2s@*Hw6yT*k7mYZOPkR8}+0K_6_so+2 z!s$_v=u;lKH5^%^UfflX*!L|=bby9rg3GiU_jzj7c&yIFF~eeQNT^eYYhHqi%0u>y zbyngqtGU&u;Y&|Th$_Bc1F;!bSCk>^&Scbl{0(QcKWlhv{n+Qd%O4y!JCae>^}fEC z{rOSy`Fp9rmXQpX*$OdixCWlNpy&l$`Zx(TfxDU=JzH7C_oh2c1Y+;;2c<@eE#mjVhw| z)@`1kBFpQ+WG07jh&xWjGa8y#BV(7rs`j0vcY{KP%nJDvx0wQHCV@QnU4tHrxpTy9 zjPR+PvuwbDTn{{_YCNsxtfS>@MBPz7XD~*w$^$mz$XJ7oEy*}2?{;^n=q>TqyE~Z* zOv;(aJ`SW}CZ_~{SRu7p5Xf%a_(`xF8h$G%ruLH>U*?iqkymMq3H_$fzS{n@GUa`0 zVTb$X&v-??FD4Z8OFVR&48c&>UM5f5W{=QGzj_P$5z1L{e4m8V?Bc zX->075c;#3%_ayJHm892WNH1rsehN-toYb4Eh3^Qc!WM$LfF+-lrLwge(kC>y?CVc zjhN1#Qw?_8mr3u`lO;#lXzXI%63?60d<^n4exgAkm59IFD5f)^;JNrTWv1oq^CZ=q z9N*Yn^3;%A_RHtLG~c!v+^_t7@)Zto{Zal$*0P38xW-PB-rNFMw+xdDHIOZ?TeZ4G z201)YiF-E3EUMfmU5KBkMyQyyp++(qv%B86{>;Mc47!K0tFM!)Nt&(grC-5C5mQr| z&zV4qN%!>4kgET5#?^hIWlx>Yri)(7+stqBlXr1eS6s>q6u!h>wuQRprPC)Q)D2YN zwpt}_kaBhD3YOt~I&TnTby{!s5a}nZbHZmxOdh0ROwui3$x=A39ob0o~kU&f&zZ>fYyxmLJi-KJbsUF{nRhS6_0|dRtcz5Nmi@eR?<4TXV|F zUUTf|*u_p4yk>Od6gh55L z8z3u0b;3sC zzKej8Lnk?1rMhMSal0ydO&G)cRpm`=OnB?o|MB}buk2e-j`H^pK%Q^^2L$*(2!0p< z0)sIyAYd>U?N$>ivL>WMgAwuaNom085oRty33qt--$`pSxT;s1$9Md5S)e~aT^39& z2u;Rfp33OoT4s7i^-n&1-JN?eAjG|q{}ey92wU+@>EU4;H@n9-4`j-z9Oj!?soLOy z2BJqD(%~tgL~A53-leff)YByPORg*ZJj`fO5tRBdZy{Dx>mjBRuE%Shh~XD)ku1}tRnQQ3Py!+FvEY<|V> z*?#N&Gd;R7+l^!l<39ZXzCbd(oS?m3^vyfoBf-Zk7oliA$#bQgvmWqnV%Rh0H}mHV z<5i!?iK=@`AmKXRji8PuoYsl+d-(ocO>{#7RUM7Rwev>(oE|F%cHy!ZU}+bfHWQ-P zC5~g;8N0DnrMM4D7O?46u|b73$9Mh1HKHpuh8AcK-Xvo)Q>@qe6r_?v33u<(3C``N zQYZaNU*4@JJl8@-qxqETg)v#p^e%O{=wz)(+ldKPlld(v}RQTQCrmu3=%>%9o?JGWVg@PCbX_q1&NkH#S#p5?@hW zMW9gjccr$y&|||zeXsC7{ahGj5zc!S!Fs$n&1lDrmBd%~Hg(oay^Bm9;*t?q4Mo$F z{sxuYH}~E@FsrHmx}tCTYSOT2T`08KzwIdRJ8p1B|0f-mvJ}!Xkdr`YERD8Q9FCyZ zX^6r%tp(`@4!r$Bc~U65l%p_-RVNh2)9FWSWJ=6(8re!iyzqF3s-<*Qq=@E=FVnVm z>|y;PNrR3F@yyi0Wf@dOn5DKG{--lQ6_TiP@qtU1vWr#x0-t&mhV6i}W`EY%@LR8c z(Tk<76GFe{R)N!$Ck}F;W-5t_wqGQga!P!7HkU`IJ(uh2QKTXEVd1?`lp#sWbn-`e zztRDpVu`}0WVJ`sNrJ53-vUa*MONuLh8|kHn+2Gfp2)I{R0h}Zk7#dv84Hfp>FN9| zYPwG9X?@Eg8-lV_!+vOiV+#Xo(YMsWwnF_0QMJ15w)eTiM~f9VV{<(8`{uc2H(@oV zQ(h8D?RpU6&FQ_!jLQ=0U>j9*Y0R*1O1n64yZooK=EDThPHNL*NjR}CAKU~;LDCue%Z>Z4YifMNvXb13G= zr<1I;BnQQc(Xan7zj^%NV&6ZX=6C3y-~shGQ(|(C;+CQ?l52pIq%2FzqP9Iu^d~kn z$n52?9o=I9JVN3s8e|8 z=Z%8jECRm3`qLSgNBCY44vo#sjfICa!ZP~SCVgmfBCz^7>=9SKZOm3>ELPk+ZoxCpVliWg>67R3h_GbtwTkaQ zO#;6!|%Fa?2SjZKD*q=}CCIO9Km6Pr*!$vn0E0Le_uD*cJ9h?gS}Ja7!Zx_g zp2z-?W%`J|;#BR=aMb@J?GME!+o`)^ysS@@Uw(|a=rs+|w4fCISU5QK zbsV9wcu0t8zZ}e_wZ5YmCQ`mLSv5IH#}Nmc?tlt!dGK=75k=2bTFYlBpQXhJ+HF^z z`K@|U9pRBBX*w&JcNKkana-9RbSUuWc{Rj%A9AnS6hldMdpVsn`08qW;g=*Y-UGI) z7m8vzI6tD!&e6vPhn$I&k(Yl~@SV9z%NQ+Ge$gPj&7lUA+~@qzJ7_9aKd_cESFzs9 zpY|1XN9^96)xgozyX}t#-Ks9LpW%mueR(N#HNLg>fGeoTy+E?Y(=SWJ=eL`{Si-^X z%<)1Xxb?xvBYJ&RYLNqymR}UxZ*jl9A@)Ra@8Nt9rv8L?sjtVj-Tk}R=ZvAvIfj`@Y{ukH{@#Wfl4McTRZY1w|5rYvUthi-L&k zO}v=9Tj3Tgcb&3v!D2khWltzH25q~wboa`jfUk<2b@F8|Gi|OWi;R6;vJC+UlMQ=E zw@j*oD&FWC0P&DD?}o)xa{m$-l8g#TW#KC^Y# ztaM580nguYc*El(No9~=_k}OmG8MMdn?p3W9KkoN$CU!obBXdO-A*O5gXvUa&`Qq@{93J0)L z2^Uk=RoT6u-nf_p7czP+TxP~gX_pSja@F+vzZ_GN)creylq|=^T=?F=Ka%B%!FGOA zxH_#wj&pruOJbUMfeWdt$#<;f{ysj%E^SAP@jV9{qmP)?qVujwkNL29>>K(NE6VCH zUzbh64~n}WlWsOV)-wDuGLvwff{b*Hwt6EPM6duWedsRMV}|}+5g%Jx)9FqXYZ#@6 zQ7U*4t+=ygWrNwNNb`@QzxrZ3>(=j)ukW2HUi7`DE8n}1R*-X7rrB%iPrA3G0zYQ^ zG!53r7w1Czem-rI1DEzD5f3_38N?s5da}`J;f{=kNtkDGX78WGWN=bfH_g>=lD~r! zrTNooJ#WqERIMe@;LVmNPUUK7yapa@zdd;HMG4K&JMu9;$3#ALbH{00n4B6;1KI8m z@&05qquMx|oW3OQ-N z_a^h0yLU`JsffvxJy6$!m!{w#eLntE>YOJmsQg08UzsqEq9)?1n#(tl17TWeJ5aS` zjCDS7^fm!Zn7bU)q~-i#_3P?$g@~73tqk(evshL3+;}xIgW!Q6IDjG$ z1dItG0w94(jKMd30E`I-5U5WeiJ;pmCW@s9LForeF~(!wBCr@y7jz&BfCc|sItHWe zYm^AY2t#SUAxI(s+&q|Y@Lz@$BT7FCkcjnHCnONnKqX#M0D$<5fS?+v@?jztB=9c- zfCS#m9QbF@n~6c1N8jWP{9_?8i@gfcOz1xdt2@ox-`>JlL!fl|QDHr@~% zwYPx)O7mYkqKtyFHR@pumV%?iC~ffooCts?A{bHDyd{)!IDiRHRJzrPnt&1nbp`?v zDA-?ufTeB>9sj=os6UMY5h$xc;!(*FJ{~;B>N!DTi$7KC4g8grF`LB}hKhfn)l8%ZjVQ|D4&;G&6zrst{#okuH zZ|pn8EF~9i)CkqMpZ(jM)3g&WJZ-kQim68X5t-u^O}#;tWycxHfAXN}csd$RY1+gP z4*BjYC}$O5P^l=t^{RjE9jiV?CB|us<_FH)ehrR6wlwHo{kW?T8$q(RLDevkm&jpb zz!jDjmGge6ejtrgtfH+ya9~CW66_>2DTI)f^=Q54_~MOz9y{2qZax^h#w%OBWW@9k z{3SdIce=ECtKgPGVg8By6E%BsK$+VS8na;m?7rDJo(X+FjR`x;3 zeynntBfD9kz(8D$JseRINL59r?HVaCd^IM^5l=-%Q$nBM#p8JvjSaz0;0mMe7A?1| zyqBN#VN+6uXr1mU!c%CX7J?}0804-?t5=Ovyi@HEu)v#3Qe;f?k7sf3$4rlj)}>^p{n3&Fu~w@->z$L9KuGjzhq+k3F>7BlEX2a*9&i#6?ge{ zMt`(F>vNZ%G;}}(N#mZ%&0;7$-XrOh-0gE&`+-HL==IzK45rIz!;JDOD$u9uVgTD! zYt5-}(f=?yG&O2`XU@P|$|D@{xaQ**BbDQylnULs=!y$7-`|qAn(6II=c&YW92Ct& z{M7j}tqp5~TidujRMTDCH-^u*b}@YCa9=Uf%Q}8ZS!&!mg~KQ#GcBrOO=)~bVdP~$ zEzgT($^hj&a7iXcck!1o?fs^g=J7(}Ud$~+K2@9pEJw9*yH$EHypW#)hitzQM5{UH zZO#*0mTm8!wtED8!?q^izw#&fNk5dFOxs z(A~91n+n9COaC~#cbZF#l*r~pQpU`X@WWht>bX5JQdismGh%|T_|IJ(3U^IAGXM8+HczryILm* zw>ya!G85lhHO$%>^t%QyWcs#PcC9Qj;1Fe^gqM1)-|N*BP0o{_e!}F-A9e1@F!|M- zOZE543u`kUnvn~rHZNS zrt2cBuHz4<+I^SNUJl)`Oabf)s!HZS;{$&^w(>GoRd*Ei^WZc+3UC&qz6!Pd`S{7@O! z$bpXTn-`PgZ^{gUPM^Cc_v}@~z(Ff4(Zp`DPrn3HK14QQ__lj3N^9;%d@ej)VeMgU zjCh?b*z<$9>*`b9)2C6ax|@~yRv$g(n&)MP(T5P#8>{G{*FdYnz__j*Uaz6u>BV4A zFf*gp)28~AsQ28i9dZ?ggN@vr>kXiGy@L>ArNq@nvSwDs508vaGW;nH4LeySsFEs@ zV*0;)(jP{C!mYue%Xa_5SJkYeEWxd3Ryn&Hhi()|D=2jG*dv^rDoNw9_1VCY^eisY zg23=F8Cf;tTKlV#U|HBfQSVcma!sj#Xxbi$&%>u`49A?i?zV#6000HOJIfG6Op5u@ zJ@e6_iT(i<9Tzt(39$bL}8MYU4Wxm3ux}k;S}Ix6nx3e};C-&U~Nq6*@r=9|%hCK=Lu=eV-u1OV}YZ zX_u*=m5FXZEoOv8u^@V6=0Z!;8x>wP50aCYU8$F7!IU=Fz{^xFqe44ZRDuI>l4OU~ zu)b4x$KLsBbxl~3V2Li@<*?Il_}jLu^HKpqW`7tBqtSR4?*aZVC?Tyu>f|4Gt|x+j z44agZu9`D^-mQvRDQtM6{YfXKd|OX>Qpp@Xv|>ei>igGhZ1T*}lAz<M2O)2&?LhammH+-7Yg1CaIm(_DEC||`_&V)Z2EPH z)0Uf1#jSC3eq2+V7+Yr8*CW4EiMB^B=)U^w)DC7U-ln9P)q!2BuLU7Essa5zDSoZY zw5^pC8y@Y{yE$qHSo2bx^3flhm%rcD8Je5YO_*_>BNc+@;DvojGY@@spj1n1&p+ur z4GMm9?~6XBG#@UHj=B0{%xP@m zt;#XyXAZ`D$A5Oem_F9c<>mjPJo*FoJzM;E65;ZjIuqIHdFhOZlGxhPB+;%#-%LY<`DD#NS$)o>fDEup1E?`4|kuF$vMNaOKSi0Zg4>oG@YJWWTs z^JDuy4JGYu!%-MwUU0}7``F9`)^1$nOR)EQN??+g)XH2>3Y?ow?fLTPOk{^Edzxz~ z;yJG}(@%s!NZE7v%zcS>Vw{ZlMwg4u-9&Sg3*$Q>akV}gIu|NEsR?8=$jqG4-i$C2 z$(ePkhQ5t~^=m+yrdnP0^C-U`8~*$|OIBj-E*IQT9fH=5f$k~u10Q2aFS4YH@L`2+x{D6w4=N(^n$K@Gy%#_KWGY*VQCzdN z+=w^1@a@`dPIYIu1&42SsGl?}b+J@CxsgKG5vQKz5!TZ@glb+TUQ_C0wIdN46A{XQ z)$rbER4KzyTUrzv28|ougRJb=mNiBj=>=8iibngghOhL;pvK&R(>Q306I|S} zRQ!J|=W@bbM{`(PU$EXg#oyvs z+)v8kcAIX6n+DEo9z_usZPVYAn_;ds{zT(nkN3+~oebSTsfHA1-#@qrn=QjcJm3zt z93$&#a(!9zwC>nG(9iaUsM$J7&>B*b04c)MEAZAI58d zkmLQ_?BHO(w`4c~ddCq96K%R6L_WjmsEo@GOwQiS!Lo&kYn<7NrV=e~fiC5Kv}fVJ zw923&?A5mc?4wecFl67OPun9abaWR&*dMdiozYpn7@(r$GRC2Ek-@A@`>Jnb^=$Ge zE-`|*^zFFI8Bzx6El*;fyyLpUUZEEMXQ4FciLZ(tWuz>nJCmkpm%C_x;SvWq^@^I^ zmDVZ18N4<4b~h)C%50&jszvWIpT&sJ%AJ|!?u2)NOEcyZTO$LgZ#w{Bqa8q#Ylo%t z$5RyvM9E4GVH;&1Ca?$s(pEnc!{Te2CHDB$^2&1oo-Ef@$?!%yPo|oiRYW{ literal 0 HcmV?d00001 diff --git a/website/EN/mesh.html b/website/EN/mesh.html index 86a2369c..779ea1c4 100644 --- a/website/EN/mesh.html +++ b/website/EN/mesh.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -261,7 +261,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected
-

mesh_architecture1.jpg +

mesh_logo.jpg

From f816b7076f835b3188dc0e3fa4fae8e017caf7d9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 2 Nov 2017 12:56:54 +0000 Subject: [PATCH 07/14] Install tor on mesh peers, but disable it by default --- src/freedombone-image-customise | 3 +++ src/freedombone-image-mesh | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index bf926927..41fae403 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -682,6 +682,9 @@ initialise_mesh() { chroot "$rootdir" apt-get -yq install apt-transport-https + # install tor as a possible way of routing traffic between internet gateways + chroot "$rootdir" apt-get -yq install tor + configure_firewall install_avahi install_batman diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh index cb3a6183..7092d6c2 100755 --- a/src/freedombone-image-mesh +++ b/src/freedombone-image-mesh @@ -1012,6 +1012,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config fi + systemctl tor stop + systemctl tor disable + echo $'TOR disabled' >> $INSTALL_LOG + #tomb slam all tmp_ram_disk 100 enable_predictable_device_names From 7e23ab7b87f3683c6e4c56ef2704e5cd0a48ac77 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 2 Nov 2017 12:57:42 +0000 Subject: [PATCH 08/14] syntax --- src/freedombone-image-mesh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh index 7092d6c2..9ee67347 100755 --- a/src/freedombone-image-mesh +++ b/src/freedombone-image-mesh @@ -1012,8 +1012,8 @@ if [ -f $MESH_INSTALL_SETUP ]; then chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config fi - systemctl tor stop - systemctl tor disable + systemctl stop tor + systemctl disable tor echo $'TOR disabled' >> $INSTALL_LOG #tomb slam all From 980dcf01df1282c08f749bf7e1d6a0b7ecd6bb8f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 2 Nov 2017 14:22:23 +0000 Subject: [PATCH 09/14] Create a tor onion service for mesh peers if they are connected via ethernet --- src/freedombone-image-mesh | 5 +++++ src/freedombone-mesh-batman | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh index 9ee67347..7b5cbd63 100755 --- a/src/freedombone-image-mesh +++ b/src/freedombone-image-mesh @@ -990,6 +990,11 @@ if [ -f $MESH_INSTALL_SETUP ]; then rm -rf /etc/openvpn/easy-rsa/keys/* fi + # Remove hidden service + if [ -d /var/lib/tor/hidden_service_mesh ]; then + rm -rf /var/lib/tor/hidden_service_mesh + fi + # Remove any existing vpn client keys if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then rm /home/$MY_USERNAME/vpn.tar.gz diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman index aa2b8e12..5b28fc67 100755 --- a/src/freedombone-mesh-batman +++ b/src/freedombone-mesh-batman @@ -416,6 +416,30 @@ function start { fi fi + # if we have an ethernet connection to an internet router then create + # an onion address for this peer + if [[ "$ethernet_connected" != "0" ]]; then + systemctl enable tor + systemctl start tor + HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_ + if [ ! -f ${HIDDEN_SERVICE_PATH}mesh/hostname ]; then + echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}mesh/" >> /etc/tor/torrc + echo "HiddenServicePort 8008 127.0.0.1:8008" >> /etc/tor/torrc + echo "HiddenServicePort 8010 127.0.0.1:8010" >> /etc/tor/torrc + echo "HiddenServicePort ${TOX_PORT} 127.0.0.1:${TOX_PORT}" >> /etc/tor/torrc + echo "HiddenServicePort ${IPFS_PORT} 127.0.0.1:${IPFS_PORT}" >> /etc/tor/torrc + echo "HiddenServicePort ${ZERONET_PORT} 127.0.0.1:${ZERONET_PORT}" >> /etc/tor/torrc + echo "HiddenServicePort 5353 127.0.0.1:5353" >> /etc/tor/torrc + echo "HiddenServicePort 5354 127.0.0.1:5354" >> /etc/tor/torrc + echo "HiddenServicePort 548 127.0.0.1:548" >> /etc/tor/torrc + echo "HiddenServiceAuthorizeClient stealth mesh" >> /etc/tor/torrc + systemctl restart tor + fi + else + systemctl stop tor + systemctl disable tor + fi + verify } From 59c8de00892c0162b7b16815a1539c694a752382 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 2 Nov 2017 15:54:48 +0000 Subject: [PATCH 10/14] Ask for domain first and only complain if vpn files are not available --- src/freedombone-mesh-connect | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/src/freedombone-mesh-connect b/src/freedombone-mesh-connect index ab38bccb..39e39c73 100755 --- a/src/freedombone-mesh-connect +++ b/src/freedombone-mesh-connect @@ -157,20 +157,10 @@ function mesh_setup_vpn { fi } -function connect_to_vpn { - dialog --title $"VPN Connect to another mesh network" \ - --backtitle $"Freedombone Mesh" \ - --defaultno \ - --yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator, uncompressed it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system?" 10 70 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - +function connect_to_mesh { data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 - dialog --title $"VPN Connect to another mesh network" \ + dialog --title $"Connect to another mesh network" \ --backtitle $"Freedombone Mesh" \ --inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data sel=$? @@ -180,15 +170,20 @@ function connect_to_vpn { if [ ${#ip_or_domain} -gt 1 ]; then if [[ "$ip_or_domain" == *'.'* ]]; then + connect_failed= if [ ! -f ~/client.ovpn ]; then - rm $data - exit 1 + connect_failed=1 fi if [ ! -f ~/stunnel.pem ]; then - rm $data - exit 1 + connect_failed=1 fi if [ ! -f ~/stunnel.p12 ]; then + connect_failed=1 + fi + + if [ $connect_failed ]; then + dialog --title $"Connect to another mesh network" \ + --msgbox $"\nObtain the vpn.tar.gz file from the other mesh administrator, uncompress it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system." 10 50 rm $data exit 1 fi @@ -221,7 +216,7 @@ case $sel in esac case $(cat $data) in 1) rm $data - connect_to_vpn;; + connect_to_mesh;; 2) rm $data mesh_setup_vpn;; esac From 5700f3f38bfd9266db7a8c9d45a232d583ac6b5a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 2 Nov 2017 17:40:00 +0000 Subject: [PATCH 11/14] Prepare for v3 onion addresses --- src/freedombone-utils-onion | 1 + 1 file changed, 1 insertion(+) diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion index 409820ba..e90a3ab5 100755 --- a/src/freedombone-utils-onion +++ b/src/freedombone-utils-onion @@ -124,6 +124,7 @@ function add_onion_service { fi if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc + #echo 'HiddenServiceVersion 3' >> /etc/tor/torrc echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc if [ ${#onion_stealth_name} -gt 0 ]; then echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc From 2080b7a8f18f6baf41609401869077998808f2c3 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 3 Nov 2017 11:09:00 +0000 Subject: [PATCH 12/14] mesh onion service only uses vpn port --- src/freedombone-mesh-batman | 10 +--------- src/freedombone-mesh-connect | 8 +++++++- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman index 5b28fc67..8152dd45 100755 --- a/src/freedombone-mesh-batman +++ b/src/freedombone-mesh-batman @@ -424,15 +424,7 @@ function start { HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_ if [ ! -f ${HIDDEN_SERVICE_PATH}mesh/hostname ]; then echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}mesh/" >> /etc/tor/torrc - echo "HiddenServicePort 8008 127.0.0.1:8008" >> /etc/tor/torrc - echo "HiddenServicePort 8010 127.0.0.1:8010" >> /etc/tor/torrc - echo "HiddenServicePort ${TOX_PORT} 127.0.0.1:${TOX_PORT}" >> /etc/tor/torrc - echo "HiddenServicePort ${IPFS_PORT} 127.0.0.1:${IPFS_PORT}" >> /etc/tor/torrc - echo "HiddenServicePort ${ZERONET_PORT} 127.0.0.1:${ZERONET_PORT}" >> /etc/tor/torrc - echo "HiddenServicePort 5353 127.0.0.1:5353" >> /etc/tor/torrc - echo "HiddenServicePort 5354 127.0.0.1:5354" >> /etc/tor/torrc - echo "HiddenServicePort 548 127.0.0.1:548" >> /etc/tor/torrc - echo "HiddenServiceAuthorizeClient stealth mesh" >> /etc/tor/torrc + echo "HiddenServicePort 653 127.0.0.1:653" >> /etc/tor/torrc systemctl restart tor fi else diff --git a/src/freedombone-mesh-connect b/src/freedombone-mesh-connect index 39e39c73..5a9163b3 100755 --- a/src/freedombone-mesh-connect +++ b/src/freedombone-mesh-connect @@ -158,9 +158,15 @@ function mesh_setup_vpn { } function connect_to_mesh { + connect_title=$"Connect to another mesh network" + HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_mesh/hostname + if [ -f ${HIDDEN_SERVICE_PATH} ]; then + connect_title=$"Connect from $(cat $HIDDEN_SERVICE_PATH) to another mesh network" + fi + data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Connect to another mesh network" \ + dialog --title "$connect_title" \ --backtitle $"Freedombone Mesh" \ --inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data sel=$? From d96c098141caf9a2f45c9c94b33e151203966d5e Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 3 Nov 2017 19:36:40 +0000 Subject: [PATCH 13/14] Add clacks from control panel --- src/freedombone-app-vpn | 2 ++ src/freedombone-controlpanel | 52 +++++++++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 9 deletions(-) diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn index 0d0f051b..d64e6119 100755 --- a/src/freedombone-app-vpn +++ b/src/freedombone-app-vpn @@ -542,6 +542,7 @@ function install_stunnel { echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf + echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4 @@ -550,6 +551,7 @@ function install_stunnel { echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf + echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index db4ae9c8..2544e008 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -2102,6 +2102,38 @@ function wifi_enable { ${PROJECT_NAME}-wifi --disable $disable_wifi } +function add_clacks { + clacks= + + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Add Clacks Overhead" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"" 7 60 2>$data + sel=$? + case $sel in + 0) + clacks=$(<$data) + if [ ${#clacks} -gt 1 ]; then + + WEB_FILES=/etc/nginx/sites-available/* + for f in $WEB_FILES + do + if grep -q "X-Clacks-Overhead" $f; then + sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" $f + else + sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" $f + fi + done + + dialog --title $"Add Clacks Overhead" \ + --msgbox $"\nAdded for $clacks" 10 60 + fi + ;; + esac + rm $data +} + function menu_wifi { if [[ "$(wifi_exists)" == "0" ]]; then dialog --title $"Wifi" \ @@ -2191,7 +2223,7 @@ function menu_top_level { trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Control Panel" \ - --radiolist $"Choose an operation:" 29 70 21 \ + --radiolist $"Choose an operation:" 30 70 22 \ 1 $"About this system" off \ 2 $"Passwords" off \ 3 $"Backup and Restore" off \ @@ -2209,10 +2241,11 @@ function menu_top_level { 15 $"Change the name of this system" off \ 16 $"Set a static local IP address" off \ 17 $"Wifi menu" off \ - 18 $"Check for updates" off \ - 19 $"Power off the system" off \ - 20 $"Restart the system" off \ - 21 $"Exit" on 2> $data + 18 $"Add Clacks" off \ + 19 $"Check for updates" off \ + 20 $"Power off the system" off \ + 21 $"Restart the system" off \ + 22 $"Exit" on 2> $data sel=$? case $sel in 1) exit 1;; @@ -2242,10 +2275,11 @@ function menu_top_level { 15) change_system_name;; 16) set_static_IP;; 17) menu_wifi;; - 18) check_for_updates;; - 19) shut_down_system;; - 20) restart_system;; - 21) break;; + 18) add_clacks;; + 19) check_for_updates;; + 20) shut_down_system;; + 21) restart_system;; + 22) break;; esac done } From b0903495b531accfa73c22efc1e45ecb644e032b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 3 Nov 2017 19:47:21 +0000 Subject: [PATCH 14/14] Restart web server after updating files --- src/freedombone-controlpanel | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index 2544e008..10029e06 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -2126,6 +2126,8 @@ function add_clacks { fi done + systemctl restart nginx + dialog --title $"Add Clacks Overhead" \ --msgbox $"\nAdded for $clacks" 10 60 fi