Using Debian Apt-get over Freenet
Freenet has generated a lot of hype for being the “son of Napster” or some equally degrading report. For Freenet to survive, it needs to get away from being just another way to get illegal MP3s. In legal terms, Freenet needs “massive non-infringing use”. Sorry, but getting the latest copy of Quake doesn't count as non-infringing.
This article describes a use for Freenet that few will find a problem with (unless you use an RPM-based distro, to which I say “Get a real package manager!”). It also once again illustrates the power of small, flexible tools that do one thing and do it well.
As a Debian user who often uses my distribution of choice in production environments, I am confronted with problems in choosing mirror FTP sites from which to download new packages. Sometimes a mirror site is already overloaded with users, sometimes it isn't holding the packages I need and still other times it fails completely. I could resort to using the official ftp.debian.org, but that's not very polite. It would be nice if I didn't have to think about any of this.
Fortunately, the creators of Freenet have given me an answer and didn't even realize it at first. While Freenet has much to do with anonymity, it also provides a highly efficient mirroring system that no centralized system could hope to achieve.
The system described in this article requires no new code for either Freenet or Apt-get. It employs a standard user interface add-in for Freenet called FProxy, which originally was intended for the user to access Freenet through a web browser. Since it communicates with the browser via HTTP, and Apt-get already understands how to talk HTTP, this process only requires running a few simple commands and modifying the /etc/apt/sources.list.
Before proceeding, be sure to download the latest version of Freenet (0.3.9.1 as of this writing, although it will probably change by the time you read this) from www.freenetproject.org. Set up a node on your local machine and use some test files to insert and request. Open your favorite browser and point it to http://localhost:8081. If it brings up a page for requesting and inserting files, everything should be set up correctly. Be warned that it may take awhile for FProxy to come up, depending on the speed of your machine and which Java Virtual Machine you're running.
On a side note, you can get a Debian package that installs Freenet for you. It is available either at the web site above or in Debian unstable. Unfortunately, due to a buggy implementation of the big number classes, Freenet cannot work on the current version of Kaffe (1.0.6), and thus it can only run on a non-Free virtual machine; you'll find it in “contrib”. If you have a problem with this, you either can use a patched version of Kaffe, the latest CVS version of Kaffe or wait until the next stable version arrives. Current plans are to make future releases of Freenet compliable under GCJ, which brings Java code into native machine code, bypassing the problem of a non-Free VM completely.
In case you were wondering, Freenet makes rather heavy use of strong cryptography, so you'll find it in the non-US area, too. Edit your sources.list as needed.
FProxy was meant to be the default user interface for Freenet. Although it is not a full proxy server, it communicates to the browser through HTTP (this is what was shown earlier when you opened up your browser to http://localhost:8081). After realizing that Apt-get could already understand HTTP, it was seen that getting packages from Freenet would be quite simple.
Before going any further, make a backup of your current /etc/apt/sources.list. I didn't do this the first time, and it took a few annoying hours to get that system to download packages correctly again.
Now, add this line to the real sources.list:
deb http://localhost:8081/debian-test/dists stable
For more information, see the sources.list(5) man page. You'll need to modify http://localhost:8081 to reflect the port on which FProxy is running. This port is set in the configuration file .freenetrc, located in the top-level directory in which the Freenet tarball was decompressed. If you used the Debian package, it will be in /etc/freenet/freenetrc.
You also need to add application/x-debian-package to FProxy's passthroughMimeTypes. This will be in fproxyrc (prior to 0.3.8.1) or you can find it in freenetrc under services.fproxy.passthroughMimeTypes.
Next, go to a Debian mirror and download (from the directory /debian/dists/stable/main/binary-<your-arch>/, replacing <your-arch> as necessary) Packages, Packages.gz and Release. Insert all of these (see below). Now download the “hello” package from the devel directory on the Debian mirror and insert that too, being sure to place it under exactly the same name. Now you should be able to run apt-get update (which will download the Packages file off your node) and then apt-get install hello, which will download and install the GNU Hello program. If it worked, congratulations! You can now get packages off Freenet.
To insert these packages, first you will need to create an SVK key pair. This allows you to insert into a subspace that only someone with the private key can access. To do this, enter
freenet_insert -makeKeypair &> keypair.svk
Now, open up keypair.svk in your favorite text editor and delete everything except the value of the private key, and save the result into prv.svk. You now can insert with:
freenet_insert -serverAddress 127.0.0.1:<port> SSK@`cat prv.svk`/<dir>/<filename> <filename>replacing <port> with the port number your Freenet node is running on, <dir> with the “directory” (Freenet doesn't really have directories, but we can pretend it does) that you want to insert under and <filename> with the name of the file. You can retrieve the document by going back into keypair.svk, deleting everything except the value of the public key and saving it under pub.svk. Then type
freenet_insert -serverAddress 127.0.0.1:<port> SSK@`cat pub.svk`/<dir><filename> <filename>replacing things as described above. You can allow others to access these files by sending them the public key.
This method avoids a problem that arises with a simpler, guessable key type called KSK, which is actually a subspace where the private key is publicly known. The problem is, there is no way of knowing if a KSK actually has the data it's supposed to. Thus, it can be replaced by an attacker inserting a different document at a hops-to-live value of 1 and cutting the link before the transmission to the next node is done. Doing this enough times will replace the document completely for the majority of Freenet. This means that it would be easy to replace, say, the libc6 package with a virus. Think about how packages generally have to be installed from root, and you see what kind of damage this could do. Even with a subspace, it is strongly suggested that you check the MD5 sums of the packages you're downloading.
The Everything Over Freenet (EOF) Project keeps a list of currently maintained distributions that are under subspaces, which cannot be taken over without knowing the private key associated. Subspaces are slightly more complicated to use but infinitely safer. Please see eof.sourceforge.net/APT for instructions on this.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
|Working with Command Arguments||May 28, 2016|
|Secure Desktops with Qubes: Installation||May 28, 2016|
|CentOS 6.8 Released||May 27, 2016|
|Secure Desktops with Qubes: Introduction||May 27, 2016|
|Chris Birchall's Re-Engineering Legacy Software (Manning Publications)||May 26, 2016|
|ServersCheck's Thermal Imaging Camera Sensor||May 25, 2016|
- Secure Desktops with Qubes: Introduction
- Secure Desktops with Qubes: Installation
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Working with Command Arguments
- CentOS 6.8 Released
- The Italian Army Switches to LibreOffice
- Linux Mint 18
- ServersCheck's Thermal Imaging Camera Sensor
- Chris Birchall's Re-Engineering Legacy Software (Manning Publications)
- Petros Koutoupis' RapidDisk
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide