testing/gnunet: add support for user services

- add gnunet-user-setup script
- add interactive support for GNU Name System proxy to setup script
- add home directory for system services (/var/lib/gnunet)
- improve post install guide

6 files changed, 139 insertions, 16 deletions

diff --git a/testing/gnunet/APKBUILD b/testing/gnunet/APKBUILD
index f798066610..1b7bbfc912 100644
--- a/testing/gnunet/APKBUILD
+++ b/testing/gnunet/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: xrs <xrs@mail36.net>
 pkgname=gnunet
 pkgver=0.12.2
-pkgrel=0
+pkgrel=1
 pkgdesc="A framework for secure and privacy enhancing peer-to-peer networking"
 url="https://gnunet.org"
 arch="all !mips !mips64" # blocked by texlive
@@ -20,8 +20,10 @@ pkggroups="gnunet gnunetdns"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-openrc"
 options="!check suid" # No check because The GNUnet project lacks a good CI at the moment.
 source="https://mirrors.ocf.berkeley.edu/gnu/gnunet/gnunet-$pkgver.tar.gz
-	gnunet-system.conf
-	gnunet-system-services.initd
+	$pkgname-system.conf
+	$pkgname-system-services.initd
+	$pkgname-user-services.initd
+	setup-$pkgname-user
 	"
 
 build() {
@@ -63,6 +65,10 @@ package() {
 		$pkgdir/etc/$pkgname.conf
 	install -m755 -D $srcdir/$pkgname-system-services.initd \
 		$pkgdir/etc/init.d/$pkgname-system-services
+	install -m755 -D $srcdir/$pkgname-user-services.initd \
+		$pkgdir/etc/init.d/$pkgname-user-services
+	install -m755 -D $srcdir/setup-$pkgname-user \
+		$pkgdir/usr/bin/setup-$pkgname-user
 }
 
 dev() {
@@ -76,4 +82,6 @@ dev() {
 
 sha512sums="210a9f06679d32dbb399a056e7a20e411cbfacf7945a282bd7e63eb8bfd7a324815efc48caedff32894d0a3f7a4ba9d1e879e2e04db0222282399ae6fc065c7b  gnunet-0.12.2.tar.gz
 a0f55413ed2c6edd6746a751d92ddac95ba70f20eefb07330817870d749456448f44bba95d245911a00f6078e0c2ac626004e3b764be5e5e049c00626c4c5ac0  gnunet-system.conf
-63f7c17a83fa6b44f2c4c9f067ac600904dacd7faf04515293544c4b001ee5e0c360894589b46175957971101f212879cc757af8e282b4e44aa4e4abdab9b4dc  gnunet-system-services.initd"
+24d230b077c7a47a116ac428c411e0fc62b9c019ac97f95d27a0e57112d554734d9b9bfd1e0b22366b387074b621f98d11fbf87f2c6fbafcc2888acda630b54d  gnunet-system-services.initd
+8daf862f7c81bd5b143a05f786c4edce76c91d4d226903288a4d2d88898b9b7ba017cf683a20d918b9ad93aff5f391eb5f928843a2fcd35e6e48f3a611dc9d8d  gnunet-user-services.initd
+ed4db7f7500e02fecb8c54ba629d91ae3bb69b6ed61c25831f7c21b6c446b4210af0efea5fac6fb13f14422723b85a742ae63a6ecd60bf5daadfd43abb658d25  setup-gnunet-user"
diff --git a/testing/gnunet/gnunet-system-services.initd b/testing/gnunet/gnunet-system-services.initd
index c28d7d3129..6bc42e6f15 100644
--- a/testing/gnunet/gnunet-system-services.initd
+++ b/testing/gnunet/gnunet-system-services.initd
@@ -1,6 +1,6 @@
 #!/sbin/openrc-run
 
-name="gnunet-system-service"
+name="gnunet-system-services"
 description="A secure and privacy enhancing peer-to-peer overlay network"
 command="/usr/lib/gnunet/libexec/gnunet-service-arm"
 command_args="-c /etc/gnunet.conf"
@@ -11,3 +11,8 @@ pidfile="/run/${SVCNAME}.pid"
 depend() {
 	need net
 }
+
+start_pre() {
+	checkpath --directory --owner $command_user --mode 2755 \
+		/var/lib/gnunet
+}
diff --git a/testing/gnunet/gnunet-user-services.initd b/testing/gnunet/gnunet-user-services.initd
new file mode 100644
index 0000000000..04188ade25
--- /dev/null
+++ b/testing/gnunet/gnunet-user-services.initd
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+
+# Extract user name from file name.
+user="${SVCNAME#gnunet-}"  # Cut off prefix.
+user="${user%-services}"   # Cut off suffix.
+
+description="GNUnet user services for $user"
+command="/usr/lib/gnunet/libexec/gnunet-service-arm"
+command_args="-c /home/$user/.config/gnunet.conf"
+command_user="$user:$user"
+command_background="yes"
+pidfile="/run/${SVCNAME}.$user.pid"
+
+depend() {
+        need gnunet-system-services
+}
diff --git a/testing/gnunet/gnunet.post-install b/testing/gnunet/gnunet.post-install
index 9b01778a3a..893f8cdc43 100644
--- a/testing/gnunet/gnunet.post-install
+++ b/testing/gnunet/gnunet.post-install
@@ -1,12 +1,16 @@
 #!/bin/sh
 
-printf "  *\n  * To setup GNUnet user services, regular users must do the following steps:\n"
-printf "    * add user to 'gnunet' group\n"
-printf "    * add the following lines to /home/USER/.config/gnunet.conf\n"
-printf "      [arm]\n"
-printf "      START_SYSTEM_SERVICES = NO\n"
-printf "      START_USER_SERVICES = YES\n"
-printf "    * start GNUnet system services with openrc\n"
-printf "    * start GNUnet user services with 'gnunet-arm -s'\n  *\n"
+cat << TEXT
+
+  To start GNUnet system services:
+  > sudo rc-service gnunet-system-services start
+
+  To setup GNUnet user services for a regular user:
+  > sudo setup-gnunet-user -u USER
+
+  To start GNUnet user services for 'USER':
+  > sudo rc-service gnunet-USER-services start
+
+TEXT
 
 exit 0
diff --git a/testing/gnunet/gnunet.pre-install b/testing/gnunet/gnunet.pre-install
index 7eea70e752..cdbff43faf 100644
--- a/testing/gnunet/gnunet.pre-install
+++ b/testing/gnunet/gnunet.pre-install
@@ -2,10 +2,10 @@
 
 # Add special group gnunetdns for controlling access to "gnunet-helper-dns".
 addgroup -S gnunetdns 2>/dev/null
-addgroup -S gnunet 2>/dev/null
 
 # Add system user/group gnunet for system services
-adduser -S -h "/var/lib/gnunet" -s /bin/sh \
-	-G gnunet -g gnunet gnunet 2>/dev/null
+addgroup -S gnunet 2>/dev/null
+adduser -S -h "/var/lib/gnunet" -s /bin/false -D gnunet 2>/dev/null
+adduser gnunet gnunet
 
 exit 0
diff --git a/testing/gnunet/setup-gnunet-user b/testing/gnunet/setup-gnunet-user
new file mode 100644
index 0000000000..8d7b436578
--- /dev/null
+++ b/testing/gnunet/setup-gnunet-user
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# This scripts helps the user to automate the GNUnet setup for user services.
+
+if [ $(id -u) -ne 0 ]; then
+	echo "Please run this script as root."
+	echo "Usage: "`basename $0`" -u USER"
+	exit
+fi
+if [ $# = 0 ]; then
+	echo "Usage: "`basename $0`" -u USER"
+	exit
+fi
+
+while getopts ':u:' OPTION ; do
+	case "$OPTION" in
+		u) USER="$OPTARG";;
+		*) echo "Unknown parameter"; exit;;
+	esac
+done
+
+CONFIG_PATH="/home/$USER/.config/gnunet.conf"
+DOASUSER="chpst -u $USER env HOME=/home/$USER"
+
+echo "Adding user to group gnunet"
+adduser $USER gnunet 2>/dev/null
+
+echo "Creating user config at $CONFIG_PATH"
+cat > $CONFIG_PATH << EOF
+[arm]
+START_SYSTEM_SERVICES = NO
+START_USER_SERVICES = YES
+EOF
+chown $USER.$USER $CONFIG_PATH
+
+echo "Creating symlink: gnunet-user-services -> gnunet-$USER-services"
+ln -s /etc/init.d/gnunet-user-services /etc/init.d/gnunet-$USER-services
+
+echo "Creating/Renewing GNS certificate authority (CA)"
+$DOASUSER gnunet-gns-proxy-setup-ca
+
+echo "Use GNU Name System in Firefox/Chromium by default? [y,N]"
+read -r yn
+case $yn in
+y|Y )
+	PORT=$((8000+$(id -u $USER)))
+	$DOASUSER gnunet-config -c $CONFIG_PATH \
+		--rewrite \
+		--section=gns-proxy \
+		--option=IMMEDIATE_START \
+		--value=YES
+	$DOASUSER gnunet-config -c $CONFIG_PATH \
+		--rewrite \
+		--section=gns-proxy \
+		--option=OPTIONS \
+		--value="-p $PORT"
+
+	# Firefox
+	if [ ! -d  /home/$USER/.mozilla/firefox/*.default ];then
+		$DOASUSER timeout 3s firefox --headless # dirty: create profile if not existent
+	fi
+	for ffprofile in /home/$USER/.mozilla/firefox/*.*/; do
+		js=$ffprofile/user.js
+		if [ -f $js ]; then
+			sed -i '/Preferences for using the GNU Name System/d' $js
+			sed -i '/network.proxy.socks/d' $js
+			sed -i '/network.proxy.socks_port/d' $js
+			sed -i '/network.proxy.socks_remote_dns/d' $js
+			sed -i '/network.proxy.type/d' $js
+		fi
+		echo "// Preferences for using the GNU Name System" >> $js
+		echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> $js
+		echo "user_pref(\"network.proxy.socks_port\", $PORT);" >> $js
+		echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> $js
+		echo "user_pref(\"network.proxy.type\", 1);" >> $js
+	done
+
+	# Chromium
+	PROFILE=/home/$USER/.profile
+	if [ -f $PROFILE ]; then
+		sed -i '/CHROMIUM_USER_FLAGS/d' $PROFILE
+	fi
+	echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$PORT" \
+		>> $PROFILE
+	;;
+* )
+        ;;
+esac
+
+echo "Done."