Removes 1.5.5 for focal.

This was probably screwed up and actually built on jammy.

debian/dists/focal/InRelease

@@ -1,36 +1,36 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
 
 Origin: Unofficial Innernet Debian repository
 Label: innernet-debian
 Codename: focal
-Date: Fri, 12 May 2023 08:20:16 UTC
+Date: Fri, 12 May 2023 14:56:39 UTC
 Architectures: amd64
 Components: contrib
 Description: APT repository for https://github.com/tonarino/innernet/.
 MD5Sum:
- f6d27f7a8871bdebe4280c9c3ebc71d4 11445 contrib/binary-amd64/Packages
+ d41d8cd98f00b204e9800998ecf8427e 0 contrib/binary-amd64/Packages
- 22549a47e28a28b12a2baa1da439285e 4570 contrib/binary-amd64/Packages.gz
+ 7029066c27ac6f5ef18d660d5741979a 20 contrib/binary-amd64/Packages.gz
  77dc2b012f45038d5be68f81d464ee44 179 contrib/binary-amd64/Release
 SHA1:
- e3facde4370461820390d32d5f4fea9959ee883c 11445 contrib/binary-amd64/Packages
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 contrib/binary-amd64/Packages
- 395685ad6722e2ecd8321710289cc69599b2baea 4570 contrib/binary-amd64/Packages.gz
+ 46c6643f07aa7f6bfe7118de926b86defc5087c4 20 contrib/binary-amd64/Packages.gz
  a4f6bbfd6fe4ab5a01909278c4e13b05d6b06f13 179 contrib/binary-amd64/Release
 SHA256:
- f76c4cec4b313891b8311ee611dc0e329dcb825ab87900b1d1d665061a54f030 11445 contrib/binary-amd64/Packages
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 contrib/binary-amd64/Packages
- 1c068e26dd5f42fb95fb3def07e810fb11381f92c8cf59fc35751c3c0c1ab378 4570 contrib/binary-amd64/Packages.gz
+ 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2 20 contrib/binary-amd64/Packages.gz
  67b3f0e511499d8b794eaf1524cea47d2263a1e8e43445c60f311dbef9a50e9c 179 contrib/binary-amd64/Release
 -----BEGIN PGP SIGNATURE-----
 
-iQGzBAEBCgAdFiEEbYSVpa4ZFZQzkqZZZYKNdDzui2kFAmRd9sEACgkQZYKNdDzu
+iQGzBAEBCAAdFiEEbYSVpa4ZFZQzkqZZZYKNdDzui2kFAmReU6cACgkQZYKNdDzu
-i2n8kwv+NbBk8JtOc+12F1slV4Wh2PiBfI7xp6O4aDUBmLoNbl0jr8VoyYVVGusN
+i2ncbAv+MSmVzQHbG3YPEVCRMCdZZOeHos5GvzO7VGhoabPsxFtPbthYW/waSPok
-rI049w1/1LbD3aJiaza4xKx77xCudN/ZgvnwfmzDcXVrRifBTfOI4WWBzr7SIi+c
+a19jRcXWhhTiRL0+uuA6hyY/kXNk0wbKsfZ4jwtWx/YLJB/TcFLUmNGognGUtJfc
-qz7fFYNro7OhNCcxqnzAHJWmvm5Ks3+EoBWFCCIoat+dXL7fGFNzRtc5h3Yq3Z+D
+o63AI6Aa4w14ST5UJ/yiTnj0aAy6u0fSyJGQ2C7L7OqvPp4KZfGYrksT2vYpgibI
-1MR5rIs10TnslwyuQSFGkWH8ODAtiHw7VgKkerxj5IbjWodWo5JCEmzoXd0xF2g3
+IRfZG/9638KDBR0kPQUw5I2nADbpTADZNmo/MXCLHzkCADUn1Ehkx2F4pFgwXpi7
-1USRoxruqpm24E7lF29ihDV+QKVM8xfql+kBnIqDizYAipOkTOzm5sqA9C3VUr0F
+Rjin5ZjEsxR2X+koi7qVzlLwXI0Uk6lazvFo18v0LJRZHW51VNeghHTs1OzQaNac
-cDOHNw/vUvo8oUno/yQAOnOVfx+VMcFZERZ9jX1thEV1Iv2K+6KG63BkVyiP//pl
+ZyWIgUNkwJA/4O6Ren6Egl0/uaZW9Sxmag1cI98RR5oDkiB0CoFnUpKHSr50gBQt
-zO2qjaN2uRkXV0u9hZLKwhSvQSJPQXoXQ6H5t9mgfi39PYBbBgsh7putHCI6BAmV
+hdV1VoJilQ8ClmY811TZz5IL0BGJZpmf3YQqleC91WAIYV+mY1IGWMgXR5zTByPF
-6syhtQOQSabZhkiPQIkUgLYb75AVAQLHBQTvvJDHEVYuj1UgtaCdfLhgAOCexdkj
+oW8hfaP1CfSXh21vMTBLZzh1tHBf3f9RJcJjw24ruTYLWOinSq83ID4lhJi7Vq8a
-WjGQ5z1W
+sseMD9Jr
-=iS48
+=Llk0
 -----END PGP SIGNATURE-----

debian/dists/focal/Release

@@ -1,19 +1,19 @@
 Origin: Unofficial Innernet Debian repository
 Label: innernet-debian
 Codename: focal
-Date: Fri, 12 May 2023 08:20:16 UTC
+Date: Fri, 12 May 2023 14:56:39 UTC
 Architectures: amd64
 Components: contrib
 Description: APT repository for https://github.com/tonarino/innernet/.
 MD5Sum:
- f6d27f7a8871bdebe4280c9c3ebc71d4 11445 contrib/binary-amd64/Packages
+ d41d8cd98f00b204e9800998ecf8427e 0 contrib/binary-amd64/Packages
- 22549a47e28a28b12a2baa1da439285e 4570 contrib/binary-amd64/Packages.gz
+ 7029066c27ac6f5ef18d660d5741979a 20 contrib/binary-amd64/Packages.gz
  77dc2b012f45038d5be68f81d464ee44 179 contrib/binary-amd64/Release
 SHA1:
- e3facde4370461820390d32d5f4fea9959ee883c 11445 contrib/binary-amd64/Packages
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 contrib/binary-amd64/Packages
- 395685ad6722e2ecd8321710289cc69599b2baea 4570 contrib/binary-amd64/Packages.gz
+ 46c6643f07aa7f6bfe7118de926b86defc5087c4 20 contrib/binary-amd64/Packages.gz
  a4f6bbfd6fe4ab5a01909278c4e13b05d6b06f13 179 contrib/binary-amd64/Release
 SHA256:
- f76c4cec4b313891b8311ee611dc0e329dcb825ab87900b1d1d665061a54f030 11445 contrib/binary-amd64/Packages
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 contrib/binary-amd64/Packages
- 1c068e26dd5f42fb95fb3def07e810fb11381f92c8cf59fc35751c3c0c1ab378 4570 contrib/binary-amd64/Packages.gz
+ 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2 20 contrib/binary-amd64/Packages.gz
  67b3f0e511499d8b794eaf1524cea47d2263a1e8e43445c60f311dbef9a50e9c 179 contrib/binary-amd64/Release

debian/dists/focal/Release.gpg

@@ -1,14 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQGzBAABCgAdFiEEbYSVpa4ZFZQzkqZZZYKNdDzui2kFAmRd9sAACgkQZYKNdDzu
+iQGzBAABCAAdFiEEbYSVpa4ZFZQzkqZZZYKNdDzui2kFAmReU6cACgkQZYKNdDzu
-i2mSTwv/QpJlyftF+p0Y7/TgCZTVsF9/UuMpMRBH+2gY8ZNt3RByuca7d9qzK9nx
+i2n6dgv/U7FIQ7kThavV/Y/atjkdyVOvM11tQo7NgDVwTwfajdqVldc6YgobPIHd
-a290PzMUWrItblXwolxvxFWWpNrwrQ0eoc+D9cv7CpmlehznrD3zURuJChNyVd/d
+u1Wp8mH192kYhMUqPD5as0QuvBSLn6EJRMiBBSi4lYaRgvUUJBBp4eBHI5bPUMkj
-YnOMtipHR5O0fZK5UJtNLq6ZTdxAZYFolaj2xIbmISrI0uoegII3OTGz6iAN/u5C
+r7owCVW+fzVs13TxtqS9+Scjkn3cJ3V6jJWJ9IoI9Lyx05mE9HUGWhysnDGfGr2L
-B4JKPJo5JuY6p5sgC57DDCQuIy5c6wp2sfhHey8RYil5aU2IJnTJx/vM0d+hX0LL
+LmWFF4dIcyH3Gk5a9POBOjVf6SEGKjtcL7vq/JnNSVcsOYis0sy3Mg+drO7FXoOm
-+hEdVAQMtCHYZFoR3IpNasddTA0Ug/q4oi4Zcl/IDiH/tTPKfF5lVoyHqD0mz7ue
+V/OERe0dwYM4hSfPzo/W5awFT2/Xp3Du3Ta+M4O+g0wxPbcRTrF5gAdoF7Hujv80
-NLVFm9WMcRh9u2VDdNsX0Q8AOrzVYIaVGUB8zcTNXwGoSuXdwF9WxT/WOPanRBI0
+DDScp8L29Q8imnh6OMLco2Ir0hyXkGU4XOVF0gDzILVtGGuilfQoDvYqURba8rKw
-esHQ9Jq0sQcMFv3Scdjq11iR0seq0IOWlM9h5EXU+lyelHwv+trMbxqleCU2O9N3
+CVByQtr4i5R183T25OL19X+cK3pDG850a+4fWfs/MgUUcR5PjcjGTq85/rIPVCRk
-IA+sPeKt3s1v2amXzHTQFnoYwqvjduLnVidpHL3eH/5QCGjaDhEK0yOsvxSRpf35
+4WCtBCYfU9l/v5Hu8JSxI88yhaMqxPhzOX4bF20u2gruxOniH0f65GrjeSSraYgC
-p+/ZF0Xw
+O0BAD9lt
-=SegE
+=Pc+a
 -----END PGP SIGNATURE-----

debian/dists/focal/contrib/binary-amd64/Packages

@@ -1,369 +0,0 @@
-Package: innernet
-Version: 1.5.5-0ubuntu0~focal
-Architecture: amd64
-Vcs-Browser: https://github.com/tonarino/innernet
-Vcs-Git: https://github.com/tonarino/innernet
-Homepage: https://github.com/tonarino/innernet
-Maintainer: tonari <hey@tonari.no>
-Installed-Size: 5759
-Depends: systemd, libgcc1, libc6
-Recommends: wireguard
-Priority: optional
-Section: net
-Filename: pool/contrib/i/innernet/innernet_1.5.5-0ubuntu0~focal_amd64.deb
-Size: 939712
-SHA256: 920928b6a121d58994d69562ac15ff19ab63343ac27e5c35c4da3e8854932fb9
-SHA1: d668e3d513936d1610c43bdf4fd8c5407aee5c45
-MD5sum: b8de44c86ea2f3315aa7768f13770577
-Description: A client to manage innernet network interfaces.
- innernet client binary for fetching peer information and conducting admin tasks
- such as adding a new peer.
-
-Package: innernet-server
-Version: 1.5.5-0ubuntu0~focal
-Architecture: amd64
-Maintainer: tonari <hey@tonari.no>
-Installed-Size: 3937
-Depends: libgcc1, zlib1g, systemd, libsqlite3-0, libc6
-Recommends: wireguard
-Source: innernet
-Priority: optional
-Section: net
-Filename: pool/contrib/i/innernet-server/innernet-server_1.5.5-0ubuntu0~focal_amd64.deb
-Size: 1419844
-SHA256: d3e09c49d837e8b679fe718b33bf82d1941e383fecf61e4a0d326159eca2cf09
-SHA1: c1ccc872b83f5098f012b4997c0c9b45ea5207b7
-MD5sum: 99ced787f8c8e8afd40cb6e48e3f0c95
-Description: A server to coordinate innernet networks.
- # innernet
- .
- A private network system that uses [WireGuard](https://wireguard.com) under the
- hood. See the [announcement blog
- post](https://blog.tonari.no/introducing-innernet) for a longer-winded
- explanation.
- .
- <img
- src="https://user-images.githubusercontent.com/373823/118917068-09ae7700-b96b-11eb-80f4-6860072d504d.gif"
- width="600" height="370">
- .
- `innernet` is similar in its goals to Slack's
- [nebula](https://github.com/slackhq/nebula) or
- [Tailscale](https://tailscale.com/), but takes a bit of a different approach.
- It aims to take advantage of existing networking concepts like CIDRs and the
- security properties of WireGuard to turn your computer's basic IP networking
- into more powerful ACL primitives.
- .
- `innernet` is not an official WireGuard project, and WireGuard is a registered
- trademark of Jason A. Donenfeld.
- .
- This has not received an independent security audit, and should be considered
- experimental software at this early point in its lifetime.
- .
- ## Usage
- .
- ### Server Creation
- .
- Every `innernet` network needs a coordination server to manage peers and
- provide endpoint information so peers can directly connect to each other.
- Create a new one with
- .
- ```sh
- sudo innernet-server new
- ```
- .
- The init wizard will ask you questions about your network and give you some
- reasonable defaults. It's good to familiarize yourself with [network
- CIDRs](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) as a lot
- of innernet's access control is based upon them. As an example, let's say the
- root CIDR for this network is `10.60.0.0/16`. Server initialization creates a
- special "infra" CIDR which contains the `innernet` server itself and is
- reachable from all CIDRs on the network.
- .
- Next we'll also create a `humans` CIDR where we can start adding some peers.
- .
- ```sh
- sudo innernet-server add-cidr <interface>
- ```
- .
- For the parent CIDR, you can simply choose your network's root CIDR. The name
- will be `humans`, and the CIDR will be `10.60.64.0/24` (not a great example
- unless you only want to support 256 humans, but it works for now...).
- .
- By default, peers which exist in this new CIDR will only be able to contact
- peers in the same CIDR, and the special "infra" CIDR which was created when the
- server was initialized.
- .
- A typical workflow for creating a new network is to create an admin peer from
- the `innernet-server` CLI, and then continue using that admin peer via the
- `innernet` client CLI to add any further peers or network CIDRs.
- .
- ```sh
- sudo innernet-server add-peer <interface>
- ```
- .
- Select the `humans` CIDR, and the CLI will automatically suggest the next
- available IP address. Any name is fine, just answer "yes" when asked if you
- would like to make the peer an admin. The process of adding a peer results in
- an invitation file. This file contains just enough information for the new peer
- to contact the `innernet` server and redeem its invitation. It should be
- transferred securely to the new peer, and it can only be used once to
- initialize the peer.
- .
- You can run the server with `innernet-server serve <interface>`, or if you're
- on Linux and want to run it via `systemctl`, run `systemctl enable --now
- innernet-server@<interface>`. If you're on a home network, don't forget to
- configure port forwarding to the `Listen Port` you specified when creating the
- `innernet` server.
- .
- ### Peer Initialization
- .
- Let's assume the invitation file generated in the steps above have been
- transferred to the machine a network admin will be using.
- .
- You can initialize the client with
- .
- ```sh
- sudo innernet install /path/to/invitation.toml
- ```
- .
- You can customize the network name if you want to, or leave it at the default.
- `innernet` will then connect to the `innernet` server via WireGuard, generate a
- new key pair, and register that pair with the server. The private key in the
- invitation file can no longer be used.
- .
- If everything was successful, the new peer is on the network. You can run
- things like
- .
- ```sh
- sudo innernet list
- ```
- .
- or
- .
- ```sh
- sudo innernet list --tree
- ```
- .
- to view the current network and all CIDRs visible to this peer.
- .
- Since we created an admin peer, we can also add new peers and CIDRs from this
- peer via `innernet` instead of having to always run commands on the server.
- .
- ### Adding Associations between CIDRs
- .
- In order for peers from one CIDR to be able to contact peers in another CIDR,
- those two CIDRs must be "associated" with each other.
- .
- With the admin peer we created above, let's add a new CIDR for some theoretical
- CI servers we have.
- .
- ```sh
- sudo innernet add-cidr <interface>
- ```
- .
- The name is `ci-servers` and the CIDR is `10.60.64.0/24`, but for this example
- it can be anything.
- .
- For now, we want peers in the `humans` CIDR to be able to access peers in the
- `ci-servers` CIDR.
- .
- ```sh
- sudo innernet add-association <interface>
- ```
- .
- The CLI will ask you to select the two CIDRs you want to associate. That's all
- it takes to allow peers in two different CIDRs to communicate!
- .
- You can verify the association with
- .
- ```sh
- sudo innernet list-associations <interface>
- ```
- .
- and associations can be deleted with
- .
- ```sh
- sudo innernet delete-associations <interface>
- ```
- .
- ### Enabling/Disabling Peers
- .
- For security reasons, IP addresses cannot be re-used by new peers, and
- therefore peers cannot be deleted. However, they can be disabled. Disabled
- peers will not show up in the list of peers when fetching the config for an
- interface.
- .
- Disable a peer with
- .
- ```su
- sudo innernet disable-peer <interface>
- ```
- .
- Or re-enable a peer with
- .
- ```su
- sudo innernet enable-peer <interface>
- ```
- .
- ### Specifying a Manual Endpoint
- .
- The `innernet` server will try to use the internet endpoint it sees from a peer
- so other peers can connect to that peer as well. This doesn't always work and
- you may want to set an endpoint explicitly. To set an endpoint, use
- .
- ```sh
- sudo innernet override-endpoint <interface>
- ```
- .
- You can go back to automatic endpoint discovery with
- .
- ```sh
- sudo innernet override-endpoint -u <interface>
- ```
- .
- ### Setting the Local WireGuard Listen Port
- .
- If you want to change the port which WireGuard listens on, use
- .
- ```sh
- sudo innernet set-listen-port <interface>
- ```
- .
- or unset the port and use a randomized port with
- .
- ```sh
- sudo innernet set-listen-port -u <interface>
- ```
- .
- ### Remove Network
- .
- To permanently uninstall a created network, use
- .
- ```sh
- sudo innernet-server uninstall <interface>
- ```
- .
- Use with care!
- .
- ## Security recommendations
- .
- If you're running a service on innernet, there are some important security
- considerations.
- .
- ### Enable strict Reverse Path Filtering ([RFC
- 3704](https://tools.ietf.org/html/rfc3704))
- .
- Strict RPF prevents packets from _other_ interfaces from having internal source
- IP addresses. This is _not_ the default on Linux, even though it is the right
- choice for 99.99% of situations. You can enable it by adding the following to a
- `/etc/sysctl.d/60-network-security.conf`:
- .
- ```
- net.ipv4.conf.all.rp_filter=1
- net.ipv4.conf.default.rp_filter=1
- ```
- .
- ### Bind to the WireGuard device
- .
- If possible, to _ensure_ that packets are only ever transmitted over the
- WireGuard interface, it's recommended that you use `SO_BINDTODEVICE` on Linux
- or `IP_BOUND_IF` on macOS/BSDs. If you have strict reverse path filtering,
- though, this is less of a concern.
- .
- ### IP addresses alone often aren't enough authentication
- .
- Even following all the above precautions, rogue applications on a peer's
- machines could be able to make requests on their behalf unless you add extra
- layers of authentication to mitigate this CSRF-type vector.
- .
- It's recommended that you carefully consider this possibility before deciding
- that the source IP is sufficient for your authentication needs on a service.
- .
- ## Installation
- .
- innernet has only officially been tested on Linux and MacOS, but we hope to
- support as many platforms as is feasible!
- .
- ### Runtime Dependencies
- .
- It's assumed that WireGuard is installed on your system, either via the kernel
- module in Linux 5.6 and later, or via the
- [`wireguard-go`](https://git.zx2c4.com/wireguard-go/about/) userspace
- implementation.
- .
- [WireGuard Installation Instructions](https://www.wireguard.com/install/)
- .
- ### Arch Linux
- .
- ```sh
- pacman -S innernet
- ```
- .
- ### Ubuntu
- .
- Fetch the appropriate `.deb` packages from
- https://github.com/tonarino/innernet/releases and install with
- .
- ```sh
- sudo apt install ./innernet*.deb
- ```
- .
- ### macOS
- .
- ```sh
- brew install tonarino/innernet/innernet
- ```
- .
- ### Cargo
- .
- ```sh
- # to install innernet:
- cargo install --git https://github.com/tonarino/innernet --tag v1.5.5 client
- .
- # to install innernet-server:
- cargo install --git https://github.com/tonarino/innernet --tag v1.5.5 server
- ```
- .
- Note that you'll be responsible for updating manually.
- .
- ## Development
- .
- ### `innernet-server` Build dependencies
- .
- - `rustc` / `cargo` (version 1.50.0 or higher)
- - `libclang` (see more info at
- [https://crates.io/crates/clang-sys](https://crates.io/crates/clang-sys))
- - `libsqlite3`
- .
- Build:
- .
- ```sh
- cargo build --release --bin innernet-server
- ```
- .
- The resulting binary will be located at `./target/release/innernet-server`
- .
- ### `innernet` Client CLI Build dependencies
- .
- - `rustc` / `cargo` (version 1.50.0 or higher)
- - `libclang` (see more info at
- [https://crates.io/crates/clang-sys](https://crates.io/crates/clang-sys))
- .
- Build:
- .
- ```sh
- cargo build --release --bin innernet
- ```
- .
- The resulting binary will be located at `./target/release/innernet`
- .
- ### Releases
- .
- 1. Run `cargo release [--dry-run] [minor|major|patch|...]` to automatically
- bump the crates appropriately.
- 2. Create a new git tag (ex. `v0.6.0`).
- 3. Push (with tags) to the repo.
- .
- innernet uses GitHub Actions to automatically produce a debian package for the
- [releases page](https://github.com/tonarino/innernet/releases).
-