【IPFS】(一) 部署环境

IPFS是什么

IPFS(InterPlanetary File System)是一个内容寻址、版本化、点对点的分布式文件系统。

• 内容寻址 - 文件不是以URL寻址，而是根据文件内容的Hash值寻址，一旦内容确定，文件地址也就确定
• 版本化 - 类似于git，可以跟踪文件的历史变化情况
• 点对点 - 所有运行ipfs的设备点对点组成一个去中心化网络

安装启动IPFS

bin包安装

在官方网站下载对应平台的安装包，本文使用linux-64位版本

或直接使用网址下载

> wget https://dist.ipfs.io/go-ipfs/v0.4.15/go-ipfs_v0.4.15_linux-amd64.tar.gz

解压安装包，将可执行文件放在环境变量目录

> tar xvfz go-ipfs_v0.4.15_linux-amd64.tar.gz
> mv ipfs /usr/local/bin/

初始化ipfs节点

> ipfs init
initializing ipfs node at /root/.go-ipfs
generating 2048-bit RSA keypair...done
peer identity: QmQQ5t88W44Je5WgvmgpV1xSZTg1y5UXdYFHcQQ7EayxwR
to get started, enter:

  ipfs cat /ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme

根据提示，检查安装状态

> ipfs cat /ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
Hello and Welcome to IPFS!

██╗██████╗ ███████╗███████╗
██║██╔══██╗██╔════╝██╔════╝
██║██████╔╝█████╗  ███████╗
██║██╔═══╝ ██╔══╝  ╚════██║
██║██║     ██║     ███████║
╚═╝╚═╝     ╚═╝     ╚══════╝

If you're seeing this, you have successfully installed
IPFS and are now interfacing with the ipfs merkledag!

 -------------------------------------------------------
| Warning:                                              |
|   This is alpha software. use at your own discretion! |
|   Much is missing or lacking polish. There are bugs.  |
|   Not yet secure. Read the security notes for more.   |
 -------------------------------------------------------

Check out some of the other files in this directory:

  ./about
  ./help
  ./quick-start     <-- usage examples
  ./readme          <-- this file
  ./security-notes

前面完成了ipfs节点的配置，接下来就是启动ipfs守护进程，可以在另一个终端启动，也可以在本终端加上＆后台启动

> ipfs daemon
Initializing daemon...
Successfully raised file descriptor limit to 2048.
Swarm listening on /ip4/127.0.0.1/tcp/4001
Swarm listening on /ip4/172.17.0.1/tcp/4001
Swarm listening on /ip4/172.22.16.1/tcp/4001
Swarm listening on /ip4/192.168.0.116/tcp/4001
Swarm listening on /ip4/192.168.122.1/tcp/4001
Swarm listening on /ip6/::1/tcp/4001
Swarm listening on /p2p-circuit/ipfs/QmQQ5t88W44Je5WgvmgpV1xSZTg1y5UXdYFHcQQ7EayxwR
Swarm announcing /ip4/10.103.255.235/tcp/48240
Swarm announcing /ip4/127.0.0.1/tcp/4001
Swarm announcing /ip4/172.17.0.1/tcp/4001
Swarm announcing /ip4/172.22.16.1/tcp/4001
Swarm announcing /ip4/192.168.0.116/tcp/4001
Swarm announcing /ip4/192.168.122.1/tcp/4001
Swarm announcing /ip6/::1/tcp/4001
API server listening on /ip4/127.0.0.1/tcp/5001
Gateway (readonly) server listening on /ip4/127.0.0.1/tcp/8080
Daemon is ready

在另一个终端输入以下命令确保连接进ipfs网络

> ipfs swarm peers
/ip4/103.214.109.178/tcp/4001/ipfs/QmfZeNauweuRYWNXMjPhB4Tu2CPU6aD5eide9PEhVtHP6A
/ip4/104.131.131.82/tcp/4001/ipfs/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ
/ip4/104.223.59.174/tcp/4001/ipfs/QmeWdgoZezpdHz1PX8Ly8AeDQahFkBNtHn6qKeNtWP1jB6
/ip4/104.233.106.156/tcp/4001/ipfs/QmSaLHB9dK7UphxcSWSdySVQyayux2yVMUELnAN8VV96x2
/ip4/106.38.77.82/tcp/49777/ipfs/QmfT3BCVYjLiVVB197mR1P4uhdR7zsKZsE7HLzCV1qSbHJ
/ip4/107.172.55.210/tcp/4001/ipfs/QmcYfPreozdQMKyo5omUhvTShCKRjdeiQhS7328J7CLLXe
/ip4/109.129.112.32/tcp/56478/ipfs/QmRYXX6mvvQQWR1kB1pC5c5dbcwASqyoQ6sjxH2czzPNBs
......

到现在，已经可以从ipfs网络中获取文件了,以一个官方图片为例

>　ipfs cat /ipfs/QmW2WQi7j6c7UgJTarActp7tDNikE4B2qXtFCfLPdsgaTQ/cat.jpg  >　cat.jpg

那么将在本目录下得到一张猫的图片

另外，可以在浏览器中访问http://localhost:5001/webui来使用ipfs的控制台

扫描二维码关注公众号，回复： 2182205 查看本文章

使用add将一个文件添加到ipfs网络(可以被其他节点访问到)

> cat 187J3X1.txt 
Hello!187J3X1!
> ipfs add 187J3X1.txt 
added QmRTxTkdXeUmG9GxJBA7B8Ad8hticjNwkucCY96mkzusXj 187J3X1.txt

文件要能被网络中所有节点访问需要一定时间，在某个运行ipfs的节点，使用get命令可以获取到本文件

>　ipfs get QmRTxTkdXeUmG9GxJBA7B8Ad8hticjNwkucCY96mkzusXj

更多命令可查看帮助信息

> ipfs --help 

源码安装

可以从Github下载源码，自行编译安装

文件位置

ipfs的本地存储空间在~/.ipfs，所有ipfs自身的文件和本地添加到ipfs网络的文件都存放在此目录

>　ls /.ipfs
api  blocks  config  datastore  datastore_spec  keystore  repo.lock  version

从此目录下这里可以找到刚才添加的文件

 grep -rn "187J3X1"
Binary file blocks/ZF/CIQIXJZ7NCVBEU67XHWSTICDNGNRD2SIAE33W4SSDI6LZTE4PLRSZFA.data matches
Binary file blocks/5S/CIQOJUCPXTM6MSA25EB4W42PUHB4LVK3FNOFFYLZVGOROOQ2MFKE5SI.data matches

使用GPG完成私密文件分享

在ipfs文件系统中，只要知道文件的Hash，就可以从节点获取文件。所以ipfs天生缺乏隐私性，加入需要分享私密的文件给别人。通常的做法是分享者将文件用接收者的公钥加密，接收者从ipfs网络下载后用私钥解密。GPG可以完成加解密的功能。

GPG同样可以使用bin包安装或源码安装

bin包安装

以ubuntu 为例

>　sudo apt-get install gnupg

源码安装

(TODO)

密钥生成

接收者使用gen-key生成密钥对

> gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

加密方案使用默认RSA就行

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 

密钥长度依然选择默认

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 

设置密钥过期时间，选择永远不过期

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

输入秘钥创建者一些信息

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <[email protected]>"

Real name: chenmo
Email address: 13688368470@163.com
Comment: 
You selected this USER-ID:
    "chenmo <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? 

创建私钥密码(非常重要)

You need a Passphrase to protect your secret key.
Enter passphrase:
Repeat passphrase: 

接下来，程序将开始生成密钥，为了使生成过程使用的随机数更加随机，你可以采用敲键盘、移动鼠标等方式增加随机数的随机特性。

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
f
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 186 more bytes)

本机生成的秘钥对可以用--list-keys命令查看

gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/F0AA19A1 2018-07-08
uid                  chenmo <[email protected]>
sub   2048R/54C6ABC4 2018-07-08

其中的F0AA19A1就是公钥id, 54C6ABC4是私钥id

可以使用armor命令将秘钥导出为filename文件

gpg --armor --output [filename] --export [密钥id]

密钥分享

接收者需要告诉发送者自己的公钥，以便发送者加密。这可以通过公钥服务器完成。本文使用
hkp://pgp.mit.edu

>　gpg --send-keys [公钥id] --keyserver hkp://pgp.mit.edu
gpg: "--keyserver" not a key ID: skipping
gpg: "hkp://pgp.mit.edu" not a key ID: skipping
gpg: sending key [公钥id] to hkp server keys.gnupg.net

发送方搜索该密钥

> gpg --keyserver hkp://pgp.mit.edu -search-keys [公钥id]

加密文件

发送方加密待分享的文件ipfs_demo.txt

> cat ipfs_demo.txt
This file is just for test --- 187J3X1
>　gpg --encrypt --recipient [公钥id] ipfs_demo.txt 

将加密后的文件ipfs_demo.txt.gpg 添加到ipfs网络中

>　ipfs add ipfs_demo.txt.gpg 
added QmbvjL7BnCpUgzrJj2E2QkhqRBJeWKmo1TCfpMmKEQMYYc ipfs_demo.txt.gpg

解密文件

接收方获取文件

>ipfs get QmQRLCz3c6BwtkcACxwwraDX62g4ZAS7fQmrn3Y3rJh1xN
Saving file(s) to QmQRLCz3c6BwtkcACxwwraDX62g4ZAS7fQmrn3Y3rJh1xN
 24 B / 24 B [======================================================] 100.00% 0s

该操作可能会有一定时间延时，也可通过网页访问文件地址来接收文件

接下来用私钥解密出原文件

gpg --decrypt QmbvjL7BnCpUgzrJj2E2QkhqRBJeWKmo1TCfpMmKEQMYYc > ipfs_demo.txt

You need a passphrase to unlock the secret key for
user: "chenmo <[email protected]>"
2048-bit RSA key, ID 54C6ABC4, created 2018-07-08 (main key ID F0AA19A1)

gpg: encrypted with 2048-bit RSA key, ID 54C6ABC4, created 2018-07-08
      "chenmo <[email protected]>"
> cat ipfs_demo.txt 
This file is just for test --- 187J3X1