includes:
- identd.user => /usr/local/etc/identd.user
- irssi config: irssi/config => ~/.irssi/config
- Weechat FAQA
- Config Guide
- Weechat on OSX
- More info on Freenode, SSL & SASL
- Installing curl-ca-bundle on OSX (some sources say curl-ca-bundle isn't necessary anymore on OSX)
Weechat's sec.conf should not be stored in the repo. Use /secure ... command to add to weechat's secure config. These options can be accessed within other *.conf files using "${irc.config.key}"
You'll need the following configuration changes ... on second thought, just read Aaron Frank's post on Weechat Config in OSX. And refer to this post on IRC, Freenode, SSL & SASL if you need more infoz.
You'll need to connect to an SSL port on your IRC server and not port 6667.
I'm kind of frustrated that I'm expected to use older versions of TLS/SSL & that I'm expected to use %COMPAT, which may allow downgrade attacks. All in all though, at least using SSL and SASL makes it quite a bit harder to manipulate traffic.
This reference provides more info on SSL Priority Strings.
# This command should not require %COMPAT
# - it allows server client to renegotiate TLS connection details!
/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT"
# This is what i'd prefer to use
/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3"
On OSX configuration, you need to download a certificate authority PEM file. A freely available file is here. This will need to be added to your system. The default location is /etc/ssl/certs/ca-certificates.crt, but this file does not exist on OSX. You'll need to add the PEM file you downloaded to your system.
You can choose an alternative location for a PEM file with the following Weechat config command.
/set weechat.network.gnutls_ca_file "/etc/ssl/certs/ca-certificates.crt"
SASL should be used for additional security. I'll update this when I've configured it for weechat.
Linking irssi configuration:
mkdir ~/.irssicd !$lns $DF/irc/irssi/config configlns $DF/irc/scripts scripts
Adding an IRC Server:
irssito open irssi/network add Freenode/server add -auto -ssl -ssl_verify -network Freenode chat.freenode.net 6667
Put commands into ~/.irssi/startup file, each command on its own line. The preceding slash (/) is not necessary.
It's like emacs all over again lol
The 2 most important commands:
/help/help [command]
Irssi can be configured with any key binding that the terminal forwards to the process.
- M-1 - M-0:
/window goto [1-10] - M-q - M-p:
/window goto [11-20]
- these are perl scripts downloaded into
$HOME/.irssi/scripts/ - to autorun a script when irssi starts -
cd $HOME/.irssi/scripts/autorun && ln -sv ../[script].pl
- cap_sasl.pl script
- irssi & SASL config at Freenode
- irssi & SASL install guide
- irssi & SASL on OSX
- another irssi & SASL install guide
- another cap_sasl.pl script with DH-AES. hmmmm
Configuring cap_sasl.pl
cap_sasl should already be in the repo and configured after the irssi conf is linked (shown above) - but if not, here's the process:
- Installing dependencies from CPAN
- I used pivotal-sprout, but my OSX 10.8 has perl 5.12.4.
- Go here for issues installing perl.
brew install cpanminus- Install cpanmbrew install gmp- resolves dependency for Math::BigInt::GMPcpanm Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt Math::BigInt::FastCalc Math::BigInt::GMP- Install required crypto modulescpanmmay needsudoon OSX.
- Linking cap_sasl.pl:
cd $HOME/.irssi/scriptswget http://www.freenode.net/sasl/cap_sasl.plcd autorunln -sv ../cap_sasl.pl
- Configuring SASL Auth
- Open irssi
/sasl set [network] [user] [pass] [mechanism]- network =~ chat.freenode.net
- mechanism =~ PLAIN or DH-BLOWFISH (extra config required for DH-AES)
/sasl save- saves to $HOME/.irssi/sasl.auth - not in source control!
not really sure if i'll need ident.d config right now
installed identd via brew from: https://github.com/alexbarton/homebrew-alex/blob/master/identd.rb
identd provides "authentication" for IRC and is easily spoofed. the main reason it exists is to .. well nevermind.