diff options
Diffstat (limited to 'EndoForge/README.md')
-rw-r--r-- | EndoForge/README.md | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/EndoForge/README.md b/EndoForge/README.md new file mode 100644 index 0000000..9c22bf3 --- /dev/null +++ b/EndoForge/README.md | |||
@@ -0,0 +1,102 @@ | |||
1 | EndoForge | ||
2 | --------- | ||
3 | Convert a Git repository into a Forge by merging this repository. | ||
4 | |||
5 | |||
6 | |||
7 | |||
8 | |||
9 | |||
10 | WHAT IT DOES | ||
11 | ------------ | ||
12 | |||
13 | This repository contains the code to share itself (the repository) | ||
14 | through Git-over-SSH. | ||
15 | |||
16 | It also contains the code to listen for changes sent to itself through | ||
17 | Git-over-SSH. | ||
18 | |||
19 | |||
20 | |||
21 | |||
22 | |||
23 | |||
24 | HOW IT WORKS | ||
25 | ------------ | ||
26 | |||
27 | Git contains a program `git-receive-pack` which implements a git | ||
28 | protocol server. The `git-receive-pack` expects to be launched as an SSH | ||
29 | server "ForcedCommand" in a configuration that protects the server from | ||
30 | untrustworthy users. | ||
31 | |||
32 | Normally, the SSH server only permits users who have already uploaded | ||
33 | their public keys to the server. It assumes that access should be closed | ||
34 | to new users. | ||
35 | |||
36 | Installing this code reverses that assumption, granting open access to | ||
37 | unrecognized users. This is made safe by limiting write access to a | ||
38 | GIT_NAMESPACE over which the user proves global mathematical ownership with | ||
39 | their SSH client key. This means that the user cannot overwrite anyone else's | ||
40 | data. | ||
41 | |||
42 | The user's uploaded data is still saved and is ready to be be merged into the | ||
43 | main repository manually, or even automatically. | ||
44 | |||
45 | |||
46 | |||
47 | |||
48 | |||
49 | HOW TO INSTALL | ||
50 | -------------- | ||
51 | |||
52 | Run: | ||
53 | ``` | ||
54 | make install | ||
55 | ``` | ||
56 | |||
57 | This installs the `AnonymousAccessCommand` in the current user's home | ||
58 | directory. | ||
59 | |||
60 | Then, if sudo access is available, it enables anonymous access by | ||
61 | editing the system `OpenSSH` configuration. | ||
62 | |||
63 | |||
64 | |||
65 | |||
66 | |||
67 | |||
68 | NON-ROOT INSTALLATION | ||
69 | --------------------- | ||
70 | |||
71 | If sudo access is not available, you can install to a different | ||
72 | location: | ||
73 | |||
74 | ``` | ||
75 | make SSH_CONFIG_DIR=.config/ssh \ | ||
76 | SSHD_CONFIG_DIR=.config/ssh/config.d \ | ||
77 | SSH_LIB_DIR=.local/lib/ssh \ | ||
78 | install | ||
79 | ``` | ||
80 | |||
81 | Then you will need to run `OpenSSH` on a non-default port (the default | ||
82 | port requires root access). | ||
83 | |||
84 | |||
85 | |||
86 | |||
87 | |||
88 | |||
89 | ALTERNATIVE LOCATION OF `AnonymousAccessCommand` | ||
90 | ------------------------------------------------ | ||
91 | |||
92 | It is also possible to choose the location of the | ||
93 | `AnonymousAccessCommand` itself: | ||
94 | |||
95 | ``` | ||
96 | make USER_SSH_CONFIG_DIR=$HOME/.config/ssh \ | ||
97 | install | ||
98 | ``` | ||
99 | |||
100 | First you would have to make the contents of the installed file | ||
101 | `AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by | ||
102 | editing `Makefile`. | ||