diff options
Diffstat (limited to 'EndoForge')
-rw-r--r-- | EndoForge/Makefile | 40 | ||||
-rw-r--r-- | EndoForge/README.md | 102 | ||||
-rwxr-xr-x | EndoForge/src/AnonymousAccessCommand | 126 | ||||
-rwxr-xr-x | EndoForge/src/AuthorizedKeysCommand | 15 | ||||
-rw-r--r-- | EndoForge/src/anonymous-access.conf | 10 | ||||
-rw-r--r-- | EndoForge/test/Makefile | 38 | ||||
-rw-r--r-- | EndoForge/test/tests.sh | 66 |
7 files changed, 397 insertions, 0 deletions
diff --git a/EndoForge/Makefile b/EndoForge/Makefile new file mode 100644 index 0000000..2501da9 --- /dev/null +++ b/EndoForge/Makefile | |||
@@ -0,0 +1,40 @@ | |||
1 | ifeq ($(shell id -u),0) | ||
2 | SUDO = | ||
3 | else | ||
4 | SUDO = sudo | ||
5 | endif | ||
6 | |||
7 | ROOT_INSTALL = $(SUDO) install | ||
8 | |||
9 | USER != echo "$${SUDO_USER:-$$(id -un)}" | ||
10 | |||
11 | SSH_CONFIG_DIR = /etc/ssh | ||
12 | SSHD_CONFIG_DIR = $(SSH_CONFIG_DIR)/sshd_config.d | ||
13 | SSH_LIB_DIR = /usr/lib/ssh | ||
14 | USER_SSH_CONFIG_DIR = ~$(USER)/.ssh | ||
15 | |||
16 | BROWSER != 2>/dev/null which xdg-open || which w3m || which links || which elinks | ||
17 | |||
18 | .PHONY: install shared doc test | ||
19 | |||
20 | doc: README.html | ||
21 | $(BROWSER) $< | ||
22 | |||
23 | shared: install | ||
24 | git config core.self-forge true | ||
25 | |||
26 | SRC = src | ||
27 | SOURCES = $(addprefix $(SRC), AnonymousAccessCommand anonymous-access.conf AuthorizedKeysCommand) | ||
28 | |||
29 | install: | ||
30 | install -t $(USER_SSH_CONFIG_DIR) $(SRC)/AnonymousAccessCommand | ||
31 | $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true | ||
32 | $(ROOT_INSTALL) -m0644 -t "$(SSHD_CONFIG_DIR)" $(SRC)/anonymous-access.conf || true | ||
33 | $(ROOT_INSTALL) -t "$(SSH_LIB_DIR)" $(SRC)/AuthorizedKeysCommand || true | ||
34 | [ -e "$(SSH_LIB_DIR)"/AuthorizedKeysCommand ] || $(SUDO) ln -s -t /etc/ssh "$(SSH_LIB_DIR)"/AuthorizedKeysCommand | ||
35 | |||
36 | README.html: README.md | ||
37 | pandoc -t html $< > $@ | ||
38 | |||
39 | test: | ||
40 | make -C test | ||
diff --git a/EndoForge/README.md b/EndoForge/README.md new file mode 100644 index 0000000..9c22bf3 --- /dev/null +++ b/EndoForge/README.md | |||
@@ -0,0 +1,102 @@ | |||
1 | EndoForge | ||
2 | --------- | ||
3 | Convert a Git repository into a Forge by merging this repository. | ||
4 | |||
5 | |||
6 | |||
7 | |||
8 | |||
9 | |||
10 | WHAT IT DOES | ||
11 | ------------ | ||
12 | |||
13 | This repository contains the code to share itself (the repository) | ||
14 | through Git-over-SSH. | ||
15 | |||
16 | It also contains the code to listen for changes sent to itself through | ||
17 | Git-over-SSH. | ||
18 | |||
19 | |||
20 | |||
21 | |||
22 | |||
23 | |||
24 | HOW IT WORKS | ||
25 | ------------ | ||
26 | |||
27 | Git contains a program `git-receive-pack` which implements a git | ||
28 | protocol server. The `git-receive-pack` expects to be launched as an SSH | ||
29 | server "ForcedCommand" in a configuration that protects the server from | ||
30 | untrustworthy users. | ||
31 | |||
32 | Normally, the SSH server only permits users who have already uploaded | ||
33 | their public keys to the server. It assumes that access should be closed | ||
34 | to new users. | ||
35 | |||
36 | Installing this code reverses that assumption, granting open access to | ||
37 | unrecognized users. This is made safe by limiting write access to a | ||
38 | GIT_NAMESPACE over which the user proves global mathematical ownership with | ||
39 | their SSH client key. This means that the user cannot overwrite anyone else's | ||
40 | data. | ||
41 | |||
42 | The user's uploaded data is still saved and is ready to be be merged into the | ||
43 | main repository manually, or even automatically. | ||
44 | |||
45 | |||
46 | |||
47 | |||
48 | |||
49 | HOW TO INSTALL | ||
50 | -------------- | ||
51 | |||
52 | Run: | ||
53 | ``` | ||
54 | make install | ||
55 | ``` | ||
56 | |||
57 | This installs the `AnonymousAccessCommand` in the current user's home | ||
58 | directory. | ||
59 | |||
60 | Then, if sudo access is available, it enables anonymous access by | ||
61 | editing the system `OpenSSH` configuration. | ||
62 | |||
63 | |||
64 | |||
65 | |||
66 | |||
67 | |||
68 | NON-ROOT INSTALLATION | ||
69 | --------------------- | ||
70 | |||
71 | If sudo access is not available, you can install to a different | ||
72 | location: | ||
73 | |||
74 | ``` | ||
75 | make SSH_CONFIG_DIR=.config/ssh \ | ||
76 | SSHD_CONFIG_DIR=.config/ssh/config.d \ | ||
77 | SSH_LIB_DIR=.local/lib/ssh \ | ||
78 | install | ||
79 | ``` | ||
80 | |||
81 | Then you will need to run `OpenSSH` on a non-default port (the default | ||
82 | port requires root access). | ||
83 | |||
84 | |||
85 | |||
86 | |||
87 | |||
88 | |||
89 | ALTERNATIVE LOCATION OF `AnonymousAccessCommand` | ||
90 | ------------------------------------------------ | ||
91 | |||
92 | It is also possible to choose the location of the | ||
93 | `AnonymousAccessCommand` itself: | ||
94 | |||
95 | ``` | ||
96 | make USER_SSH_CONFIG_DIR=$HOME/.config/ssh \ | ||
97 | install | ||
98 | ``` | ||
99 | |||
100 | First you would have to make the contents of the installed file | ||
101 | `AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by | ||
102 | editing `Makefile`. | ||
diff --git a/EndoForge/src/AnonymousAccessCommand b/EndoForge/src/AnonymousAccessCommand new file mode 100755 index 0000000..443d25e --- /dev/null +++ b/EndoForge/src/AnonymousAccessCommand | |||
@@ -0,0 +1,126 @@ | |||
1 | #!/bin/sh | ||
2 | default_msg() | ||
3 | { | ||
4 | sshfpline="$(get_sshfp_authline ${SSH_CLIENT%% *})" | ||
5 | cat <<EOF >&2 | ||
6 | |||
7 | You are: | ||
8 | |||
9 | $authline | ||
10 | $sshfpline | ||
11 | |||
12 | EOF | ||
13 | } | ||
14 | |||
15 | get_sshfp_authline() | ||
16 | { | ||
17 | ( | ||
18 | r=${1:-.} | ||
19 | key=$(mktemp) || exit | ||
20 | trap 'rm -rf "$key"' EXIT | ||
21 | echo "$authline" > "$key" | ||
22 | get_sshfp "$key" "$r" | ||
23 | ) | ||
24 | } | ||
25 | |||
26 | get_sshfp() | ||
27 | { | ||
28 | ( | ||
29 | key="$1" | ||
30 | r="${2:-.}" | ||
31 | dns=$(mktemp) || exit | ||
32 | trap 'rm -rf "$dns"' EXIT | ||
33 | |||
34 | ssh-keygen -r "$r" -f "$key" > "$dns" | ||
35 | exec < "$dns" | ||
36 | while read line | ||
37 | do | ||
38 | set -- $line | ||
39 | if [ "$3 $5" = "SSHFP 2" ] | ||
40 | then | ||
41 | echo "$line" | ||
42 | break | ||
43 | fi | ||
44 | done | ||
45 | ) | ||
46 | } | ||
47 | |||
48 | ssh_client_fingerprint_base16() | ||
49 | { | ||
50 | set -- $(get_sshfp_authline) | ||
51 | [ "$6" ] | ||
52 | echo $6 | ||
53 | } | ||
54 | |||
55 | check_if_self_forge() | ||
56 | { | ||
57 | # TODO: don't use description, but something else. | ||
58 | local dir="$1" | ||
59 | [ -d "$dir" ] || exit | ||
60 | [ -r "$dir"/description ] || exit | ||
61 | read description < "$dir"/description | ||
62 | if [ "$description" != self-forge ] && [ "$(GIT_DIR=$dir git config core.self-forge)" != true ] | ||
63 | then | ||
64 | echo 'Error: access denied. The specified directory is not a self-forge.' >&2 | ||
65 | exit | ||
66 | fi | ||
67 | } | ||
68 | |||
69 | read authtype authline < "$SSH_USER_AUTH" || exit | ||
70 | [ "$authtype" = publickey ] || exit | ||
71 | |||
72 | cmd=${SSH_ORIGINAL_COMMAND%% *} | ||
73 | |||
74 | case "$cmd" in | ||
75 | git-send-pack | git-upload-pack) | ||
76 | GIT_NAMESPACE= | ||
77 | ;; | ||
78 | git-receive-pack) | ||
79 | export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" | ||
80 | [ "$GIT_NAMESPACE" ] || exit | ||
81 | ;; | ||
82 | *) | ||
83 | default_msg | ||
84 | exit | ||
85 | ;; | ||
86 | esac | ||
87 | |||
88 | arg=${SSH_ORIGINAL_COMMAND#* } | ||
89 | arg=${arg%\'} | ||
90 | arg=${arg#\'} | ||
91 | case "$arg" in | ||
92 | *\'*) exit ;; | ||
93 | *.git) ;; | ||
94 | *) arg=$arg/.git ;; | ||
95 | esac | ||
96 | |||
97 | dir=$(readlink -e "$arg") || exit | ||
98 | |||
99 | check_if_self_forge "$dir" | ||
100 | |||
101 | with_allowCurrentBranch() | ||
102 | { | ||
103 | local cmd="$1" dir="$2" | ||
104 | ( | ||
105 | set -eC | ||
106 | lockfile=$GIT_DIR/index.lock | ||
107 | echo $$ > "$lockfile" | ||
108 | trap 'rm -f "$lockfile"' EXIT | ||
109 | |||
110 | # This doesn't seem very secure. Need to patch git probably. | ||
111 | for deny in CurrentBranch # DeleteCurrent | ||
112 | do git config receive.deny$deny false | ||
113 | done | ||
114 | "$@" | ||
115 | for deny in CurrentBranch # DeleteCurrent | ||
116 | do git config receive.deny$deny true | ||
117 | done | ||
118 | ) | ||
119 | } | ||
120 | |||
121 | if [ "$GIT_NAMESPACE" ] | ||
122 | then | ||
123 | GIT_DIR=$dir with_allowCurrentBranch "$cmd" "$dir" | ||
124 | else | ||
125 | "$cmd" "$dir" | ||
126 | fi | ||
diff --git a/EndoForge/src/AuthorizedKeysCommand b/EndoForge/src/AuthorizedKeysCommand new file mode 100755 index 0000000..6e13063 --- /dev/null +++ b/EndoForge/src/AuthorizedKeysCommand | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/bin/sh | ||
2 | username=$1 | ||
3 | userhome=$2 | ||
4 | fingerprint=$3 | ||
5 | authline="$4 $5" | ||
6 | |||
7 | case "$userhome" in | ||
8 | *'"'*) exit ;; | ||
9 | esac | ||
10 | |||
11 | usercommand=$userhome/.ssh/AnonymousAccessCommand | ||
12 | |||
13 | [ -x "$usercommand" ] || exit | ||
14 | |||
15 | printf 'command="%s",no-port-forwarding %s\n' "$usercommand $fingerprint" "$authline" | ||
diff --git a/EndoForge/src/anonymous-access.conf b/EndoForge/src/anonymous-access.conf new file mode 100644 index 0000000..5cd6b6a --- /dev/null +++ b/EndoForge/src/anonymous-access.conf | |||
@@ -0,0 +1,10 @@ | |||
1 | ExposeAuthInfo=yes | ||
2 | AuthorizedKeysCommandUser=root | ||
3 | AuthorizedKeysCommand=/etc/ssh/AuthorizedKeysCommand %u %h %f "%t %k" | ||
4 | |||
5 | # %u The username. | ||
6 | # %h The home directory of the user. | ||
7 | # %f The fingerprint of the key or certificate. | ||
8 | # %t The key or certificate type. | ||
9 | # %k The base64-encoded key or certificate for authentication. | ||
10 | |||
diff --git a/EndoForge/test/Makefile b/EndoForge/test/Makefile new file mode 100644 index 0000000..3bc1a66 --- /dev/null +++ b/EndoForge/test/Makefile | |||
@@ -0,0 +1,38 @@ | |||
1 | .DEFAULT_GOAL = test | ||
2 | |||
3 | include ../Makefile | ||
4 | |||
5 | testuser = testuser | ||
6 | |||
7 | SU = $(SUDO) su | ||
8 | |||
9 | .PHONY: test useradd cleanuser | ||
10 | |||
11 | useradd: | ||
12 | $(SUDO) useradd $(testuser) --shell /bin/bash --create-home | ||
13 | $(SU) - $(testuser) -c 'ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""' | ||
14 | $(SU) - $(testuser) -c 'git config --global user.name $(testuser)' | ||
15 | $(SU) - $(testuser) -c 'git config --global user.email $(testuser)' | ||
16 | |||
17 | test: $(shell getent passwd $(testuser) >/dev/null || echo useradd) | ||
18 | $(ROOT_INSTALL) -t ~$(testuser) tests.sh | ||
19 | $(SU) - $(testuser) -c ./tests.sh | ||
20 | |||
21 | ifeq ($(testuser),) | ||
22 | $(error testuser not defined) | ||
23 | endif | ||
24 | cleanuser_command = $(SUDO) rm -I -r ~$(testuser) | ||
25 | |||
26 | cleanuser: | ||
27 | : Preparing to run destructive command: | ||
28 | : | ||
29 | : | ||
30 | : $(cleanuser_command) | ||
31 | : | ||
32 | : | ||
33 | : Press ctrl-c to abort. | ||
34 | : | ||
35 | @for n in 5 4 3 2 1; do printf ' %d\r' "$$n"; sleep 1; done | ||
36 | $(cleanuser_command) || true | ||
37 | $(SUDO) userdel testuser || true | ||
38 | |||
diff --git a/EndoForge/test/tests.sh b/EndoForge/test/tests.sh new file mode 100644 index 0000000..37f819f --- /dev/null +++ b/EndoForge/test/tests.sh | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/bin/sh | ||
2 | set -ex | ||
3 | USER=u | ||
4 | DIR=src/anonymous-ssh | ||
5 | HOST=localhost | ||
6 | SSH_ID=~/.ssh/id_ed25519 | ||
7 | |||
8 | get_sshfp() | ||
9 | { | ||
10 | ( | ||
11 | key="$1" | ||
12 | r="${2:-.}" | ||
13 | dns=$(mktemp) || exit | ||
14 | trap 'rm -rf "$dns"' EXIT | ||
15 | |||
16 | ssh-keygen -r "$r" -f "$key" > "$dns" | ||
17 | exec < "$dns" | ||
18 | while read line | ||
19 | do | ||
20 | set -- $line | ||
21 | if [ "$3 $5" = "SSHFP 2" ] | ||
22 | then | ||
23 | echo "$line" | ||
24 | break | ||
25 | fi | ||
26 | done | ||
27 | ) | ||
28 | } | ||
29 | |||
30 | make_test_commit() | ||
31 | { | ||
32 | newfile=newfile.$(date -Ins|tr -d :) | ||
33 | touch "$newfile" | ||
34 | git add "$newfile" | ||
35 | git commit -m "$newfile" | ||
36 | } | ||
37 | |||
38 | [ -e "$SSH_ID" ] || ssh-keygen -t ed25519 -f "$SSH_ID" -P '' | ||
39 | |||
40 | git_namespace=$(set -- $(get_sshfp "$SSH_ID") && echo $6) | ||
41 | |||
42 | ssh -o NoHostAuthenticationForLocalhost=yes $USER@$HOST -- test || true | ||
43 | [ ! -e anonymous-ssh ] || rm -rf anonymous-ssh | ||
44 | export GIT_SSH_COMMAND="ssh -o NoHostAuthenticationForLocalhost=yes -i $SSH_ID" | ||
45 | git clone -v ${USER}@${HOST}:${DIR} | ||
46 | cd anonymous-ssh | ||
47 | |||
48 | make install | ||
49 | |||
50 | git pull --ff-only | ||
51 | make_test_commit | ||
52 | git push -f | ||
53 | make_test_commit | ||
54 | git push | ||
55 | git log -n4 | ||
56 | git pull --ff-only | ||
57 | git log -n4 | ||
58 | git push | ||
59 | |||
60 | # branch=$(git branch -q --show-current) | ||
61 | # forkname=origin-myfork | ||
62 | # ns_branch=refs/namespaces/$git_namespace/refs/heads/$branch | ||
63 | # git remote add -m "$ns_branch" "$forkname" $(git remote get-url origin) | ||
64 | # git push "$forkname" | ||
65 | # git pull "$forkname" --ff-only "$branch" | ||
66 | exit | ||