From f048d954f6fce23f04d69b6703b58dc1cd0b879e Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Tue, 26 Oct 2021 05:27:59 -0400 Subject: README --- EndoForge/README.md | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/EndoForge/README.md b/EndoForge/README.md index 795441c..2e03084 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md @@ -35,9 +35,17 @@ see `tuntox.git`.) ## WHAT IS A `Forge` -A `Forge` is a "place" where programmers share source code. (Anyone could share -any content, in principle. The point is to track past changes.) The largest -`Forge`, for example, is Microsoft's `GitHub`. +A `Forge` is a "place" where programmers share source code.[1] + +Anyone could share any content, in principle. + +The point is the *revision control system* used track past changes. The `Forge` +is the place that stores all the different past versions of the code in a format +that allows all changes to be undone. Modifying databases of past history is how +multiple programmers collaborate on the same work of source code. + +The largest `Forge` is Microsoft's `GitHub`; but in another sense, the largest +`Forge` is `Wikipedia`. ) Note that a `Forge` is different from a web site. A `Git`-based `Forge` must accept contributions in the `Git-Over-SSH` protocol. That is the convenient and @@ -85,9 +93,11 @@ configuration so that this assumption is reversed. Access is opened to unknown users. Anonymous users are forced to run the command `~/.ssh/AnonymousAccessCommand` -upon login, instead of whatever command they select for themselves. The user can -choose or configure their `AnonymousAccessCommand` to provide sandboxing, or to -implement a user authentication scheme in some flexible way. +upon login, instead of whatever command they select for themselves. Each system +user can choose or configure their own `AnonymousAccessCommand` file. The +command must force the anonymous user into some kind of sandbox, or implement a +user authentication scheme in some way, or else the user account will become +insecure. `EndoForge` installs a `~/.ssh/AnonymousAccessCommand` that allows anonymous users to run the `Git` protocol commands (`git-receive-pack`, etc.) to access @@ -99,17 +109,14 @@ INSTALLATION Run: ``` - make install + sudo make install ``` -This installs the `AnonymousAccessCommand` in the current user's home directory -(under `$HOME/.ssh`). - -Then, if sudo access is available, it enables anonymous access by editing the -system `OpenSSH` configuration. This allows any user to listen for `SSH` -connections via the file `$HOME/.ssh/AnonymousAccessCommand`. +This installs `EndoForge` to the system, and installs `AnonymousAccessCommand` +in the current user's home directory (under `$HOME/.ssh`). If you don't want +to install that file, use `sudo make install NO_USER_COMMAND=y`. -Finally, the command to enable public access to the `Self-Forge` may be run: +The command to enable public access to the `Self-Forge` may be run: Run: ``` @@ -128,6 +135,16 @@ To disable public access to the repository, run: git config core.self-forge false ``` +To uninstall: [run `make -n uninstall` to get this doc section] + +``` + sudo rm -f /etc/ssh/sshd_config.d/anonymous-access.conf \ + /usr/lib/ssh/AuthorizedKeysCommand \ + /etc/ssh/AuthorizedKeysCommand + systemctl restart sshd +``` + + NON-ROOT INSTALLATION --------------------- -- cgit v1.2.3