EndoForge =================== ### A `Self-Forge` Convert any Git repository into a `Self-Forge` with a simple setting change. Install `EndoForge`: ``` make install ``` Enable access to repository: ``` git config core.self-forge true ``` ## WHAT IS A `Self-Forge` A `Self-Forge` is a `Git` repository that allows anonymous contribution directly through the `Git-Over-SSH` protocol. Each contributor is directly validated with `OpenSSH` cryptography. A `Self-Forge` relieves the owner of the repository and the repository's other contributors from all needing to share a common "hub" `Forge` before the owner can accept a contribution. Instead, users need only `IP` connectivity to the machine containing the repository. The contributions are stored in namespaces according to the public keys of the contributors. This prevents collisions. The contributions are cryptographically validated, which allows consensus mechanisms to be implemented in git `post-receive` hooks to synchronize the repositories, or just automate their distribution along standardized channels. (It is also possible to do _without_ `IP` connectivity using `DHT` connectivity; see `tuntox.git`.) ## WHAT IS A `Forge` A `Forge` is a network "hub" that provides storage and hosting for version control repository databases. The largest `Forge` is Microsoft's `GitHub`. A `Forge` is the "place" where programmers share their source code with one another. The point is the *revision control system* used track past changes. The `Forge` stores all the different past versions of the code in a format that allows all changes to be inspected and undone. Modifying these databases of all past history is how multiple programmers collaborate on the same work of source code. (Such databases were the first blockchains.) The largest `Forge` is Microsoft's `GitHub`; but in another sense, the largest `Forge` is `Wikipedia`. Note that a `Forge` is different from a web site. A `Git`-based `Forge` must accept contributions in the `Git-Over-SSH` protocol. That is the convenient and standard way to use `Git`. Nevertheless, the typical `Forge` requires users to go sign up for some web service before they can connect using `Git`'s native language of `SSH`. `EndoForge` uses the key provided by the `SSH` client. Using a `Self-Forge` relieves users of dependency on any troublesome intermediary `Forge`. You get your own `Forge`. You are your own `Forge`. ## WHAT IS `Git-Over-SSH` `Git-Over-SSH` is the standard `Git` protocol for _both reading and writing_ a repository. It is the same `Git` protocol one uses when _pushing_ to `github.com` or any other `Git`-based `Forge`. `Git` has other protocols for read-only access, including `Git-Over-HTTPS`. That type of access to a `Git` repository, including domain name and CA certificate, can be provided via `CGit` by running `selfpublish.sh`. HOW TO ACCESS A SELF-FORGE -------------------------- Users can run `git clone` on your `SSH` address, like this: [TODO: edit document dynamically to get real values here] ``` git clone $(id -u)@$(hostname):$(pwd) ``` They can then commit changes to the repository, and push them back to `origin`. The changes will exist in a separate space from where any other user can overwrite. The cryptography of `OpenSSH` makes this possible. HOW ENDOFORGE WORKS ------------------- Normally, `OpenSSH` server only permits connections from users whose keys have been pre-authorized on the server. `OpenSSH` assumes that access should be closed to new users. Installing `EndoForge` modifies the `OpenSSH` server configuration so that this assumption is reversed. Access is opened to unknown users. Anonymous users are forced to run the command `~/.ssh/AnonymousAccessCommand` upon login, instead of whatever command they select for themselves. Each system user can choose or configure their own `AnonymousAccessCommand` file. The command must force the anonymous user into some kind of sandbox, or implement a user authentication scheme in some way, or else the user account will become insecure. `EndoForge` installs a `~/.ssh/AnonymousAccessCommand` that allows anonymous users to run the `Git` protocol commands (`git-receive-pack`, etc.) to access repositories available on the system. A repository must be configured `core.self-forge true` to allow this access. INSTALLATION -------------- Run: ``` sudo make install ``` This installs `EndoForge` to the system, and installs `AnonymousAccessCommand` in the current user's home directory (under `$HOME/.ssh`). If you don't want to install that file, use `sudo make install NO_USER_COMMAND=y`. The command to enable public access to the `Self-Forge` may be run: Run: ``` git config core.self-forge true ``` Note that, once installed, you can run this in ANY repository. You can also run `make shared` but that just runs the same `git config` for you. HOW TO DISABLE -------------- To disable anonymous access to a repository: ``` git config core.self-forge false ``` To disable anonymous access to a user account: ``` rm -f "$HOME"/.ssh/AnonymousAccessCommand ``` To disable `OpenSSH` Anonymous Access system-wide: ``` sudo rm -f /etc/ssh/sshd_config.d/anonymous-access.conf sudo systemctl reload sshd ``` NON-ROOT INSTALLATION --------------------- A systemd unit file to run `OpenSSH` as an unprivileged user is included. The configuration file sets the port to `22022`. This type of installation is vastly inferior to one requiring root, because `OpenSSH` is much easier to connect to servers that listen on port `22` than any other port. The `install-user` target runs the unprivileged `OpenSSH` server. ``` make install-user ``` The script `selftest.sh` tests connecting to the port 22022 server.