summaryrefslogtreecommitdiff
path: root/EndoForge/README.md
blob: 27fa5ffeb273616ed9c2283c4e9253f07b41e04e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
EndoForge
===================
### A `Self-Forge`

Convert any Git repository into a `Self-Forge` with a simple setting change.

Install `EndoForge`:
```
    make install
```

Enable access to repository:
```
    git config core.self-forge true
```

## WHAT IS A `Self-Forge`

A `Self-Forge` is a `Git` repository that allows anonymous contribution directly
through the `Git-Over-SSH` protocol. Each contributor is directly validated with
`OpenSSH` cryptography.

A `Self-Forge` relieves the owner of the repository and the repository's other
contributors from all needing to share a common "hub" `Forge` before the owner
can accept a contribution. Instead, users need only `IP` connectivity to the
machine containing the repository.

The contributions are stored in namespaces according to the public keys of the
contributors. This prevents collisions.

The contributions are cryptographically validated, which allows consensus
mechanisms to be implemented in git `post-receive` hooks to synchronize the
repositories, or just automate their distribution along standardized channels.

(It is also possible to do _without_ `IP` connectivity using `DHT` connectivity;
see `tuntox.git`.)

## WHAT IS A `Forge`

A `Forge` is a network "hub" that provides storage and hosting for version
control repository databases. The largest `Forge` is Microsoft's `GitHub`.

A `Forge` is the "place" where programmers share their source code with one
another. The point is the *revision control system* used track past changes. The
`Forge` stores all the different past versions of the code in a format that
allows all changes to be inspected and undone. Modifying these databases of all
past history is how multiple programmers collaborate on the same work of source
code. (Such databases were the first blockchains.)

The largest `Forge` is Microsoft's `GitHub`; but in another sense, the largest
`Forge` is `Wikipedia`.

Note that a `Forge` is different from a web site. A `Git`-based `Forge` must
accept contributions in the `Git-Over-SSH` protocol. That is the convenient and
standard way to use `Git`.

Nevertheless, the typical `Forge` requires users to go sign up for some web
service before they can connect using `Git`'s native language of `SSH`.
`EndoForge` uses the key provided by the `SSH` client.

Using a `Self-Forge` relieves users of dependency on any troublesome
intermediary `Forge`. You get your own `Forge`. You are your own `Forge`.

## WHAT IS `Git-Over-SSH`

`Git-Over-SSH` is the standard `Git` protocol for _both reading and writing_ a
repository. It is the same `Git` protocol one uses when _pushing_ to
`github.com` or any other `Git`-based `Forge`.

`Git` has other protocols for read-only access, including `Git-Over-HTTPS`. That
type of access to a `Git` repository, including domain name and CA certificate,
can be provided via `CGit` by running `selfpublish.sh`.

HOW TO ACCESS A SELF-FORGE
--------------------------

Users can run `git clone` on your `SSH` address, like this:

[TODO: edit document dynamically to get real values here]
```
    git clone $(id -u)@$(hostname):$(pwd)
```

They can then commit changes to the repository, and push them back to `origin`.

The changes will exist in a separate space from where any other user can
overwrite. The cryptography of `OpenSSH` makes this possible.

HOW ENDOFORGE WORKS
-------------------

Normally, `OpenSSH` server only permits connections from users whose keys have
been pre-authorized on the server. `OpenSSH` assumes that access should be
closed to new users. Installing `EndoForge` modifies the `OpenSSH` server
configuration so that this assumption is reversed. Access is opened to unknown
users.

Anonymous users are forced to run the command `~/.ssh/AnonymousAccessCommand`
upon login, instead of whatever command they select for themselves. Each system
user can choose or configure their own `AnonymousAccessCommand` file. The
command must force the anonymous user into some kind of sandbox, or implement a
user authentication scheme in some way, or else the user account will become
insecure.

`EndoForge` installs a `~/.ssh/AnonymousAccessCommand` that allows anonymous
users to run the `Git` protocol commands (`git-receive-pack`, etc.) to access
repositories available on the system. A repository must be configured
`core.self-forge true` to allow this access.

INSTALLATION
--------------

Run:
```
    sudo make install
```

This installs `EndoForge` to the system, and installs `AnonymousAccessCommand`
in the current user's home directory (under `$HOME/.ssh`).  If you don't want
to install that file, use `sudo make install NO_USER_COMMAND=y`.

The command to enable public access to the `Self-Forge` may be run:

Run:
```
    git config core.self-forge true
```

Note that, once installed, you can run this in ANY repository.

You can also run `make shared` but that just runs the same `git config` for you.

HOW TO DISABLE
--------------

To disable anonymous access to a repository:
```
    git config core.self-forge false
```

To disable anonymous access to a user account:
```
    rm -f "$HOME"/.ssh/AnonymousAccessCommand
```

To disable `OpenSSH` Anonymous Access system-wide:
```
    sudo rm -f /etc/ssh/sshd_config.d/anonymous-access.conf
    sudo systemctl reload sshd
```

NON-ROOT INSTALLATION
---------------------

A systemd unit file to run `OpenSSH` as an unprivileged user is included.

The configuration file sets the port to `22022`.

This type of installation is vastly inferior to one requiring root, because
`OpenSSH` is much easier to connect to servers that listen on port `22` than any
other port.

The `install-user` target runs the unprivileged `OpenSSH` server.

```
    make install-user
```

The script `selftest.sh` tests connecting to the port 22022 server.