blob: 14e640e169aa11a8e47f2fa22a204e4546fd2637 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
EndoForge
---------
A Self-Forge.
Convert any Git repository into a Self-Forge by merging this repository.
WHAT IT DOES
------------
This repository contains the code to share itself (the repository) through
Git-over-SSH. It can be merged into other repositories, turning them
self-sharing.
It also contains the code to listen for changes sent to itself through
Git-over-SSH.
HOW IT WORKS
------------
Git contains a program `git-receive-pack` which implements a git
protocol server. The `git-receive-pack` expects to be launched as an SSH
server "ForcedCommand" in a configuration that protects the server from
untrustworthy users.
Normally, the SSH server only permits users who have already uploaded
their public keys to the server. It assumes that access should be closed
to new users.
Installing this code reverses that assumption, granting open access to
unrecognized users. This is made safe by limiting write access to a
GIT_NAMESPACE over which the user proves global mathematical ownership with
their SSH client key. This means that the user cannot overwrite anyone else's
data.
The user's uploaded data is still saved and is ready to be be merged into the
main repository manually, or even automatically. Automatic merging could be
authorized on the basis of the public key, or through a consensus algorithm
comparing branches signed by many different keys.
HOW TO INSTALL
--------------
Run:
```
make install
```
This installs the `AnonymousAccessCommand` in the current user's home directory
(under `$HOME/.ssh`).
Then, if sudo access is available, it enables anonymous access by
editing the system `OpenSSH` configuration.
NON-ROOT INSTALLATION
---------------------
An OpenSSH configuration and wrapper is included for running EndoForge from an
unprivileged user account. Try it like so:
```
cd EndoForge
make install
cd openssh
make run
```
This launches a script that uses 'fakeroot' and to make OpenSSH think the
permissions are OK. This repository needs a systemd service file to launch it
automatically (TODO).
ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
------------------------------------------------
It is also possible to choose the location of the
`AnonymousAccessCommand` itself:
```
make USER_SSH_CONFIG_DIR=$HOME/.config/ssh \
install
```
First you would have to make the contents of the installed file
`AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by
editing `Makefile`.
|
