blob: 0a1f64464c9db0f16cc47684fc92b909f128d8a6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
EndoForge
---------
A Self-Forge.
Convert any Git repository into a Self-Forge by merging this repository.
WHAT IT DOES
------------
This repository contains the code to share itself (the repository) through
Git-over-SSH. It can be merged into other repositories, turning them
self-sharing.
It also contains the code to listen for changes sent to itself through
Git-over-SSH.
HOW IT WORKS
------------
Git contains a program `git-receive-pack` which implements a git
protocol server. The `git-receive-pack` expects to be launched as an SSH
server "ForcedCommand" in a configuration that protects the server from
untrustworthy users.
Normally, the SSH server only permits users who have already uploaded
their public keys to the server. It assumes that access should be closed
to new users.
Installing this code reverses that assumption, granting open access to
unrecognized users. This is made safe by limiting write access to a
GIT_NAMESPACE over which the user proves global mathematical ownership with
their SSH client key. This means that the user cannot overwrite anyone else's
data.
The user's uploaded data is still saved and is ready to be be merged into the
main repository manually, or even automatically. Automatic merging could be
authorized on the basis of the public key, or through a consensus algorithm
comparing branches signed by many different keys.
HOW TO INSTALL
--------------
Run:
```
make install
```
This installs the `AnonymousAccessCommand` in the current user's home directory
(under `$HOME/.ssh`).
Then, if sudo access is available, it enables anonymous access by
editing the system `OpenSSH` configuration.
NON-ROOT INSTALLATION
---------------------
A systemd unit file to run `OpenSSH` as an unprivileged user is included.
The configuration file sets the port to `22022`.
This type of installation is vastly inferior to running as root, because only
root can make `OpenSSH` listen on port `22`, as it is designed to do.
The `install-user` target runs the unprivileged `OpenSSH` server.
```
make install-user
```
|