blob: 9abcabe7ca7d67898262967598afa6cce469794b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
EndoForge
---------
Convert your Git repository into a Self-Forge by merging this repository.
WHAT IT DOES
------------
This repository contains the code to share itself (the repository) through
Git-over-SSH. It can be merged into other repositories, turning them
self-sharing.
It also contains the code to listen for changes sent to itself through
Git-over-SSH.
HOW IT WORKS
------------
Git contains a program `git-receive-pack` which implements a git
protocol server. The `git-receive-pack` expects to be launched as an SSH
server "ForcedCommand" in a configuration that protects the server from
untrustworthy users.
Normally, the SSH server only permits users who have already uploaded
their public keys to the server. It assumes that access should be closed
to new users.
Installing this code reverses that assumption, granting open access to
unrecognized users. This is made safe by limiting write access to a
GIT_NAMESPACE over which the user proves global mathematical ownership with
their SSH client key. This means that the user cannot overwrite anyone else's
data.
The user's uploaded data is still saved and is ready to be be merged into the
main repository manually, or even automatically. Automatic merging could be
authorized on the basis of the public key, or through a consensus algorithm
comparing branches signed by many different keys.
HOW TO INSTALL
--------------
Run:
```
make install
```
This installs the `AnonymousAccessCommand` in the current user's home
directory.
Then, if sudo access is available, it enables anonymous access by
editing the system `OpenSSH` configuration.
NON-ROOT INSTALLATION
---------------------
If sudo access is not available, you can install to a different
location:
```
make SSH_CONFIG_DIR=.config/ssh \
SSHD_CONFIG_DIR=.config/ssh/config.d \
SSH_LIB_DIR=.local/lib/ssh \
install
```
Then you will need to run `OpenSSH` on a non-default port (the default
port requires root access).
ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
------------------------------------------------
It is also possible to choose the location of the
`AnonymousAccessCommand` itself:
```
make USER_SSH_CONFIG_DIR=$HOME/.config/ssh \
install
```
First you would have to make the contents of the installed file
`AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by
editing `Makefile`.
|
