1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
EndoForge
===================
### A `Self-Forge`
Convert any Git repository into a `Self-Forge` with a simple setting change.
Synopsis:
```
git config core.self-forge true
```
Install `EndoForge`:
```
make install
```
## WHAT IS A `Self-Forge`
A `Self-Forge` is a `Git` repository that allows anonymous contribution directly
through the `Git-Over-SSH` protocol. Each contributor is directly validated with
`OpenSSH` cryptography.
A `Self-Forge` relieves the owner of the repository and the repository's other
contributors from all needing to share a common "hub" `Forge` before the owner
can accept a contribution. Instead, users need only `IP` connectivity to the
machine containing the repository.
The contributions are stored in namespaces according to the public keys of the
contributors. This prevents collisions.
(It is also possible to do _without_ `IP` connectivity using DHT connectivity;
see `tuntox.git`.)
## WHAT IS A `Forge`
A `Forge` is a "place" where programmers share source code.[1]
Anyone could share any content, in principle.
The point is the *revision control system* used track past changes. The `Forge`
is the place that stores all the different past versions of the code in a format
that allows all changes to be undone. Modifying databases of past history is how
multiple programmers collaborate on the same work of source code.
The largest `Forge` is Microsoft's `GitHub`; but in another sense, the largest
`Forge` is `Wikipedia`. )
Note that a `Forge` is different from a web site. A `Git`-based `Forge` must
accept contributions in the `Git-Over-SSH` protocol. That is the convenient and
standard way to use `Git`.
Nevertheless, the typical `Forge` requires users to go sign up for some web
service before they can connect using `Git`'s native language of `SSH`.
`EndoForge` uses the key provided by the `SSH` client.
Using a `Self-Forge` relieves users of dependency on any troublesome
intermediary `Forge`. You get your own `Forge`. You are your own `Forge`.
## What is `Git-Over-SSH`
`Git-Over-SSH` is the standard `Git` protocol for _both reading and writing_ a
repository. It is the same `Git` protocol one uses when _pushing_ to
`github.com` or any other `Git`-based `Forge`.
`Git` has other protocols for read-only access, including `Git-Over-HTTPS`. That
type of access to a `Git` repository, including domain name and CA certificate,
can be provided via `CGit` by running `selfpublish.sh`.
HOW TO ACCESS A SELF-FORGE
--------------------------
Users can run `git clone` on your `SSH` address, like this:
[TODO: edit document dynamically to get real values here]
```
git clone $(id -u)@$(hostname):$(pwd)
```
They can then commit changes to the repository, and push them back to `origin`.
The changes will exist in a separate space from where any other user can
overwrite. The cryptography of `OpenSSH` makes this possible.
HOW IT WORKS
------------
Normally, `OpenSSH` server only permits connections from users whose keys have
been pre-authorized on the server. `OpenSSH` assumes that access should be
closed to new users. Installing `EndoForge` modifies the `OpenSSH` server
configuration so that this assumption is reversed. Access is opened to unknown
users.
Anonymous users are forced to run the command `~/.ssh/AnonymousAccessCommand`
upon login, instead of whatever command they select for themselves. Each system
user can choose or configure their own `AnonymousAccessCommand` file. The
command must force the anonymous user into some kind of sandbox, or implement a
user authentication scheme in some way, or else the user account will become
insecure.
`EndoForge` installs a `~/.ssh/AnonymousAccessCommand` that allows anonymous
users to run the `Git` protocol commands (`git-receive-pack`, etc.) to access
repositories available on the system. A repository must be configured
`core.self-forge true` to allow this access.
INSTALLATION
--------------
Run:
```
sudo make install
```
This installs `EndoForge` to the system, and installs `AnonymousAccessCommand`
in the current user's home directory (under `$HOME/.ssh`). If you don't want
to install that file, use `sudo make install NO_USER_COMMAND=y`.
The command to enable public access to the `Self-Forge` may be run:
Run:
```
git config core.self-forge true
```
Note that, once installed, you can run this in ANY repository.
You can also run `make shared` but that just runs the same `git config` for you.
## HOW TO DISABLE
To disable public access to the repository, run:
```
git config core.self-forge false
```
To uninstall: [run `make -n uninstall` to get this doc section]
```
sudo rm -f /etc/ssh/sshd_config.d/anonymous-access.conf \
/usr/lib/ssh/AuthorizedKeysCommand \
/etc/ssh/AuthorizedKeysCommand
systemctl restart sshd
```
NON-ROOT INSTALLATION
---------------------
A systemd unit file to run `OpenSSH` as an unprivileged user is included.
The configuration file sets the port to `22022`.
This type of installation is vastly inferior to one requiring root, because
`OpenSSH` is much easier to connect to servers that listen on port `22` than any
other port.
The `install-user` target runs the unprivileged `OpenSSH` server.
```
make install-user
```
The script `selftest.sh` tests connecting to the port 22022 server.
|
