Skip to main content

Tools to run Git over Foolscap FURLs.

Project description

git-foolscap is an extension for Git that allows you to publish or access Git repositories over the [Foolscap](http://foolscap.lothar.com/trac) protocol. This provides all the security benefits of ssh or authenticated HTTPS, but with a few important benefits:

  • downstream users do not need an account on the server: merely sharing the secret FURL string with them is enough to provide access

  • access is limited to the one repository: users do not get full shell access

  • servers are quick and easy to set up

  • users can easily be limited to read-only access

## Installation

Just use pip install git-foolscap. This will install two scripts into your $PATH: git-foolscap and git-remote-pb. The former is the main entry point, and Git will run it whenever you run git foolscap COMMAND... The latter implements the remote protocol, and Git will use it whenever you access a repository whose remote URL starts with “pb:” (i.e. it is a FURL).

git-foolscap depends upon having Foolscap installed, which depends upon Twisted and pyOpenSSL.

git-foolscap -h and git-foolscap –help will provide usage instructions. (Note that git foolscap –help, without the hyphen, doesn’t work, because git-foolscap does not provide a man page).

## Theory Of Operation

Repositories are published by running a small server (a Foolscap “flappserver”) which listens on a TCP port for encrypted connections. A “FURL” is allocated which will connect to the git remote protocol (in either read+write or read-only mode) for a specific repository. This FURL can be handed to clients, which merely use it as the URL for a standard git remote (e.g. git clone FURL or git remote add NAME FURL). Foolscap FURLs are URIs which use “pb:” as their scheme instead of “http:” or “https:”.

When a git client encounters the pb: FURL, it delegates control to a program named git-remote-pb (this is a standard feature of git, and holds true for arbitrary scheme names). The git-remote-pb program knows how to use Foolscap to connect to the target FURL and speak the git remote protocol through it.

Technically, this means that servers only need the git-foolscap executable, and clients only need the git-remote-pb executable, but both are distributed in the same package for simplicity.

## Usage: Server

See git foolscap –help for full details. Basically the server does this part once:

` % git foolscap init --port=tcp:3116 --location=tcp:HOSTNAME:3116 % git foolscap start `

and this part for each new client:

` % git foolscap invite read-write "comment about recipient" `

The “invite” will produce a “wormhole code”, which the receiving user must type into their “accept” command. The secure FURL will then be sent through the wormhole.

The FURLs can also be added (without invitation) using git foolscap add. It must then be cut-and-pasted to the recipient.

To provide read-only access to a single repository, replace read-write with read-only. You can create as many FURLs as you like, by running git foolscap add or invite multiple times. Each can be revoked separately. To revoke access, run git foolscap list, find the index number, and pass it into git foolscap revoke.

You may want to arrange for git foolscap start to be run from a cron @reboot job, or other boot-time startup script, to make sure that access is retained across a system reboot.

@reboot cd PATH/TO/REPO && git foolscap start

## Usage: Client

If the repository owner used git foolscap invite, then you simply type this code into:

` % git foolscap accept clone `

The client can use tab-completion on the codewords, and the wordlist is specifically designed to be reliably transcribeable over a noisy voice channel.

Instead of cloning a new copy of the repository, you can add the new FURL to an existing repo, by running this command from inside the repository:

` % git foolscap accept add-remote `

If the publisher used git foolscap add and sent you a full FURL (instead of a wormhole code), then you can just clone from it as you would a normal HTTPS (https://github.com/warner/git-foolscap.git) or SSH (git@github.com:warner/git-foolscap.git) URL. As long as you have git-foolscap installed, git will figure out how to do the right thing.

## Cleaning up the FURL

The flappserver uses the –location= you provide to construct the “connection hints” portion of the FURL. This tells the client how to connect to the server. The server must have a publically-reachable address (or at least reachable by your clients), or you must configure a port-forwarding and put the externally-reachable address+port into the FURL.

If you got the hostname wrong, or if you used an IP address and it has changed, you can edit the FURL later. You can also use multiple hints, and the client will try to connect to each of them until at least one works:

pb://tvzddtbzbldthde5kdsvjvzpweifx7ae@tcp:example.com:57306,tcp:example.org:57306/jmxpcs6lsmgtuzdomxbgtfcmhgfmfbpc/my-repo

The first big random-looking string in the FURL identifies exactly which server public key is expected: it provides cryptographic assurance that the connection will go to the right server. No certificate authorities or trusted third parties are used. The second random string is a secret “swissnum” which securely identifies the resource being accessed (in this case, a table entry which points at a git repository and a read+write/read-only mode). Knowledge of this secret enables access: to share access, share the secret (and the rest of the FURL necessary to use it); to withhold access, don’t reveal the secret.

## Configuring the flappserver

Each flappserver has a “base directory” where it keeps all its state. git foolscap create defaults to using .git/foolscap/ for this purpose, creating it if necessary, then adding an entry for the new FURL.

If you publish multiple repositories, you might want to share flappservers between them, especially if you must configure a port forwarding for each server. To do this, first create the one shared server with Foolscap’s flappserver create BASEDIR command, then use the –flappserver=BASEDIR argument when running git foolscap init. This establishes a symlink from .git/foolscap to the real BASEDIR, so subsequent git-foolscap commands will add an entry to that flappserver directly. If BASEDIR doesn’t already exist, it will be created.

Note that at present, git foolscap init –flappserver=BASEDIR requires the –port= and –location= arguments, even if BASEDIR already exists. However, in that case, their values are ignored in favor of the BASEDIR’s existing configuration. Hopefully this will be fixed in a future release.

If you use a @reboot cronjob, you may want to use flappserver start directly, instead of git foolscap start.

## Bugs, Patches

Please file bugs and patches for git-foolscap on the Github issue tracker, at https://github.com/warner/git-foolscap .

For bugs and patches against foolscap itself, please use the Foolscap Trac, at http://foolscap.lothar.com/trac . Foolscap source code is published on Github, at https://github.com/warner/foolscap .

thanks!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

git-foolscap-0.4.tar.gz (33.0 kB view details)

Uploaded Source

Built Distribution

git_foolscap-0.4-py2-none-any.whl (16.3 kB view details)

Uploaded Python 2

File details

Details for the file git-foolscap-0.4.tar.gz.

File metadata

  • Download URL: git-foolscap-0.4.tar.gz
  • Upload date:
  • Size: 33.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for git-foolscap-0.4.tar.gz
Algorithm Hash digest
SHA256 765bf216c65b2cfd7de56e6f09b1ebd52353cec8d0b5de0cd7dcdb220b0dc48b
MD5 6c275fda60501a558ca5478efd2f1bee
BLAKE2b-256 49a6c9ca44ad8785c99a6ee9547eafe90ef89b598b4502aa8abbfb3df6a28768

See more details on using hashes here.

File details

Details for the file git_foolscap-0.4-py2-none-any.whl.

File metadata

File hashes

Hashes for git_foolscap-0.4-py2-none-any.whl
Algorithm Hash digest
SHA256 3440ae04356aca91d37879969399593aa74323f0e41ac1e84c4c62da73043dc3
MD5 2d5a580d91450ad516ffd2d58c6dfc21
BLAKE2b-256 53783b8421b98cfdae2afa25a4e9bbaf273b12198abe7e467b09a2db288100a9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page