jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Update README so it can generate a man page with rst2man

Browse source
This commit is contained in:
root 2013-02-14 00:00:00 +00:00
parent dc2d0b34b1
commit aa4b80db7f
1 changed files with 101 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

154
README.rst
View file

@ -1,72 +1,104 @@
=================
git-remote-gcrypt
=================
:Command: git-remote-gcrypt --------------------------------------
GNU Privacy Guard-encrypted git remote
--------------------------------------
:Copyright: 2013 by Ulrik Sverdrup :Author: Ulrik Sverdrup
:License: GPLv2 or any later version, see http://www.gnu.org/licenses/ :Manual section: 1
:Decscription: Use GnuPG to use encrypted git remotes
Description
===========
Remote helper programs are invoked by git to handle network transport.
This helper handles gcrypt:: URLs that will access a remote repository
encrypted with GPG, using our custom format.
Supported locations are `local`, `ssh://`, `sftp://` and
`gitception://`. `gcrypt::gitception://<giturl>` allows stacking gcrypt
on top of any other git transport.
.. NOTE:: Repository format MAY STILL change, incompatibly .. NOTE:: Repository format MAY STILL change, incompatibly
Introduction Quickstart
------------ ..........
Install as `git-remote-gcrypt` in `$PATH` Install as `git-remote-gcrypt` in `$PATH`.
Supports local, ssh:// and sftp:// remotes at the moment, as well as Configure a keyring:
the special gitception://<giturl> remote type, using any existing git
repository as backend.
Example use:: ::
gpg --export KEY1 KEY2 > $PWD/.git/keyring.gpg gpg --export KEY1 KEY2 > $PWD/.git/keyring.gpg
git config --path gcrypt.keyring $PWD/.git/keyring.gpg git config --path gcrypt.keyring $PWD/.git/keyring.gpg
git remote add cryptremote gcrypt::ssh://example.com:repo
git push cryptremote master
> gcrypt: Setting up new repository at ssh://example.com:repo
> gcrypt: Repository ID is KNBr0wKzct52
> gcrypt: Repository URL is gcrypt::ssh://example.com:repo/G.KNBr0wKzct52
> gcrypt: (configuration for cryptremote updated)
> [ more lines .. ]
> To gcrypt::[...]
> * [new branch] master -> master
The generated Repository ID is not secret, it only exists to ensure that Create an encrypted remote by pushing to it:
two repositories signed by the same user can not be (maliciously) switched
around. It incidentally allows multiple repositories to all share location. ::
git remote add cryptremote gcrypt::ssh://example.com:repo
git push cryptremote master
> gcrypt: Setting up new repository at ssh://example.com:repo
> gcrypt: Repository ID is KNBr0wKzct52
> gcrypt: Repository URL is gcrypt::ssh://example.com:repo/G.KNBr0wKzct52
> gcrypt: (configuration for cryptremote updated)
> [ more lines .. ]
> To gcrypt::[...]
> * [new branch] master -> master
Share the updated Repository URL with everyone in the keyring. Share the updated Repository URL with everyone in the keyring.
(The generated Repository ID is not secret, it only exists to ensure
that two repositories signed by the same user can not be maliciously
switched around. It incidentally allows multiple repositories to all
share location.)
Design Goals Design Goals
------------ ............
+ Confidential, authenticated git storage and collaboration on any + Confidential, authenticated git storage and collaboration on any
untrusted file host or service. The only information we (by necessity) untrusted file host or service. The only information we (by necessity)
leak is the approximate size and timing of updates. leak is the approximate size and timing of updates. PLEASE help me
PLEASE help me evaluate how well we meet this design goal! evaluate how well we meet this design goal!
Configuration Configuration
------------- =============
+ You must set up a small gpg keyring for the repository:: *gcrypt.keyring*
Path to the GPG keyring file containing the public keys of all
participants. This file can be created using ``gpg --export``.
gpg --export KEYID1 > <path-to-keyring> git-remote-gcrypt respects the variable *user.signingkey*.
git config gcrypt.keyring <path-to-keyring>
.. NOTE:: GnuPG's configuration applies. Check your key and general .. NOTE:: GPG configuration applies to public-key encryption, symmetric
preferences, see `man gpg`. encryption, and signing. See `man gpg`.
+ All readers of the repository must have their pubkey included in All readers of the repository must have their pubkey included in the
the keyring used when pushing. All writers must have the complete keyring used when pushing. All writers must have the complete set of
set of pubkeys available. You can commit the keyring to the repo, pubkeys available. You can commit the keyring to the repo, further key
further key management features do not yet exist. management features do not yet exist.
+ gcrypt obeys `user.signingkey`
Examples
========
::
gpg --export YOURKEYID > $PWD/.git/keyring.gpg
git config gcrypt.keyring $PWD/.git/keyring.gpg
git remote add cryptremote gcrypt::ssh://example.com:repo
git push cryptremote HEAD
Notes
=====
Repository Format Repository Format
----------------- .................
+ Protocol sketch:: + Protocol::
EncSign(X) is sign+encrypt to a PGP key holder EncSign(X) is sign+encrypt to a PGP key holder
Encrypt(K,X) is symmetric encryption Encrypt(K,X) is symmetric encryption
@ -91,29 +123,45 @@ Repository Format
Only packs mentioned in L are downloaded. Only packs mentioned in L are downloaded.
+ The manifest looks like this:: Manifest file
.............
::
$ gpg -d < 5a191cea8c1021a95d813c4007c14f2cc987a40880c2f669430f1916 $ gpg -d < 5a191cea8c1021a95d813c4007c14f2cc987a40880c2f669430f1916
b4a4a39365d19282810c19d0f3f24d04dd2d179f refs/tags/version1 b4a4a39365d19282810c19d0f3f24d04dd2d179f refs/tags/version1
1d323ddadf4cf1d80fced447e637ab3766b168b7 refs/heads/master 1d323ddadf4cf1d80fced447e637ab3766b168b7 refs/heads/master
pack :SHA224:cfdf36515e0d0820554fe5fd9f00a4bee17bcf88ec8a752d851c46ee Rc+j8\ pack :SHA224:cfdf36515e0d0820554fe5fd9f00a4bee17bcf88ec8a752d851c46ee \
Nv6GOW3mBhWOx6W6jjz3BTX7B6XIJ6RYI+P4TEyy+X6p2PB/fsBL9la0Tuc Rc+j8Nv6GOW3mBhWOx6W6jjz3BTX7B6XIJ6RYI+P4TEyy+X6p2PB/fsBL9la0Tuc
pack :SHA224:a43ccd208d3bd2ea582dbd5407cb8ed6e18b150b1da25c806115eaa5 UXR3/\ pack :SHA224:a43ccd208d3bd2ea582dbd5407cb8ed6e18b150b1da25c806115eaa5 \
R7awFCUJWYdzXzrlkk7E2Acxq/Y4EfEcd62AwGGe0o0QxL+s5CwWI/NvMhb UXR3/R7awFCUJWYdzXzrlkk7E2Acxq/Y4EfEcd62AwGGe0o0QxL+s5CwWI/NvMhb
repo :SHA224:5a191cea8c1021a95d813c4007c14f2cc987a40880c2f669430f1916 1 repo :SHA224:5a191cea8c1021a95d813c4007c14f2cc987a40880c2f669430f1916 1
+ Manifest fields: + `field<space>value`, extends until newline.
+ `<fieldname><space><value>`, extends until newline. + `field` is one of `[0-9a-f]{40}`, `pack`, `repo`, `keep` (planned),
+ `{0-9a-f}[40]`, `pack`, `repo`, `keep` (planned), `extn` (extension `extn` (extension fields, preserved but unused).
fields, preserved but unused).
Pieces yet to be Implemented Yet to be Implemented
---------------------------- .....................
+ Repacking the remote repository + Repacking the remote repository
+ Deleting remote refs + Deleting remote refs
+ Some kind of simple keyring management + Some kind of simple keyring management
.. vim: ft=rst tw=74 See Also
========
git-remote-helpers(1), gpg(1)
License
=======
git-remote-gcrypt is licensed under the terms of the GNU GPL version 2
(or at your option, any later version). See http://www.gnu.org/licenses/
.. vim: ft=rst tw=72
.. this document generates a man page with rst2man