encode_uint32 second parameter should be uint32_t, not unsigned long

[git-daemon2.git] / client-guide

Prerequisites for installation:
===============================

GPG, and if you compile yourself, compiler.

Generating keypair:
===================

To use keypair authentication, you need to first generate a keypair. The
generated keypair can be shared between many servers, but each client
you access repositories from should have its own.

To generate keypair, do:

'gits-generate-keypair'

The program is interactive. Answer the prompts it gives.

One special feature is sealing keys. Currently supported sealing methods
are unsealed, password (gpg) and keypair (gpg):

Unsealed:
---------
Nothing protects keypair file except host file permissions. This can be
convinient, but its also insecure, as if somebody gains access to your
account or to admin account, they can freely misuse or steal your key.

Password (gpg):
---------------
This is pretty much equivalent to password-protecting the key. The
password protecting stolen key must be cracked before key can be misused.
Note however that the password needs to be typed every time you push,
which can become cumbersome.

Keypair (gpg):
--------------
You can use your main gpg key to protect the keypair. When it
asks for key to use, enter the name you have on key, email address or
key ID (anything that gpg can uniquely identify your key with).

If you don't have gpg-agent set up, you still need to type the pass-
phrase for key every time you push (so you should have that set up).


Note that the program asks name of key and not filename to save it as.
Keep the generated keys well-protected, and most importantly do
not send them anywhere or allow them to be modified (modified keypairs
can run who knows what if used).

After keypair has been generated, use 'gits-get-key-id' to get ID of
the key. If key is sealed, you need to unseal it (using password or key
passphrase). Write down what it gives, you are going to need it later (it
isn't secret information anyway, and its handier to be able to look it up
as opposed to asking the program to give you the name again).

The key ID is then to be given to repo hosting admins in order to give
you access.

Generating SRP verifier:
========================

To authenticate using password authentication, you need to genrate
SRP verifier. This can be done with

'gits-generate-srp-verifier'

The program prompts you for username (this can be gotten from
repo host admin).

Then it may or may not prompt for some junk/garbage. Just hit
keys quickly to give some gibberish to computer. This way the
needed 32 characters fills up very quickly. You don't need to
ever rember what you entered as junk. Note that at least on
Linux, this prompt probably does not appear (since computer
generated some garbage data for itself). Terminal echo is off
in this prompt.

Then it prompts for password twice (terminal echo is off),
so nothing shows up. The entered passwords must match or it
will complain.

It finally asks filename to save the verifier to. If you want
to save it to file, enter name. If you want it to be shown on
screen, just hit enter.

The verifier is quite long so it has been split to multiple
lines. Last character of each line except last is '\' (that
has special signaficance of telling that next line contionues
this line).

The generated verifier is then to be given to repo host admins
in order to allow repo system to authenticate you. If you change
your password, you need to have the verifier in repo system
updated. Note that verifiers are somewhat sensitive. Although
it isn't trivial to recover password from one, trying to brute
force one is possible.

Using ssh keys:
===============
For now, using encrypted SSH keypairs for client authentication
requires ssh-agent or something comparable (unencrypted keys
are supported without)

The ID of SSH key can be gotten using:

'gits-get-key-id --ssh <keyname>'. The <keyname> is e.g. 'id_dsa'
(the key is '~/.ssh/<keyname>' and '~/.ssh/<keyname>.pub').

These IDs work server-side just like IDs of OpenPGP keys.

hostkeys:
=========
Optionally, you can verify fingerprint for connected host (e.g.
to ensure confidentiality of what is pushed). This can be
done using unique server ID field in URL. Specify the hostkey
ID as value, connect will fail if the value does not match
what server shows.

This can't be used on git:// (unencrypted) connections.

The <keyID> value can be gotten from repo host admin, often
when you send your key name in (they look just like your
keynames: type followed by dash followed by long string of
hexadecimal numbers).

If the hostkey entry for given host doesn't exist or is
incorrect, trying to connect to that host fails.


git / gits:// URL syntax:
=========================

Full syntax:

Host specification <host>:
--------------------------
<host> can be symbolic address or numeric address. It can
be prefixed with '<protocol>/<addresspace>~' to override
default protocol of 'tcp' and address space autoselect.

Valid address spaces are:
'unspecified': Autoselect.
'ipv6': IPv6 (if supported).
'ipv4': IPv4.
'unix': Unix domain sockets.

Alternatively, prefix can be '<protocol>[<afletter>]~',
where <afletter> can be:
'4': IPv4
'6': IPv6
'_': Autoselect

If protocol name does end in '4', '6' or '_', the
address family postfix needs to be present.

Part before '~' can also be special string 'unix'. This means
unix domain sockets (address space 'unix').

Unix domain sockets are specified by absolute path. Abstract
namespace sockets are prefixed with '@/' (the '/' goes into
socket name).

If address space is forced to be 'unix', the socket path
can be relative and abstract namespace names can start with
characters other than '/' (the '@' prefix is mandatory for
abstract namespace sockets).

If unique server ID is specified, it comes before protocol/
address space override and is separated by '@'. E.g.

[12345@tcp4~gits.example.com]

To use unique server ID 12345 (the escape is required as
name contains '@').

gits::git://<host>[:<port>]/path
--------------------------------

Unencrypted and completely unauthenticated connection to
port <port> (if not specified, defaults to 9418) of <host>,
requesting repository <path>.

This protocol can connect to git:// and non-immediate-TLS
gits:// ports.

gits://[<username>@]<host>[:<port>]/path
----------------------------------------

Encrypted connection. Server is always authenticated using
hostkey entry in hostkey database. Connection starts clear
but is immediately upgraded to encrpypted connection.

If <username> is absent, client does not authenticate. Otherwise
it uses key or username given to authenticate.

If the username doesn't start with 'srp-' or 'key-' client
first looks for key with name of key matching username, and
if not found, prompts for password.

If you for some reason want to use password authentication
with name that's name of some key, prefix the username
with 'srp-' (e.g. 'foo' -> 'srp-foo'). This forces password
authentication.

To use SSH keypair authentication (ssh-agent is needed for
encrypted keys), prefix name of key in '~/.ssh/' with 'ssh-',
e.g 'ssh-id_rsa' to use '~/.ssh/id_rsa' (and '~/.ssh/id_rsa.pub').

If name of key for some reason starts with 'key-', 'srp-' or
'ssh-', prefix 'key-' to username (e.g. 'key-foo' -> 'key-key-foo')
to prevent it from interpretting the username wrong.

This protocol can connect to non-immediate-TLS gits:// ports.

Default port is 'git' (9418).

gits::tls://[<username>@]<host>[:<port>]/path
---------------------------------------------

Same as gits://, but connection starts encrypted, as opposed
to being upgraded. Default port is 'gits' (usually not assigned,
so port number has to be specified).

This protocol can connect to immediate-TLS gits::tls:// ports.


Environment variable GITS_VERBOSE:
----------------------------------
Setting environment variable GITS_VERBOSE activates verbose
mode where steps of initiating connection are printed for
debugging problems related to starting connection.


Transport debugging output:
---------------------------
Sending SIGUSR1 to git-remote-gits causes debugging output
of transport code status to be printed. This is useful for
debugging problems manifesting during transfer.