search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add basic https push support
[girocco.git] / html / mob.html
blobb79d656fca8fc43ed19bf4aeffbf2b4973d6a8d5
1 @section=site guide
2 @heading=About the Mob Account
3 @header
4
5 <!-- This file is preprocessed by cgi/html.cgi -->
6
7
8 <p>The <tt>mob</tt> account (the name a tribute to the paper
9 <a href="http://www.dreamsongs.com/MobSoftware.html">Mob Software: The Erotic Life of Code</a>)
10 is.a way to enable <em>anonymous push access</em> for your project.
11 This is largely an experiment and may be scrapped in the future if
12 it will not get widespread use, but we think it's an interesting try.
13 The idea is to provide unmoderated <em>side</em> channel for random
14 contributors to work on a project, with similar rationale as
15 e.g. Wikipedia - that given enough interested people, the quality
16 will grow rapidly and occassional "vandalism" will get fixed quickly.
17 Of course this may not work nearly as well for software, but here
18 we are, to give it a try.</p>
19
20 <h2>For Repository Admins</h2>
21
22 <p>How it works? First, you need to add the <tt>mob</tt> user to the
23 list of users allowed to push in your project. <tt>mob</tt> is a
24 keyless, passwordless user that anyone can use to push, without
25 any special setup. <strong>But</strong> this does not mean that
26 your project is now in the hands of raging mindless mob! The <tt>mob</tt>
27 user has a special restriction: it can push only to an existing
28 <tt>mob</tt> branch. This means that the second step you need to take
29 is to create a <tt>mob</tt> branch in the repository (e.g.
30 <code>git checkout -b mob
31 &amp;&amp; git push origin mob</code>). Then the <tt>mob</tt> user
32 will be able to push to this and only this branch, and it won't be
33 able to push whatsoever until you take the second step.</p>
34
35 <p>To sum it up: Anonymous pushes are allowed <em>only</em> to the <tt>mob</tt>
36 branch and <em>only</em> if you add a <tt>mob</tt> user and do an initial
37 pushout of the <tt>mob</tt> branch.</p>
38
39 <h2>For Users</h2>
40
41 <p>After cloning the repository, do <code>git checkout mob</code> to move to the
42 <tt>mob</tt> branch.</p>
43
44 <p><strong>Note that you are taking a huge security risk on yourself
45 if you just blindly grab the mob branch and run it on your
46 system.</strong></p>
47
48 <h2>For Developers</h2>
49
50 <p>Just commit on the <tt>mob</tt> branch you've checked out and
51 <code>git push</code> when the time is ripe.
52 Have fun and enjoy, you are making the history!</p>
53
54 <h2>In Detail Examples</h2>
55
56 @@ifssh@@
57 <h3>Pushing to the mob branch with ssh</h3>
58
59 Nothing special is needed except to remember to set the mob user name in the push url:
60
61 <blockquote><pre>
62 cd /tmp
63 git clone -b mob @@gitpullurl@@/mobexample.git
64 cd mobexample
65 git remote set-url --push origin @@mobpushurl@@/mobexample.git
66 echo 'It worked!' >> example.txt
67 git add example.txt
68 git commit -m 'example commit'
69 git push origin mob
70 </pre></blockquote>
71
72 <p>Note that it&#x2019;s not strictly necessary to fetch with the git protocol, the ssh protocol can also be used for fetching.</p>
73 @@end@@
74
75 @@ifhttps@@
76 <h3 id="httpsmobpush">Pushing to the mob branch with https</h3>
77
78 <p>In order to push with https, several things will be needed first:</p>
79
80 <ol>
81 <li>The @@nickname@@ root certificate
82 <p>This can be fetched from <a href="/@@nickname@@_root_cert.pem">here</a> and will be assumed to be saved to <tt>/tmp/@@nickname@@_root_cert.pem</tt> in the push example. See also the <a href="/h/rootcert.html">Root Certificate Information</a>.</p>
83 <pre>
84 cd /tmp &amp;&amp; curl -O @@gitwebfiles@@/@@nickname@@_root_cert.pem
85 </pre></li>
86
87 <li>The mob user certificate
88 <p>This can be fetched from <a href="/@@nickname@@_mob_user.pem">here</a> and will be assumed to be saved to <tt>/tmp/@@nickname@@_mob_user.pem</tt> in the push example.</p>
89 <pre>
90 cd /tmp &amp;&amp; curl -O @@gitwebfiles@@/@@nickname@@_mob_user.pem
91 </pre></li>
92
93 <li>The mob user private key
94 <p>This can be fetched from <a href="/@@nickname@@_mob_key.pem">here</a> and will be assumed to be saved to <tt>/tmp/@@nickname@@_mob_key.pem</tt> in the push example. Normally, of course, private keys are never shared, but as described above, since everyone is allowed to push to the mob branch the private key for the mob user must be shared with everyone.</p>
95 <pre>
96 cd /tmp &amp;&amp; curl -O @@gitwebfiles@@/@@nickname@@_mob_key.pem
97 </pre></li>
98 </ol>
99
100 <p>With the prerequisites out of the way, here&#x2019;s the mob ssh example redone to use the smart http protocol:</p>
101
102 <blockquote><pre>
103 cd /tmp
104 git clone -b mob @@httppullurl@@/mobexample.git
105 cd mobexample
106 git config http.sslCAInfo /tmp/@@nickname@@_root_cert.pem
107 git config http.sslCert /tmp/@@nickname@@_mob_user.pem
108 git config http.sslKey /tmp/@@nickname@@_mob_key.pem
109 git remote set-url --push origin @@httpspushurl@@/mobexample.git
110 echo 'It worked!' >> example.txt
111 git add example.txt
112 git commit -m 'example commit'
113 git push origin mob
114 </pre></blockquote>
115
116 <p>Note that it&#x2019;s not strictly necessary to fetch with the http protocol, the https protocol can also be used for fetching but when initially cloning the repository it can be a bother to get the two certificates and the key set properly without a project-specific place to configure them yet. See the output of <tt>git config help</tt> for more information about configuring certificates and keys.</p>
117 @@end@@
The repo.or.cz duct tape "Girocco"