gits-protocol

Git over TLS
git clone git://git.rr3.xyz/gits-protocol | git clone gits://git.rr3.xyz/gits-protocol
Log | Files | Refs | README

commit 939158694a1c0de8c5731b118a33a7877116a80d
parent ad7bde637339d28f0cd3166b9f47777a25014ab5
Author: Robert Russell <robert@rr3.xyz>
Date:   Wed, 20 May 2026 15:47:57 -0700

Create README

Diffstat:
AREADME | 22++++++++++++++++++++++
1 file changed, 22 insertions(+), 0 deletions(-)

diff --git a/README b/README @@ -0,0 +1,22 @@ +Using HTTP(S) for everything is silly. In particular, Git should use the Git +protocol (`git://`), naturally. Since the Git protocol is insecure by default +(e.g., a man-in-the-middle could modify files during clone), we should run it +over TLS, obtaining the "Gits" protocol (`gits://`). + +Thankfully, the `git` tool makes it easy to add new protocols (see +gitremote-helpers(7)). Here are the steps required to start using Gits: + +Servers: + 1. Run `git daemon`, just like you would to serve `git://`. Optionally, + you may serve it only locally, to prevent access to the insecure + `git://`. + 2. Run a TLS tunnel to terminate TLS and exchange unencrypted traffic + locally with the Git daemon. + - Public side `IP:port`: <whatever you want>:9419 + - Private side `IP:port`: localhost:9418 + +Clients: + 1. Install `ncat` (from the `nmap` package) and the `git-remote-gits` + script from this repo (to somewhere on PATH). + 2. That's it! The `git` tool now defers to `git-remote-gits` for URLs of + form `gits://host[:port][/path]`.