gits-protocol

Git over TLS
git clone git://git.rr3.xyz/gits-protocol | git clone gits://git.rr3.xyz/gits-protocol
Log | Files | Refs | README

README (1134B)


      1 Using HTTP(S) for everything is silly. In particular, Git should use the Git
      2 protocol (`git://`), naturally. Since the Git protocol is insecure by default
      3 (e.g., a man-in-the-middle could modify files during clone), we should run it
      4 over TLS, obtaining the "Gits" protocol (`gits://`).
      5 
      6 Thankfully, the `git` tool makes it easy to add new protocols (see
      7 gitremote-helpers(7)). Here are steps sufficient to start using Gits:
      8 
      9 Servers:
     10 	1. Run `git daemon`, just like you would to serve the ordinary Git
     11 	   protocol. Optionally, you can serve it only locally, to prevent
     12 	   outside access to the insecure Git protocol.
     13 	2. Run a TLS tunnel to terminate TLS and exchange (unencrypted) Git
     14 	   traffic locally with the Git daemon.
     15 		- Public side `IP:port`:   <whatever you want>:9419
     16 		- Private side `IP:port`:  localhost:9418
     17 
     18 Clients:
     19 	1. Install `ncat` (from the `nmap` package) and the `git-remote-gits`
     20 	   script from this repo (to somewhere on PATH).
     21 	2. That's it! The `git` tool now defers to `git-remote-gits` for URLs
     22 	   of form `gits://host[:port][/path]`.
     23 
     24 Note the convention that the Gits protocol uses TCP port 9419.