Has anyone successfully implemented Git over Tor?
I know hosting a repo server is a vastly different beast, but it may help to start somewhere
As far as I know, Gogs and Gitea are fully FOSS, server-side too (no proprietary "enterprise" versions), can be isolated pretty well, and don't look like they're stuck in 1995
But I don't know the internals well enough to see if an entire Hidden Service alternative to GitHub or GitLab can be done in these or something similar
Gitea is a fork of Gogs
@cypnk Apparently git has support for socks5 proxies since 2015, so it wouldn't be that difficult to do I think.
@schoentoon Ah, good point. I'm sure there are a bunch of edge cases to consider, but it may be a fun project to try
@cypnk Oh yeah probably. I have previously toyed around with usenet over tor, which was surprisingly easy to do, but had some tiny edge cases for sure (mostly in the clients)
Well, there's Git over SSB (Secure Scuttlebutt) if you're looking for an alternative that doesn't involve hosting servers.
@njoseph Oh, this is pretty nice! Thanks for this 🙏
@cypnk Note that things like gitlab/github aren't necessary if you just want a read-only git; a read only git can just be on a plain simple http server, so I assume trivial; not sure what the minimal writeable is; but you don't need all the multiple-project/auth system that the bigger systems give you
@cypnk You can even host GitLab behind to with no problem. Sure, you probably have a hard time to of source IP leaks for the hosting platform, but that can be solved with enforcing outgoing firewall rules and hosting the tor proxy on a separate machine/IP.
But there is no technical reason, why this wouldn't work. gitlab, gitea and gogs are all capable for socks4/5 proxying for outgoing connections and can set arbitrary base URLs.
I guess just someone has to bother to do it.
@cypnk Thinking of it, all you need is probably a docker-compose file (similar to mine here: https://git.shivering-isles.com/shivering-isles/infrastructure/-/blob/master/roles/gitlab/templates/docker-compose.yml), set the network to internal, setup a tor container that has a second network adapter that is not set to internal, and configure GitLab for a forward proxy and the right domain:
https://docs.gitlab.com/omnibus/settings/environment-variables.html
https://docs.gitlab.com/omnibus/docker/README.html#install-gitlab-using-docker-compose
Similar things should be possible with Gitea and Gogs as well :)
@cypnk I have used git to push to a hidden service (GitLab). Just prefix your `git push` with "torsocks". I didn't set up that GitLab server, but if you want I can ask and see if the person who did has notes they would be willing to share.
@cypnk I would expect Gitea to be easy to set up as a hidden service.
GitLab is free software (as in speech), even the enterprise features. The enterprise features are not free as in beer. There is a license check to enable the enterprise features like having issues that are Epics and linking issues with "blocks X/blocked by X". Those are the only two enterprise features that I've seen that I am interested in, but it's not worth $5/month/user for a personal server.
@cypnk the HardenedBSD Git repository is hosted via Tor.
@cypnk You can prefix your git command with "torsocks -i". I use it all the time and it works like a charm. Although only when the other side is _not_ a hidden service.
Another reason for the sudden interest in Git over Tor is the possibility of a Hidden Service app store. Releasing binaries is all well and good, but having sources available alongside it is a bonus
But "given enough eyeballs, all bugs are shallow" is kind of a myth
There are never enough eyeballs