Follow

Has anyone successfully implemented Git over Tor?

I know hosting a repo server is a vastly different beast, but it may help to start somewhere

As far as I know, Gogs and Gitea are fully FOSS, server-side too (no proprietary "enterprise" versions), can be isolated pretty well, and don't look like they're stuck in 1995

But I don't know the internals well enough to see if an entire Hidden Service alternative to GitHub or GitLab can be done in these or something similar

Gitea is a fork of Gogs

· · Tootle for Mastodon · 7 · 4 · 2

Another reason for the sudden interest in Git over Tor is the possibility of a Hidden Service app store. Releasing binaries is all well and good, but having sources available alongside it is a bonus

But "given enough eyeballs, all bugs are shallow" is kind of a myth

There are never enough eyeballs

@cypnk Apparently git has support for socks5 proxies since 2015, so it wouldn't be that difficult to do I think.

@schoentoon Ah, good point. I'm sure there are a bunch of edge cases to consider, but it may be a fun project to try

@cypnk Oh yeah probably. I have previously toyed around with usenet over tor, which was surprisingly easy to do, but had some tiny edge cases for sure (mostly in the clients)

@cypnk

Well, there's Git over SSB (Secure Scuttlebutt) if you're looking for an alternative that doesn't involve hosting servers.

Tutorial
github.com/noffle/git-ssb-intr

#Git #SSB

@cypnk Note that things like gitlab/github aren't necessary if you just want a read-only git; a read only git can just be on a plain simple http server, so I assume trivial; not sure what the minimal writeable is; but you don't need all the multiple-project/auth system that the bigger systems give you

@cypnk You can even host GitLab behind to with no problem. Sure, you probably have a hard time to of source IP leaks for the hosting platform, but that can be solved with enforcing outgoing firewall rules and hosting the tor proxy on a separate machine/IP.

But there is no technical reason, why this wouldn't work. gitlab, gitea and gogs are all capable for socks4/5 proxying for outgoing connections and can set arbitrary base URLs.

I guess just someone has to bother to do it.

@cypnk Thinking of it, all you need is probably a docker-compose file (similar to mine here: git.shivering-isles.com/shiver), set the network to internal, setup a tor container that has a second network adapter that is not set to internal, and configure GitLab for a forward proxy and the right domain:

docs.gitlab.com/omnibus/settin

docs.gitlab.com/omnibus/docker

Similar things should be possible with Gitea and Gogs as well :)

@cypnk I have used git to push to a hidden service (GitLab). Just prefix your `git push` with "torsocks". I didn't set up that GitLab server, but if you want I can ask and see if the person who did has notes they would be willing to share.

@cypnk I would expect Gitea to be easy to set up as a hidden service.

GitLab is free software (as in speech), even the enterprise features. The enterprise features are not free as in beer. There is a license check to enable the enterprise features like having issues that are Epics and linking issues with "blocks X/blocked by X". Those are the only two enterprise features that I've seen that I am interested in, but it's not worth $5/month/user for a personal server.

@cypnk You can prefix your git command with "torsocks -i". I use it all the time and it works like a charm. Although only when the other side is _not_ a hidden service.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!