From ea28b3a0574c4df167c57a7fb6465c7673963089 Mon Sep 17 00:00:00 2001 From: "http://www.cse.unsw.edu.au/~willu/" Date: Mon, 27 Oct 2008 22:31:34 -0400 Subject: Notes about untrusted push in monotone --- doc/todo/Untrusted_push_in_Monotone.mdwn | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 doc/todo/Untrusted_push_in_Monotone.mdwn diff --git a/doc/todo/Untrusted_push_in_Monotone.mdwn b/doc/todo/Untrusted_push_in_Monotone.mdwn new file mode 100644 index 000000000..a8b1cd7c4 --- /dev/null +++ b/doc/todo/Untrusted_push_in_Monotone.mdwn @@ -0,0 +1,28 @@ +As noted in [[tips/untrusted_git_push]] an untrusted push capability was added recently, but only implemented in git. +(See also [[todo/rcs_updates_needed]]) + +This note describes (but does not implement) an approach for this with the [[rcs/monotone]] rcs backend. + +---- + +Monotone behaves a little differently to git in its networking. Git allows anyone to try to push, and then +check whether it is ok before finally accepting it. Monotone has no way to accept or reject revisions +in this way. However, monotone does have the ability to mark revisions, and to ignore unmarked revisions. + +This marking capability can be used to achieve a somewhat similar effect to what happens with git. The +problem with this is that anyone could put anything into the monotone database, and while this wouldn't +affect ikiwiki, it seems bad to leave open, untrusted storage on the web. + +The Plan +===== + +In the `note_netsync_revision_received` hook in the monotone server, have the server check to make sure +that either a) the revision is signed by someone trusted or, b) the revision is checked using the same +hook that git uses in `pre-receive`. If the revision passes the ikiwiki `pre-receive` check then the +monotone hook signs the revision. This gives that revision the 'ikiwiki seal of approval'. + +You'll also want to update the monotone trust hooks to only trust revisions signed by trusted people, or +ikiwiki. + +Now anyone can upload a revision, but only those signed by a trusted person, or which pass the ikiwiki +check and so get signed by the ikiwiki key, will be seen by ikiwiki. -- cgit v1.2.3