Added a comment

1 files changed, 29 insertions, 0 deletions

diff --git a/doc/todo/Build_for_Synology_DSM/comment_9_d94a73b9a07c5cadf191005f817fd59a._comment b/doc/todo/Build_for_Synology_DSM/comment_9_d94a73b9a07c5cadf191005f817fd59a._comment
new file mode 100644
index 000000000..c8b45fc60
--- /dev/null
+++ b/doc/todo/Build_for_Synology_DSM/comment_9_d94a73b9a07c5cadf191005f817fd59a._comment
@@ -0,0 +1,29 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawkwjBDXkP9HAQKhjTgThGOxUa1B99y_WRA"
+ nickname="Franck"
+ subject="comment 9"
+ date="2013-06-02T13:14:56Z"
+ content="""
+Hi, I finally succeeded! :-)
+
+Here are the main steps:
+
+ 1. install `debian-chroot` on the NAS
+ 2. create an account `gitannex` in Debian
+ 3. configure git on this account (this is important otherwise git complains and fails) `git config --global user.email YOUR_EMAIL` and `git config --global user.name YOUR_NAME`
+ 4. install `gcc` on the NAS (using `ipkg`)
+ 5. download the files here: https://www.dropbox.com/sh/b7z68a730aj3mnm/95nFOzE1QP
+ 6. edit `_chrooter` to fit your settings (probably there is nothing to change if your Debian is freshly installed)
+ 7. run `make install`, everything goes to `/opt/bin`, if you change this, you should also edit line 17 in file `gasp`
+ 8. create an account `gitannex` on the NAS (doesn't need to be the same name as in Debian, but I feel it is easier)
+ 9. edit its `.ssh/authorized_keys` to prefix lines as follows `command=\"gasp\" THE_PUBLIC_KEY_AS_USUAL`
+ 10. it should work
+ 11. the repositories will be in the Debian account, but it's easy to symlink them in the NAS account if you wish
+
+The principle is as follows: `command=\"gasp\"` allows to launch `gasp` on SSH connexion instead of the original command given to `ssh`. This command is retrieved by `gasp` and prefixed with `chrooter-` (so, eg, running `ssh git` on the client results in running `chrooter-git` on the NAS). `chrooter-*` commands are symlinks to `chrooter`, this is a setuid root binary that launches `_chrooter`. (This intermediary binary is necessary because `_chrooter` is a script which cannot be setuid, and setuid is required for the chroot and identity change.) Finally, `_chrooter` starts the `debian-chroot` service, chroot to the target dir, changes identity and eventually launches the original command as if it was lauched directly by `gitannex` user in Debian. `_chrooter` and `gasp` are Python scripts, I did not use shell in order to avoid error-prone issues with spaces in arguments (that need to be passed around several times in the process).
+
+I'll try now to add command-line parameters to `gasp` in order to restrict the commands that can be run through SSH and the repositories allowed.
+
+Cheers,
+Franck
+"""]]