1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
git-annex has recently gotten support for running as a
[Tor](http://http://torproject.org/) hidden service. This is a great, and
very secure way to connect repositories between computers in different
locations, without needing any central server.
## the first peer
First, you need to get Tor installed and running. See
[their website](http://http://torproject.org/), or try a command like:
sudo apt-get install tor
To make git-annex use Tor, run these commands in your git-annex repository:
sudo git annex enable-tor
git annex remotedaemon
git annex p2p --gen-address
The p2p-auth command will output a long address, such as:
tor-annex::eeaytkuhaupbarfi.onion:4412:7f53c5b65b8957ef626fd461ceaae8056e3dbc459ae715e4
At this point, git-annex is running as a tor hidden service, but
it will only talk to peers who know that address.
## adding additional peers
To add a peer, get tor installed and running on it.
sudo apt-get install tor
You need a git-annex repository on the new peer. It's fine to start
with a new empty repository:
git init annex
cd annex
git annex init
And make git-annex use Tor, by running these commands in the git-annex
repository:
sudo git annex enable-tor
git annex remotedaemon
Now, tell the new peer about the address of the first peer:
git annex p2p --link-remote peer1 tor-annnex::eeaytkuhaupbarfi.onion:4412:7f53c5b65b8957ef626fd461ceaae8056e3dbc459ae715e4
(Of course, you should paste in the address you generated earlier,
not the example one shown above.)
Now this git-annex repository will have a remote named "peer1"
which connects, through Tor, to the repository on the other peer.
You can run any commands you normally would to sync with that remote:
git annex sync --content peer1
You can also generate an address for this new peer, by running
`git annex p2p --gen`, and add that address to other peers using `git annex
p2p --link-remote`. It's often useful to link peers up in both directions,
so peer1 is a remote of peer2 and peer2 is a remote of peer1.
Any number of peers can be connected this way, within reason.
## git-annex remotedaemon
Notice the `git annex remotedaemon` being run in the above examples.
That command runs the Tor hidden service so that other peers
can connect to your repository over Tor.
So, you may want to arrange for the remotedaemon to be started on boot.
You can do that with a simple cron job:
@reboot cd myannexrepo && git annex remotedaemon
If you use the git-annex assistant, and have it auto-starting on boot, it
will take care of starting the remotedaemon for you.
## onion addresses and authentication
You don't need to know about this, but it might be helpful to understand
how it works.
git-annex's Tor support uses onion address as the address of a git remote.
You can `git pull`, push, etc with those onion addresses:
git pull tor-annnex::eeaytkuhaupbarfi.onion:4412
git remote add peer1 tor-annnex::eeaytkuhaupbarfi.onion:4412
Onion addresses are semi-public. When you add a remote, they appear in your
`.git/config` file. So, there's a second level of authentication that
git-annex uses to make sure that only people you want to can access your
repository over Tor. That takes the form of a long string of numbers and
letters, like "7f53c5b65b8957ef626fd461ceaae8056e3dbc459ae715e4".
The addresses generated by `git annex peer --gen-address`
combine the onion address with the authentication data.
When you run `git annex peer --link-remote`, it sets up a git remote using
the onion address, and it stashes the authentication data away in a file in
`.git/annex/creds/`
|