curveprotect software (experimental)

using CurveCP to protect subversion

Subversion client configuration

create CurveCP authorization key directory:

/opt/curveprotect/bin/curvecpmakekey ~/.subversion/clientkey

create tunnel script:

(
  echo '#!/bin/sh'
  echo 'TIMEOUT=20000; export TIMEOUT'
  echo 'exec /opt/curveprotect/bin/nettunnel -k ~/.subversion/clientkey -c "$1" "$2"'
) > ~/.subversion/tunnel.sh.tmp
chmod +x ~/.subversion/tunnel.sh.tmp
mv -f ~/.subversion/tunnel.sh.tmp ~/.subversion/tunnel.sh

add to .subversion/config to section [tunnels] (replace user, host and port with your user, host and port):

curvecp = /home/user/.subversion/tunnel.sh host port

checkout data:

svn co svn+curvecp://host:port/ dir

Subversion server configuration

Replace domain, IP, extension, subversion root, CurveCP key directory with Your domain, IP, extension, subversion root, CurveCP key directory.

  • domain svn.mojzis.com
  • IP 0.0.0.0, port 3690
  • extension 00000000000000000000000000000000
  • Subversion root directory /var/lib/svn
  • CurveCP key in directory /var/lib/svn/serverkey

    • prerequisites:

  • install daemontools
  • install subversion
  • install curveprotect

    • as a root create subversion directory:

    svnadmin create /var/lib/svn

    as a root create CurveCP key directory:

    /opt/curveprotect/bin/curvecpmakekey /var/lib/svn/serverkey

    as a root create a run script like this and run it under daemontools:

    #!/bin/sh
exec 2>&1
PATH="/opt/curveprotect/bin:${PATH}"; export PATH
NAME=svn.mojzis.com; export NAME
KEYDIR=/var/lib/svn/serverkey; export KEYDIR
IP=0.0.0.0; export IP
PORT=3690; export PORT
EXTENSION=00000000000000000000000000000000; export EXTENSION
ROOT=/var/lib/svn; export ROOT
exec curvecpserver "${NAME}" "${KEYDIR}" "${IP}" "${PORT}" "${EXTENSION}" curvecpmessage svnserve -i -r "${ROOT}"

    insert the key and the extension into the DNS record:

  • how-to do is found here

    • check it:

    apache@apache:~$ svn co svn+curvecp://svn.mojzis.com/software/curveprotect curveprotect
A    curveprotect/source
A    curveprotect/source/tools
A    curveprotect/source/tools/SOURCES
A    curveprotect/source/tools/LIBS
A    curveprotect/source/tools/extremeenvuidgid.c
A    curveprotect/source/tools/extremesetuidgid.c
A    curveprotect/source/tools/killafter.c
A    curveprotect/source/tools/fdcopy.c
A    curveprotect/source/tools/hextobase32.c
A    curveprotect/source/tools/jabberproxy.c
A    curveprotect/source/tools/TARGETS
...
...
A    curveprotect/do
A    curveprotect/do-debian
A    curveprotect/conf-users
A    curveprotect/TODO
A    curveprotect/THANKS
A    curveprotect/conf-version
A    curveprotect/do-macosx
A    curveprotect/conf-home
A    curveprotect/conf-ip
A    curveprotect/README
Checked out revision 106.
apache@apache:~$