curveprotect software (experimental)

using CurveCP to protect subversion

Subversion client configuration

create CurveCP authorization key directory:

/opt/curveprotect/bin/curvecpmakekey ~/.subversion/clientkey

create tunnel script:

  echo '#!/bin/sh'
  echo 'TIMEOUT=20000; export TIMEOUT'
  echo 'exec /opt/curveprotect/bin/nettunnel -k ~/.subversion/clientkey -c "$1" "$2"'
) > ~/.subversion/
chmod +x ~/.subversion/
mv -f ~/.subversion/ ~/.subversion/

add to .subversion/config to section [tunnels] (replace user, host and port with your user, host and port):

curvecp = /home/user/.subversion/ host port

checkout data:

svn co svn+curvecp://host:port/ dir

Subversion server configuration

Replace domain, IP, extension, subversion root, CurveCP key directory with Your domain, IP, extension, subversion root, CurveCP key directory.

  • domain
  • IP, port 3690
  • extension 00000000000000000000000000000000
  • Subversion root directory /var/lib/svn
  • CurveCP key in directory /var/lib/svn/serverkey

  • prerequisites:

  • install daemontools
  • install subversion
  • install curveprotect
  • as a root create subversion directory:

    svnadmin create /var/lib/svn

    as a root create CurveCP key directory:

    /opt/curveprotect/bin/curvecpmakekey /var/lib/svn/serverkey

    as a root create a run script like this and run it under daemontools:

    exec 2>&1
    PATH="/opt/curveprotect/bin:${PATH}"; export PATH; export NAME
    KEYDIR=/var/lib/svn/serverkey; export KEYDIR
    IP=; export IP
    PORT=3690; export PORT
    EXTENSION=00000000000000000000000000000000; export EXTENSION
    ROOT=/var/lib/svn; export ROOT
    exec curvecpserver "${NAME}" "${KEYDIR}" "${IP}" "${PORT}" "${EXTENSION}" curvecpmessage svnserve -i -r "${ROOT}"

    insert the key and the extension into the DNS record:

  • how-to do is found here
  • check it:

    apache@apache:~$ svn co svn+curvecp:// curveprotect
    A    curveprotect/source
    A    curveprotect/source/tools
    A    curveprotect/source/tools/SOURCES
    A    curveprotect/source/tools/LIBS
    A    curveprotect/source/tools/extremeenvuidgid.c
    A    curveprotect/source/tools/extremesetuidgid.c
    A    curveprotect/source/tools/killafter.c
    A    curveprotect/source/tools/fdcopy.c
    A    curveprotect/source/tools/hextobase32.c
    A    curveprotect/source/tools/jabberproxy.c
    A    curveprotect/source/tools/TARGETS
    A    curveprotect/do
    A    curveprotect/do-debian
    A    curveprotect/conf-users
    A    curveprotect/TODO
    A    curveprotect/THANKS
    A    curveprotect/conf-version
    A    curveprotect/do-macosx
    A    curveprotect/conf-home
    A    curveprotect/conf-ip
    A    curveprotect/README
    Checked out revision 106.