[darcs-users] Re: Setting up a server

Sat Feb 4 11:36:16 UTC 2006

On 2/4/06, Benedikt Schmidt <beschmi at cloaked.de> wrote:
> "Daan Leijen" <Daan at microsoft.com> writes:
> > Hmm, you seem to imply that I would need special webserver support?

There is no way to apply darcs patch bundle without a copy of
darcs.  All existing push and send methods require this.

> >> Alternatively, you could require that the patch is signed with a
> >> recognised GPG key (since both signing and verification are built into
> >> Darcs), though that would mean that authentication is delayed until
> >> the patch bundle has already been uploaded.

I'd like to make it clear that gpg in context of darcs is purely an
patch-bundle authentication method, nothing of it is preserved in a
repository.

> > Ah, and that could be done completely by the CGI script (right?) -- no
> > extra server support necessary at all.

Last I checked, if you have gnupg, it can verify darcs bundles without
problems, even without darcs.

> > This all sounds great (and a reasonable amount of work!). It would be
> > very secure since it just runs as HTTP, and the CGI is simply limited
> > to a few darcs operations -- it can run on anyone's website that can
> > run CGI scripts -- no server dependencies. Having this would surely help
> > darcs to get more widespread. Wow, why has no one done this already? :-)

Applying darcs patch requires darcs.  Verifying gpg-signature requires
gnupg.  Writing scripts to handle other stuff is not the hard part.  It has
been done several times on diffrent sites (some of them you can find
on mailing list archives.)

<rant>
I think the main reason there is no "official" or anything advertised on
darcs.net is cultural thing in darcs community:  Most (advanced)
users and developers are unixy-types with their own servers and can
conviently hack in whatever they feel like.  And creating users with
ssh access and special shell is mere one-night-or-weekend project
for them.  Also, they probably are at home with mails that have
patches as attachmenets and script their emal clients to handle
these patches semi-automatically.  There has also been strong
movement against using http as medium to push, given a lot of
loose ends on security and that it is redundant given ssh and
emails.
</rant>

> It has already been started, but i'm not sure how usable the client and
> server described in
> http://thread.gmane.org/gmane.comp.version-control.darcs.user/8926
> are.

There was no interest or comments on that work, nor any users I know
besides myself, so I don't know how others feel.  I use it on my own
site and at work.  It is mightily more convient now that darcs push
has sign-options (in next darcs release).

It is inconvient because it requires darcs and gpg on server.  Compiling
server and client is inconvient because it requires ghc.  It depends http
server for protection from DOS.  Besides those issues it is imo very
handy (I find it faster to post patch over ssh-tunneled http than straight
ssh - given that ssh-tunneled http was open anyway.)

There was also a darcs patch, that I think didn't go in, that
implemented http post using libcurl/curl, but with a bit diffrent spec.
(iirc just pushed plain darcs-bundle in request body.)

What it boils down, very often, is that you require GHC or Darcs on
platform where your web-server runs, more conviently usually on
exact same host, so you can skip issues with static linking etc.

Best regards,
-Esa