The program kup-server is expected to be the receiver of an ssh shell, configured with the following or similar options in ~/.ssh/authorized_keys:
- command="/usr/bin/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[...]
Each user should have their own UID, as Unix user permissions are used for specific tree access control. On the client side, a corresponding client-side utility kup is used to initiate the connection and perform the uploads.
The configuration file for kup-server is located in /etc/kup/kup-server.cfg and has the following options:
- All paths in this section should be disjoint. Do not combine any of them into one directory.
- data_path = /var/lib/kup/pub
- Path for public consumption, e.g. served via http or rsync.
- git_path = /var/cache/git
- This is the path where git trees (for the TAR and DIFF options) are available. Those should be readonly for the uploaders.
- lock_file = /run/kup/lock
- A common lock file for data_path. No program should modify the content in data_path without holding an flock on this file. Should be readonly for the uploaders.
- tmp_path = /var/cache/kup/tmp/
- tmp_path can be either:
1. a directory writable by every user and with the sticky bit set
(typically mode 1777 or 1770). In that case, DO NOT end the path
with a slash, or:
2. A directory containing an empty directory for each user (named for that user), owned by that user and mode 0700. In this case, DO end the path with a slash.
In either case, this directory tree MUST be on the same filesystem as data_path, since the script expects tocreate files in this directory and rename() them into data_path.
- pgp_path = /var/lib/kup/pgp
- A directory containing a GnuPG public keyring for each user, named <user>.gpg and readable (but not writable) by that user.
- All sizes are in bytes, all times in seconds.
- max_data = 8589934592
- Max size of uploaded data.
- bufsiz = 262144
- Buffer size when reading data.
- timeout_command = 30
- How long to wait for a command to time out.
- timeout_data = 300
- Must read at least bufsiz bytes in this timespan.
- timeout_compress = 900
- Uncompressing tarballs must take at most this long.
- timeout_compress_cpu = 900
- Each compression command must take at most this long in CPU time.
- This section allows specifying the compressors to use when creating compressed versions of uploaded content.
- use = gz, bz2, xz
- A comma-separated list of file extensions to create (minus the leading dot). For each extension specified, you will need to add an extra entry to this section with the path to the matching gzip-compatible utility (i.e. it must accept -9 and -cd command-line arguments). E.g., if you specified "gz, bz2, xz" as values in use, you must add the following entries as well:
gz = /bin/gzip bz2 = /usr/bin/bzip2 xz = /usr/bin/xz
AUTHORWritten by H. Peter Anvin <[email protected]>.
COPYRIGHTCopyright © 2011 Intel Corporation
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, Inc.; either version 2 of the License, or (at your option) any later version; incorporated herein by reference. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.