(→Accessing your fedorapeople.org space: Fix ~/.ssh/known_hosts file name) |
|||
(80 intermediate revisions by 46 users not shown) | |||
Line 1: | Line 1: | ||
= fedorapeople.org = | {{autolang|base=yes}} | ||
== fedorapeople.org == | |||
This page covers the details on how to obtain and use your personal | This page covers the details on how to obtain and use your personal | ||
space on [ | space on [https://fedorapeople.org fedorapeople.org], a site where Fedora | ||
contributors can upload files | contributors can upload files to share with the world. It is | ||
perfect for uploading specfiles, | perfect for uploading specfiles, SRPMs, patches, or personal Git repositories. | ||
== | == Forbidden contents == | ||
# You need an active [https:// | * Do NOT distribute anything on [https://fedorapeople.org fedorapeople.org] that Fedora itself cannot distribute for legal reasons. Nothing on the [[ForbiddenItems]] list or otherwise non distributable by Fedora. | ||
# You must be | * Do NOT upload your private ssh keys. While the Fedora Infrastructure Team works hard on keeping the servers secure, break-ins will happen and private keys uploaded can be downloaded and brute-forced easily. Private .ssh keys found during an audit will be deleted. | ||
== Accessing your fedorapeople.org space == | |||
# You need an active [https://accounts.fedoraproject.org/ Fedora account] | |||
# You must be part of at least one group (other than the CLA group) in the [https://accounts.fedoraproject.org/ Fedora account system]. Often annotated as CLA+1 | |||
# You need to generate a ssh key (<code>ssh-keygen -t rsa</code>). | |||
# Upload the ssh key into your Fedora account. To upload, [https://accounts.fedoraproject.org/ visit this link] and select your key file using the ''Public RSA SSH key'' field. Oftentimes, your public key can be found in your home directory under <code>.ssh/id_rsa.pub</code>. The ssh key will become activated within 20minutes after it is uploaded. | |||
# To be able to verify an identity of fedorapeople.org SSH server, append these [https://admin.fedoraproject.org/ssh_known_hosts Fedora project SSH certificates] to your <code>~/.ssh/known_hosts</code> local file, or make sure your DNS resolver supports DNSSEC and <code>VerifyHostKeyDNS=yes</code> is set in your <code>~/.ssh/config</code> SSH client configuration file. | |||
# To connect, use the ssh key you uploaded into your Fedora account: | # To connect, use the ssh key you uploaded into your Fedora account: | ||
<pre>ssh -i ~/.ssh/id_rsa <your_username>@fedorapeople.org</pre> | |||
{{admon/important | Updating your SSH public key | If you want to update your SSH public key in [https://fedorapeople.org fedorapeople.org], do NOT manually edit your <code>.ssh/authorized_keys</code> file. Go through [https://accounts.fedoraproject.org/ the usual FAS account edit page] and wait for it to be updated, or you will be locked out of your account.}} | |||
# You will need to make a public_html directory for your files: <code>mkdir ~/public_html</code> | |||
# You will need to set permissions so the webserver can read them: <code>chmod 0755 ~/public_html</code> (This sets your home directory and public_html directories readable by the webserver) | |||
# You may wish to make a 'index.html' file in public_html | |||
== Common answers == | |||
* Each Fedora contributor has 2000000 KiB (approximately 1954 MiB) of quota-controlled space. | |||
* If you run out of space, you should clean up files you don't need. If you cannot clean anything up, you should contact Fedora Infrastructure team to raise your quota. | |||
* You need to change the permissions for your home directory to at least <code>711</code> to make it viewable. | |||
<pre>chmod 711 $HOME</pre> | |||
* To make a publicly viewable space, create a <code>public_html</code> directory and set its permissions to <code>755</code>. Your home <code>~/</code> directory must be exectuable for the webserver to see your <code>public_html</code> folder. | |||
* Fedora people is NOT to be used for development or repository creation. Repositories will need to be created elsewhere and uploaded via <code>scp</code> or <code>rsync</code>. | |||
* DO NOT try to use sudo to install packages you "need". Unless you are in the Infrastructure group and have gotten approval from sysadmin-main, extra packages are not to be installed on [https://fedorapeople.org fedorapeople.org]. | |||
* Upload files using <code>scp</code>, <code>sftp</code>, or <code>rsync</code>. | |||
{{admon/tip | Using Nautilus | If you use GNOME, visit [[Infrastructure/fedorapeople.org/Connecting_with_Nautilus | this page]] for an easy way to connect to your [https://fedorapeople.org fedorapeople.org] space.}} | |||
{{admon/tip | Using Dolphin or Konqueror | If you use KDE, type <code>sftp://your_username@fedorapeople.org</code> in your file manager address bar for an easy way to connect to your [https://fedorapeople.org fedorapeople.org] space.}} | |||
{{admon/tip | Using Thunar | If you use XFCE, press {{key press|CTRL + L}} to bring up the ''Open Location'' dialogue and then enter <code>sftp://your_username@fedorapeople.org/home/fedora/your_username</code> in ''Location'' field for an easy way to connect to your [https://fedorapeople.org fedorapeople.org] space. PCManFM also works}} | |||
To copy files from the command line, you can use <code>scp</code> | |||
<pre> | |||
scp /path/to/file your_username@fedorapeople.org:/home/fedora/your_username/public_html | |||
</pre> | |||
* Once files are uploaded into the user's <code>public_html</code> directory, the files will become available at: https://your_username.fedorapeople.org/. | |||
* Give other users access to read/write/etc files by using extended ACLs. Read man pages for <code>setfacl</code> and <code>getfacl</code> for adding them to your dirs/files. This gives the user <code>your_username</code> read and write access to <code>file</code>: | |||
<pre>setfacl -m u:your_username:rw file</pre> | |||
== fedorapeople.org git hosting support == | |||
[https://fedorapeople.org fedorapeople.org] now has support for hosting git repositories. This includes access via the <code>git://</code> protocol for anonymous downloads as well as providing the cgit web interface. | |||
Here is a quick rundown of how to get started with git on [https://fedorapeople.org fedorapeople.org]. It assumes that you are already somewhat familiar with git. You might want to take a look at the [[Git quick reference]]. | |||
=== Create a ~/public_git directory on fedorapeople.org === | |||
<pre>ssh your_username@fedorapeople.org "mkdir ~/public_git; /sbin/restorecon -Rv ~/public_git"</pre> | |||
=== Creating a new git repository in ~/public_git === | |||
As an example, here is one method to create an empty repository on your local system and upload it: | |||
<pre> | |||
git init --bare repo.git | |||
scp -r repo.git/ your_username@fedorapeople.org:~/public_git/ | |||
</pre> | |||
This creates a bare repository (i.e. a repository that has no working directory). It contains just the files that are part of the <code>.git</code> directory of a non-bare git repository (the kind most users are accustomed to seeing). | |||
{{admon/important|Repository name must end with ".git"|cgit will not list repos that do not end with ".git".|}} | |||
Additionally if you wish your repository to show up in the cgit web interface, you must run the following command for any repositories you wish to appear there by default: | |||
<pre> | |||
touch ~/public_git/yourgitrepo.git/git-daemon-export-ok | |||
</pre> | |||
=== Uploading an existing repository to ~/public_git === | |||
If you have an existing repository you want to use on [https://fedorapeople.org fedorapeople.org], you can do so easily: | |||
<pre> | <pre> | ||
git clone --bare /path/to/local/repo repo.git | |||
scp -r repo.git/ your_username@fedorapeople.org:public_git/ | |||
</pre> | </pre> | ||
The caveats from the previous section apply here as well. | |||
=== Pushing to your repository === | |||
To push changes from a local repository: | |||
{{admon/tip | | |||
<pre> | |||
cd /path/to/local/repo | |||
git remote add fedorapeople your_username@fedorapeople.org:public_git/repo.git | |||
git push --mirror fedorapeople | |||
</pre> | |||
This creates a mirror of your local repository. All of the branches and tags in the local repository will be pushed to the [https://fedorapeople.org fedorapeople.org] repository. | |||
If you only want to push selected branches, amend the <code>git push</code> example. For example, to push only your local master branch: | |||
<pre>git push fedorapeople master</pre> | |||
{{admon/tip|Allowing others to push|You can allow other [https://fedorapeople.org fedorapeople.org] users to push to your repository using extended ACLs (see <code>setfacl(1)</code> man page for details). However, if you have many others working on your project, using [https://pagure.io/ Pagure] is strongly preferred.}} | |||
=== Cloning your repository === | |||
To clone your repository, use a command similar to: | |||
<pre>git clone git://fedorapeople.org/~your_username/repo.git</pre> | |||
It is also possible to clone your project via the <code>http://</code> protocol. In order for this to work, you must arrange to have <code>git-update-server-info</code> run whenever you update your repository. Typically, this is done with a post-update hook script. However, the user home directories on [https://fedorapeople.org fedorapeople.org] are mounted with the noexec option, which prevents the script from running. Instead, you may create a symbolic link to <code>git-update-server-info</code> in the hooks directory of your repository: | |||
<pre> | |||
ssh your_username@fedorapeople.org | |||
cd ~/public_git/repo.git/hooks | |||
ln -svbf $(git --exec-path)/git-update-server-info post-update | |||
git update-server-info | |||
</pre> | |||
You also need to create a link from <code>~/public_html/git</code> to <code>~/public_git</code>: | |||
<pre> | |||
cd ~/public_html | |||
ln -svbf ../public_git git | |||
</pre> | |||
You can clone your repository over <code>http://</code> with a command similar to: | |||
<pre>git clone http://your_username.fedorapeople.org/git/repo.git/</pre> | |||
{{admon/tip|<code>git://</code> versus <code>http://</code>|Only clone via <code>http://</code> if you are behind a firewall that prevents <code>git://</code> from working. The <code>git://</code> protocol is faster and more efficient than the <code>http://</code> protocol for git usage.}} | |||
=== Browsing your project via cgit === | |||
You can see your project listed in [https://fedorapeople.org/cgit cgit] once the project list updates. This happens hourly. | |||
{{admon/tip|Repository description|You can set the description for the repository that is displayed in cgit by editing the <code>description</code> file in your repository.}} | |||
=== Shared repository === | |||
If you want to give access to your repository to other users you can do this with ACLs. | |||
<pre> | |||
setfacl -R -m u:<user>:rwX <repo.git> | |||
find <repo.git> -type d | xargs setfacl -R -m d:u:<user>:rwX | |||
</pre> | |||
=== Enable per-repo upload-archive === | |||
If you want to allow your repository to be accessible via <code>git archive --remote</code>, you will need to set set the following in your repository's config file: | |||
<pre> | |||
[daemon] | |||
uploadarch = true | |||
</pre> | |||
== Policies == | |||
== | === Viruses === | ||
fedorapeople | [https://fedorapeople.org fedorapeople.org] servers are regularly scanned for viruses, including people's home directories, because of the nature of providing download of user-uploaded files on a Fedora domain name. | ||
As soon as a virus is reported by the scanners, they will be scanned again by another scanner to make sure they're actual viruses (and not just an overly active scanner). | |||
If the second opinion also reports the file as being a virus, the file will be moved to a non-public facing directory, and the owner will be notified. | |||
If the user has not yet responded after a week, the file will be deleted. | |||
--- | |||
[[Category:Infrastructure]] | |||
[[Category:CommOps wiki to docs migration campaign 2021/2022]] | |||
Latest revision as of 15:19, 4 July 2024
fedorapeople.org
This page covers the details on how to obtain and use your personal space on fedorapeople.org, a site where Fedora contributors can upload files to share with the world. It is perfect for uploading specfiles, SRPMs, patches, or personal Git repositories.
Forbidden contents
- Do NOT distribute anything on fedorapeople.org that Fedora itself cannot distribute for legal reasons. Nothing on the ForbiddenItems list or otherwise non distributable by Fedora.
- Do NOT upload your private ssh keys. While the Fedora Infrastructure Team works hard on keeping the servers secure, break-ins will happen and private keys uploaded can be downloaded and brute-forced easily. Private .ssh keys found during an audit will be deleted.
Accessing your fedorapeople.org space
- You need an active Fedora account
- You must be part of at least one group (other than the CLA group) in the Fedora account system. Often annotated as CLA+1
- You need to generate a ssh key (
ssh-keygen -t rsa
). - Upload the ssh key into your Fedora account. To upload, visit this link and select your key file using the Public RSA SSH key field. Oftentimes, your public key can be found in your home directory under
.ssh/id_rsa.pub
. The ssh key will become activated within 20minutes after it is uploaded. - To be able to verify an identity of fedorapeople.org SSH server, append these Fedora project SSH certificates to your
~/.ssh/known_hosts
local file, or make sure your DNS resolver supports DNSSEC andVerifyHostKeyDNS=yes
is set in your~/.ssh/config
SSH client configuration file. - To connect, use the ssh key you uploaded into your Fedora account:
ssh -i ~/.ssh/id_rsa <your_username>@fedorapeople.org
- You will need to make a public_html directory for your files:
mkdir ~/public_html
- You will need to set permissions so the webserver can read them:
chmod 0755 ~/public_html
(This sets your home directory and public_html directories readable by the webserver) - You may wish to make a 'index.html' file in public_html
Common answers
- Each Fedora contributor has 2000000 KiB (approximately 1954 MiB) of quota-controlled space.
- If you run out of space, you should clean up files you don't need. If you cannot clean anything up, you should contact Fedora Infrastructure team to raise your quota.
- You need to change the permissions for your home directory to at least
711
to make it viewable.
chmod 711 $HOME
- To make a publicly viewable space, create a
public_html
directory and set its permissions to755
. Your home~/
directory must be exectuable for the webserver to see yourpublic_html
folder. - Fedora people is NOT to be used for development or repository creation. Repositories will need to be created elsewhere and uploaded via
scp
orrsync
. - DO NOT try to use sudo to install packages you "need". Unless you are in the Infrastructure group and have gotten approval from sysadmin-main, extra packages are not to be installed on fedorapeople.org.
- Upload files using
scp
,sftp
, orrsync
.
To copy files from the command line, you can use scp
scp /path/to/file your_username@fedorapeople.org:/home/fedora/your_username/public_html
- Once files are uploaded into the user's
public_html
directory, the files will become available at: https://your_username.fedorapeople.org/. - Give other users access to read/write/etc files by using extended ACLs. Read man pages for
setfacl
andgetfacl
for adding them to your dirs/files. This gives the useryour_username
read and write access tofile
:
setfacl -m u:your_username:rw file
fedorapeople.org git hosting support
fedorapeople.org now has support for hosting git repositories. This includes access via the git://
protocol for anonymous downloads as well as providing the cgit web interface.
Here is a quick rundown of how to get started with git on fedorapeople.org. It assumes that you are already somewhat familiar with git. You might want to take a look at the Git quick reference.
Create a ~/public_git directory on fedorapeople.org
ssh your_username@fedorapeople.org "mkdir ~/public_git; /sbin/restorecon -Rv ~/public_git"
Creating a new git repository in ~/public_git
As an example, here is one method to create an empty repository on your local system and upload it:
git init --bare repo.git scp -r repo.git/ your_username@fedorapeople.org:~/public_git/
This creates a bare repository (i.e. a repository that has no working directory). It contains just the files that are part of the .git
directory of a non-bare git repository (the kind most users are accustomed to seeing).
Additionally if you wish your repository to show up in the cgit web interface, you must run the following command for any repositories you wish to appear there by default:
touch ~/public_git/yourgitrepo.git/git-daemon-export-ok
Uploading an existing repository to ~/public_git
If you have an existing repository you want to use on fedorapeople.org, you can do so easily:
git clone --bare /path/to/local/repo repo.git scp -r repo.git/ your_username@fedorapeople.org:public_git/
The caveats from the previous section apply here as well.
Pushing to your repository
To push changes from a local repository:
cd /path/to/local/repo git remote add fedorapeople your_username@fedorapeople.org:public_git/repo.git git push --mirror fedorapeople
This creates a mirror of your local repository. All of the branches and tags in the local repository will be pushed to the fedorapeople.org repository.
If you only want to push selected branches, amend the git push
example. For example, to push only your local master branch:
git push fedorapeople master
Cloning your repository
To clone your repository, use a command similar to:
git clone git://fedorapeople.org/~your_username/repo.git
It is also possible to clone your project via the http://
protocol. In order for this to work, you must arrange to have git-update-server-info
run whenever you update your repository. Typically, this is done with a post-update hook script. However, the user home directories on fedorapeople.org are mounted with the noexec option, which prevents the script from running. Instead, you may create a symbolic link to git-update-server-info
in the hooks directory of your repository:
ssh your_username@fedorapeople.org cd ~/public_git/repo.git/hooks ln -svbf $(git --exec-path)/git-update-server-info post-update git update-server-info
You also need to create a link from ~/public_html/git
to ~/public_git
:
cd ~/public_html ln -svbf ../public_git git
You can clone your repository over http://
with a command similar to:
git clone http://your_username.fedorapeople.org/git/repo.git/
Browsing your project via cgit
You can see your project listed in cgit once the project list updates. This happens hourly.
If you want to give access to your repository to other users you can do this with ACLs.
setfacl -R -m u:<user>:rwX <repo.git> find <repo.git> -type d | xargs setfacl -R -m d:u:<user>:rwX
Enable per-repo upload-archive
If you want to allow your repository to be accessible via git archive --remote
, you will need to set set the following in your repository's config file:
[daemon] uploadarch = true
Policies
Viruses
fedorapeople.org servers are regularly scanned for viruses, including people's home directories, because of the nature of providing download of user-uploaded files on a Fedora domain name. As soon as a virus is reported by the scanners, they will be scanned again by another scanner to make sure they're actual viruses (and not just an overly active scanner). If the second opinion also reports the file as being a virus, the file will be moved to a non-public facing directory, and the owner will be notified. If the user has not yet responded after a week, the file will be deleted.
---