kup-server - kernel.org upload server utility
The program kup-server is expected to be the receiver of an
ssh shell, configured with the following or similar options in
~/.ssh/authorized_keys:
command="/usr/bin/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding
ssh-rsa AAAA[...]
Each user should have their own UID, as Unix user permissions are
used for specific tree access control. On the client side, a corresponding
client-side utility kup is used to initiate the connection and
perform the uploads.
The configuration file for kup-server is located in
/etc/kup/kup-server.cfg and has the following options:
- [paths]
- All paths in this section should be disjoint. Do not combine any of them
into one directory.
- data_path =
/var/lib/kup/pub
- Path for public consumption, e.g. served via http or rsync.
- git_path =
/var/cache/git
- This is the path where git trees (for the TAR and DIFF options) are
available. Those should be readonly for the uploaders.
- lock_file =
/run/kup/lock
- A common lock file for data_path. No program should modify the content in
data_path without holding an flock on this file. Should be readonly for
the uploaders.
- tmp_path =
/var/cache/kup/tmp/
- tmp_path can be either:
1. a directory writable by every user and with the sticky
bit set (typically mode 1777 or 1770). In that case, DO NOT end the path with
a slash, or:
2. A directory containing an empty directory for each user (named
for that user), owned by that user and mode 0700. In this case, DO end the
path with a slash.
In either case, this directory tree MUST be on the same
filesystem as data_path, since the script expects tocreate files in
this directory and rename() them into data_path.
- pgp_path =
/var/lib/kup/pgp
- A directory containing a GnuPG public keyring for each user, named
<user>.gpg and readable (but not writable) by that user.
- [limits]
- All sizes are in bytes, all times in seconds.
- max_data =
8589934592
- Max size of uploaded data.
- bufsiz =
262144
- Buffer size when reading data.
- timeout_command
= 30
- How long to wait for a command to time out.
- timeout_data
= 300
- Must read at least bufsiz bytes in this timespan.
- timeout_compress
= 900
- Uncompressing tarballs must take at most this long.
- timeout_compress_cpu
= 900
- Each compression command must take at most this long in CPU time.
- [compressors]
- This section allows specifying the compressors to use when creating
compressed versions of uploaded content.
- use = gz, bz2,
xz
- A comma-separated list of file extensions to create (minus the leading
dot). For each extension specified, you will need to add an extra entry to
this section with the path to the matching gzip-compatible utility (i.e.
it must accept -9 and -cd command-line arguments). E.g., if
you specified "gz, bz2, xz" as values in use, you
must add the following entries as well:
gz = /bin/gzip
bz2 = /usr/bin/bzip2
xz = /usr/bin/xz
Written by H. Peter Anvin <hpa@zytor.com>.
Copyright © 2011 Intel Corporation
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as published by
the Free Software Foundation, Inc.; either version 2 of the License, or (at
your option) any later version; incorporated herein by reference. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.