kup-server - kernel.org upload server utility
The program kup-server is expected to be the receiver of an
ssh shell, configured with the following or similar options in
~/.ssh/authorized_keys:
command="/usr/bin/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding
ssh-rsa AAAA[...]
Each user should have their own UID, as Unix user permissions are
used for specific tree access control. On the client side, a corresponding
client-side utility kup is used to initiate the connection and
perform the uploads.
The configuration file for kup-server is located in
/etc/kup/kup-server.cfg and has the following options:
- [paths]
- All paths in this section should be disjoint. Do not combine any of them
into one directory.
- data_path =
/var/lib/kup/pub
- Path for public consumption, e.g. served via http or rsync.
- git_path =
/var/cache/git
- This is the path where git trees (for the TAR and DIFF options) are
available. Those should be readonly for the uploaders.
- lock_file =
/run/kup/lock
- A common lock file for data_path. No program should modify the content in
data_path without holding an flock on this file. Should be readonly for
the uploaders.
- tmp_path =
/var/cache/kup/tmp/
- tmp_path can be either:
1. a directory writable by every user and with the sticky
bit set (typically mode 1777 or 1770). In that case, DO NOT end the path with
a slash, or:
2. A directory containing an empty directory for each user (named
for that user), owned by that user and mode 0700. In this case, DO end the
path with a slash.
In either case, this directory tree MUST be on the same
filesystem as data_path, since the script expects tocreate files in
this directory and rename() them into data_path.
- pgp_path =
/var/lib/kup/pgp
- A directory containing a GnuPG public keyring for each user, named
<user>.gpg and readable (but not writable) by that user.
- [limits]
- All sizes are in bytes, all times in seconds.
- max_data =
8589934592
- Max size of uploaded data.
- bufsiz =
262144
- Buffer size when reading data.
- timeout_command
= 30
- How long to wait for a command to time out.
- timeout_data
= 300
- Must read at least bufsiz bytes in this timespan.
- timeout_compress
= 900
- Uncompressing tarballs must take at most this long.
- timeout_compress_cpu
= 900
- Each compression command must take at most this long in CPU time.
- [compressors]
- This section allows specifying the compressors to use when creating
compressed versions of uploaded content.
- use = gz,
xz
- A comma-separated list of file extensions to create (minus the leading
dot). For each extension specified, you will need to add a matching
section specifying which command and flags to use for decompression and
which for compression. Make sure to configure the decompress command to
output to stdout. E.g.:
[gz]
compress_command = /bin/pigz -9
decompress_command = /bin/gzip -cd
[xz]
compress_command = /bin/xz -9 -T0
decompress_command = /bin/xz -cd
Written by H. Peter Anvin <hpa@zytor.com>.
Copyright © 2011 Intel Corporation
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as published by
the Free Software Foundation, Inc.; either version 2 of the License, or (at
your option) any later version; incorporated herein by reference. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.