Published on



🔐 Seamless .onion and torified git remotes

🚂 Motivation

I wanted an easy way to clone from git repos hosted over Tor onion services (i.e. .onion addresses). That is, without typing torsocks before every git command that touched the network like git clone, git fetch, etc.

Especially because I use the wonderful magit a lot of the time and won't be typing those commands myself.

I also don't want to proxy every git request on every repo through Tor, and I want simple, repeatable instructions for people who are going to access my "onionized" repos.

How simple?

🛠 Usage

This simple:

git clone tor::http://3lytcgmoe2j75c6t.onion/

Also works for your everyday Microsoft GitHub repos:

git clone tor::

Crucially, note that the tor:: prefix gets automatically added to .git/config as part of the remote's URL. So that's the only time you have to do anything special.

After this you do git fetch origin, git pull, etc. just like everyone else.

🏗 Setup

Yes, there is a little one-time setup which I will make easier over time by distributing the binary on system package managers.

To install on macOS:

brew install tor torsocks rust
cargo install git-remote-tor

Then before hitting the network, make sure the tor process is running:

brew services start tor

(Don't worry, it will error-out if tor is offline, not send traffic over clearnet.)

How do you tell Git to use this? No need. It's smart enough to look for git-remote-tor in your PATH and call it with the repo's URL when you prefix it with tor::.

🧠 But Why?

Ok, the bigger picture thing here is what I'm provisionally calling #onionp2p. It includes things like Ricochet, OnionShare, Cwtch, and sadly those are all I know about.

Think of onion services not just as a way to serve websites or ssh on high uptime hosts, but as a way for your computer to connect to your friend's computer intermittently. You know, peer-to-peer.

Onion services are a great way to do NAT traversal and dynamic DNS for free, and you get some sweet privacy to boot.

Git helps keep things in sync (arbitrary fancy CRDT app data too, not just text files), and with onionize it has never been easier to host your own onionp2p repo!

💪 Repos of the World, Onionize!

This is how you serve a read-only repo over an onion service:

git clone --bare
cd logit.git

# sets up repo for the git dumb http protocol
mv hooks/post-update.sample hooks/post-update
git update-server-info

# if you haven't installed it yet
go get

# then drum the rolls and...
onionize .

Done! Grab the onion address that onionize spits out to stdout and go full-circle with git-remote-url and your own version of git clone tor::http://3lytcgmoe2j75c6t.onion/

I know, right? 🤯

🖋 Credits

Hey I'm just the guy writing the docs, porting a 9 line shell script to Rust for no reason, and pushing to package managers.

The actual work was done by nicoo on the Tor trac and for that I'm forever grateful! 🙏