🔐 Seamless .onion and torified git remotes
I wanted an easy way to clone from git repos hosted over Tor
onion services
(i.e. .onion
addresses). That is, without typing torsocks
before every
git command that touched the network like git clone
, git fetch
, etc.
Especially because I use the wonderful magit a lot of the time and won’t be typing those commands myself.
I also don’t want to proxy every git request on every repo through Tor, and I want simple, repeatable instructions for people who are going to access my “onionized” repos.
How simple?
This simple:
git clone tor::http://3lytcgmoe2j75c6t.onion/
Also works for your everyday Microsoft GitHub repos:
git clone tor::https://github.com/agentofuser/logit.git
Crucially, note that the tor::
prefix gets automatically added to
.git/config
as part of the remote’s URL. So that’s the only time you have to
do anything special.
After this you do git fetch origin
, git pull
, etc. just like everyone else.
Yes, there is a little one-time setup which I will make easier over time by distributing the binary on system package managers.
To install on macOS:
brew install tor torsocks rust
cargo install git-remote-tor
Then before hitting the network, make sure the tor process is running:
brew services start tor
(Don’t worry, it will error-out if tor is offline, not send traffic over clearnet.)
How do you tell Git to use this? No need. It’s smart enough to look for
git-remote-tor
in your PATH
and call it with the repo’s URL when you prefix
it with tor::
.
Ok, the bigger picture thing here is what I’m provisionally calling #onionp2p. It includes things like Ricochet, OnionShare, Cwtch, and sadly those are all I know about.
Think of onion services not just as a way to serve websites or ssh on high uptime hosts, but as a way for your computer to connect to your friend’s computer intermittently. You know, peer-to-peer.
Onion services are a great way to do NAT traversal and dynamic DNS for free, and you get some sweet privacy to boot.
Git helps keep things in sync (arbitrary fancy CRDT app data too, not just text files), and with onionize it has never been easier to host your own onionp2p repo!
This is how you serve a read-only repo over an onion service:
git clone --bare https://github.com/agentofuser/logit.git
cd logit.git
# sets up repo for the git dumb http protocol
mv hooks/post-update.sample hooks/post-update
git update-server-info
# if you haven't installed it yet
go get github.com/nogoegst/onionize/cmd/onionize
# then drum the rolls and...
onionize .
Done! Grab the onion address that onionize spits out to stdout and go
full-circle with git-remote-url
and your own version of
git clone tor::http://3lytcgmoe2j75c6t.onion/
I know, right? 🤯
Hey I’m just the guy writing the docs, porting a 9 line shell script to Rust for no reason, and pushing to package managers.
The actual work was done by nicoo on the Tor trac and for that I’m forever grateful! 🙏