- No central server with our source code in unencrypted form.
- Local development should be possible without Internet connection.
I used git to store the repositories and dar to make encrypted differential backups with chunks of 1 MB and a perl script to build them and an info file with checksum. At our first meeting we created a secret symmetric key with
dd if=/dev/random bs=1 count=32 | base64
You may have to move your mouse around to get enough entropy for 32 bytes. But 32 bytes should keep eavesdropper from getting useful information for a loooong time.
The backup and restore scripts make sure that the backups have sequential numbers so that you can't restore backup #47 from user alex if you haven't restored his #46 before. Here are the backup and restore scripts.
mkBack.pl
mkRestore.pl
~/.mkBack.pm should contain something like this:
$me = "frank"; # You should know your name :-)
$backupBase="$ENV{HOME}/dar";
$repoDir="$ENV{HOME}/git/sync-repos";
# replace your-secret with the output of
# dd if=/dev/random bs=1 count=32 | base64
$key='bf:your-secrect';
With this setup repositories are located under~/git/sync-repos. in a subdirectory for every user you receive backups from and yourself. So mine are under ~/git/sync-repos/frank . So I push to ~/git/sync-repos/frank/example.git and merge from ~/git/sync-repos/alex/example.git to get changes from Alex.
mkBack.pl creates a backup in newly created directory under $backupBase and tells you what you should mail to your friends.
Your friends should save the files to any directory and run
mkRestore.pl directory
where directory defaults to the current directory.
No comments:
Post a Comment