https://wiki.archlinux.org/api.php?action=feedcontributions&user=Stfn&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:08:28ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Tor&diff=498258Tor2017-11-24T14:33:20Z<p>Stfn: Add info on WebRTC leak in chromium</p>
<hr />
<div>[[Category:Internet applications]]<br />
[[Category:Proxy servers]]<br />
[[es:Tor]]<br />
[[fr:Tor]]<br />
[[ja:Tor]]<br />
[[ru:Tor]]<br />
[[zh-hans:Tor]]<br />
[[de:Tor]]<br />
[[pl:Tor]]<br />
{{Related articles start}}<br />
{{Related|GNUnet}}<br />
{{Related|I2P}}<br />
{{Related|Freenet}}<br />
{{Related articles end}}<br />
[https://www.torproject.org Tor] is an open source implementation of 2nd generation [[Wikipedia:Onion routing|onion routing]] that provides free access to an anonymous proxy network. Its primary goal is to enable [[Wikipedia:Internet anonymity|online anonymity]] by protecting against [[Wikipedia:Traffic analysis|traffic analysis]] attacks.<br />
<br />
== Introduction ==<br />
<br />
Users of the Tor network run an onion proxy on their machine. This software connects out to Tor, periodically negotiating a virtual circuit through the Tor network. Tor employs cryptography in a layered manner (hence the 'onion' analogy), ensuring perfect forward secrecy between routers. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes the traffic through a Tor virtual circuit.<br />
<br />
{{Warning|Tor by itself is ''not'' all you need to maintain your anonymity. There are several major pitfalls to watch out for (see: [https://www.torproject.org/download/download.html#warning Want Tor to really work?]).}}<br />
<br />
Through this process the onion proxy manages networking traffic for end-user anonymity. It keeps a user anonymous by encrypting traffic, sending it through other nodes of the Tor network, and decrypting it at the last node to receive your traffic before forwarding it to the server you specified. One trade off that has to be made for the anonymity Tor provides is that it can be considerably slower than a regular direct connection, due to the large amount of traffic re-routing. Additionally, although Tor provides protection against traffic analysis it cannot prevent traffic confirmation at the boundaries of the Tor network (i.e. the traffic entering and exiting the network).<br />
<br />
See [[Wikipedia:Tor (anonymity network)]] for more information.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|tor}} package.<br />
<br />
The {{Pkg|arm}} (Anonymizing Relay Monitor) package provides a terminal status monitor for bandwidth usage, connection details and more.<br />
<br />
For a GUI, you can use {{aur|vidalia}}.<br />
<br />
{{Warning|Vidalia is discontinued and no longer supported by the Tor Project. Please see https://blog.torproject.org/blog/plain-vidalia-bundles-be-discontinued-dont-panic}}<br />
<br />
== Configuration ==<br />
<br />
By default Tor reads configurations from the file {{ic|/etc/tor/torrc}}. The configuration options are explained in {{man|1|tor}} and the [https://torproject.org/docs/tor-manual.html.en Tor website]. The default configuration should work fine for most Tor users.<br />
<br />
There are potential conflicts between configurations in {{ic|torrc}} and those in {{ic|tor.service}}.<br />
* In {{ic|torrc}}, {{ic|RunAsDaemon}} should, as by default, be set to {{ic|0}}, since {{ic|Type<nowiki>=</nowiki>simple}} is set in the {{ic|[Service]}} section in {{ic|tor.service}}.<br />
* In {{ic|torrc}}, {{ic|User}} should not be set unless {{ic|User<nowiki>=</nowiki>}} is set to {{ic|root}} in the {{ic|[Service]}} section in {{ic|tor.service}}.<br />
<br />
=== Relay Configuration ===<br />
<br />
The maximum file descriptor number that can be opened by Tor can be set with {{ic|LimitNOFILE}} in {{ic|tor.service}}. Fast relays may want to increase this value.<br />
<br />
If your computer is not running a webserver, and you have not set {{ic|AccountingMax}}, consider changing your {{ic|ORPort}} to {{ic|443}} and/or your {{ic|DirPort}} to {{ic|80}}. Many Tor users are stuck behind firewalls that only let them browse the web, and this change will let them reach your Tor relay. If you are already using ports {{ic|80}} and {{ic|443}}, other useful ports are {{ic|22}}, {{ic|110}}, and {{ic|143}}.[https://www.torproject.org/docs/tor-relay-debian]<br />
But since these are privileged ports, to do so Tor must be run as root, by setting {{ic|User<nowiki>=</nowiki>root}} in {{ic|tor.service}} and {{ic|User tor}} in {{ic|torrc}}.<br />
<br />
You may wish to review [https://blog.torproject.org/blog/lifecycle-of-a-new-relay Lifecycle of a New Relay] Tor documentation.<br />
<br />
== Running Tor in a Chroot ==<br />
<br />
{{Warning| Connecting with telnet to the local ControlPort seems to be broken while running Tor in a chroot}}<br />
<br />
For security purposes, it may be desirable to run Tor in a [[chroot]]. The following script will create an appropriate chroot in {{ic|/opt/torchroot}}:<br />
<br />
{{hc|~/torchroot-setup.sh|2=<nowiki><br />
#!/bin/bash<br />
export TORCHROOT=/opt/torchroot<br />
<br />
mkdir -p $TORCHROOT<br />
mkdir -p $TORCHROOT/etc/tor<br />
mkdir -p $TORCHROOT/dev<br />
mkdir -p $TORCHROOT/usr/bin<br />
mkdir -p $TORCHROOT/usr/lib<br />
mkdir -p $TORCHROOT/usr/share/tor<br />
mkdir -p $TORCHROOT/var/lib<br />
<br />
ln -s /usr/lib $TORCHROOT/lib<br />
cp /etc/hosts $TORCHROOT/etc/<br />
cp /etc/host.conf $TORCHROOT/etc/<br />
cp /etc/localtime $TORCHROOT/etc/<br />
cp /etc/nsswitch.conf $TORCHROOT/etc/<br />
cp /etc/resolv.conf $TORCHROOT/etc/<br />
cp /etc/tor/torrc $TORCHROOT/etc/tor/<br />
<br />
cp /usr/bin/tor $TORCHROOT/usr/bin/<br />
cp /usr/share/tor/geoip* $TORCHROOT/usr/share/tor/<br />
cp /lib/libnss* /lib/libnsl* /lib/ld-linux-*.so* /lib/libresolv* /lib/libgcc_s.so* $TORCHROOT/usr/lib/<br />
cp $(ldd /usr/bin/tor | awk '{print $3}'|grep --color=never "^/") $TORCHROOT/usr/lib/<br />
cp -r /var/lib/tor $TORCHROOT/var/lib/<br />
chown -R tor:tor $TORCHROOT/var/lib/tor<br />
<br />
sh -c "grep --color=never ^tor /etc/passwd > $TORCHROOT/etc/passwd"<br />
sh -c "grep --color=never ^tor /etc/group > $TORCHROOT/etc/group"<br />
<br />
mknod -m 644 $TORCHROOT/dev/random c 1 8<br />
mknod -m 644 $TORCHROOT/dev/urandom c 1 9<br />
mknod -m 666 $TORCHROOT/dev/null c 1 3<br />
<br />
if [[ "$(uname -m)" == "x86_64" ]]; then<br />
cp /usr/lib/ld-linux-x86-64.so* $TORCHROOT/usr/lib/.<br />
ln -sr /usr/lib64 $TORCHROOT/lib64<br />
ln -s $TORCHROOT/usr/lib ${TORCHROOT}/usr/lib64<br />
fi<br />
<br />
</nowiki>}}<br />
<br />
After running the script as root, Tor can be launched in the [[chroot]] with the command:<br />
<br />
# chroot --userspec=tor:tor /opt/torchroot /usr/bin/tor<br />
<br />
or if you use systemd overload the service:<br />
<br />
{{hc|/etc/systemd/system/tor.service.d/chroot.conf|2=<nowiki><br />
[Service]<br />
User=root<br />
ExecStart=<br />
ExecStart=/usr/bin/sh -c "chroot --userspec=tor:tor /opt/torchroot /usr/bin/tor -f /etc/tor/torrc"<br />
KillSignal=SIGINT<br />
</nowiki>}}<br />
<br />
== Running Tor in a systemd-nspawn container with a virtual network interface ==<br />
In this example we will create a [[systemd-nspawn]] container named {{ic|tor-exit}} with a virtual macvlan network interface.<br />
<br />
See [[Systemd-nspawn]] and [[systemd-networkd]] for full documentation.<br />
<br />
=== Host installation and configuration ===<br />
<br />
In this example the container will reside in {{ic|/srv/container}}:<br />
# mkdir /srv/container/tor-exit<br />
<br />
[[Install]] the {{Pkg|arch-install-scripts}}.<br />
<br />
Install {{Grp|base}}, {{Pkg|tor}} and {{Pkg|arm}} and deselect {{Pkg|linux}} as per [[Systemd-nspawn#Create and boot a minimal Arch Linux distribution in a container]]:<br />
# pacstrap -i -c -d /srv/container/tor-exit base tor arm<br />
<br />
Create directory if it does not exist:<br />
# mkdir /var/lib/container<br />
<br />
{{Note|Symlinks for {{ic|nspawn}} are currently broken (as of 2016-02-04; see https://github.com/systemd/systemd/issues/2001), and will give you a "too many levels of symlinks" error. As a (possibly insecure) workaround, simply pacstrap your install to the container directory instead.}}<br />
Symlink to register the container on the host, as per [[Systemd-nspawn#Enable container on boot]]:<br />
# ln -s /srv/container/tor-exit /var/lib/container/tor-exit<br />
<br />
==== Virtual network interface ====<br />
<br />
Create a Dropin directory for the container service:<br />
# mkdir /etc/systemd/system/systemd-nspawn@tor-exit.service.d<br />
<br />
{{hc|/etc/systemd/system/systemd-nspawn@tor-exit.service.d/tor-exit.conf|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --network-macvlan=$INTERFACE --private-network --directory=/var/lib/container/%i<br />
LimitNOFILE=32768<br />
</nowiki>}}<br />
<br />
{{ic|<nowiki>--network-macvlan=$INTERFACE --private-network</nowiki>}} automagically creates a macvlan named {{ic|mv-$INTERFACE}} inside the container, which is not visible from the host. {{ic|--private-network}} is implied by {{ic|<nowiki>--network-macvlan=</nowiki>}} according to {{man|1|systemd-nspawn}}.<br />
This is advisable for security as it will allow you to give a private IP to the container, and it won't know what your machine's IP is. This can help obscure DNS requests.<br />
<br />
{{ic|<nowiki>LimitNOFILE=32768</nowiki>}} per [[#Raise maximum number of open file descriptors]].<br />
<br />
Setup [[systemd-networkd]] according to your network in {{ic|/srv/container/tor-exit/etc/systemd/network/mv-$INTERFACE.network}}.<br />
<br />
==== Start and enable systemd-nspawn ====<br />
<br />
[[Start]] and enable {{ic|systemd-nspawn@tor-exit.service}}.<br />
<br />
=== Container configuration ===<br />
{{ic|# machinectl login tor-exit}} login to the container, see [[Systemd-nspawn#machinectl]].<br />
<br />
{{ic|# mv /srv/container/tor-exit/etc/securetty /srv/container/tor-exit/etc/securetty.bak}} if you get the error described in [[Systemd-nspawn#Troubleshooting]].<br />
<br />
==== Start and enable systemd-networkd ====<br />
<br />
[[Start]] and enable {{ic|systemd-networkd.service}}. {{ic|networkctl}} displays if {{ic|systemd-networkd}} is correctly configured.<br />
<br />
=== Configure Tor ===<br />
See [[#Running a Tor server]].<br />
{{Tip|It is easier to edit files in the container from the host with your normal editor.}}<br />
<br />
== Usage ==<br />
<br />
Start/enable {{ic|tor.service}} [[systemd#Using units|using systemd]]. Alternatively, launch it with {{ic|sudo -u tor /usr/bin/tor}}.<br />
<br />
To use a program over tor, configure it to use {{ic|127.0.0.1}} or localhost as a SOCKS5 proxy, with port {{ic|9050}} (plain tor with standard settings).<br />
To check if Tor is functioning properly visit the [https://check.torproject.org/ Tor], [http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1 Harvard] or [https://torcheck.xenobite.eu/ Xenobite.eu] websites.<br />
<br />
== Web browsing ==<br />
<br />
The Tor Project currently only supports web browsing with tor through the [https://aur.archlinux.org/packages/?K=tor-browser Tor Browser Bundle], which can be downloaded from the AUR. It is built with a patched version of the Firefox extended support releases. Tor can also be used with regular [[Firefox]], [[Chromium]] and other browsers, but this is [https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser not recommended] by the Tor Project.<br />
<br />
{{Tip|For makepkg to verify the signature on the AUR source tarball download for TBB, import the [https://www.torproject.org/docs/signing-keys.html.en signing keys from the Tor Project] (currently 2E1AC68ED40814E0) as explained in [[GnuPG#Import a public key]].}}<br />
<br />
=== Firefox ===<br />
<br />
In ''Preferences > General > Network Proxy > Settings'' select "Manual proxy configuration" and enter SOCKS host {{ic|localhost}} with port {{ic|9050}} (SOCKS v5). To channel all DNS requests through TOR's socks proxy, also select "Proxy DNS when using SOCKS v5".<br />
<br />
{{Note|When using Firefox 55 or earlier (e.g. 52 ESR), the settings are located in ''Preferences > Advanced > Network > Settings'' instead.}}<br />
<br />
=== Chromium ===<br />
<br />
You can simply run:<br />
<br />
$ chromium --proxy-server="socks5://myproxy:8080" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"<br />
<br />
The {{ic|<nowiki>--proxy-server="socks5://myproxy:8080"</nowiki>}} flag tells Chrome to send all {{ic|http://}} and {{ic|https://}} URL requests through the SOCKS proxy server {{ic|"myproxy:8080"}}, using version 5 of the SOCKS protocol. The hostname for these URLs will be resolved by the proxy server, and not locally by Chrome.<br />
<br />
{{warning|Proxying of {{ic|ftp://}} URLs through a SOCKS proxy is not yet implemented[https://www.chromium.org/developers/design-documents/network-stack/socks-proxy].}}<br />
<br />
The {{ic|--proxy-server}} flag applies to URL loads only. There are other components of Chrome which may issue DNS resolves directly and hence bypass this proxy server. The most notable such component is the "DNS prefetcher". Hence if DNS prefetching is not disabled in Chrome then you will still see local DNS requests being issued by Chrome despite having specified a SOCKS v5 proxy server. Disabling DNS prefetching would solve this problem, however it is a fragile solution since once needs to be aware of all the areas in Chrome which issue raw DNS requests. To address this, the next flag, {{ic|<nowiki>--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"</nowiki>}}, is a catch-all to prevent Chrome from sending any DNS requests over the network. It says that all DNS resolves are to be simply mapped to the (invalid) address {{ic|~NOTFOUND}} (think of it as {{ic|0.0.0.0}}). The {{ic|"EXCLUDE"}} clause make an exception for {{ic|"myproxy"}}, because otherwise Chrome would be unable to resolve the address of the SOCKS proxy server itself, and all requests would necessarily fail with {{ic|PROXY_CONNECTION_FAILED}}.<br />
<br />
To prevent the [https://ipleak.net/#webrtcleak WebRTC leak] you can install the extension [https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia WebRTC Network Limiter].<br />
<br />
==== Debug ====<br />
<br />
The first thing to check when debugging is look at the Proxy tab on about:net-internals, and verify what the effective proxy settings are:<br />
{{ic|chrome://net-internals/#proxy}}<br />
<br />
Next, take a look at the DNS tab of {{ic|about:net-internals}} to make sure Chrome isn't issuing local DNS resolves:<br />
{{ic|chrome://net-internals/#dns}}<br />
<br />
==== Extension ====<br />
Just as with Firefox, you can setup a fast switch for example through [https://chrome.google.com/webstore/detail/dpplabbmogkhghncfbfdeeokoefdjegm Proxy SwitchySharp].<br />
<br />
Once installed enter in its configuration page. Under the tab ''Proxy Profiles'' add a new profile ''Tor'', if ticked untick the option ''Use the same proxy server for all protocols'', then add ''localhost'' as SOCKS Host, ''9050'' to the respective port and select ''SOCKS v5''.<br />
<br />
Optionally you can enable the quick switch under the ''General'' tab to be able to switch beetween normal navigation and Tor network just by left-clicking on the Proxy SwitchySharp's icon.<br />
<br />
=== Luakit ===<br />
<br />
{{warning|It will not be hard for an observer to identify you by the rare user-agent string, and there may be further issues with Flash, JavaScript or similar.}}<br />
<br />
You can simply run:<br />
<br />
$ torsocks luakit<br />
<br />
== HTTP proxy ==<br />
<br />
Tor can be used with an HTTP proxy like [[Polipo]] or [[Privoxy]], however the Tor dev team recommends using the SOCKS5 library since browsers directly support it.<br />
<br />
=== Firefox ===<br />
<br />
The [https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard/ FoxyProxy] add-on allows you to specify multiple proxies for different URLs or for all your browsing. After restarting Firefox manually set Firefox to port {{ic|8118}} on {{ic|localhost}}, which is where [[Polipo]] or [[Privoxy]] are running. These settings can be access under ''Add > Standard proxy type''. Select a proxy label (e.g Tor) and enter the port and host into the ''HTTP Proxy'' and ''SSL Proxy'' fields. To check if Tor is functioning properly visit the [https://check.torproject.org/ Tor Check] website and toggle Tor.<br />
<br />
=== Polipo ===<br />
<br />
The Tor Project has created a custom [https://gitweb.torproject.org/torbrowser.git/plain/build-scripts/config/polipo.conf?id=1ffcd9dafb9dd76c3a29dd686e05a71a95599fb5 Polipo configuration file] to prevent potential problems with Polipo as well to provide better anonymity.<br />
<br />
Keep in mind that Polipo is not required if you can use a SOCKS 5 proxy, which Tor starts automatically on port 9050. If you want to use [[Chromium]] with Tor, you do not need the Polipo package (see: [[#Chromium]]).<br />
<br />
=== Privoxy ===<br />
<br />
You can also use this setup in other applications like messaging (e.g. Jabber, IRC). Applications that support HTTP proxies you can connect to Privoxy (i.e. {{ic|127.0.0.1:8118}}). To use SOCKS proxy directly, you can point your application at Tor (i.e. {{ic|127.0.0.1:9050}}). A problem with this method though is that applications doing DNS resolves by themselves may leak information. Consider using Socks4A (e.g. with Privoxy) instead.<br />
<br />
== Instant messaging ==<br />
<br />
In order to use an IM client with tor, we do not need an http proxy like [[polipo]]/[[privoxy]]. We will be using tor's daemon directly which listens to port 9050 by default.<br />
<br />
=== Pidgin ===<br />
<br />
You can set up Pidgin to use Tor globally, or per account. To use Tor globally, go to Tools -> Preferences -> Proxy. To use Tor for specific accounts, go to ''Accounts > Manage Accounts'', select the desired account, click Modify, then go to the Proxy tab. The proxy settings are as follows:<br />
<br />
Proxy type SOCKS5<br />
Host 127.0.0.1<br />
Port 9150<br />
<br />
Note that [https://trac.torproject.org/projects/tor/ticket/8135 some time in 2013] the Port has changed from 9050 to 9150 if you use the Tor Browser Bundle. Try the other value if you receive a "Connection refused" message.<br />
<br />
== Irssi ==<br />
<br />
{{Out of date|{{ic|cap_sasl.pl}} is broken with ''perl'' 5.20; SSL does also not work with {{ic|torsocks}}}}<br />
<br />
Freenode recommends connecting to {{ic|.onion}} directly. It also requires charybdis and ircd-seven's SASL mechanism for identifying to nickserv during connection; see [[Irssi#Authenticating with SASL]]. Start irssi:<br />
<br />
$ torsocks irssi<br />
<br />
Set your identification to nickserv, which will be read when connecting. Supported mechanisms are ECDSA-NIST256P-CHALLENGE (see [https://github.com/atheme/ecdsatool/blob/master/cap_sasl.pl ecdsatool]) and PLAIN. DH-BLOWFISH is [https://freenode.net/sasl/sasl-irssi.shtml no longer supported].<br />
<br />
/sasl set ''network'' ''username'' ''password'' ''mechanism''<br />
<br />
Disable CTCP and DCC and set a different hostname to prevent information disclosure: [https://encrypteverything.ca/IRC_Anonymity_Guide]<br />
<br />
/ignore * CTCPS<br />
/ignore * DCC<br />
/set hostname ''fake_host''<br />
<br />
Connect to Freenode:<br />
<br />
/connect -network ''network'' frxleqtzgvwkv7oz.onion<br />
<br />
For more information check [http://freenode.net/irc_servers.shtml#tor Accessing freenode Via Tor], [http://freenode.net/sasl/README.txt SASL README] or [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc IRC/SILC Wiki article].<br />
<br />
== Pacman ==<br />
Pacman download operations (repository DBs, packages, and public keys) can be done using the Tor network.<br />
<br />
Advantages:<br />
* Attackers that can monitor your Internet connection and that specifically targets your machine cannot watch the updates anymore and, because of that, they cannot deduce the packages you have installed, how up to date they are, when or how frequently you update them. An attacker can still learn what software and the versions you use by other means, for instance watching the packets from your http server or probing the machine will show that you have an http server installed and its version.<br />
* If the mirror is not an onion, a malicious exit nodes you are going through can watch the updates, and may decide to attack you, however they probably cannot know who they are attacking.<br />
* Attackers trying to make your machine believe that there are no new updates to prevent it from getting security fixes will have a harder time doing it since they cannot target your machine specifically.<br />
<br />
Disadvantages:<br />
* Longer updates times due to Longer latency and lower throughput. This can be a big security risk if/when the updates needs to be done as fast as possible, especially on machines directly connected to the Internet. That is the case when there is a huge security flaw, and that the flaws are fast to probe, easy to exploit, and that attackers have already started targeting as many systems as they can before the systems are updated.<br />
<br />
Reliability with Tor:<br />
* You don't need a working DNS anymore.<br />
* You depend on the Tor network and the exit nodes not blocking the updates.<br />
* You depend on the Tor daemon to work properly. The Tor daemon may not work if there is no more disk space available to it. "Reserved blocks gid:" in ext4, quotas, or other means can fix that.<br />
* If you are in a country where Tor is blocked, or that there are almost or no Tor users at all, you should use bridges.<br />
<br />
Note on gpg:<br />
On stock arch, pacman only trust keys which are either signed by you (That can be done with pacman-key --lsign-key) or signed by 2 of 5 Arch master keys. If a malicious exit node replaces packages with ones signed by its key, pacman will not let the user install the package. {{Warning| This might not be true for other distributions derived from ARCH, for non-official repositories and for AUR}}<br />
<br />
{{hc|/etc/pacman.conf|<br />
...<br />
<nowiki>XferCommand = /usr/bin/curl --socks5-hostname localhost:9050 -C - -f %u > %o</nowiki><br />
...}}<br />
<br />
== Running a Tor server ==<br />
<br />
The Tor network is reliant on people contributing bandwidth and setting up services. There are several ways to contribute to the network.<br />
<br />
=== Running a Tor bridge ===<br />
<br />
A Tor bridge is a Tor relay that is not listed in the public Tor directory, thus making it possible for people to connect to the Tor network when governments or ISPs block all public Tor relays.<br />
<br />
==== Configuration ====<br />
<br />
According to https://www.torproject.org/docs/bridges , make your {{ic|torrc}} be just these four lines (Default: {{ic|/etc/tor/torrc}}, or {{ic|$HOME/.torrc}} if that file is not found)<br />
:<br />
<br />
SocksPort 0<br />
ORPort 443<br />
BridgeRelay 1<br />
Exitpolicy reject *:*<br />
<br />
==== Troubleshooting ====<br />
<br />
If you get "Could not bind to 0.0.0.0:443: Permission denied" errors on startup, you will need to pick a higher ORPort (e.g. 8080), or perhaps [http://www.portforward.com/ forward the port] in your router.<br />
<br />
=== Running a Tor relay ===<br />
<br />
This means that your machine will act as an entry node or forwarding relay and, unlike a bridge, it will be listed in the public Tor directory. Your IP address will be publicly visible in the Tor directory but the relay will only forward to other relays or Tor exit nodes, not directly to the internet.<br />
<br />
==== Configuration ====<br />
<br />
You should at least share 20KiB/s:<br />
<br />
Nickname ''tornickname''<br />
ORPort 9001 # This TCP-Port has to be opened/forwarded in your Firewall<br />
BandwidthRate 20 KB # Throttle traffic to 20KB/s<br />
BandwidthBurst 50 KB # But allow bursts up to 50KB/s<br />
<br />
Disallow exits from your relay:<br />
<br />
ExitPolicy reject *:*<br />
<br />
=== Running a Tor exit node ===<br />
<br />
Any requests from a Tor user to the regular internet obviously need to exit the network somewhere, and exit nodes provide this vital service. To the accessed host, the request will appear as having originated from your machine. This means that running an exit node is generally considered more legally onerous than running other forms of Tor relays. Before becoming an exit relay, you may want to read [https://blog.torproject.org/running-exit-node Tips for Running an Exit Node With Minimal Harassment].<br />
<br />
==== Configuration ====<br />
<br />
Using the torrc, you can configure which services you wish to allow through your exit node.<br />
Allow all traffic:<br />
<br />
ExitPolicy accept *:*<br />
<br />
Allow only irc ports 6660-6667 to exit from node:<br />
<br />
ExitPolicy accept *:6660-6667,reject *:* # Allow irc ports but no more<br />
<br />
By default, Tor will block certain ports. You can use the torrc to overide this.<br />
<br />
ExitPolicy accept *:119 # Accept nntp as well as default exit policy<br />
<br />
==== +100Mbps Exit Relay configuration example ====<br />
<br />
If you run a fast exit relay (+100Mbps) with {{ic|ORPort 443}} and {{ic|DirPort 80}} (as recommended in [http://www.torproject.org/docs/tor-relay-debian.html.en#after Configuring a Tor relay on Debian/Ubuntu]) the following configuration changes might serve as inspiration to setup Tor alongside [[iptables]] firewall, [[Haveged]] to increase system entropy and [[pdnsd]] as DNS cache. It is important to ''first'' read [http://www.torproject.org/docs/tor-relay-debian.html.en#after Configuring a Tor relay on Debian/Ubuntu]. <br />
<br />
{{Note|See [[#Running Tor in a systemd-nspawn container with a virtual network interface]] for instructions to install Tor in a {{ic|systemd-nspawn}} container. [[Haveged]] should be installed on the container host.}}<br />
<br />
===== Tor =====<br />
====== Raise maximum number of open file descriptors ======<br />
To handle more than 8192 connections {{ic|LimitNOFILE}} can be raised to 32768 as per [https://www.torproject.org/docs/faq.html.en#PackagedTor Tor FAQ].<br />
<br />
{{hc|/etc/systemd/system/tor.service.d/increase-file-limits.conf|<nowiki><br />
[Service]<br />
LimitNOFILE=32768<br />
</nowiki>}}<br />
<br />
To succesfully raise {{ic|nofile}} limit, you may also have to append the following:<br />
<br />
{{hc|/etc/security/limits.conf|<nowiki><br />
...<br />
tor soft nofile 32768<br />
tor hard nofile 32768<br />
@tor soft nofile 32768<br />
@tor hard nofile 32768<br />
</nowiki>}}<br />
<br />
Check if the {{ic|nofile}} (filedescriptor) limit is successfully raised with {{ic|# sudo -u tor 'ulimit -Hn'}} or {{ic|# sudo -u tor bash}} and {{ic|# ulimit -Hn}}.<br />
<br />
====== Start tor.service as root to bind Tor to privileged ports ======<br />
To bind Tor to privileged ports the service must be started as root. Please specify {{ic|User tor}} option in {{ic|/etc/tor/torrc}}.<br />
<br />
{{hc|/etc/systemd/system/tor.service.d/start-as-root.conf|<nowiki><br />
[Service]<br />
User=root<br />
</nowiki>}}<br />
<br />
====== Tor configuration ======<br />
To listen on Port 80 and 443 the service need to be started as {{ic|root}} as described in [[#Start tor.service as root to bind Tor to privileged ports]].<br />
Use the {{ic|User tor}} option in {{ic|/etc/tor/torrc}} to properly reduce Tor’s privileges.<br />
<br />
{{hc|/etc/tor/torrc|<nowiki><br />
SocksPort 0 ## Pure relay configuration without local socks proxy<br />
<br />
Log notice stdout ## Default Tor behavior<br />
<br />
ControlPort 9051 ## For arm connection<br />
CookieAuthentication 1 ## For arm connection<br />
<br />
ORPort 443 ## Service must be started as root<br />
<br />
Address $IP ## IP or FQDN<br />
Nickname $NICKNAME ## Nickname displayed in </nowiki>[https://onionoo.torproject.org/ Onionoo]<nowiki><br />
<br />
RelayBandwidthRate 500 Mbits ## bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits<br />
RelayBandwidthBurst 1000 MBits ## bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits<br />
<br />
ContactInfo $E-MAIL - $BTC-ADDRESS ## See </nowiki>[https://oniontip.com/ OnionTip]<nowiki><br />
<br />
DirPort 80 ## Service must be started as root<br />
DirPortFrontPage /etc/tor/tor-exit-notice.html ## Original: </nowiki>[https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html]<nowiki><br />
<br />
MyFamily $($KEYID),$($KEYID)... ## Remember $ in front of keyid(s) ;)<br />
<br />
ExitPolicy reject XXX.XXX.XXX.XXX/XX:* ## Block domain of public IP in addition to std. exit policy<br />
<br />
User tor ## Return to tor user after service started as root to listen on privileged ports<br />
<br />
DisableDebuggerAttachment 0 ## For arm connection<br />
<br />
### Performance related options ###<br />
AvoidDiskWrites 1 ## Reduce wear on SSD<br />
DisableAllSwap 1 ## Service must be started as root<br />
HardwareAccel 1 ## Look for OpenSSL hardware cryptographic support<br />
NumCPUs 2 ## Only start two threads<br />
</nowiki>}}<br />
<br />
This configuration is based on the [https://www.torproject.org/docs/tor-manual.html.en Tor Manual]. <br />
<br />
Tor opens a socks proxy on port 9050 by default -- even if you do not configure one. Set {{ic|SocksPort 0}} if you plan to run Tor only as a relay, and not make any local application connections yourself.<br />
<br />
{{ic|Log notice stdout}} changes logging to stdout, which is also the Tor default.<br />
{{ic|ControlPort 9051}}, {{ic|CookieAuthentication 1}} and {{ic|DisableDebuggerAttachment 0}} enables {{Pkg|arm}} to connect to Tor and display connections.<br />
<br />
{{ic|ORPort 443}} and {{ic|DirPort 80}} lets Tor listen on port 443 and 80 and {{ic|DirPortFrontPage}} displays the [https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html tor-exit-notice.html] on port 80.<br />
<br />
{{ic|ExitPolicy reject XXX.XXX.XXX.XXX/XX:*}} should reflect your public IP and netmask, which can be obtained with the command {{ic|# ip addr}}, so exit connections cannot connect to the host or neighboring machines public IP and circumvent firewalls.<br />
<br />
{{ic|AvoidDiskWrites 1}} reduces disk writes and wear on SSD.<br />
{{ic|DisableAllSwap 1}} "will attempt to lock all current and future memory pages, so that memory cannot be paged out". <br />
<br />
If {{ic|<nowiki># cat /proc/cpuinfo | grep aes</nowiki>}} returns that your CPU supports AES instructions and {{ic|<nowiki># lsmod | grep aes</nowiki>}} returns that the module is loaded, you can specify {{ic|HardwareAccel 1}} which tries "to use built-in (static) crypto hardware acceleration when available", see [http://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration http://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration].<br />
<br />
{{ic|ORPort 443}}, {{ic|DirPort 80}} and {{ic|DisableAllSwap 1}} require that you start the Tor service as {{ic|root}} as described in [[#Start tor.service as root to bind Tor to privileged ports]].<br />
Use the {{ic|User tor}} option to properly reduce Tor’s privileges.<br />
<br />
===== arm =====<br />
If {{ic|ControlPort 9051}} and {{ic|CookieAuthentication 1}} is specified in {{ic|/etc/tor/torrc}}, {{Pkg|arm}} can be started with {{ic|sudo -u tor arm}}.<br />
If you want to watch Tor connections in {{Pkg|arm}} {{ic|DisableDebuggerAttachment 0}} must also be specified.<br />
<br />
===== iptables =====<br />
Setup and learn to use [[iptables]]. Instead of being a [[Simple stateful firewall]] where connection tracking would have to track thousands of connections on a tor exit relay this firewall configuration is stateless.<br />
<br />
{{hc|/etc/iptables/iptables.rules|<nowiki><br />
*raw<br />
-A PREROUTING -j NOTRACK<br />
-A OUTPUT -j NOTRACK<br />
COMMIT<br />
<br />
*filter<br />
:INPUT DROP [0:0]<br />
:FORWARD DROP [0:0]<br />
:OUTPUT ACCEPT [0:0]<br />
-A INPUT -p tcp ! --syn -j ACCEPT<br />
-A INPUT -p udp -j ACCEPT<br />
-A INPUT -p icmp -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -i lo -j ACCEPT<br />
COMMIT<br />
</nowiki>}}<br />
<br />
{{ic|-A PREROUTING -j NOTRACK}} and {{ic|-A OUTPUT -j NOTRACK}} disables connection tracking in the {{ic|raw}} table.<br />
<br />
{{ic|:INPUT DROP [0:0]}} is the default {{ic|INPUT}} target and drops input traffic we do not specifically {{ic|ACCEPT}}.<br />
<br />
{{ic|:FORWARD DROP [0:0]}} is the default {{ic|FORWARD}} target and only relevant if the host is a normal router, not when the host is an onion router.<br />
<br />
{{ic|:OUTPUT ACCEPT [0:0]}} is the default {{ic|OUTPUT}} target and allows all outgoing connections.<br />
<br />
{{ic|-A INPUT -p tcp ! --syn -j ACCEPT}} allow already established incoming TCP connections per the rules below and TCP connections established from the exit node.<br />
<br />
{{ic|-A INPUT -p udp -j ACCEPT}} allow all incoming UDP connections because we do not use connection tracking.<br />
<br />
{{ic|-A INPUT -p icmp -j ACCEPT}} allow [[wikipedia:Internet_Control_Message_Protocol|ICMP]].<br />
<br />
{{ic|-A INPUT -p tcp --dport 443 -j ACCEPT}} allow incoming connections to the {{ic|ORPort}}.<br />
<br />
{{ic|-A INPUT -p tcp --dport 80 -j ACCEPT}} allow incoming connections to the {{ic|DirPort}}.<br />
<br />
{{ic|-A INPUT -i lo -j ACCEPT}} allows all connections on the loopback interface.<br />
<br />
===== Haveged =====<br />
See [[Haveged]] to decide if your system generates enough entropy to handle a lot of OpenSSL connections, see [http://www.issihosts.com/haveged/ haveged - A simple entropy daemon] and [http://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged how-to-setup-additional-entropy-for-cloud-servers-using-haveged] for documentation.<br />
<br />
===== pdnsd =====<br />
<br />
{{Warning|This configuration assumes your network DNS resolver is trusted (uncensored).}}<br />
<br />
You can use [[pdnsd]] to cache DNS queries locally, so the exit relay can resolve DNS faster and the exit relay does not forward all DNS queries to an external DNS recursor.<br />
<br />
{{hc|/etc/pdnsd.conf|<nowiki><br />
...<br />
perm_cache=102400 ## (Default value)*100 = 1MB * 100 = 100MB<br />
...<br />
server {<br />
label= "resolvconf";<br />
file = "/etc/pdnsd-resolv.conf"; ## Preferably do not use /etc/resolv.conf<br />
timeout=4; ## Server timeout, this may be much shorter than the global timeout option.<br />
uptest=query; ## Test availability using empty DNS queries. <br />
query_test_name="."; ## To be used if remote servers ignore empty queries.<br />
interval=10m; ## Test every 10 minutes.<br />
purge_cache=off; ## Ignore TTL.<br />
edns_query=yes; ## Use EDNS for outgoing queries to allow UDP messages larger than 512 bytes. May cause trouble with some legacy systems.<br />
preset=off; ## Assume server is down before uptest.<br />
}<br />
...<br />
</nowiki>}}<br />
<br />
This configuration stub shows how to cache queries to your normal DNS recursor locally and increase pdnsd cache size to 100MB.<br />
<br />
====== Uncensored DNS ======<br />
<br />
If your local DNS recursor is in some way censored or interferes with DNS queries, see [[Resolv.conf#Alternative DNS servers]] for alternatives and add them in a seperate server-section in {{ic|/etc/pdnsd.conf}} as per [[Pdnsd#DNS servers]].<br />
<br />
== TorDNS ==<br />
<br />
The Tor 0.2.x series provides a built-in DNS forwarder. To enable it add the following lines to the Tor configuration file and restart the daemon:<br />
<br />
{{hc|/etc/tor/torrc|<br />
DNSPort 9053<br />
AutomapHostsOnResolve 1<br />
AutomapHostsSuffixes .exit,.onion<br />
}}<br />
<br />
This will allow Tor to accept DNS requests (listening on port 9053 in this example) like a regular DNS server, and resolve the domain via the Tor network. A downside is that it is only able to resolve DNS queries for A-records; MX and NS queries are never answered. For more information see this [https://techstdout.boum.org/TorDns/ Debian-based introduction].<br />
<br />
DNS queries can also be performed through a command line interface by using {{Ic|<nowiki>tor-resolve</nowiki>}}. For example:<br />
<br />
{{bc|<br />
$ tor-resolve archlinux.org<br />
66.211.214.131<br />
}}<br />
<br />
=== Using TorDNS for all DNS queries ===<br />
<br />
It is possible to configure your system, if so desired, to use TorDNS for ''all'' queries your system makes, regardless of whether or not you eventually use Tor to connect to your final destination. To do this, configure your system to use 127.0.0.1 as its DNS server and edit the 'DNSPort' line in {{ic|/etc/tor/torrc}} to show:<br />
<br />
DNSPort 53<br />
<br />
Alternatively, you can use a local caching DNS server, such as [[dnsmasq]] or [[pdnsd]], which will also compensate for TorDNS being a little slower than traditional DNS servers. The following instructions will show how to set up ''dnsmasq'' for this purpose.<br />
<br />
Change the tor setting to listen for the DNS request in port 9053 and install {{Pkg|dnsmasq}}.<br />
<br />
Modify its configuration file so that it contains:<br />
<br />
{{hc|/etc/dnsmasq.conf|<br />
no-resolv<br />
port&#61;9053<br />
server&#61;127.0.0.1#9053<br />
listen-address&#61;127.0.0.1<br />
}}<br />
<br />
These configurations set dnsmasq to listen only for requests from the local computer, and to use TorDNS at its sole upstream provider. It is now neccessary to edit {{ic|/etc/resolv.conf}} so that your system will query only the dnsmasq server.<br />
<br />
{{hc|/etc/resolv.conf|<br />
nameserver 127.0.0.1<br />
}}<br />
<br />
Start the '''dnsmasq''' daemon.<br />
<br />
Finally if you use ''dhcpd'' you would need to change its settings to that it does not alter the resolv configuration file. Just add this line in the configuration file:<br />
<br />
{{hc|/etc/dhcpcd.conf|<br />
nohook resolv.conf<br />
}}<br />
<br />
If you already have an ''nohook'' line, just add '''resolv.conf''' separated with a comma.<br />
<br />
== Torsocks ==<br />
<br />
'''torsocks''' will allow you use an application via the Tor network without the need to make configuration changes to the application involved. From the man page:<br />
<br />
''torsocks is a wrapper between the torsocks library and the application in order to make every Internet communication go through the Tor network.''<br />
<br />
Usage example:<br />
<br />
$ torsocks elinks checkip.dyndns.org<br />
<nowiki>$ torsocks wget -qO- https://check.torproject.org/ | grep -i congratulations</nowiki><br />
<br />
== Transparent Torification ==<br />
<br />
In some cases it is more secure and often easier to transparently torify an entire system instead of configuring individual applications to use Tor's socks port, not to mention preventing DNS leaks. Transparent torification can be done with [[iptables]] in such a way that all outbound packets are redirected through Tor's ''TransPort'', except the Tor traffic itself. Once in place, applications do not need to be configured to use Tor, though Tor's ''SocksPort'' will still work. This also works for DNS via Tor's ''DNSPort'', but realize that Tor only supports TCP, thus UDP packets other than DNS cannot be sent through Tor and therefore must be blocked entirely to prevent leaks. Using iptables to transparently torify a system affords comparatively strong leak protection, but it is not a substitute for virtualized torification applications such as Whonix, or TorVM [https://www.whonix.org/wiki/Comparison_with_Others]. Transparent torification also will not protect against fingerprinting attacks on its own, so it is recommended to use it in conjunction with the Tor Browser (search the AUR for the version you want: https://aur.archlinux.org/packages/?K=tor-browser) or to use an amnesic solution like [http://tails.boum.org/ Tails] instead. Applications can still learn your computer's hostname, MAC address, serial number, timezone, etc. and those with root privileges can disable the firewall entirely. In other words, transparent torification with iptables protects against accidental connections and DNS leaks by misconfigured software, it is not sufficient to protect against malware or software with serious security vulnerabilities.<br />
<br />
To enable transparent torification, use the following file for {{ic|iptables-restore}} and {{ic|ip6tables-restore}} (internally used by [[systemd]]'s {{ic|iptables.service}} and {{ic|ip6tables.service}}).<br />
<br />
{{Note|<br />
This file uses the nat table to force outgoing connections through the TransPort or DNSPort, and blocks anything it cannot torrify.<br />
<br />
* Now using {{ic|--ipv6}} and {{ic|--ipv4}} for protocol specific changes. {{ic|iptables-restore}} and {{ic|ip6tables-restore}} can now use the same file.<br />
* Where --ipv6 or --ipv4 is explicitly defined, {{ic|ip*tables-restore}} will ignore the rule if it is not for the correct protocol.<br />
* {{ic|ip6tables}} does not support {{ic|--reject-with}}. Make sure your torrc contains the following lines:<br />
<br />
SocksPort 9050<br />
DNSPort 5353<br />
TransPort 9040<br />
<br />
See {{man|8|iptables}}.<br />
}}<br />
<br />
{{Note|<br />
iptables-restore: unable to initialize table 'nat'<br />
<br />
Requires:<br />
<br />
modprobe ip_tables<br />
modprobe iptable_nat<br />
modprobe ip_conntrack<br />
modprobe iptable-filter<br />
modprobe ipt_state<br />
<br />
}}<br />
<br />
{{hc|/etc/iptables/iptables.rules|<br />
<br />
*nat<br />
:PREROUTING ACCEPT [6:2126]<br />
:INPUT ACCEPT [0:0]<br />
:OUTPUT ACCEPT [17:6239]<br />
:POSTROUTING ACCEPT [6:408]<br />
<br />
-A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353<br />
-A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040<br />
-A OUTPUT -o lo -j RETURN<br />
--ipv4 -A OUTPUT -d 192.168.0.0/16 -j RETURN<br />
-A OUTPUT -m owner --uid-owner "tor" -j RETURN<br />
-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353<br />
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040<br />
COMMIT<br />
<br />
*filter<br />
:INPUT DROP [0:0]<br />
:FORWARD DROP [0:0]<br />
:OUTPUT DROP [0:0]<br />
<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT -p icmp -j ACCEPT<br />
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT<br />
--ipv4 -A INPUT -p tcp -j REJECT --reject-with tcp-reset<br />
--ipv4 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable<br />
--ipv4 -A INPUT -j REJECT --reject-with icmp-proto-unreachable<br />
--ipv6 -A INPUT -j REJECT<br />
--ipv4 -A OUTPUT -d 127.0.0.0/8 -j ACCEPT<br />
--ipv4 -A OUTPUT -d 192.168.0.0/16 -j ACCEPT<br />
--ipv6 -A OUTPUT -d ::1/8 -j ACCEPT<br />
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT<br />
-A OUTPUT -m owner --uid-owner "tor" -j ACCEPT<br />
--ipv4 -A OUTPUT -j REJECT --reject-with icmp-port-unreachable<br />
--ipv6 -A OUTPUT -j REJECT<br />
COMMIT<br />
}}<br />
<br />
This file also works for ip6tables-restore, so you may symlink it:<br />
<br />
ln -s /etc/iptables/iptables.rules /etc/iptables/ip6tables.rules<br />
<br />
Then make sure Tor is running, and [[start/enable]] the {{ic|iptables}} and {{ic|ip6tables}} systemd units.<br />
<br />
You may want to add {{ic|1=Requires=iptables.service}} and {{ic|1=Requires=ip6tables.service}} to whatever systemd unit logs your user in (most likely a [[display manager]]), to prevent any user processes from being started before the firewall up. See [[systemd]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Problem with user value ===<br />
<br />
If the '''tor''' daemon failed to start, then run the following command as root (or use sudo)<br />
<br />
# tor<br />
<br />
If you get the following error<br />
<br />
May 23 00:27:24.624 [warn] Error setting groups to gid 43: "Operation not permitted".<br />
May 23 00:27:24.624 [warn] If you set the "User" option, you must start Tor as root.<br />
May 23 00:27:24.624 [warn] Failed to parse/validate config: Problem with User value. See logs for details.<br />
May 23 00:27:24.624 [err] Reading config failed--see warnings above.<br />
<br />
Then it means that the problem is with the User value, which likely means that one or more files or directories in your {{ic|/var/lib/tor}} directory is not owned by tor. This can be determined by using the following find command:<br />
<br />
find /var/lib/tor/ ! -user tor<br />
<br />
Any files or directories listed in the output from this command needs to have its ownership changed. This can be done individually for each file like so:<br />
<br />
chown tor:tor /var/lib/tor/filename<br />
<br />
Or to change everything listed by the above find example, modify the command to this:<br />
<br />
find /var/lib/tor/ ! -user tor -exec chown tor:tor {} \;<br />
<br />
Tor should now start up correctly.<br />
<br />
Still if you cannot start the tor service, run the service using root (this will switch back to the tor user). To do this, change the user name in the {{ic|/etc/tor/torrc}} file:<br />
<br />
User tor<br />
<br />
Now modify the systemd's tor service file {{ic|/usr/lib/systemd/system/tor.service}} as follows<br />
<br />
[Service]<br />
User=root<br />
Group=root<br />
Type=simple<br />
<br />
The process will be run as tor user. For this purpose change user and group ID to tor and also make it writable:<br />
<br />
# chown -R tor:tor /var/lib/tor/<br />
# chmod -R 755 /var/lib/tor<br />
<br />
Now save changes:<br />
<br />
# systemctl --system daemon-reload<br />
<br />
Then [[start]] {{ic|tor.service}}.<br />
<br />
== See also ==<br />
<br />
* [https://www.torproject.org/docs/tor-doc-unix.html.en Running the Tor client on Linux/BSD/Unix]<br />
* [https://trac.torproject.org/projects/tor/wiki#Unixish Unix-based Tor Articles]<br />
* [https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms Software commonly integrated with Tor]<br />
* [https://www.torproject.org/docs/tor-hidden-service.html.en How to set up a Tor ''Hidden Service'']<br />
* [https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports List of tor pluggable transports for obfuscating tor's traffic]</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=181078Cgit2012-01-29T19:09:11Z<p>Stfn: /* References */</p>
<hr />
<div>[[Category:Development (English)]]<br />
[http://hjemli.net/git/cgit/ Cgit] is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
{{bc|# pacman -S cgit}}<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{ic|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{ic|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{ic|/etc/cgitrc}}. You should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
If you prefer not having to manually specify each repository it's also possible to configure cgit to search for them:<br />
<br />
scan-path=/srv/git/<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==Gitosis Integration==<br />
If you want to integrate with gitosis you will have to run two commands to give apache permission to look though the folder.<br />
<br />
# chgrp http /srv/gitosis<br />
# chmod a+rx /srv/gitosis<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/<br />
* http://hjemli.net/git/cgit/tree/README<br />
* http://hjemli.net/git/cgit/tree/cgitrc.5.txt</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=180686Cgit2012-01-27T11:03:08Z<p>Stfn: </p>
<hr />
<div>[[Category:Development (English)]]<br />
[http://hjemli.net/git/cgit/ Cgit] is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
{{bc|# pacman -S cgit}}<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{ic|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{ic|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{ic|/etc/cgitrc}}. You should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
If you prefer not having to manually specify each repository it's also possible to configure cgit to search for them:<br />
<br />
scan-path=/srv/git/<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==Gitosis Integration==<br />
If you want to integrate with gitosis you will have to run two commands to give apache permission to look though the folder.<br />
<br />
# chgrp http /srv/gitosis<br />
# chmod a+rx /srv/gitosis<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=152368Cgit2011-08-18T00:30:54Z<p>Stfn: /* Installation */</p>
<hr />
<div>[http://hjemli.net/git/cgit/ Cgit] is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
{{cli|# pacman -S cgit}}<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{filename|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{filename|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{filename|/etc/cgitrc}}. You should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=152268Cgit2011-08-17T10:46:24Z<p>Stfn: </p>
<hr />
<div>[http://hjemli.net/git/cgit/ Cgit] is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
# pacman -S cgit<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{filename|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{filename|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{filename|/etc/cgitrc}}. You should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/</div>Stfnhttps://wiki.archlinux.org/index.php?title=Gitweb&diff=152267Gitweb2011-08-17T10:43:49Z<p>Stfn: </p>
<hr />
<div>Gitweb is the default web interface provided with [[git]] itself and is the basis for other git scripts like [[cgit]], [[gitosis]] and others.<br />
<br />
==Installation==<br />
To install gitweb you first have to install git and a webserver. For this example we use apache but you can also use others:<br />
pacman -S git apache<br />
<br />
Next you need to link the current gitweb default to your webserver location. In this example i use the default folder locations:<br />
ln -s /usr/share/gitweb /srv/http/gitweb<br />
<br />
That's it for the "installation". Next is the configuration.<br />
<br />
==Configuration==<br />
===Apache===<br />
Add the following to the end of you /etc/httpd/conf/httpd.conf<br />
<Directory "/srv/http/gitweb"><br />
DirectoryIndex gitweb.cgi<br />
Allow from all<br />
AllowOverride all<br />
Order allow,deny<br />
Options ExecCGI<br />
<Files gitweb.cgi><br />
SetHandler cgi-script<br />
</Files><br />
SetEnv GITWEB_CONFIG /etc/conf.d/gitweb.conf<br />
</Directory><br />
<br />
You can put the configuration in it's own config file in /etc/httpd/conf/extra/ but that's up to you to decide.<br />
<br />
===Lighttpd===<br />
If you're using lighttpd, make sure mod_alias, mod_redirect, mod_cgi and mod_setenv are loaded. Add the following to /etc/lighttpd/lighttpd.conf:<br />
setenv.add-environment = ( "GITWEB_CONFIG" => "/etc/conf.d/gitweb.conf" )<br />
url.redirect += ( "^/gitweb$" => "/gitweb/" )<br />
alias.url += ( "/gitweb/" => "/usr/share/gitweb/" )<br />
$HTTP["url"] =~ "^/gitweb/" {<br />
cgi.assign = (".cgi" => "")<br />
server.indexfiles = ("gitweb.cgi")<br />
}<br />
<br />
===Gitweb config===<br />
Next we need to make a gitweb config file. Open (or create if not existing) the file /etc/conf.d/gitweb.conf and place this in it:<br />
<pre><br />
$git_temp = "/tmp";<br />
<br />
# The directories where your projects are. Must not end with a slash.<br />
$projectroot = "/path/to/your/repositories"; <br />
<br />
# Base URLs for links displayed in the web interface.<br />
our @git_base_url_list = qw(git://<your_server> http://git@<your_server>); <br />
</pre><br />
<br />
Now the the configuration is done, please restart your webserver.<br />
For apache:<br />
/etc/rc.d/httpd restart<br />
<br />
Or for lighttpd:<br />
/etc/rc.d/lighttpd restart<br />
<br />
==Adding repositories==<br />
To add a repository go to your repository folder. There make your repository like so:<br />
mkdir my_repository.git<br />
git init --bare my_repository.git/<br />
cd my_repository.git/<br />
touch git-daemon-export-ok<br />
echo "Short project's description" > description<br />
<br />
Next open the "config" file and add this:<br />
[gitweb]<br />
owner = Your Name<br />
<br />
This will fill in the "Owner" field in gitweb. It's not required.<br />
<br />
I assumed that you want to have this repository as "central" repository storage where you push your commits to so the git-daemon-export-ok and --bare are here to have minimal overhead and to allow the git daemon to be used on it.<br />
<br />
That is all for making a repository. You can now see it on your http://localhost/gitweb (assuming everything went fine). You don't need to restart apache for new repositories since the gitweb cgi script simply reads your repository folder.<br />
<br />
==Thanx to...==<br />
This howto was mainly based on the awesome howto from howtoforge: http://www.howtoforge.com/how-to-install-a-public-git-repository-on-a-debian-server I only picked the parts that are needed to get it working and left the additional things out.</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=152265Cgit2011-08-17T10:11:26Z<p>Stfn: /* Adding repositories */</p>
<hr />
<div>Cgit is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
# pacman -S cgit<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{filename|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{filename|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{filename|/etc/cgitrc}}. You should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/</div>Stfnhttps://wiki.archlinux.org/index.php?title=Cgit&diff=152264Cgit2011-08-17T10:09:47Z<p>Stfn: Created page with "Cgit is an attempt to create a fast web interface for the git scm, using a builtin cache to decrease server io-pressure. ==Installation== Installing cgit is rather simple as it'..."</p>
<hr />
<div>Cgit is an attempt to create a fast web interface for the git scm, using a<br />
builtin cache to decrease server io-pressure.<br />
<br />
==Installation==<br />
Installing cgit is rather simple as it's available in the Community repository:<br />
# pacman -S cgit<br />
<br />
In order to actually use cgit you will of course also need to have some webserver installed on your system, like for example [[Apache]].<br />
<br />
==Configuration==<br />
===Apache===<br />
You may add the following either to the end of your {{filename|/etc/httpd/conf/httpd.conf}} file or place it in a separate file inside the {{filename|/etc/httpd/conf/extra/}} directory.<br />
#<br />
# cgit configuration for apache<br />
#<br />
<br />
ScriptAlias /cgit/ "/usr/lib/cgit/cgit.cgi/"<br />
Alias /cgit-css "/usr/share/webapps/cgit/"<br />
<Directory "/usr/share/webapps/cgit/"><br />
AllowOverride None<br />
Options None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<Directory "/usr/lib/cgit/"><br />
AllowOverride None<br />
Options ExecCGI FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
==Adding repositories==<br />
Before you can start adding repositories you will first have to create the basic cgit configuration file at {{filename|/etc/cgitrc}}. Also, you should at least specify the Stylesheet: <br />
<br />
#<br />
# cgit config<br />
#<br />
<br />
css=/cgit-css/cgit.css<br />
<br />
Now you can add your repos:<br />
<br />
#<br />
# List of repositories.<br />
# This list could be kept in a different file (e.g. '/etc/cgitrepos')<br />
# and included like this:<br />
# include=/etc/cgitrepos<br />
#<br />
<br />
repo.url=MyRepo<br />
repo.path=/srv/git/MyRepo.git<br />
repo.desc=This is my git repository<br />
<br />
repo.url=MyOtherRepo<br />
repo.path=/srv/git/MyOtherRepo.git<br />
repo.desc=That's my other git repository<br />
<br />
For detailed documentation about the available settings in this configuration file, please see the manage (`man cgitrc`).<br />
<br />
==References==<br />
* http://hjemli.net/git/cgit/<br />
* http://hjemli.net/git/cgit/about/</div>Stfnhttps://wiki.archlinux.org/index.php?title=ArchWiki_talk:Reports&diff=150335ArchWiki talk:Reports2011-07-31T12:42:10Z<p>Stfn: /* Gitweb -> Git */</p>
<hr />
<div>[[Category:ArchWiki Tools (English)]]<br />
In this page you can list:<br />
* Edits that a contributor made to the wiki without a proper explanation (that is what the Summary field is for) and whose validity you lack the knowledge to judge by yourself. In this case, please add a link to the edit in question with a brief explanation why you think it should be investigated. Consider contacting the contributor to ask for an explanation, which is often an effective way to solve these issues. Please report the eventual answer (if any) below the initial report. You can also link to a discussion already started in the talk page of the edited article.<br />
* Links to discussions started in talk pages requesting to add, delete, or modify some content in the respective articles which you do not have sufficient knowledge to answer definitively by yourself.<br />
<br />
[[ArchWiki:Reports/Archive|Archive]] discussions 1 day after closing.<br />
<br />
See [[ArchWiki:Spam]] to report vandalism. Please sign your edits and feel free to comment on others' reports.<br />
<br />
===Tomcat 5.5/7===<br />
[[Tomcat]] has been [https://wiki.archlinux.org/index.php?title=Tomcat&action=historysubmit&diff=140928&oldid=138574 updated for version 7], but version 5.5 [http://www.archlinux.org/packages/extra/x86_64/tomcat/ is still in extra], in fact a reference to the former, still-supported version [https://wiki.archlinux.org/index.php?title=Tomcat&diff=next&oldid=140981 has been put in the introduction]. Does anybody know if the old version will become unsupported? Otherwise [https://wiki.archlinux.org/index.php?title=Tomcat&oldid=138574 the old version of the article] could still be useful for somebody? Consider the possibility to move the old version to Tomcat5? -- [[User:Kynikos|Kynikos]] 04:31, 13 May 2011 (EDT)<br />
:[https://wiki.archlinux.org/index.php?title=Tomcat&curid=5874&diff=142010&oldid=141435 Update]. -- [[User:Kynikos|Kynikos]] 05:12, 20 May 2011 (EDT)<br />
::Left a message in [[Talk:Tomcat]], I don't know why I didn't do that in the first place. -- [[User:Kynikos|Kynikos]] 04:59, 7 June 2011 (EDT)<br />
<br />
===[https://wiki.archlinux.org/index.php/Talk:Kernel_Panics#Chroot_Instructions How to chroot properly]===<br />
The commands I have in my notes look more like the ones in the chroot article. I know they work, so I guess they are the correct ones. Can we remove a section from kernel panics and add a link to chroot article? -- [[User:Karol|Karol]] 06:45, 16 May 2011 (EDT)<br />
:We talked about this a while ago: if somebody starts a "questionable" discussion, report it here, but discuss it there ^^ Anyway I don't have enough experience with chrooting for answering, sorry. -- [[User:Kynikos|Kynikos]] 14:11, 16 May 2011 (EDT)<br />
::The [[chroot]] article is correct, well-written, and thorough. As you know, I am a strong supporter of de-duplication of effort and would suggest that, like installing AUR packages, adding daemons, and other common tasks, we simply defer to the "authority" article. (i.e. ''[[chroot]] into your existing installation and do X, Y, and Z.'') Perhaps this should be included in [[Help:Style]]. -- [[User:Pointone|pointone]] 16:49, 6 June 2011 (EDT)<br />
:::Tried to expand this topic in [[Help_talk:Style#Point to "authority" articles (i.e. de-duplication of efforts)]].<br />
:::It's to be noted that it doesn't solve this particular discussion. -- [[User:Kynikos|Kynikos]] 05:37, 7 June 2011 (EDT)<br />
<br />
===Is [community] part of AUR?===<br />
[https://wiki.archlinux.org/index.php?title=Official_Repositories&diff=126254&oldid=124769 Technically, both the [community<nowiki>]</nowiki> and [unsupported <nowiki>]</nowiki> repos make up the AUR.]<br />
<br />
I've e-mailed the author to ask what exactly did he mean by 'technically', because to me [community] and AUR have little in common. -- [[User:Karol|Karol]] 16:23, 19 May 2011 (EDT)<br />
:Section [community] in the same article states "and is part of the Arch User Repository", while in [[AUR]] there are many sentences that lead to think that [community] != AUR. I'm curious to know the answer, but probably the two articles are in contradiction. -- [[User:Kynikos|Kynikos]] 04:38, 20 May 2011 (EDT)<br />
::Exactly. The AUR Web Interface lets you access only [unsupported] apps, not those from [community].<br />
::[OT]I was wondering if there was any downside to using links as headlines. Have you noticed the Summary for this section is a bit long?[/OT] -- [[User:Karol|Karol]] 05:03, 20 May 2011 (EDT)<br />
:::[OT]I've got quite a large screen, so I don't notice it, anyway headings should be short, we'd better write descriptions in the body.[/OT] -- [[User:Kynikos|Kynikos]] 05:12, 20 May 2011 (EDT)<br />
::::In his e-mail, Loui shed some light on the matter and clarified why he made such edits:<br />
::::Loui Chang wrote:<br />
::::community and unsupported are repositories collectively known as the 'Arch User Community Repositories' which since it's creation has been shortened to 'Arch User Repository' are managed by the Trusted Users. Packages submitted by normal users could be promoted to binary packages in the community repo of the AUR by Trusted Users.<br />
::::In fact, community and unsupported were even in the same web interface in the past and managed by special tools that closely integrated the two sides of the AUR, but it was decided to use tools common to the developers for binary repositories.<br />
::::This is a fact that was established long before I became involved with Arch Linux, and something that was present on the wiki long before I added that note. I only added that for clarification of the terms. Changing things subversively would be wrong.<br />
<br />
::::He suggested posting on the mailing list or similar action.<br />
::::I think the easiest way would be redefining what AUR is. -- [[User:Karol|Karol]] 11:12, 20 May 2011 (EDT)<br />
:::::Definitely, it's much [[The_Arch_Way#Simplicity|simpler]] to think of the AUR as a different thing from [community]. I support your idea, the definition of AUR should be officially revised, starting from [[Official Repositories]]. -- [[User:Kynikos|Kynikos]] 11:46, 20 May 2011 (EDT)<br />
::::::What about moving this discussion to [[Requests]]? A first step to put something into practice. -- [[User:Kynikos|Kynikos]] 17:37, 2 June 2011 (EDT)<br />
:::::::I was thinking about it too, but maybe I should move it to my personal page as it's rather a pet peeve of mine and not something requiring immediate attention. There are more important things to do, although I would like to sort it out one day :-) -- [[User:Karol|Karol]] 18:20, 2 June 2011 (EDT)<br />
:[community] is run by the TUs, so afaik, the aur-general mailing list is used for discussing the [community] repo. From a user's perspective, the two are different, but I'm guessing that the devs/TUs still see [community] as part of the AUR, even though it uses the same web interface as the other repos now. If you want to change it, you might want to fire off an email to aur-general first to get their input. [[User:Thestinger|thestinger]] 01:23, 4 July 2011 (EDT)<br />
::I'm trying to piece together various bits of information I've found so far, e.g. [http://mailman.archlinux.org/pipermail/aur-general/2010-September/010784.html this e-mail] says "Packages to the community repo are uploaded to the aur.archlinux.org server, whereas packages for the official repos are uploaded to gerolde.archlinux.org." so from a dev/TU perspective, [community] '''is''' a part of AUR and I now understand what ''technically'' in "Technically, both the [community] and [unsupported ] repos make up the AUR." means.<br />
::I'll have some time next weekend and I'll try and see if I can make the wiki clearer by e.g. including the above-mentioned info.-- [[User:Karol|Karol]] 10:30, 4 July 2011 (EDT)<br />
<br />
===Arch Linux Small Business Server (SBS)===<br />
[https://wiki.archlinux.org/index.php?title=Arch_Linux_Small_Business_Server_%28SBS%29&action=historysubmit&diff=142403&oldid=138751 The new section] is still partly written in Cyrillic, let's see if the author will complete the translation. -- [[User:Kynikos|Kynikos]] 05:52, 22 May 2011 (EDT)<br />
:Can you say this article is in English atm? Because that's how it's categorized ... -- [[User:Karol|Karol]] 07:02, 22 May 2011 (EDT)<br />
::I don't understand: it was completely written in English, before those edits. If you're saying it should be categorized, then you're right. -- [[User:Kynikos|Kynikos]] 11:24, 23 May 2011 (EDT)<br />
:::Categorized and asked the author on his talk page if he's intentioned to complete the translation. -- [[User:Kynikos|Kynikos]] 17:49, 2 June 2011 (EDT)<br />
::::This discussion is equivalent to marking the article with Translateme, right? Then should I do it and close this issue? Also taking into account that it's a stub. -- [[User:Kynikos|Kynikos]] 05:44, 7 June 2011 (EDT)<br />
:Speaking of i18n - [https://wiki.archlinux.org/index.php/Category:Arch_Linux_Small_Business_Server_(Italiano) have a look at this]: articles don't follow 'Title in English (language)' form. Also, IIRC we shouldn't use acronyms (like SBS) in page titles. Should I open a new section for those Italian articles or are they on somebody's todo list already? -- [[User:Karol|Karol]] 07:02, 22 May 2011 (EDT)<br />
::About the Italian articles, they're not guarded at the moment, so they just could be moved to the new title with suffix.<br />
::About acronyms, I've started a discussion in [[Help_talk:Style#Acronyms in titles]]. -- [[User:Kynikos|Kynikos]] 11:24, 23 May 2011 (EDT)<br />
::[[Arch Linux Small Business Server (SBS)]] moved to [[Small Business Server]] and created redirection from [[SBS]]. -- [[User:Kynikos|Kynikos]] 17:57, 2 June 2011 (EDT)<br />
::...And finally also the Italian articles are fixed. -- [[User:Kynikos|Kynikos]] 18:30, 2 June 2011 (EDT)<br />
<br />
===Softphone===<br />
[[Softphone]] should be marked for deletion in coherence with [https://wiki.archlinux.org/index.php?title=Multimedia&action=historysubmit&diff=128063&oldid=128062 this edit]? (with which I agree) -- [[User:Kynikos|Kynikos]] 11:52, 23 May 2011 (EDT)<br />
:I don't see ekiga, linphone and twinkle anywhere on the [[Common Applications]] page. I would either leave [[Softphone]] or merge it with [[Common Applications]] although I'm not sure how common those softphone apps are. -- [[User:Karol|Karol]] 17:29, 23 May 2011 (EDT)<br />
::You're right, those apps can't be called "common"... The fact is that, to me, pages like that look too much like duplicates of Categories, and I don't like duplications... I don't know, maybe this is more a style problem, but at least we could rename pages like that with "List of ..." ("List of softphopne applications" in this case) like Wikipedia does? Or we could add lists with short descriptions directly in Category pages? -- [[User:Kynikos|Kynikos]] 05:13, 24 May 2011 (EDT)<br />
:::Apart from Skype those apps don't have their own wiki pages in our wiki, so you can't create a category 'Softphone'. Renaming this page to 'List of softphopne applications' looks fine to me but maybe in this case we should tell people to use http://en.wikipedia.org/wiki/List_of_SIP_software and http://en.wikipedia.org/wiki/Comparison_of_VoIP_software ? Or do we allow to create an Arch-centric (i.e. no Windows-only apps) "copy" of those articles? -- [[User:Karol|Karol]] 05:40, 24 May 2011 (EDT)<br />
::::The problem is where exactly would you put the links to the Wikipedia articles? Maybe we could allow the creation of Categories with a few members but containing lists of external references (with short descriptions)? -- [[User:Kynikos|Kynikos]] 05:58, 24 May 2011 (EDT)<br />
<br />
===Two Spanish NetworkManager articles===<br />
We have [[NetworkManager_(Espa)]] and [[NetworkManager_(Espa%C3%B1ol)]] - both half baked, the first one has an incorrect name (Espa). Any ideas what to do with them? -- [[User:Karol|Karol]] 01:24, 25 May 2011 (EDT)<br />
:First step: reported in [[Talk:ArchWiki_Translation_Team_(Español)]], let's wait a little time. -- [[User:Kynikos|Kynikos]] 12:32, 25 May 2011 (EDT)<br />
::From [[Talk:NetworkManager (Espa)]] on January 24, 2010: ''Please don't delete the page, I'm still translating, but i don't do it quickly becouse i don't have much time. So, when i finish it, this page will replace NetworkManager (Español) becouse that is too old.''<br />
::1.5 years is pushing it, though. I will probably end up deleting this page.<br />
::-- [[User:Pointone|pointone]] 16:54, 6 June 2011 (EDT)<br />
<br />
===Environment variables===<br />
(Just a report) A new page: [[Environment Variables]] ([[Talk:Environment Variables|with discussion]]); a discussion going on [[Talk:Bash|here]]; [[Bash#Environment_variables|a section in Bash]] that was requested for moving to [[Environment Variables]] on January 3rd. -- [[User:Kynikos|Kynikos]] 05:31, 30 May 2011 (EDT)<br />
<br />
===Define 'common' and 'lightweight' applications===<br />
W/o clicking on the link, can you tell me what kind of app [https://wiki.archlinux.org/index.php?title=Common_Applications&diff=0&oldid=142875 Sunflower] is? Who says which apps can be considered lightweight? Is there a need for such a gatekeeper? -- [[User:Karol|Karol]] 16:00, 30 May 2011 (EDT)<br />
:First thing I'd move this discussion in Help:Style. Second thing, not only I agree with you, but I don't even know how one can discern ''common'' applications from ''uncommon'' ones. If it were for me, I'd take those list, and many others (recently we've seen Softphones, Multimedia... (EDIT: [[Emacsy Applications]])) and just merge them in a unified article "List of applications" (or similar), thus also avoiding duplicates; possibly the article could have subpages, but it would be much tidier... and simple. If it's necessary, if there's a recognized most common application in a group, one can easily highlight it in bold. -- [[User:Kynikos|Kynikos]] 17:24, 30 May 2011 (EDT)<br />
::Oh yessss! How do we discuss those ideas: a forum thread, discussion pages of the soon-to-be-merged articles or just a nod from the wiki admins? -- [[User:Karol|Karol]] 18:17, 30 May 2011 (EDT)<br />
:::Eh in this case the best thing would be a forum thread, you can start it, I'll follow. I will also suggest again [[#Softphone|my idea of using the editable part of category pages for these lists]]. -- [[User:Kynikos|Kynikos]] 05:12, 31 May 2011 (EDT)<br />
<br />
===Script to update mirrorlist===<br />
[https://wiki.archlinux.org/index.php?title=Beginners%27_Guide%2FPost-Installation&action=historysubmit&diff=143331&oldid=142697 This has been added in the beginners' guide]: I'd move it to [[Mirrors]]. See [[Talk:Beginners'_Guide/Post-Installation#Script to update mirrorlist|discussion]]. -- [[User:Kynikos|Kynikos]] 08:05, 1 June 2011 (EDT)<br />
<br />
==="Standards"?===<br />
I don't get the purpose [[Standards|of this page]]: can anybody help me, or I should ask the author? -- [[User:Kynikos|Kynikos]] 08:08, 1 June 2011 (EDT)<br />
:We already have [[General Recommendations]] and [[Filesystem Hierarchy Standard]] so I don't really see the purpose of that page. -- [[User:Karol|Karol]] 08:29, 1 June 2011 (EDT)<br />
::Doubtful that this page will last, but I would recommend contacting the author to see what was had in mind. -- [[User:Pointone|pointone]] 17:17, 6 June 2011 (EDT)<br />
:::Told the author on his talk page. -- [[User:Kynikos|Kynikos]] 06:12, 7 June 2011 (EDT)<br />
::::He has provided an explanation on [[Talk:Standards]]: this discussion continues there. -- [[User:Kynikos|Kynikos]] 05:59, 8 June 2011 (EDT)<br />
<br />
===Deltup===<br />
Would you ask to translate [[Deltup|this article]] or add the language suffix? (it could be Russian, Ucrainian, Bulgarian, Serbian, I'm not sure...) -- [[User:Kynikos|Kynikos]] 05:14, 10 June 2011 (EDT)<br />
:Contact the author and ask him to add the language suffix, categories and headings. -- [[User:Karol|Karol]] 06:39, 10 June 2011 (EDT)<br />
::I think i can translate it, there a little problem with the command output, I think I can fix it with some templates. I didn't know russian very well, but yesterday I try to use a translator, it is simple to translate. I was courious and I had try the guide on a VM, I didn't had any problem, this project isn't official, and I didn't found much infofmation about it, but I like the idea of delta update. -- [[User:Maveloth|Maveloth]] 07:39, 10 June 2011 (EDT)<br />
:::It is indeed Russian; I've added a language tag myself. -- [[User:Pointone|pointone]] 11:24, 10 June 2011 (EDT)<br />
::::#Maveloth, do you really think you can translate the article? It would be nice, I've never tried delta updating, but I like the idea too!<br />
::::#Anyway the article needs headings and categories, as pointed by Karol.<br />
::::#I think there's a bug in the wiki engine: try to open the discussion page with the tab at the top: it returns a database error.<br />
:::::*note that following [[Deltup_talk: (Русский)]] the page gets indeed composed, so it's a problem of the link in the tab<br />
:::::*this seems to happen for all the links to uncreated discussion pages in languages that don't use the Latin alphabet, can you confirm this?<br />
:::::*I've just found a (quite old) bug report: {{Bug|21610}}<br />
::::-- [[User:Kynikos|Kynikos]] 11:56, 10 June 2011 (EDT)<br />
::::: I started the translation but I noticed that the page [[Deltup]] is a redirect, if I insert the i18n template, I think there could be a little problem cause the enlish page result as existing, but in fact is a redirect to the russian page. What should I do? for now I'll wait for instruction. [[User:Maveloth|Maveloth]] 15:26, 10 June 2011 (EDT)<br />
::::::Redirect was added when page was moved to include the language tag. Fixed; please continue! -- [[User:Pointone|pointone]] 15:33, 10 June 2011 (EDT)<br />
:::::::Thanks! Just let me had a little break for now! ;) I think I'll continue later. [[User:Maveloth|Maveloth]] 16:05, 10 June 2011 (EDT)<br />
:::::The non-Latin alphabet bug in not limited to the uncreated discussion pages. [https://bbs.archlinux.org/viewtopic.php?id=119017 The existing ones] are bitten by it too. -- [[User:Karol|Karol]] 09:46, 12 June 2011 (EDT)<br />
<br />
===[[Template:NB]]===<br />
Would you consider [[Template:NB]] a localized version of [[Template:Note]], like [[Template:Nota]] for Spanish and Italian? Note that there are also versions with standard suffix, like [[Template:Note (Dansk)]]. -- [[User:Kynikos|Kynikos]] 09:13, 2 July 2011 (EDT)<br />
<br />
===beginners' guide installation section===<br />
Not sure what happened to [[Beginners' Guide/Installation]], and I have to go now, so no time to fix it myself. Looks like an innocent mistake though. However, the install CD won't have the new iproute2 networking, so we have to stick with the old method for now. It's only deprecated, not removed, so it will still work after an update (it gives a warning about deprecation too). [[User:Thestinger|thestinger]] 20:04, 3 July 2011 (EDT)<br />
<br />
:Rolled back [https://wiki.archlinux.org/index.php?title=Beginners%27_Guide%2FInstallation&action=historysubmit&diff=148104&oldid=146869 these changes] for now. Discussion about iproute2 rc.conf syntax can be continued at [[Talk:Beginners' Guide/Installation]]. [[User:Thestinger|thestinger]] 01:13, 4 July 2011 (EDT)<br />
<br />
::Added my opinion there. -- [[User:Kynikos|Kynikos]] 06:57, 4 July 2011 (EDT)<br />
<br />
===Emacsy Applications===<br />
I don't really get the purpose of [[Emacsy Applications]], it looks like a subjective list of some preferred applications of the author... -- [[User:Kynikos|Kynikos]] 05:10, 12 July 2011 (EDT)<br />
<br />
===A new category===<br />
[https://wiki.archlinux.org/index.php?title=Category:VPN_(English)&diff=148964&oldid=prev VPN] - do we need this category? Rename to ''Virtual Private Network'' maybe?<br />
<br />
Are there any guidelines on how specific a good category should be? -- [[User:Karol|Karol]] 19:06, 13 July 2011 (EDT)<br />
<br />
:One thing is sure, all categories must be categorized.<br />
:Honestly I think that having some new subcategories for [[:Category:Networking (English)]] wouldn't really hurt, however pointone could have something to say here.<br />
:Also [[Talk:Table_of_Contents]] should be updated, and I think that if [[:Category:VPN (English)]] is put under [[:Category:Networking (English)]], the articles in VPN should be taken away from Networking, otherwise there's no advantage.<br />
:About renaming to Virtual Private Network I agree, and about possible guidelines I don't know, but it would be quite difficult to define the "how specific" part ;)<br />
:-- [[User:Kynikos|Kynikos]] 19:57, 13 July 2011 (EDT)<br />
<br />
===Copyright / left notices in the wiki===<br />
Specifically, are we OK with [https://wiki.archlinux.org/index.php?title=Postfix_Tutorial&oldid=45636 the one at the very bottom]? What was the situation wrt to users copyrighting the wiki articles back in 2008? From the wiki main page: ''Content is available under GNU Free Documentation License 1.2.'' -- [[User:Karol|Karol]] 21:10, 15 July 2011 (EDT)<br />
:It does not seem like the [http://creativecommons.org/licenses/by-nc-sa/3.0/nl/deed.en Creative Commons BY-NC-SA License] is compatible with the [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation License 1.2]. The GNU FDL says "''either commercially or noncommercially''" while the CC BY-NC-SA says "''Noncommercial — You may not use this work for commercial purposes.''"<br />
<br />
:I don't know if this has always been the case but when you submit content you see a notice:<br />
:{{box||Please note that all contributions to ArchWiki are considered to be released under the GNU Free Documentation License 1.2 (see '''[[ArchWiki:Copyrights]]''' for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.<br>You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. '''Do not submit copyrighted work without permission!'''}}<br />
:If that was the case when the author originally published here, then the author effectively has released it under another license. The original copyright holder can release under multiple licenses as far as I know. So I guess the question is if the submission notice was the same back when the content was originally posted as it is now.<br />
<br />
:The GNU FDL looks compatible with the "attribution" and "share alike" part of CC BY-NC-SA just not the NC part. Of course at this point I'll have to point out that I am not a lawyer and this is just my first look at it. [[User:James Eder|James Eder]] 23:30, 15 July 2011 (EDT)<br />
<br />
===PostgreSQL===<br />
Somebody with knowledge on the subject should verify [https://wiki.archlinux.org/index.php?title=PostgreSQL&diff=next&oldid=148911 this edit]. By the way the article should be reorganized, especially in the first part where there is extensive use of sudo; also [https://wiki.archlinux.org/index.php?title=PostgreSQL&action=historysubmit&diff=149797&oldid=149793 these edits], immediately following the one reported before, seems not to fit too well in that location, and "-p" should be changed to "-d" I guess... -- [[User:Kynikos|Kynikos]] 08:15, 24 July 2011 (EDT)<br />
<br />
===inittab===<br />
[https://wiki.archlinux.org/index.php?title=Automatic_login_to_virtual_console&diff=150005&oldid=148355 it's] not working for me. I've e-mailed the author and asked him if he's sure about this. -- [[User:Karol|Karol]] 00:24, 28 July 2011 (EDT)<br />
<br />
===Gitweb -> Git===<br />
Some content has been moved [https://wiki.archlinux.org/index.php?title=Gitweb&action=historysubmit&diff=150166&oldid=148671 from Gitweb] [https://wiki.archlinux.org/index.php?title=Git&action=historysubmit&diff=150165&oldid=150162 to Git], but [https://wiki.archlinux.org/index.php?title=Gitweb&oldid=148671#Git_HTTP the Git HTTP section] has just been deleted: is it completely replaced by [[Git#Smart_HTTP]] or something should be saved? -- [[User:Kynikos|Kynikos]] 17:09, 30 July 2011 (EDT)<br />
:I thought you would tell me ;P I've bookmarked it, but didn't have time to check it yet. -- [[User:Karol|Karol]] 18:34, 30 July 2011 (EDT)<br />
::I'm asking the author to participate in this discussion. -- [[User:Kynikos|Kynikos]] 08:20, 31 July 2011 (EDT)<br />
:::Hi, I removed the old HTTP section because the methods described there are basically deprecated and their use is being considered as discouraged. The recommended way is using the git-http-backend which supports smart HTTP(s) as well as a fallback mode for the old "dumb" HTTP protocol if necessary. The git-http-backend method is already explained in the "Git" article. -- [[User:Stfn|Stfn]] 08:41, 31 July 2011 (EDT)</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150174Git2011-07-29T11:33:47Z<p>Stfn: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
<br />
==Git SSH==<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in ~/.ssh) and copy it's content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
Now you can checkout your git repo this way (change where needed. Here it's using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
<br />
==GIT Daemon==<br />
{{Note|The git daemon only allows read access. For write access look at "Git SSH".}}<br />
This will allow url's like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon /etc/conf.d/git-daemon.conf (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
/etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append git-deamon to DAEMONS line in /etc/rc.conf file.<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git<br />
<br />
<br />
=References=<br />
* http://www.kernel.org/pub/software/scm/git/docs/<br />
* http://book.git-scm.com/index.html<br />
* http://gitref.org/<br />
* http://help.github.com/</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150173Git2011-07-29T11:26:00Z<p>Stfn: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
<br />
==Git SSH==<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in ~/.ssh) and copy it's content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
Now you can checkout your git repo this way (change where needed. Here it's using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
<br />
==GIT Daemon==<br />
{{Note|The git daemon only allows read access. For write access look at "Git SSH".}}<br />
This will allow url's like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon /etc/conf.d/git-daemon.conf (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
/etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append git-deamon to DAEMONS line in /etc/rc.conf file.<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150170Git2011-07-29T11:17:01Z<p>Stfn: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
<br />
==Git SSH==<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in ~/.ssh) and copy it's content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
Now you can checkout your git repo this way (change where needed. Here it's using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
<br />
==GIT Daemon==<br />
{{Note|The git daemon only allows read access. For write access look at "Git SSH".}}<br />
This will allow url's like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon /etc/conf.d/git-daemon.conf (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
/etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append git-deamon to DAEMONS line in /etc/rc.conf file.<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git</div>Stfnhttps://wiki.archlinux.org/index.php?title=Gitweb&diff=150166Gitweb2011-07-29T11:04:36Z<p>Stfn: Removed sections about git transport protocols as those are in the "Git" article</p>
<hr />
<div>Gitweb is the default web interface provided with [[git]] itself and is the basis for other git scripts like cgit, gitosis and others.<br />
<br />
<br />
=Installation=<br />
To install gitweb you first have to install git and a webserver. For this example we use apache but you can also use others:<br />
pacman -S git apache<br />
<br />
Next you need to link the current gitweb default to your webserver location. In this example i use the default folder locations:<br />
ln -s /usr/share/gitweb /srv/http/gitweb<br />
<br />
That's it for the "installation". Next is the configuration.<br />
<br />
=Configuration=<br />
==Apache==<br />
Add the following to the end of you /etc/httpd/conf/httpd.conf<br />
<Directory "/srv/http/gitweb"><br />
DirectoryIndex gitweb.cgi<br />
Allow from all<br />
AllowOverride all<br />
Order allow,deny<br />
Options ExecCGI<br />
<Files gitweb.cgi><br />
SetHandler cgi-script<br />
</Files><br />
SetEnv GITWEB_CONFIG /etc/conf.d/gitweb.conf<br />
</Directory><br />
<br />
You can put the configuration in it's own config file in /etc/httpd/conf/extra/ but that's up to you to decide.<br />
<br />
<br />
==Lighttpd==<br />
If you're using lighttpd, make sure mod_alias, mod_redirect, mod_cgi and mod_setenv are loaded. Add the following to /etc/lighttpd/lighttpd.conf:<br />
setenv.add-environment = ( "GITWEB_CONFIG" => "/etc/conf.d/gitweb.conf" )<br />
url.redirect += ( "^/gitweb$" => "/gitweb/" )<br />
alias.url += ( "/gitweb/" => "/usr/share/gitweb/" )<br />
$HTTP["url"] =~ "^/gitweb/" {<br />
cgi.assign = (".cgi" => "")<br />
server.indexfiles = ("gitweb.cgi")<br />
}<br />
<br />
<br />
==Gitweb config==<br />
Next we need to make a gitweb config file. Open (or create if not existing) the file /etc/conf.d/gitweb.conf and place this in it:<br />
<pre><br />
$git_temp = "/tmp";<br />
<br />
# The directories where your projects are. Must not end with a slash.<br />
$projectroot = "/path/to/your/repositories"; <br />
<br />
# Base URLs for links displayed in the web interface.<br />
our @git_base_url_list = qw(git://<your_server> http://git@<your_server>); <br />
</pre><br />
<br />
Now the the configuration is done, please restart your webserver.<br />
For apache:<br />
/etc/rc.d/httpd restart<br />
<br />
Or for lighttpd:<br />
/etc/rc.d/lighttpd restart<br />
<br />
<br />
=Adding repositories=<br />
To add a repository go to your repository folder. There make your repository like so:<br />
mkdir my_repository.git<br />
git init --bare my_repository.git/<br />
cd my_repository.git/<br />
touch git-daemon-export-ok<br />
echo "Short project's description" > description<br />
<br />
Next open the "config" file and add this:<br />
[gitweb]<br />
owner = Your Name<br />
<br />
This will fill in the "Owner" field in gitweb. It's not required.<br />
<br />
I assumed that you want to have this repository as "central" repository storage where you push your commits to so the git-daemon-export-ok and --bare are here to have minimal overhead and to allow the git daemon to be used on it.<br />
<br />
That is all for making a repository. You can now see it on your http://localhost/gitweb (assuming everything went fine). You don't need to restart apache for new repositories since the gitweb cgi script simply reads your repository folder.<br />
<br />
<br />
=Thanx to...=<br />
This howto was mainly based on the awesome howto from howtoforge: http://www.howtoforge.com/how-to-install-a-public-git-repository-on-a-debian-server I only picked the parts that are needed to get it working and left the additional things out.</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150165Git2011-07-29T10:59:42Z<p>Stfn: Merge "Git SSH" from Gitweb article</p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
<br />
==Git SSH==<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in ~/.ssh) and copy it's content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
Now you can checkout your git repo this way (change where needed. Here it's using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
<br />
==GIT Daemon==<br />
{{Note|The git daemon only allows read access. For write access look at "Git SSH".}}<br />
This will allow url's like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon /etc/conf.d/git-daemon.conf (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
/etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append git-deamon to DAEMONS line in /etc/rc.conf file.<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150164Git2011-07-29T10:56:32Z<p>Stfn: Merge "GIT Daemon" from Gitweb article</p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
<br />
==GIT Daemon==<br />
{{Note|The git daemon only allows read access. For write access look at "Git SSH".}}<br />
This will allow url's like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon /etc/conf.d/git-daemon.conf (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
/etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append git-deamon to DAEMONS line in /etc/rc.conf file.<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=150162Git2011-07-29T10:52:15Z<p>Stfn: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
<br />
__TOC__<br />
<br />
<br />
=Installation=<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
<br />
= Configuration =<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
<br />
=Cheatsheet=<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
<br />
=Transfer Protocols=<br />
==Smart HTTP==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
Note: Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html</div>Stfnhttps://wiki.archlinux.org/index.php?title=Git&diff=149516Git2011-07-20T13:20:58Z<p>Stfn: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is [http://git-scm.com/documentation extensive documentation, guides, and tutorials available from the official web site].<br />
<br />
__TOC__<br />
<br />
==Installation==<br />
<br />
{{Package Official|git}} can be installed with [[pacman]] as usual from the [extra] repository. Pay attention to the optional dependencies if you care about using Git with other VCS software, mail servers, or using Git's GUI.<br />
<br />
Bash completion (eg. hitting tab to complete commands you are typing) should work if you<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{codeline|gitk}} or {{codeline|git gui}}) you should install the {{Package Official|tk}} package or you'll get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
== Configuration ==<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used a s a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
git config --global core.editor "nano -w"<br />
adds {{codeline|<nowiki>editor = nano -w</nowiki>}} to the {{codeline|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
==Cheatsheet==<br />
Parts from everywhere, much from the wonderful tutorial here: http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone http://archlinux.org/~james/projects/network.git<br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit ID's (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set nano as default editor<br />
git config --global core.editor "nano -w"<br />
Start remote repository<br />
http://www.adeal.eu/starting-with-git.php [broken as of 31DEC10]<br />
<br />
== Git Smart HTTP (git-http-backend) ==<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT. Furthermore it's not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at <code>/etc/httpd/conf/httpd.conf</code>:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at <code>/srv/git</code> and that you want to access them via something like <code>http(s)://your_address.tld/git/your_repo.git</code>. Feel free to customize this to your needs.<br />
<br />
Note: Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html</div>Stfnhttps://wiki.archlinux.org/index.php?title=WeeChat&diff=131754WeeChat2011-02-22T09:46:05Z<p>Stfn: /* Running WeeChat */</p>
<hr />
<div>{{i18n|WeeChat}}<br />
{{Stub}}<br />
{{Article summary start}}<br />
{{Article summary text|WeeChat is a highly extendable and feature rich IRC Client currently under heavy development.}}<br />
{{Article summary heading|Alternative Clients}}<br />
{{Article summary wiki|Irssi}}<br />
{{Article summary wiki|XChat}}<br />
{{Article summary end}}<br />
==Installing==<br />
{{Package Official|WeeChat}} is available in the ['''extra'''] repo. Install by running:<br />
# pacman -S weechat<br />
There is also {{Package AUR|weechat-git}} in the AUR, install with your favorite [[AUR Helper|AUR Helper]] or [[makepkg]].<br />
<br />
<br />
==Running WeeChat==<br />
WeeChat is going to have multiple interfaces at some point, run '''weechat-[interface]''' to start WeeChat. <br />
<br />
As WeeChat currently only has a Ncurses interface the command to start WeeChat is:<br />
$ weechat-curses<br />
<br />
==Connecting to a server==<br />
You can connect to a IRC server by using '''/connect'''.<br />
/connect chat.freenode.net<br />
Or if there is already a '''Server''' setup you can use:<br />
/connect freenode<br />
==Creating a Server profile==<br />
If you plan on connecting to a server more than once it may be beneficial to create a '''Server'''.<br />
/server add example irc.example.net/6667<br />
Would create the server '''example''' which would connect to '''irc.example.net''' on port '''6667'''<br />
<br />
See the WeeChat documentation and '''/help server''' for more information.<br />
<br />
==Configuring SSL==<br />
Many IRC servers, including [http://freenode.net/ freenode] where [[IRC_Channel|#archlinux]] is, support SSL.<br />
<br />
If you're making a server with '''/server''' add '''-ssl''' to the end of the line, for example:<br />
/server add FreenodeSSL chat.freenode.net/7000 -ssl<br />
{{Warning|Some servers need the '''ssl_dhkey_size''' value changed to something lower. For example, if you're using freenode you'll need to set '''/set irc.server.FreenodeSSL.ssl_dhkey_size 1024'''}}<br />
{{Box BLUE|Note:| Different servers may, and probably will have a different port than 7000 - this is server specific.}}<br />
You can do the same thing if using '''/connect'''.<br />
/connect chat.freenode.net/7000 -ssl<br />
<br />
==Tips and Tricks==<br />
===Upgrading===<br />
WeeChat can be upgraded without disconnecting from the IRC servers (non-SSL connections only):<br />
/upgrade<br />
This will load the new WeeChat binary and reload the current configuration.<br />
===Aliases===<br />
Aliases can be created to simplify commonly executed commands. A nice example is Wraithan's '''smart filter''' alias:<br />
<br />
'''Smart Filter'''<br><br />
First, we need to enable smart filters:<br />
/set irc.look.smart_filter "on"<br />
<br />
Next, we will create the '''sfilter''' alias:<br />
/alias sfilter filter add irc_smart_$server_$channel irc.$server.$channel irc_smart_filter *<br />
We can now type<br />
/sfilter<br />
in any buffer, and the smart filter will only be enabled for that buffer.<br />
<br />
The following alias will remove a previously enabled smart filter in the current buffer:<br><br />
Add the alias:<br />
/alias rmsfilter filter del irc_smart_$server_$channel<br />
and execute it by<br />
/rmsfilter<br />
<br />
<br />
==Getting Help==<br />
To access WeeChat's built-in help, simply type<br />
/help<br />
and the help will be displayed in the main buffer (usually buffer 1).<br />
<br />
<br />
==External Links==<br />
[http://www.weechat.org WeeChat Home Page] <br /><br />
[http://www.weechat.org/doc/ WeeChat Documentation] <br /><br />
[http://www.weechat.org/scripts/ WeeChat Scripts] <br /><br />
[http://dev.weechat.org/ WeeChat Development Blog]</div>Stfnhttps://wiki.archlinux.org/index.php?title=Nouveau&diff=122625Nouveau2010-11-26T08:15:42Z<p>Stfn: </p>
<hr />
<div>[[Category: Graphics (English)]]<br />
[[Category: X Server (English)]]<br />
[[Category: HOWTOs (English)]]<br />
{{i18n|Nouveau}}<br />
{{Article summary start}}<br />
{{Article summary text|This article details the installation of the Nouveau Open Source 3D acceleration graphics driver for NVIDIA cards. The name of the project refers to the fact that "nouveau" means "new" in French.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|KMS}}<br />
{{Article summary wiki|NVIDIA}}<br />
{{Article summary wiki|Xorg}}<br />
{{Article summary end}}<br />
<br />
[http://nouveau.freedesktop.org/wiki/ Nouveau] is an open source graphic driver for NVIDIA cards.<br />
Do not forget to check out the [http://nouveau.freedesktop.org/wiki/FAQ FAQ] if you have any questions, as there is a lot of valuable information there.<br />
<br />
==Installation==<br />
Before proceeding, have a look at the [http://nouveau.freedesktop.org/wiki/FeatureMatrix FeatureMatrix] to see what features are supported for a given architecture, and the list of [http://nouveau.freedesktop.org/wiki/CodeNames codenames] to determine the card's category.<br />
<br />
You could also consult [[Wikipedia:Comparison_of_Nvidia_Graphics_Processing_Units|wikipedia]] for a even more detailed list.<br />
<br />
Install the following package:<br />
# pacman -S xf86-video-nouveau<br />
<br />
In addition to {{Package Official|xf86-video-nouveau}}, install the package below for the highly experimental Mesa Gallium3D DRI drivers for Nouveau:<br />
# pacman -S nouveau-dri<br />
<br />
As of [http://cgit.freedesktop.org/nouveau/linux-2.6/commit/?id=d5f3c90d4f3ad6b054f9855b7b69137b97bda131 2010-02-25], nouveau automatically generates the firmware for nv50. Thus nouveau-firmware is no longer needed for any cards with nouveau-drm 0.0.15_20100313-1.<br />
<br />
==Loading==<br />
<br />
If you kept the proprietary nvidia driver installed, nouveau is probably not going to work.<br />
Either uninstall nvidia or blacklist it by adding the following line to /etc/modprobe.d/modprobe.conf<br />
blacklist nvidia<br />
<br />
Then nouveau should load fine automatically on next reboot. To test it now, first make sure nvidia is no longer loaded<br />
# rmmod nvidia<br />
Now load nouveau<br />
# modprobe nouveau<br />
And check that it loaded fine by looking at kernel messages<br />
$ dmesg<br />
<br />
==Configuration==<br />
Create the file {{Filename|/etc/X11/xorg.conf.d/20-nouveau.conf}}, and input the following contents:<br />
Section "Device"<br />
Identifier "n"<br />
Driver "nouveau"<br />
EndSection<br />
This is required to ensure that nouveau driver is loaded. Udev is not yet smart enough to do this by itself. (The '''xf86-video-nouveau''' package maintainers should consider including this file.)<br />
<br />
==KMS==<br />
Kernel Mode-Setting ([[KMS]]) is supported by the Nouveau driver and upstream actually recommends testing it as it is the future implementation for all graphics chipsets. See the [http://nouveau.freedesktop.org/wiki/KernelModeSetting KernelModeSetting] page for more information.<br />
<br />
As of [http://cgit.freedesktop.org/nouveau/linux-2.6/commit/?id=8fb5c3ada2678defb0351e8b155c564471da05a7 2009-12-11], KMS is the default with the kernel module (with nouveau-drm 0.0.15_20091220-1 and higher). You can still disable it with nouveau.modeset=0 , however non KMS support was removed from xorg driver on [http://cgit.freedesktop.org/nouveau/xf86-video-nouveau/commit/?id=17485c234ff191cee3dd19e3dd693a80b024e189 2010-01-10] (xf86-video-nouveau 0.0.15_git20100117-1 and higher).<br />
<br />
===Late start===<br />
With this choice, KMS will be enabled when the boot process says, "Loading modules." This may cause an undesirable screen flicker as the mode changes.<br />
<br />
Remove all "vga=" and "video=" options from your kernel commandline in {{Filename|/boot/grub/menu.lst}}. Using other framebuffer drivers (such as uvesafb) will conflict with KMS.<br />
<br />
===Early start===<br />
{{Warning|If you have troubles with nouveau, and are led to rebuild nouveau-drm several times for testing purpose, do not add nouveau to the initramfs. It is too easy to forget to rebuild the initramfs and it will just make any testing harder. Just use ''late start''. There might be additional problems with initramfs if you need a firmware for the nv50 family}}<br />
<br />
This method will start KMS as early as possible in the boot process, when the [[initramfs]] is loaded. Here is how to do this with the official packages:<br />
<br />
1) Add "nouveau" to the ''MODULES'' array in {{Filename|/etc/mkinitcpio.conf}}:<br />
MODULES="'''nouveau''' ..."<br />
<br />
2) Add "/etc/modprobe.d/modprobe.conf" to the FILES section in {{Filename|/etc/mkinitcpio.conf}}:<br />
FILES="/etc/modprobe.d/modprobe.conf"<br />
<br />
3) Re-generate your initcpio:<br />
# mkinitcpio -p <''your kernel preset (kernel26, etc.)''><br />
<br />
<small>You can also look at the [[Intel]] instructions for an early start: [[Intel#KMS_.28Kernel_Mode_Setting.29|Intel Graphics:KMS (Kernel Mode Setting)]]</small><br />
<br />
==Alternative installation==<br />
If the official Arch Linux packages do not work, you can try a more current video driver from the [[AUR]]: {{Package AUR|xf86-video-nouveau-git}}. A more up-to-date DRM module can be built by using the {{Package Official|nouveau-drm}} PKGBUILD from [[Arch Build System|ABS]]. Simply update {{Codeline|_snapdate}} to the current date, and modify the {{Codeline|sources}} array to read:<br />
source=(# ftp://ftp.archlinux.org/other/$pkgname/master-${_snapdate}.tar.gz<br />
http://people.freedesktop.org/~pq/nouveau-drm/master.tar.gz<br />
# get the Makefile from http://cgit.freedesktop.org/nouveau/linux-2.6/plain/nouveau/Makefile?h=master-compat<br />
Makefile)<br />
<br />
You can use {{Package AUR|kernel26-nouveau-git}} to compile the nouveau project's kernel tree, which already includes the necessary modules. This is the method recommended by upstream.<br />
<br />
==3D==<br />
3D is ''unsupported''.<br />
<br />
That means:<br />
* Do not ask for instructions to try it.<br />
* What ever you do, do not install the 3D driver system-wide.<br />
* If you want to try 3D acceleration or you have problems with it, you are on your own, unless you are looking to contribute patches.<br />
<br />
References: [http://nouveau.freedesktop.org/wiki/FrontPage Nouveau frontpage] and [http://nouveau.freedesktop.org/wiki/FAQ#head-ae99a8e6a3f57b76ae2589d4c0d2a5fa7ebf9f5d Nouveau FAQ]<br />
<br />
==DualHead==<br />
Nouveau supports the xrandr extension for modesetting and multiple monitors. See the [[RandR12]] page for tutorials.<br />
<br />
Here is a full sample {{Filename|/etc/X11/xorg.conf}} above for running 2 monitors in dual head mode. You may prefer to use a graphical tool to configure monitors like gnome-display-properties (System -> Preferences -> Display).<br />
<pre><br />
# the right one<br />
Section "Monitor"<br />
Identifier "NEC"<br />
Option "PreferredMode" "1280x1024_60.00"<br />
EndSection<br />
<br />
# the left one<br />
Section "Monitor"<br />
Identifier "FUS"<br />
Option "PreferredMode" "1280x1024_60.00"<br />
Option "LeftOf" "NEC"<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "nvidia card"<br />
Driver "nouveau"<br />
Option "Monitor-DVI-I-0" "NEC"<br />
Option "Monitor-DVI-I-1" "FUS"<br />
#Option "AccelMethod" "XAA"<br />
EndSection<br />
<br />
Section "Screen"<br />
Identifier "screen1"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Virtual 2560 1024<br />
EndSubSection<br />
Device "nvidia card"<br />
EndSection<br />
<br />
Section "ServerLayout"<br />
Identifier "layout1"<br />
Screen "screen1"<br />
# will be replaced by gallium 3D<br />
Option "AIGLX" "false"<br />
EndSection<br />
</pre><br />
<br />
==Setting console resolution==<br />
Use the {{Package Official|fbset}} tool to adjust console resolution.</div>Stfnhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=116053OpenSSH2010-08-31T09:41:40Z<p>Stfn: /* Tips and Tricks */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
<br />
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
HashKnownHosts yes<br />
StrictHostKeyChecking ask}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
<br />
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#Protocol 2,1<br />
ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh''host''key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh''host''rsa_key<br />
#HostKey /etc/ssh/ssh''host''dsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 768<br />
<br />
# Logging<br />
#obsoletes ~QuietMode and ~FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh''known''hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
#ChallengeResponseAuthentication yes<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing,<br />
# and session processing. If this is enabled, PAM authentication will<br />
# be allowed through the ~ChallengeResponseAuthentication mechanism.<br />
# Depending on your PAM configuration, this may bypass the setting of<br />
# PasswordAuthentication, ~PermitEmptyPasswords, and<br />
# "PermitRootLogin without-password". If you just want the PAM account and<br />
# session checks to run without PAM authentication, then enable this but set<br />
# ChallengeResponseAuthentication=no<br />
#UsePAM no<br />
<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression yes<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
<br />
# no default banner path<br />
#Banner /some/path<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
You might want to change some lines so that they look as following:<br />
<pre><br />
Protocol 2<br />
.<br />
.<br />
.<br />
LoginGraceTime 120<br />
.<br />
.<br />
.<br />
PermitRootLogin no # (put yes here if you want root login)<br />
</pre><br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
/etc/ssh/sshd_config:<br />
<pre><br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no<br />
</pre><br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for an IP range<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL: DENY<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# /etc/rc.d/sshd restart<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# /etc/rc.d/sshd {start|stop|restart}<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. <br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
: Make sure you select SOCKS4 as the protocol to use. This procedure will not work for SOCKS5.<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
== Speed up SSH ==<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
Finally, you can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding those line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
=== Trouble Shooting ===<br />
<br />
make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
=== Keep Alive ===<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 5<br />
<br />
This will send a "keep alive" signal to the server every 5 seconds. You can usually increase this interval, and I use 120.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Stfn