i2p.i2p, i2p.www and i2p.syndie branches{% endtrans %}{% trans transitionguide=site_url('misc/transition-guide'), newdevs=site_url('get-involved/guides/new-developers') -%} This is a revised version of Complication's original guide detailing the use of Monotone in I2P development. For basic instructions see the quick-start guide. {%- endtrans %}
{% trans licenses=site_url('get-involved/develop/licenses') -%} I2P has a distributed development model. The source code is replicated across independently administered Monotone ("MTN") repositories. Developers with commit rights are able to push their changes to the repository (a license agreement needs to be signed before commit rights are granted). {%- endtrans %}
{% trans -%} Some of Monotone's noteworthy qualities are: distributed version control, cryptographic authentication, access control, its small size, having few dependencies, storage of projects in a compressed SQLite database file, and having the ability to resume interrupted synchronization attempts. {%- endtrans %}
{% trans -%} A transport key grants you the ability to push your changes to a Monotone repository server. In order to commit code into Monotone (in essence signing your code), a commit key is also needed. None of the public Monotone servers on I2P currently require a key in order to read (or pull) the source code. {%- endtrans %}
{% trans -%} Without a transport key, one cannot:
{% trans -%} Without a commit key, one cannot:
{% trans -%} If you only intend to retrieve code from MTN, feel free to skip to the next section. If you want to generate keys, read the following. {%- endtrans %}
{% trans -%} By convention keys are named like an e-mail addresses, but a corresponding e-mail address does not need to exist. For example, your keys might be named: {%- endtrans %}
{% trans -%}
Monotone stores keys under $HOME/.monotone/keys in text files which
are named identically to the keys. For example:
{%- endtrans %}
/home/complication/.monotone/keys/complication@mail.i2p{% trans -%} To generate transport and commit keys, enter the following commands at a prompt: {%- endtrans %}
$ mtn genkey yourname-transport@someplace$ mtn genkey yourname@someplace{% trans -%} Monotone will prompt you for a password to protect your keys. You are very strongly encouraged to set a password for the commit key. Many users will leave an empty password for the transport key, especially those running a Monotone server. {%- endtrans %}
{% trans -%} Monotone's security model helps to ensure that nobody can easily impersonate a developer without it being noticed. Since developers can make mistakes and become compromised,only manual review can ensure quality of code. Monotone's trust model will ensure that you read the right diffs. It does not replace reading diffs. {%- endtrans %}
{% trans -%} A Monotone repository is a single file (a compressed SQLite database) which contains all of the project's source code and history. {%- endtrans %}
{% trans -%} After importing the developers' keys into Monotone and setting up trust evaluation hooks, Monotone will prevent untrusted code from being checked out into your workspace. There are commands available to clean untrusted code from your workspace but in practice they've not been needed due to the push access policies in place. {%- endtrans %}
{% trans -%} A repository can hold many branches. For example, our repository holds the following main branches: {%- endtrans %}
{% trans -%}
By convention, the I2P Monotone repository is named i2p.mtn. Before pulling
source code from servers, a database for your repository will need to be initialized.
To initialize your local repository, change into the directory that you want the
i2p.mtn file and branch directories to be stored and issue the following
command:
{%- endtrans %}
$ mtn --db="i2p.mtn" db init{% trans -%} Keys which developers use to commit code are essential for trust evaluation in Monotone. The other developers' transport keys are only required for Monotone server operators. {% endtrans %}
{% trans signedkeys=site_url('get-involved/develop/signed-keys') -%} Developers' commit keys are provided GPG-signed on another page. {%- endtrans %}
{% trans devkeys=site_url('get-involved/develop/developers-keys') -%}
To import developers' keys after verifying their authenticity, copy all of the keys into a new
file. Create this file (e.g. keys.txt) in the same directory where i2p.mtn is located. Import the keys with the command:
{%- endtrans %}
$ mtn --db="i2p.mtn" read < keys.txt
{% trans -%}
Note: Never add keys to $HOME/.monotone/keys manually.
{%- endtrans %}
{% trans -%} The default Monotone trust policy is way too lax for our requirements: every committer is trusted by default. That is not acceptable for I2P development. {%- endtrans %}
{% trans -%}
Change into the directory $HOME/.monotone and open the file
monotonerc with a text editor. Copy and paste the following two functions into this file:
{%- endtrans %}
{% include "include/monotonerc.html" %}
{% trans -%} The first function determines an intersection between two sets, in our case a revision's signers and trusted signers. {%- endtrans %}
{% trans -%} The second function determines trust in a given revision, by calling the first function with "signers" and "trusted" as arguments. If the intersection is null, the revision is not trusted. If the intersection is not empty, the revision is trusted. Otherwise, the revision is not trusted. {%- endtrans %}
{% trans -%} More information about Trust Evaluation Hooks can be found in the official Monotone documentation. {%- endtrans %}
i2p.i2p, i2p.www and i2p.syndie branches{% endtrans %}{% trans -%} I2P is shipped with a pre-configured tunnel pointing to the project Monotone server. Ensure that the tunnel has been started within I2PTunnel before attempting to pull the source code from 127.0.0.1:8998. {%- endtrans %}
{% trans -%}
Enter the directory where you initialized i2p.mtn. Depending on whether you
want only I2P sources, or also sources for the I2P website and Syndie, you can
perform the pull operation in different ways.
{%- endtrans %}
{% trans -%} If you only want I2P sources: {%- endtrans %}
$ mtn --db="i2p.mtn" -k "" pull "mtn://127.0.0.1:8998?i2p.i2p"{% trans -%} If you want all branches: {%- endtrans %}
$ mtn --db="i2p.mtn" -k "" pull "mtn://127.0.0.1:8998?i2p.*"{% trans -%} Pulling in the above examples is done anonymously by specifying an empty transport key. If everyone pulls anonymously it will be harder for an attacker who gains control of the server to selectively provide some people with tampered data. {%- endtrans %}
{% trans -%} To verify that trust evaluation works: {%- endtrans %}
monotonerc file.{% endtrans %}monotonerc by setting the trusted_signers variable in the following way:{% endtrans %}
local trusted_signers = {}
monotonerc configured as above, Monotone will no longer trust any committers. Confirm this by changing into the
directory where i2p.mtn was created and attempt a checkout of the I2P branch:
{%- endtrans %}
$ mtn --db="i2p.mtn" co --branch="i2p.i2p"
{% trans -%}
A directory named i2p.i2p should not appear. You should encounter many
error messages like:
{%- endtrans %}
mtn: warning: trust function disliked 1 signers
of branch cert on revision 523c15f6f50cad3bb002f830111fc189732f693b
mtn: warning: trust function disliked 1 signers
of branch cert on revision 8ac13edc2919dbd5bb596ed9f203aa780bf23ff0
mtn: warning: trust function disliked 1 signers
of branch cert on revision 8c4dd8ad4053baabb102a01cd3f91278142a2cd1
mtn: misuse: branch 'i2p.i2p' is empty
{% trans -%}
If you are satisfied with results, restore the backup of
monotonerc that was created above. If you didn't create a backup
as advised, re-read Setting up trust evaluation hooks.
{%- endtrans %}
{% trans -%} If you already have a branch checked out, skip to the next section. {%- endtrans %}
{% trans -%}
Change into the directory where i2p.mtn is located. Over there issue:
{%- endtrans %}
mtn --db="i2p.mtn" co --branch="i2p.i2p"
{% trans -%}
The checkout should complete without error messages and a directory named
i2p.i2p should appear in the current directory. Congratulations! You have
successfully checked out the latest I2P sources, ready to be compiled.
{%- endtrans %}
{% trans -%}
If you haven't done this already, pull fresh code from the server to your local
Monotone repository. To accomplish this, change into the directory where
i2p.mtn is located and issue:
{%- endtrans %}
mtn --db="i2p.mtn" -k "" pull "mtn://127.0.0.1:8998?i2p.i2p"
{% trans -%}
Now change into your i2p.i2p directory, and over there issue:
{%- endtrans %}
mtn update{% trans -%} As long as there were no errors…Congratulations! You have successfully updated to the latest I2P sources. They should be ready to compile. {%- endtrans %}
{% trans -%} As a server operator you may want to grant push access to certain developers. {%- endtrans %}
{% trans -%} By default the Monotone server denies all access. {%- endtrans %}
{% trans -%}
To grant pull access to all clients, set the following in
{%- endtrans %}
$HOME/.monotone/read-permissions:
pattern "*"
allow "*"
{% trans -%} No one will not be able to push code to your server without permission being explicitly granted. To grant push access: {%- endtrans %}
$HOME/.monotone/write-permissions, such as
zzz-transport@mail.i2p
complication-transport@mail.i2p
{% trans -%} A separate database should be used for your Monotone server because monotone will lock the database while it is served to others. Make a copy of your development database, then start the server with: {%- endtrans %}
mtn serve --bind="127.0.0.1:8998" --db="i2p.mtn" --key "myserver-transport@mail.i2p"{% trans -%} For your server to be accessible for others over I2P, you will need to create a server tunnel for it. Use the "Standard" tunnel type and "Bulk" profile. {%- endtrans %}
{% trans -%} Debian (amongst other distributions) has integrated Monotone into their framework of daemons/services. Although Monotone servers can still be run "the ordinary way" on Debian systems, doing it the "Debian way" may be more straightforward. {%- endtrans %}
{% trans -%}
Permissions are granted by editing the files
/etc/monotone/read-permissions and
/etc/monotone/write-permissions. You'll also need to edit
/etc/default/monotone to enable monotone to start at boot or to
customize the host, port, or database location.
{%- endtrans %}