The program kup-server is expected to be the receiver of an ssh shell, configured with the following or similar options in ~/.ssh/authorized_keys:
command="/usr/bin/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[...]
Each user should have their own UID, as Unix user permissions are used for specific tree access control. On the client side, a corresponding client-side utility kup is used to initiate the connection and perform the uploads.
The configuration file for kup-server is located in /etc/kup/kup-server.cfg and has the following options:
All paths in this section should be disjoint. Do not combine any of them into one directory.
- data_path = /var/lib/kup/pub
Path for public consumption, e.g. served via http or rsync.
- git_path = /var/lib/git
This is the path where git trees (for the TAR and DIFF options) are available. Those should be readonly for the uploaders.
- lock_file = /var/run/kup/lock
A common lock file for data_path. No program should modify the content in data_path without holding an flock on this file. Should be readonly for the uploaders.
- tmp_path = /var/lib/kup/tmp
tmp_path can be either:
1. a directory writable by every user and with the sticky bit set (typically mode 1777 or 1770). In that case, DO NOT end the path with a slash, or:
2. A directory containing an empty directory for each user (named for that user), owned by that user and mode 0700. In this case, DO end the path with a slash.
In either case, this directory tree MUST be on the same filesystem as data_path, since the script expects tocreate files in this directory and rename() them into data_path.
- pgp_path = /var/lib/kup/pgp
A directory containing a GnuPG public keyring for each user, named <user>.gpg and readable (but not writable) by that user.
All sizes are in bytes, all times in seconds.
- max_data = 8589934592
Max size of uploaded data.
- bufsiz = 262144
Buffer size when reading data.
- timeout_command = 30
How long to wait for a command to time out.
- timeout_data = 300
Must read at least bufsiz bytes in this timespan.
- timeout_compress = 900
Uncompressing tarballs must take at most this long.
- timeout_compress_cpu = 900
Each compression command must take at most this long in CPU time.
This section allows specifying the compressors to use when creating compressed versions of uploaded content.
- use = gz, xz
A comma-separated list of file extensions to create (minus the leading dot). For each extension specified, you will need to add a matching section specifying which command and flags to use for decompression and which for compression. Make sure to configure the decompress command to output to stdout. E.g.:
[gz] compress_command = /bin/pigz -9 decompress_command = /bin/gzip -cd [xz] compress_command = /bin/xz -9 -T0 decompress_command = /bin/xz -cd
Written by H. Peter Anvin <email@example.com>.
Copyright © 2011 Intel Corporation
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, Inc.; either version 2 of the License, or (at your option) any later version; incorporated herein by reference. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.