{"id":22488610,"url":"https://github.com/cqfn/degit","last_synced_at":"2025-05-05T06:11:13.096Z","repository":{"id":46866419,"uuid":"269561260","full_name":"cqfn/degit","owner":"cqfn","description":"DeGit is a \"Decentralized GitHub\"","archived":false,"fork":false,"pushed_at":"2023-12-01T08:29:28.000Z","size":264,"stargazers_count":113,"open_issues_count":5,"forks_count":2,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-12-06T17:20:31.463Z","etag":null,"topics":["decentralized","git","peer-to-peer"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cqfn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-05T07:33:35.000Z","updated_at":"2024-06-27T00:16:01.000Z","dependencies_parsed_at":"2023-01-18T19:16:21.776Z","dependency_job_id":null,"html_url":"https://github.com/cqfn/degit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cqfn%2Fdegit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cqfn%2Fdegit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cqfn%2Fdegit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cqfn%2Fdegit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cqfn","download_url":"https://codeload.github.com/cqfn/degit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252448587,"owners_count":21749495,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decentralized","git","peer-to-peer"],"created_at":"2024-12-06T17:18:07.620Z","updated_at":"2025-05-05T06:11:13.075Z","avatar_url":"https://github.com/cqfn.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"\u003cimg src=\"/logo.svg\" width=\"92px\"/\u003e\n\n[![EO principles respected here](https://www.elegantobjects.org/badge.svg)](https://www.elegantobjects.org)\n[![Managed by Zerocracy](https://www.0crat.com/badge/C3RFVLU72.svg)](https://www.0crat.com/p/C3RFVLU72)\n[![DevOps By Rultor.com](http://www.rultor.com/b/cqfn/degit)](http://www.rultor.com/p/cqfn/degit)\n[![We recommend RubyMine](https://www.elegantobjects.org/rubymine.svg)](https://www.jetbrains.com/ruby/)\n\n[![Build Status](https://travis-ci.org/cqfn/degit.svg)](https://travis-ci.org/cqfn/degit)\n[![PDD status](http://www.0pdd.com/svg?name=cqfn/degit)](http://www.0pdd.com/p?name=cqfn/degit)\n[![Gem Version](https://badge.fury.io/rb/degit.svg)](http://badge.fury.io/rb/degit)\n[![Maintainability](https://api.codeclimate.com/v1/badges/74c909f06d4afa0d8001/maintainability)](https://codeclimate.com/github/cqfn/degit/maintainability)\n\n[![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/yegor256/takes/degit/master/LICENSE.txt)\n[![Test Coverage](https://img.shields.io/codecov/c/github/cqfn/degit.svg)](https://codecov.io/github/cqfn/degit?branch=master)\n[![Hits-of-Code](https://hitsofcode.com/github/cqfn/degit)](https://hitsofcode.com/view/github/cqfn/degit)\n\nDeGit is a decentralized [Git](https://git-scm.com/) projects hosting platform.\nYou can join by starting a node and pointing your browser\nat `127.0.0.1`. Then, just work with it as if it was GitHub.\nThere is no central point of failure,\nsince the network of DeGit nodes is run by anonymous volunteers.\n\nTo start, simply do (it uses your `.ssh/id_rsa` for authentication):\n\n```bash\n$ gem install degit\n$ degit run\n```\n\nIn a few seconds you can open `https://localhost:8080` and enjoy\nthe system, which is very similar to GitHub. You can, of course, use\nlocal Git repo, which is on-fly synchronized with other DeGit nodes.\n\n## Motivation and Related Works\n\nWe are not the first who are thinking about a decentralized solution\nfor hosting and managing of Git repositories. There were a few similar products\ncreated before (if you know anything else, please submit a pull request):\n\n  * [GitChain](http://gitchain.org/) (abandoned in 2014)\n  * [GitTorrent](https://github.com/cjb/GitTorrent) (abandoned in 2015)\n  * [Drepo](https://www.drepo.io/) (abandoned in 2018)\n  * [Radicle](https://github.com/radicle-dev) (read [this](https://outlierventures.io/wp-content/uploads/2019/11/Radicle-Diffusion-2019-1.pdf))\n  * [git-issue](https://github.com/dspinellis/git-issue)\n  * [git-ssb](https://scuttlebot.io/apis/community/git-ssb.html)\n  * [git-dit](https://github.com/neithernut/git-dit)\n  * [pando](https://github.com/pandonetwork/pando)\n  * [mango](https://github.com/axic/mango) (abandoned in 2016, watch [this](https://www.youtube.com/watch?v=tU7_Yf45okc))\n  * [ZeroNet](https://zeronet.io/) (not exactly Git, but relevant)\n\nEven though [GitHub](https://github.com),\n[GitLab](https://gitlab.com),\n[BitBucket](https://bitbucket.com),\n[Phabricator](https://phacility.com/phabricator/),\n[SourceForge](https://sourceforge.net/),\n[CodeCommit](https://console.aws.amazon.com/codecommit/home),\nand\n[Gitee](https://gitee.com) are great platforms,\nthey have three critical drawbacks:\n\n  * They are [not](https://news.ycombinator.com/item?id=20499070) 100% reliable,\n  * They [ban](https://medium.com/@catamphetamine/how-github-blocked-me-and-all-my-libraries-c32c61f061d3)\n    users for\n    [almost](https://medium.com/@hamed/github-blocked-my-account-and-they-think-im-developing-nuclear-weapons-e7e1fe62cb74)\n    [no reason](https://en.wikipedia.org/wiki/Censorship_of_GitHub), and\n  * They are under the [influence](https://techcrunch.com/2019/07/29/github-ban-sanctioned-countries/) of their local governments.\n\nIt seems that the need for a decentralized solution is obvious.\nWe believe that the community would enjoy having a platform\nwith the following features:\n\n  * [Pull requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests);\n  * Issues and milestones;\n  * Stars and followers;\n  * GitHub-like web user interface;\n  * Entirely free for everybody;\n  * Not owned by anyone;\n  * Moderated by the board of deputies.\n\nDeGit doesn't support private repositories, only public ones.\n\n## How to Start?\n\nIf you want to use DeGit in order to host your repositories,\njust like you use GitHub, read the instructions above: they\nare very simple.\nIf you want to run a node and contribute to DeGit network with your\nstorage and computational resources, here is how:\n\nFirst, you install\n[Ruby 2.6+](https://www.ruby-lang.org/en/) and\n[Docker](https://docs.docker.com/get-docker/)\n(we recommend you to use [Ubuntu 18.04](https://releases.ubuntu.com/18.04/)).\n\nThen, you make a directory, where Git repositories will be maintained. By default,\nit's `/var/degit`.\n\nNext, you run this (make sure you don't have SSHD running on the server, or you will\nhave a conflict on the port 22 already open):\n\n```bash\n$ docker run --rm --port 22:22 --volume /var/degit:/home/git cqfn/degit\n```\n\nThe container will start and you will have an ability to manage it via\ncommand line `degit` tool. For example, to limit the amount of repositories\nit hosts to 100, you just run:\n\n```bash\n$ degit config max.repositories 100\n```\n\nThe command line `degit` tool just makes changes to the files located in\n`/var/degit`, which are respected by the scripts inside the Docker container\nrunning.\n\n## How It Works?\n\nThe following principles are behind the architecture of DeGit:\n\n  * `.degit` directory in `master` branch is used to keep meta information\n  * Ownership of a repo is defined by public [RSA](https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys in `.degit`\n  * Issues, PRs, comments, stars, etc. are regular files in `.degit`\n  * Issues, PRs, and comments have hash codes instead of sequential IDs\n  * Each node decides for itself which repositories to host\n  * Give-and-take principle is in place: \"The more you host for me, the more I host for you\"\n  * Conflicts are resolved through proof-of-availability (PoA) consensus\n  * Neighbours-discovery protocol is similar to the one used in [Zold](https://blog.zold.io/2018/12/28/nodes-discovery-protocol.html)\n\n### Architecture\n\nThere are a few components in the system:\n\n\u003cimg height=\"400\" src=\"https://docs.google.com/drawings/d/e/2PACX-1vTzET3GD39uq7S6sTMqPHSUPYGGzkdxYk19ZoFAwi5d5GlD-W_sb6ozRxsALoVKABXLQi4R-dYhcXE-/pub?w=960\u0026amp;h=720\"\u003e\n\nThe **Dashboard** is a web server with a GitHub-like interface\nto let user manage issues, pull requests, milestones and so on.\n\nThe **Locator** is the dispatcher of requests through the network\nof DeGit nodes. When the user is trying to access the server that\ndoesn't have the repository the user is looking for, the Locator\nmakes a tunnel to another server and redirects the request there.\n\nThe **Authenticator** is responsible for permissions validating\nand may rely on some external services, like LDAP (in case of\nenterprise deployment).\n\nThe **Propagator** makes sure that changes pushed to the server\nare being sent to other servers right after they are accepted.\n\n### Data Flow Explained\n\n\"Availability\" is a non-negative integer assigned by a node to each of its neighbours.\nThe number goes up on every successful interaction with the neighbour. The\nnumber goes double-down on each network failure or any other\nnon-logical error.\n\nHere is how the data is propagated when you interact with Git on your laptop\n(the same happens automatically behind the scene if you use UI in the browser):\n\n  * You `git commit` your changes to your branches\n  * You do `git push` to your `localhost`\n  * On success, a built-in post-commit [hook](https://git-scm.com/docs/githooks) proceeds:\n  * It `git fetch` from the first neighbour with the highest availability\n  * It `git merge` if possible and all commits are signed correctly\n  * It `git push` back to the neighbour\n\nIt is highly recommended to avoid pushing to the\nsame branch from a few nodes,\nsince it may lead to inability to merge and abandonded\n(or lost) branches.\n\n### Authorization and Authentication\n\nA repository has a list of files in `.degit/permissions` directory. Each file\nstarts with a public RSA key and lists user IDs, permissions, etc.\n\nOn each `git push` event, post-commit hook goes through the list of added\ncommits and verifies permissions of each user. If any rule from\n`.degit/permissions` is not respected, the entire `push` operation is rejected.\n\nIt is recommended to have at least two users with write access to the `master`\nbranch, in order to avoid losing access to the repo when\nprivate RSA key is lost.\n\n### Incentives\n\nUnlike [Blockchain](https://en.wikipedia.org/wiki/Blockchain),\na full duplication of all database in all nodes is not\nrequired for DeGit. Instead, if a few nodes have the data of a repository,\nthis may be enough for the majority of cases. Thus, each node tries to\nhost a limited number of repositories, according to the disc space available.\n\nAlso, each node maintains a list of repositories seen along with the addresses of their\nhosting nodes. When a `git fetch` arrives for a repository that\nthe node doesn't have, it returns an error and a suggested list of nodes\nto ask for this repo.\n\nThus, no monetary incentives are provided to node owners, but they are not\nexpected to contribute large computational or storage resources to the system\n(like it happens in [Bitcoin](https://en.wikipedia.org/wiki/Bitcoin), for example).\n\n### Anti-Spam\n\n[Vandalism](https://en.wikipedia.org/wiki/Vandalism)\nis possible through new issues and comments: they may be\nsubmitted in large amounts. In order to fight against this, users may use\nscripts (a concept very close to [smart contracts](https://en.wikipedia.org/wiki/Smart_contract))\nto be executed on each post-commit hook to check\nthe validity of data submitted to `.degit`.\n\n### Moderation\n\nTo be continued...\n\n### DeGit for Enterprise\n\nOut-of-the box version of DeGit doesn't support private repositories. Here\nis how it may be modified to be hosted inside a company, to support\nin-house user authentication and restrict access to certain repositories\n(this is just an example):\n\n\u003cimg height=\"500\" src=\"https://docs.google.com/drawings/d/e/2PACX-1vQRE40i_rFpt4nA2Ds9WHw2VoLfUdziopYeIvKg8RtMPeZCbtXNnYnZ0-WmyNcSvIx2snmsp1sgOq6z/pub?w=912\u0026amp;h=766\"\u003e\n\nEach Web Node is running a Dashboard, which is getting\naccess information from [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)\nthrough the **AM** (Authentication Module). The AM has all the information\nabout all enterprise users and enables an additional layer of access\ngranting on top of RSA keys.\n\nThe **DB** (Database) contains the entire map of all servers running\nGit in the enterprise and makes it easier for each node to detect the\nright location of a repository and redirect requests. It also, being\na place of centralization, enables synchronization between nodes via locking:\nonly one Git node may work with a branch in a repository, while all others\nare waiting for the lock to be released.\n\nA set of [Nginx](https://www.nginx.com/) servers may act as a load balancer.\nA set of [HAProxy](https://www.haproxy.com/) servers may work as a load balancer for SSH traffic.\n\n## How to contribute\n\nRead [these guidelines](https://www.yegor256.com/2014/04/15/github-guidelines.html).\nMake sure your build is green before you contribute\nyour pull request. You will need to have [Ruby](https://www.ruby-lang.org/en/) 2.6+ and\n[Bundler](https://bundler.io/) installed. Then:\n\n```\n$ bundle update\n$ bundle exec rake\n```\n\nIf it's clean and you don't see any error messages, submit your pull request.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcqfn%2Fdegit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcqfn%2Fdegit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcqfn%2Fdegit/lists"}