I was trying to understand IPNS and something came to my mind.
By following the IPFS Examples, I noticed that the ipfs name publish <hash> command publishes the content using PeerID. So, if I understand well how IPNS works, it means that I am the only one who is able to publish content to this PeerID.
So now let’s say my friend wants to contribute to my content (by “contribute” I mean update content and then publish it to my PeerID). How can I let him do that ? Is it impossible because the ipfs name publish <hash> command only allows the PeerID owner to publish ?
The keys are in $HOME/.ipfs/keystore, so maybe it’s possible to generate a key for the website, and then share it with collaborators. (?)
I.e. ipfs key gen --type=rsa --size=2048 shared-site-key
then share the key, and then anyone with the key can publish to ipns via ipfs name publish --key=shared-site-key /ipfs/Hash
But I’m not sure whether additional keys are tied to the originating node.
On the other hand, a collaborator can just ipfs get the underlying ipfs directory, edit the necessary files, then re-add the directory to ipfs recursively, which will produce a new parent hash, then you can publish that hash to ipns. This way, the publishing key would stay on your node.
Yes, that is exactly how you do it. One can have multiple keys in .ipfs/keystore.
Those additionally generated keys are not tied to a node (which has a separate, “identity” key on its own).
One can copy one of those keys to a different node and publish to the same ipns from there.
Right. But you have to keep in mind that, aside from publishing to ipns when file changes occurred, you also need to republish after every 24 (12?) hours even without changes, but that has to be done manually if you’re using a different key than your node’s default key self, i.e. your PeerID. Auto-republication by your node only happens, if you use the default PeerID. But on GitHub I heard that the devs are working on extending this functionality to the user-generated keys, but I have no idea how soon this will happen.
You could (if you’re on macOS) create a LaunchAgent that runs e.g. every 4 hours and automates the “republication”. See the script below, but I’m not sure if that’s all that’s needed (I haven’t tested it). If IPFS isn’t yet running, it would run ipfs daemon and wait 5 seconds before starting the repub loop; I guess that’s time enough. And you would need a text file $HOME/.ipns/ipns-pubs.txt, a path you can obviously change. In that text file you would need one line for each IPNS publication, each with two columns, the first column with the current IPFS parent hash, and the second column with the key that you’re using to (re-) publish that IPFS hash; use “self” if you’re publishing an IPFS hash using your default PeerID. /usr/local/bin needs to be in your $PATH, of course… or your $GOPATH, if you’ve built go-ipfs yourself.
#!/bin/bash
IPFS=""
IPNS_LIST=$(cat "$HOME/.ipns/ipns-pubs.txt")
if [[ "$IPNS_LIST" == "" ]] ; then
echo "No hashes to republish."
echo "Exiting."
exit
fi
if [[ $(ps aux | /usr/bin/grep "ipfs daemon" | grep -v "/usr/bin/grep ipfs daemon") == "" ]] ; then
echo "IPFS daemon not running. Starting now..."
ipfs daemon &
sleep 5
IPFS="start"
else
echo "IPFS daemon already running."
fi
while read -r LINE
do
[[ "$LINE" == "" ]] && continue
IPFS_HASH=$(echo "$LINE" | awk '{print $1}')
IPNS_KEY=$(echo "$LINE" | awk '{print $2}')
[[ "$IPNS_KEY" == "" ]] && continue
echo "Now publishing $IPFS_HASH with $IPNS_KEY"
if [[ "$IPNS_KEY" == "self" ]] ; then
ipfs name publish /ipfs/"$IPFS_HASH"
else
ipfs name publish --key="$IPNS_KEY" /ipfs/"$IPFS_HASH"
fi
done < <(echo "$IPNS_LIST")
if [[ "$IPFS" == "start" ]] ; then
echo "Stopping IPFS daemon..."
killall ipfs
fi
echo "Done."