smr/doc/hacking.md

# A gentle introduction to SMR

SMR is a small Pastebin clone, with a few extra features. One of it's goals is
to be simple and easy to modify. This document will explain how:

## Downloading

The canonical location for the SMR source repository is
`https://git.fuwafuwa.moe/rmalley/smr`
In the case of downtime, a mirror is available at
`https://dev.sum7.eu/Robin.Malley/smr`

## Dependencies

SMR requires the following things to be install on the host system.

* kore - Web server framework for C https://kore.io
* luarocks - package manager for the Lua programming language. Will require a
working Lua environment. The maintainer recommends `luajit`, SMR is written
against Lua 5.1, but should still work on 5.2. Lua 5.3 introduced breaking
changes and may require additional modification.
  * spp - A simple preprocessor used to preprocess some files.

## Installing

After doing `git clone`, `make` and `make install`, SMR will install itself
under `/var/lib/smr/`, in this folder, there will be 2 more folders, each
corresponding to a chroot environment:

* `kore_worker` - The chroot where business logic runs. All application code
lives under `/var/smr/`. This chroot also holds the database for
at `/var/smr/data/posts.db` (so the full path from the host to the database
is `/var/lib/smr/kore_worker/var/smr/data/posts.db`). After the kore worker
starts and chroots, it runs the file `/var/smr/init.lua`. In addition, SMR
will install lua rocks under `/usr/lib/luarocks` under the chroot.

* `kore_keymgr` - The chroot where https keys are stored.
The entire point of the keymgr process is to separate the processes
that runs business logic from the process that holds encryption keys.
In theory, even in the event of an arbitrary code execution vulnerability in the
SMR code, the encryption keys used for the site should still be safe.