mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
git-annex/Creds.hs

235 lines
7.9 KiB
Haskell
Raw Normal View History

factor out Creds
2012-11-14 23:32:27 +00:00
{- Credentials storage
-
convert configParser to Annex action and add passthrough option Needed so Remote.External can query the external program for its configs. When the external program does not support the query, the passthrough option will make all input fields be available.
2020-01-14 17:18:15 +00:00
- Copyright 2012-2020 Joey Hess <id@joeyh.name>
factor out Creds
2012-11-14 23:32:27 +00:00
-
update licenses from GPL to AGPL This does not change the overall license of the git-annex program, which was already AGPL due to a number of sources files being AGPL already. Legally speaking, I'm adding a new license under which these files are now available; I already released their current contents under the GPL license. Now they're dual licensed GPL and AGPL. However, I intend for all my future changes to these files to only be released under the AGPL license, and I won't be tracking the dual licensing status, so I'm simply changing the license statement to say it's AGPL. (In some cases, others wrote parts of the code of a file and released it under the GPL; but in all cases I have contributed a significant portion of the code in each file and it's that code that is getting the AGPL license; the GPL license of other contributors allows combining with AGPL code.)
2019-03-13 19:48:14 +00:00
- Licensed under the GNU AGPL version 3 or higher.
factor out Creds
2012-11-14 23:32:27 +00:00
-}
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
module Creds (
module Types.Creds,
CredPairStorage(..),
setRemoteCredPair,
ported Remote.External Not yet added anything to the protocol to get a list of remote config fields; any fields will be accepted and are available for the external remote to use as before. There is one minor behavior change.. Before, GETCONFIG could be passed a field such as type, externaltype, encryption, etc, and would get the value of that. Now, GETCONFIG only works on fields that don't have a defined meaning to git-annex, so are passed through to the external remote. This seems unlikely to affect any external special remotes in practice.
2020-01-15 17:01:22 +00:00
setRemoteCredPair',
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
getRemoteCredPair,
S3: Publically accessible buckets can be used without creds.
2015-06-05 20:23:35 +00:00
getRemoteCredPairFor,
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key. When public access is used for the remote, it complained that the user needed to set creds to use it, which was just wrong. When creds were being used, it fell back from trying to use the version ID to just accessing the key in the bucket, which was ok for non-export remotes, but wrong for buckets. In both cases, display a hopefully useful warning. This should only come up when an existing S3 remote has been exported to, and then later versioning was enabled. Note that it would perhaps be possible to fall back from trying to use retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport, which may work when S3 version ID is missing. But there are problems with that approach; how to tell when retrieveKeyFile has failed due to this rather than a network problem etc? Anyway, that approach would only work until the file in the export got overwritten, and then it would no longer be accessible. And with versioning enabled, the user wants old versions of objects to remain accessible, so it seems better to warn about the problem as soon as possible, so they can go back and add S3 version IDs. This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
missingCredPairFor,
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
getEnvCredPair,
distinguish between cached and uncached creds p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
2018-12-04 18:02:37 +00:00
writeCreds,
readCreds,
credsFile,
webapp: Fix UI for removing XMPP connection.
2014-04-20 16:46:33 +00:00
removeCreds,
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
includeCredsInfo,
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
) where
factor out Creds
2012-11-14 23:32:27 +00:00
remove 163 lines of code without changing anything except imports
2016-01-20 20:36:33 +00:00
import Annex.Common
support gpg.program When gpg.program is configured, it's used to get the command to run for gpg. Useful on systems that have only a gpg2 command or want to use it instead of the gpg command.
2015-09-09 22:06:49 +00:00
import qualified Annex
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
import Types.Creds
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
import Types.RemoteConfig
separate RemoteConfig parsing basically working Many special remotes are not updated yet and are commented out.
2020-01-14 16:35:08 +00:00
import Annex.SpecialRemote.Config
factor out Creds
2012-11-14 23:32:27 +00:00
import Annex.Perms
import Utility.FileMode
import Crypto
be stricter about rejecting invalid configurations for remotes This is a first step toward that goal, using the ProposedAccepted type in RemoteConfig lets initremote/enableremote reject bad parameters that were passed in a remote's configuration, while avoiding enableremote rejecting bad parameters that have already been stored in remote.log This does not eliminate every place where a remote config is parsed and a default value is used if the parse false. But, I did fix several things that expected foo=yes/no and so confusingly accepted foo=true but treated it like foo=no. There are still some fields that are parsed with yesNo but not not checked when initializing a remote, and there are other fields that are parsed in other ways and not checked when initializing a remote. This also lays groundwork for rejecting unknown/typoed config keys.
2020-01-10 18:10:20 +00:00
import Types.ProposedAccepted
fix embedcreds=yes reversion Fix bug that made enableremote of S3 and webdav remotes, that have embedcreds=yes, fail to set up the embedded creds, so accessing the remotes failed. (Regression introduced in version 7.20200202.7 in when reworking all the remote configs to be parsed.) Root problem is that parseEncryptionConfig excludes all other config keys except encryption ones, so it is then unable to find the credPairRemoteField. And since that field is not required to be present, it proceeds as if it's not, rather than failing in any visible way. This causes it to not find any creds, and so it does not cache them. When when the S3 remote tries to make a S3 connection, it finds no creds, so assumes it's being used in no-creds mode, and tries to find a public url. With no public url available, it fails, but the failure doesn't say a lack of creds is the problem. Fix is to provide setRemoteCredPair with a ParsedRemoteConfig, so the full set of configs of the remote can be parsed. A bit annoying to need to parse the remote config before the full config (as returned by setRemoteCredPair) is available, but this avoids the problem. I assume webdav also had the problem by inspection, but didn't try to reproduce it with it. Also, getRemoteCredPair used getRemoteConfigValue to get a ProposedAccepted String, but that does not seem right. Now that it runs that code, it crashed saying it had just a String. Remotes that have already been enableremoted, and so lack the cached creds file will work after this fix, because getRemoteCredPair will extract the creds from the remote config, writing the missing file. This commit was sponsored by Ilya Shlyakhter on Patreon.
2020-05-21 18:34:29 +00:00
import Remote.Helper.Encryptable (remoteCipher, remoteCipher', embedCreds, EncryptionIsSetup, extractCipher)
plumb creds from webapp to initremote Avoids abusing setting environment variables, which was always a hack and won't work on windows.
2014-02-11 18:06:50 +00:00
import Utility.Env (getEnv)
finish fixing removeLink on windows 9cb250f7be21a8f5b15454df4fb67bfd1811e39d got the ones in RawFilePath, but there were others that used the one from unix-compat, which fails at runtime on windows. To avoid this, import System.PosixCompat.Files hiding removeLink This commit was sponsored by Ethan Aubin.
2020-11-24 16:38:12 +00:00
import Utility.Base64
import qualified Utility.RawFilePath as R
factor out Creds
2012-11-14 23:32:27 +00:00
import qualified Data.ByteString.Lazy.Char8 as L
fix strictness issue Recent changes to Utility.Gpg exposed a strictness bug in how Creds uses it.
2020-06-16 21:03:19 +00:00
import qualified Data.ByteString.Char8 as S
factor out Creds
2012-11-14 23:32:27 +00:00
import qualified Data.Map as M
more RawFilePath conversion Converted file mode setting to it, and follow-on changes. Compiles up through 369/646. This commit was sponsored by Ethan Aubin.
2020-11-05 22:45:37 +00:00
import qualified System.FilePath.ByteString as P
factor out Creds
2012-11-14 23:32:27 +00:00
deMaybe credPairRemoteKey It's always Just
2018-12-04 17:37:43 +00:00
{- A CredPair can be stored in a file, or in the environment, or
factor out Creds
2012-11-14 23:32:27 +00:00
- in a remote's configuration. -}
data CredPairStorage = CredPairStorage
{ credPairFile :: FilePath
, credPairEnvironment :: (String, String)
rename RemoteConfigKey to RemoteConfigField And some associated renames. I was going to have some values named fooKeyKey otherwise..
2019-10-10 19:31:10 +00:00
, credPairRemoteField :: RemoteConfigField
factor out Creds
2012-11-14 23:32:27 +00:00
}
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
{- Stores creds in a remote's configuration, if the remote allows
enableremote: When the remote has creds, update the local creds cache file. Before, the old version of the creds could be left there, and would continue to be used.
2014-10-22 18:28:25 +00:00
- that. Also caches them locally.
-
- The creds are found from the CredPairStorage storage if not provided,
- so may be provided by an environment variable etc.
glacier, S3: Fix bug that caused embedded creds to not be encypted using the remote's key. encryptionSetup must be called before setRemoteCredPair. Otherwise, the RemoteConfig doesn't have the cipher in it, and so no cipher is used to encrypt the embedded creds. This is a security fix for non-shared encryption methods! For encryption=shared, there's no security problem, just an inconsistentency in whether the embedded creds are encrypted. This is very important to get right, so used some types to help ensure that setRemoteCredPair is only run after encryptionSetup. Note that the external special remote bypasses the type safety, since creds can be set after the initial remote config, if the external special remote program requests it. Also note that IA remotes never use encryption, so encryptionSetup is not run for them at all, and again the type safety is bypassed. This leaves two open questions: 1. What to do about S3 and glacier remotes that were set up using encryption=pubkey/hybrid with embedcreds? Such a git repo has a security hole embedded in it, and this needs to be communicated to the user. Is the changelog enough? 2. enableremote won't work in such a repo, because git-annex will try to decrypt the embedded creds, which are not encrypted, so fails. This needs to be dealt with, especially for ecryption=shared repos, which are not really broken, just inconsistently configured. Noticing that problem for encryption=shared is what led to commit fbdeeeed5fa276d94be587c8916d725eddcaf546, which tried to fix the problem by not decrypting the embedded creds. This commit was sponsored by Josh Taylor.
2014-09-18 21:07:17 +00:00
-
- The remote's configuration should have already had a cipher stored in it
- if that's going to be done, so that the creds can be encrypted using the
not a phantom type
2019-04-27 18:08:11 +00:00
- cipher. The EncryptionIsSetup is witness to that being the case.
glacier, S3: Fix bug that caused embedded creds to not be encypted using the remote's key. encryptionSetup must be called before setRemoteCredPair. Otherwise, the RemoteConfig doesn't have the cipher in it, and so no cipher is used to encrypt the embedded creds. This is a security fix for non-shared encryption methods! For encryption=shared, there's no security problem, just an inconsistentency in whether the embedded creds are encrypted. This is very important to get right, so used some types to help ensure that setRemoteCredPair is only run after encryptionSetup. Note that the external special remote bypasses the type safety, since creds can be set after the initial remote config, if the external special remote program requests it. Also note that IA remotes never use encryption, so encryptionSetup is not run for them at all, and again the type safety is bypassed. This leaves two open questions: 1. What to do about S3 and glacier remotes that were set up using encryption=pubkey/hybrid with embedcreds? Such a git repo has a security hole embedded in it, and this needs to be communicated to the user. Is the changelog enough? 2. enableremote won't work in such a repo, because git-annex will try to decrypt the embedded creds, which are not encrypted, so fails. This needs to be dealt with, especially for ecryption=shared repos, which are not really broken, just inconsistently configured. Noticing that problem for encryption=shared is what led to commit fbdeeeed5fa276d94be587c8916d725eddcaf546, which tried to fix the problem by not decrypting the embedded creds. This commit was sponsored by Josh Taylor.
2014-09-18 21:07:17 +00:00
-}
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
setRemoteCredPair
:: EncryptionIsSetup
-> ParsedRemoteConfig
-> RemoteGitConfig
-> CredPairStorage
-> Maybe CredPair
-> Annex RemoteConfig
setRemoteCredPair encsetup pc gc storage mcreds = unparsedRemoteConfig <$>
setRemoteCredPair' pc encsetup gc storage mcreds
ported Remote.External Not yet added anything to the protocol to get a list of remote config fields; any fields will be accepted and are available for the external remote to use as before. There is one minor behavior change.. Before, GETCONFIG could be passed a field such as type, externaltype, encryption, etc, and would get the value of that. Now, GETCONFIG only works on fields that don't have a defined meaning to git-annex, so are passed through to the external remote. This seems unlikely to affect any external special remotes in practice.
2020-01-15 17:01:22 +00:00
setRemoteCredPair'
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
:: ParsedRemoteConfig
ported Remote.External Not yet added anything to the protocol to get a list of remote config fields; any fields will be accepted and are available for the external remote to use as before. There is one minor behavior change.. Before, GETCONFIG could be passed a field such as type, externaltype, encryption, etc, and would get the value of that. Now, GETCONFIG only works on fields that don't have a defined meaning to git-annex, so are passed through to the external remote. This seems unlikely to affect any external special remotes in practice.
2020-01-15 17:01:22 +00:00
-> EncryptionIsSetup
-> RemoteGitConfig
-> CredPairStorage
-> Maybe CredPair
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
-> Annex ParsedRemoteConfig
setRemoteCredPair' pc encsetup gc storage mcreds = case mcreds of
Nothing -> maybe (return pc) (setRemoteCredPair' pc encsetup gc storage . Just)
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
=<< getRemoteCredPair pc gc storage
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
Just creds
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
| embedCreds pc -> do
rename RemoteConfigKey to RemoteConfigField And some associated renames. I was going to have some values named fooKeyKey otherwise..
2019-10-10 19:31:10 +00:00
let key = credPairRemoteField storage
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
localcache creds
storeconfig creds key =<< remoteCipher pc gc
| otherwise -> do
localcache creds
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
return pc
add credential storage support for external special remotes & update example
2013-12-27 20:01:43 +00:00
where
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
localcache creds = writeCacheCredPair creds storage
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
storeconfig creds key (Just cipher) = do
support gpg.program When gpg.program is configured, it's used to get the command to run for gpg. Useful on systems that have only a gpg2 command or want to use it instead of the gpg command.
2015-09-09 22:06:49 +00:00
cmd <- gpgCmd <$> Annex.getGitConfig
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
s <- liftIO $ encrypt cmd (pc, gc) cipher
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
(feedBytes $ L.pack $ encodeCredPair creds)
fix strictness issue Recent changes to Utility.Gpg exposed a strictness bug in how Creds uses it.
2020-06-16 21:03:19 +00:00
(readBytesStrictly $ return . S.unpack)
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
storeconfig' key (Accepted (toB64 s))
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
storeconfig creds key Nothing =
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
storeconfig' key (Accepted (toB64 $ encodeCredPair creds))
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
external: SETCREDS include creds in externalConfigChanges This makes the creds get saved, since only things recorded there will be saved. IIRC, unparsedRemoteConfig was not originally available when I implemented this; now that it is things get a bit simpler. More could probably be simplified, is externalConfigChanges needed at all? This does not entirely fix the bugs though, because creds are only embedded when embedcreds=yes, but not when encryption=pubkey is used without embedcreds=yes.
2020-06-16 21:24:24 +00:00
storeconfig' key val = return $ pc
{ parsedRemoteConfigMap = M.insert key (RemoteConfigValue val) (parsedRemoteConfigMap pc)
, unparsedRemoteConfig = M.insert key val (unparsedRemoteConfig pc)
}
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
factor out Creds
2012-11-14 23:32:27 +00:00
{- Gets a remote's credpair, from the environment if set, otherwise
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
- from the cache in gitAnnexCredsDir, or failing that, from the
factor out Creds
2012-11-14 23:32:27 +00:00
- value in RemoteConfig. -}
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
getRemoteCredPair :: ParsedRemoteConfig -> RemoteGitConfig -> CredPairStorage -> Annex (Maybe CredPair)
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
getRemoteCredPair c gc storage = maybe fromcache (return . Just) =<< fromenv
factor out Creds
2012-11-14 23:32:27 +00:00
where
fromenv = liftIO $ getEnvCredPair storage
fromcache = maybe fromconfig (return . Just) =<< readCacheCredPair storage
deMaybe credPairRemoteKey It's always Just
2018-12-04 17:37:43 +00:00
fromconfig = do
rename RemoteConfigKey to RemoteConfigField And some associated renames. I was going to have some values named fooKeyKey otherwise..
2019-10-10 19:31:10 +00:00
let key = credPairRemoteField storage
deMaybe credPairRemoteKey It's always Just
2018-12-04 17:37:43 +00:00
mcipher <- remoteCipher' c gc
one more bugfix to external special remote creds The creds are passedthrough in this case, so check for such first to avoid a crash when getRemoteConfigValue sees a type it was not expecting.
2020-06-16 22:28:26 +00:00
-- The RemoteConfig value may be passed through.
-- Check for those first, because getRemoteConfigValue
-- will throw an error if it does not find it.
let getval = M.lookup key (getRemoteConfigPassedThrough c)
<|> getRemoteConfigValue key c
case (getval, mcipher) of
deMaybe credPairRemoteKey It's always Just
2018-12-04 17:37:43 +00:00
(Nothing, _) -> return Nothing
(Just enccreds, Just (cipher, storablecipher)) ->
fromenccreds enccreds cipher storablecipher
(Just bcreds, Nothing) ->
fromcreds $ fromB64 bcreds
deal with old repositories with non-encrypted creds See 2f3c3aa01ff0eb1dfdf1e30ff29fef40ed8fd167 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
2014-09-18 21:58:03 +00:00
fromenccreds enccreds cipher storablecipher = do
support gpg.program When gpg.program is configured, it's used to get the command to run for gpg. Useful on systems that have only a gpg2 command or want to use it instead of the gpg command.
2015-09-09 22:06:49 +00:00
cmd <- gpgCmd <$> Annex.getGitConfig
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
mcreds <- liftIO $ catchMaybeIO $ decrypt cmd (c, gc) cipher
deal with old repositories with non-encrypted creds See 2f3c3aa01ff0eb1dfdf1e30ff29fef40ed8fd167 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
2014-09-18 21:58:03 +00:00
(feedBytes $ L.pack $ fromB64 enccreds)
fix strictness issue Recent changes to Utility.Gpg exposed a strictness bug in how Creds uses it.
2020-06-16 21:03:19 +00:00
(readBytesStrictly $ return . S.unpack)
deal with old repositories with non-encrypted creds See 2f3c3aa01ff0eb1dfdf1e30ff29fef40ed8fd167 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
2014-09-18 21:58:03 +00:00
case mcreds of
Just creds -> fromcreds creds
Nothing -> do
-- Work around un-encrypted creds storage
-- bug in old S3 and glacier remotes.
-- Not a problem for shared cipher.
case storablecipher of
SharedCipher {} -> showLongNote "gpg error above was caused by an old git-annex bug in credentials storage. Working around it.."
Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. ghc 8 added backtraces on uncaught errors. This is great, but git-annex was using error in many places for a error message targeted at the user, in some known problem case. A backtrace only confuses such a message, so omit it. Notably, commands like git annex drop that failed due to eg, numcopies, used to use error, so had a backtrace. This commit was sponsored by Ethan Aubin.
2016-11-16 01:29:54 +00:00
_ -> giveup "*** Insecure credentials storage detected for this remote! See https://git-annex.branchable.com/upgrades/insecure_embedded_creds/"
deal with old repositories with non-encrypted creds See 2f3c3aa01ff0eb1dfdf1e30ff29fef40ed8fd167 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
2014-09-18 21:58:03 +00:00
fromcreds $ fromB64 enccreds
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
fromcreds creds = case decodeCredPair creds of
Just credpair -> do
writeCacheCredPair credpair storage
deal with old repositories with non-encrypted creds See 2f3c3aa01ff0eb1dfdf1e30ff29fef40ed8fd167 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
2014-09-18 21:58:03 +00:00
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes|no when running initremote.
2012-11-19 21:32:58 +00:00
return $ Just credpair
hlint
2013-04-03 07:52:41 +00:00
_ -> error "bad creds"
factor out Creds
2012-11-14 23:32:27 +00:00
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
getRemoteCredPairFor :: String -> ParsedRemoteConfig -> RemoteGitConfig -> CredPairStorage -> Annex (Maybe CredPair)
Pass the various gnupg-options configs to gpg in several cases where they were not before. Removed the instance LensGpgEncParams RemoteConfig because it encouraged code that does not take the RemoteGitConfig into account. RemoteType's setup was changed to take a RemoteGitConfig, although the only place that is able to provide a non-empty one is enableremote, when it's changing an existing remote. This led to several folow-on changes, and got RemoteGitConfig plumbed through.
2016-05-23 21:03:20 +00:00
getRemoteCredPairFor this c gc storage = go =<< getRemoteCredPair c gc storage
S3: Publically accessible buckets can be used without creds.
2015-06-05 20:23:35 +00:00
where
go Nothing = do
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key. When public access is used for the remote, it complained that the user needed to set creds to use it, which was just wrong. When creds were being used, it fell back from trying to use the version ID to just accessing the key in the bucket, which was ok for non-export remotes, but wrong for buckets. In both cases, display a hopefully useful warning. This should only come up when an existing S3 remote has been exported to, and then later versioning was enabled. Note that it would perhaps be possible to fall back from trying to use retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport, which may work when S3 version ID is missing. But there are problems with that approach; how to tell when retrieveKeyFile has failed due to this rather than a network problem etc? Anyway, that approach would only work until the file in the export got overwritten, and then it would no longer be accessible. And with versioning enabled, the user wants old versions of objects to remain accessible, so it seems better to warn about the problem as soon as possible, so they can go back and add S3 version IDs. This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
warning $ missingCredPairFor this storage
S3: Publically accessible buckets can be used without creds.
2015-06-05 20:23:35 +00:00
return Nothing
go (Just credpair) = return $ Just credpair
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key. When public access is used for the remote, it complained that the user needed to set creds to use it, which was just wrong. When creds were being used, it fell back from trying to use the version ID to just accessing the key in the bucket, which was ok for non-export remotes, but wrong for buckets. In both cases, display a hopefully useful warning. This should only come up when an existing S3 remote has been exported to, and then later versioning was enabled. Note that it would perhaps be possible to fall back from trying to use retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport, which may work when S3 version ID is missing. But there are problems with that approach; how to tell when retrieveKeyFile has failed due to this rather than a network problem etc? Anyway, that approach would only work until the file in the export got overwritten, and then it would no longer be accessible. And with versioning enabled, the user wants old versions of objects to remain accessible, so it seems better to warn about the problem as soon as possible, so they can go back and add S3 version IDs. This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
missingCredPairFor :: String -> CredPairStorage -> String
missingCredPairFor this storage = unwords
S3: Publically accessible buckets can be used without creds.
2015-06-05 20:23:35 +00:00
[ "Set both", loginvar
, "and", passwordvar
, "to use", this
]
where
(loginvar, passwordvar) = credPairEnvironment storage
factor out Creds
2012-11-14 23:32:27 +00:00
{- Gets a CredPair from the environment. -}
getEnvCredPair :: CredPairStorage -> IO (Maybe CredPair)
getEnvCredPair storage = liftM2 (,)
successfully builds (except XMPP)
2013-09-22 18:13:31 +00:00
<$> getEnv uenv
<*> getEnv penv
factor out Creds
2012-11-14 23:32:27 +00:00
where
(uenv, penv) = credPairEnvironment storage
annex.cachecreds: New config to allow disabling of credentials caching for special remotes. Note that it does not prevent storing p2p access tokens or multicast encryption keys, since those are not cached; the previous commit established the distinction. How well this works depends on how often getRemoteCredPair is called and how expensive it is. In some cases setting this will result in an annoying number of gpg password prompts and/or slowdowns due to reading creds from the git-annex branch and decrypting, which could be improved by calling getRemoteCredPair less often. This commit was sponsored by Ilya Shlyakhter on Patreon.
2018-12-04 18:16:56 +00:00
{- Writes a cred pair to local cache, unless prevented by configuration. -}
factor out Creds
2012-11-14 23:32:27 +00:00
writeCacheCredPair :: CredPair -> CredPairStorage -> Annex ()
annex.cachecreds: New config to allow disabling of credentials caching for special remotes. Note that it does not prevent storing p2p access tokens or multicast encryption keys, since those are not cached; the previous commit established the distinction. How well this works depends on how often getRemoteCredPair is called and how expensive it is. In some cases setting this will result in an annoying number of gpg password prompts and/or slowdowns due to reading creds from the git-annex branch and decrypting, which could be improved by calling getRemoteCredPair less often. This commit was sponsored by Ilya Shlyakhter on Patreon.
2018-12-04 18:16:56 +00:00
writeCacheCredPair credpair storage =
whenM (annexCacheCreds <$> Annex.getGitConfig) $
writeCreds (encodeCredPair credpair) (credPairFile storage)
distinguish between cached and uncached creds p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
2018-12-04 18:02:37 +00:00
readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
readCacheCredPair storage = maybe Nothing decodeCredPair
<$> readCreds (credPairFile storage)
existsCacheCredPair :: CredPairStorage -> Annex Bool
existsCacheCredPair storage =
liftIO . doesFileExist =<< credsFile (credPairFile storage)
factor out Creds
2012-11-14 23:32:27 +00:00
{- Stores the creds in a file inside gitAnnexCredsDir that only the user
- can read. -}
distinguish between cached and uncached creds p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
2018-12-04 18:02:37 +00:00
writeCreds :: Creds -> FilePath -> Annex ()
writeCreds creds file = do
factor out Creds
2012-11-14 23:32:27 +00:00
d <- fromRepo gitAnnexCredsDir
createAnnexDirectory d
more RawFilePath conversion Converted file mode setting to it, and follow-on changes. Compiles up through 369/646. This commit was sponsored by Ethan Aubin.
2020-11-05 22:45:37 +00:00
liftIO $ writeFileProtected (d P.</> toRawFilePath file) creds
factor out Creds
2012-11-14 23:32:27 +00:00
distinguish between cached and uncached creds p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
2018-12-04 18:02:37 +00:00
readCreds :: FilePath -> Annex (Maybe Creds)
readCreds f = liftIO . catchMaybeIO . readFileStrict =<< credsFile f
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
distinguish between cached and uncached creds p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
2018-12-04 18:02:37 +00:00
credsFile :: FilePath -> Annex FilePath
credsFile basefile = do
more RawFilePath conversion Added a RawFilePath createDirectory and kept making stuff build. Up to 296/645 This commit was sponsored by Mark Reidenbach on Patreon.
2020-10-28 21:25:59 +00:00
d <- fromRawFilePath <$> fromRepo gitAnnexCredsDir
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
return $ d </> basefile
factor out Creds
2012-11-14 23:32:27 +00:00
encodeCredPair :: CredPair -> Creds
encodeCredPair (l, p) = unlines [l, p]
decodeCredPair :: Creds -> Maybe CredPair
decodeCredPair creds = case lines creds of
l:p:[] -> Just (l, p)
_ -> Nothing
webapp: Fix UI for removing XMPP connection.
2014-04-20 16:46:33 +00:00
removeCreds :: FilePath -> Annex ()
removeCreds file = do
finish fixing removeLink on windows 9cb250f7be21a8f5b15454df4fb67bfd1811e39d got the ones in RawFilePath, but there were others that used the one from unix-compat, which fails at runtime on windows. To avoid this, import System.PosixCompat.Files hiding removeLink This commit was sponsored by Ethan Aubin.
2020-11-24 16:38:12 +00:00
d <- fromRepo gitAnnexCredsDir
liftIO $ removeWhenExistsWith R.removeLink (d P.</> toRawFilePath file)
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
wip separate RemoteConfig parsing Remote now contains a ParsedRemoteConfig. The parsing happens when the Remote is constructed, rather than when individual configs are used. This is more efficient, and it lets initremote/enableremote reject configs that have unknown fields or unparsable values. It also allows for improved type safety, as shown in Remote.Helper.Encryptable where things that used to match on string configs now match on data types. This is a work in progress, it does not build yet. The main risk in this conversion is forgetting to add a field to RemoteConfigParser. That will prevent using that field with initremote/enableremote, and will prevent remotes that already are set up from seeing that configuration. So will need to check carefully that every field that getRemoteConfigValue is called on has been added to RemoteConfigParser. (One such case I need to remember is that credPairRemoteField needs to be included in the RemoteConfigParser.)
2020-01-13 16:35:39 +00:00
includeCredsInfo :: ParsedRemoteConfig -> CredPairStorage -> [(String, String)] -> Annex [(String, String)]
fix encryption of content to gcrypt and git-lfs Fix serious regression in gcrypt and encrypted git-lfs remotes. Since version 7.20200202.7, git-annex incorrectly stored content on those remotes without encrypting it. Problem was, Remote.Git enumerates all git remotes, including git-lfs and gcrypt. It then dispatches to those. So, Remote.List used the RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt, and that parser does not know about encryption fields, so did not include them in the ParsedRemoteConfig. (Also didn't include other fields specific to those remotes, perhaps chunking etc also didn't get through.) To fix, had to move RemoteConfig parsing down into the generate methods of each remote, rather than doing it in Remote.List. And a consequence of that was that ParsedRemoteConfig had to change to include the RemoteConfig that got parsed, so that testremote can generate a new remote based on an existing remote. (I would have rather fixed this just inside Remote.Git, but that was not practical, at least not w/o re-doing work that Remote.List already did. Big ugly mostly mechanical patch seemed preferable to making git-annex slower.)
2020-02-26 21:20:56 +00:00
includeCredsInfo pc@(ParsedRemoteConfig cm _) storage info = do
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
v <- liftIO $ getEnvCredPair storage
case v of
Just _ -> do
let (uenv, penv) = credPairEnvironment storage
ret $ "from environment variables (" ++ unwords [uenv, penv] ++ ")"
fix encryption of content to gcrypt and git-lfs Fix serious regression in gcrypt and encrypted git-lfs remotes. Since version 7.20200202.7, git-annex incorrectly stored content on those remotes without encrypting it. Problem was, Remote.Git enumerates all git remotes, including git-lfs and gcrypt. It then dispatches to those. So, Remote.List used the RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt, and that parser does not know about encryption fields, so did not include them in the ParsedRemoteConfig. (Also didn't include other fields specific to those remotes, perhaps chunking etc also didn't get through.) To fix, had to move RemoteConfig parsing down into the generate methods of each remote, rather than doing it in Remote.List. And a consequence of that was that ParsedRemoteConfig had to change to include the RemoteConfig that got parsed, so that testremote can generate a new remote based on an existing remote. (I would have rather fixed this just inside Remote.Git, but that was not practical, at least not w/o re-doing work that Remote.List already did. Big ugly mostly mechanical patch seemed preferable to making git-annex slower.)
2020-02-26 21:20:56 +00:00
Nothing -> case (`M.lookup` cm) (credPairRemoteField storage) of
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
Nothing -> ifM (existsCacheCredPair storage)
( ret "stored locally"
, ret "not available"
)
fix encryption of content to gcrypt and git-lfs Fix serious regression in gcrypt and encrypted git-lfs remotes. Since version 7.20200202.7, git-annex incorrectly stored content on those remotes without encrypting it. Problem was, Remote.Git enumerates all git remotes, including git-lfs and gcrypt. It then dispatches to those. So, Remote.List used the RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt, and that parser does not know about encryption fields, so did not include them in the ParsedRemoteConfig. (Also didn't include other fields specific to those remotes, perhaps chunking etc also didn't get through.) To fix, had to move RemoteConfig parsing down into the generate methods of each remote, rather than doing it in Remote.List. And a consequence of that was that ParsedRemoteConfig had to change to include the RemoteConfig that got parsed, so that testremote can generate a new remote based on an existing remote. (I would have rather fixed this just inside Remote.Git, but that was not practical, at least not w/o re-doing work that Remote.List already did. Big ugly mostly mechanical patch seemed preferable to making git-annex slower.)
2020-02-26 21:20:56 +00:00
Just _ -> case extractCipher pc of
a few hlints
2015-04-11 04:10:34 +00:00
Just (EncryptedCipher {}) -> ret "embedded in git repository (gpg encrypted)"
note whether or not embedded creds are encrypted
2014-10-21 19:15:16 +00:00
_ -> ret "embedded in git repository (not encrypted)"
include creds location in info This is intended to let the user easily tell if a remote's creds are coming from info embedded in the repository, or instead from the environment, or perhaps are locally stored in a creds file. This commit was sponsored by Frédéric Schütz.
2014-10-21 19:09:40 +00:00
where
ret s = return $ ("creds", s) : info
Reference in a new issue Copy permalink