2012-11-20 20:43:58 +00:00
|
|
|
{- Amazon Glacier remotes.
|
|
|
|
|
-
|
2020-01-14 19:41:34 +00:00
|
|
|
- Copyright 2012-2020 Joey Hess <id@joeyh.name>
|
2012-11-20 20:43:58 +00:00
|
|
|
-
|
2019-03-13 19:48:14 +00:00
|
|
|
- Licensed under the GNU AGPL version 3 or higher.
|
2012-11-20 20:43:58 +00:00
|
|
|
-}
|
|
|
|
|
|
2015-02-06 18:39:27 +00:00
|
|
|
module Remote.Glacier (remote, jobList, checkSaneGlacierCommand) where
|
2012-11-20 20:43:58 +00:00
|
|
|
|
|
|
|
|
import qualified Data.Map as M
|
2012-12-01 18:11:37 +00:00
|
|
|
import qualified Data.Text as T
|
2014-08-02 20:47:21 +00:00
|
|
|
import qualified Data.ByteString.Lazy as L
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2016-01-20 20:36:33 +00:00
|
|
|
import Annex.Common
|
2012-11-20 20:43:58 +00:00
|
|
|
import Types.Remote
|
|
|
|
|
import qualified Git
|
|
|
|
|
import Config
|
2013-03-13 20:16:01 +00:00
|
|
|
import Config.Cost
|
2020-01-14 19:41:34 +00:00
|
|
|
import Annex.SpecialRemote.Config
|
2012-11-20 20:43:58 +00:00
|
|
|
import Remote.Helper.Special
|
2015-08-17 14:42:14 +00:00
|
|
|
import Remote.Helper.Messages
|
2019-02-20 19:55:01 +00:00
|
|
|
import Remote.Helper.ExportImport
|
2012-11-20 20:43:58 +00:00
|
|
|
import qualified Remote.Helper.AWS as AWS
|
|
|
|
|
import Creds
|
2013-03-28 21:03:04 +00:00
|
|
|
import Utility.Metered
|
2012-11-20 20:43:58 +00:00
|
|
|
import qualified Annex
|
2013-09-07 22:38:00 +00:00
|
|
|
import Annex.UUID
|
2014-01-14 20:42:10 +00:00
|
|
|
import Utility.Env
|
2020-01-10 18:10:20 +00:00
|
|
|
import Types.ProposedAccepted
|
2012-11-20 20:43:58 +00:00
|
|
|
|
|
|
|
|
type Vault = String
|
|
|
|
|
type Archive = FilePath
|
|
|
|
|
|
|
|
|
|
remote :: RemoteType
|
2020-01-14 19:41:34 +00:00
|
|
|
remote = specialRemoteType $ RemoteType
|
2017-09-07 17:45:31 +00:00
|
|
|
{ typename = "glacier"
|
|
|
|
|
, enumerate = const (findSpecialRemotes "glacier")
|
|
|
|
|
, generate = gen
|
2020-01-14 19:41:34 +00:00
|
|
|
, configParser = mkRemoteConfigParser
|
|
|
|
|
[ optionalStringParser datacenterField
|
2020-01-20 19:20:04 +00:00
|
|
|
(FieldDesc "S3 datacenter to use")
|
2020-01-14 19:41:34 +00:00
|
|
|
, optionalStringParser vaultField
|
2020-01-20 19:20:04 +00:00
|
|
|
(FieldDesc "name to use for vault")
|
2020-01-14 19:41:34 +00:00
|
|
|
, optionalStringParser fileprefixField
|
2020-01-20 19:20:04 +00:00
|
|
|
(FieldDesc "prefix to add to filenames in the vault")
|
|
|
|
|
, optionalStringParser AWS.s3credsField HiddenField
|
2020-01-14 19:41:34 +00:00
|
|
|
]
|
2017-09-07 17:45:31 +00:00
|
|
|
, setup = glacierSetup
|
|
|
|
|
, exportSupported = exportUnsupported
|
2019-02-20 19:55:01 +00:00
|
|
|
, importSupported = importUnsupported
|
2017-09-07 17:45:31 +00:00
|
|
|
}
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
datacenterField :: RemoteConfigField
|
|
|
|
|
datacenterField = Accepted "datacenter"
|
|
|
|
|
|
|
|
|
|
vaultField :: RemoteConfigField
|
|
|
|
|
vaultField = Accepted "vault"
|
|
|
|
|
|
|
|
|
|
fileprefixField :: RemoteConfigField
|
|
|
|
|
fileprefixField = Accepted "fileprefix"
|
|
|
|
|
|
fix encryption of content to gcrypt and git-lfs
Fix serious regression in gcrypt and encrypted git-lfs remotes.
Since version 7.20200202.7, git-annex incorrectly stored content
on those remotes without encrypting it.
Problem was, Remote.Git enumerates all git remotes, including git-lfs
and gcrypt. It then dispatches to those. So, Remote.List used the
RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt,
and that parser does not know about encryption fields, so did not
include them in the ParsedRemoteConfig. (Also didn't include other
fields specific to those remotes, perhaps chunking etc also didn't
get through.)
To fix, had to move RemoteConfig parsing down into the generate methods
of each remote, rather than doing it in Remote.List.
And a consequence of that was that ParsedRemoteConfig had to change to
include the RemoteConfig that got parsed, so that testremote can
generate a new remote based on an existing remote.
(I would have rather fixed this just inside Remote.Git, but that was not
practical, at least not w/o re-doing work that Remote.List already did.
Big ugly mostly mechanical patch seemed preferable to making git-annex
slower.)
2020-02-26 21:20:56 +00:00
|
|
|
gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> RemoteStateHandle -> Annex (Maybe Remote)
|
|
|
|
|
gen r u rc gc rs = new
|
|
|
|
|
<$> parsedRemoteConfig remote rc
|
|
|
|
|
<*> remoteCost gc veryExpensiveRemoteCost
|
2012-11-30 04:55:59 +00:00
|
|
|
where
|
fix encryption of content to gcrypt and git-lfs
Fix serious regression in gcrypt and encrypted git-lfs remotes.
Since version 7.20200202.7, git-annex incorrectly stored content
on those remotes without encrypting it.
Problem was, Remote.Git enumerates all git remotes, including git-lfs
and gcrypt. It then dispatches to those. So, Remote.List used the
RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt,
and that parser does not know about encryption fields, so did not
include them in the ParsedRemoteConfig. (Also didn't include other
fields specific to those remotes, perhaps chunking etc also didn't
get through.)
To fix, had to move RemoteConfig parsing down into the generate methods
of each remote, rather than doing it in Remote.List.
And a consequence of that was that ParsedRemoteConfig had to change to
include the RemoteConfig that got parsed, so that testremote can
generate a new remote based on an existing remote.
(I would have rather fixed this just inside Remote.Git, but that was not
practical, at least not w/o re-doing work that Remote.List already did.
Big ugly mostly mechanical patch seemed preferable to making git-annex
slower.)
2020-02-26 21:20:56 +00:00
|
|
|
new c cst = Just $ specialRemote' specialcfg c
|
2020-05-13 15:50:31 +00:00
|
|
|
(store this)
|
|
|
|
|
(retrieve this)
|
|
|
|
|
(remove this)
|
|
|
|
|
(checkKey this)
|
2012-11-20 20:43:58 +00:00
|
|
|
this
|
2012-11-30 04:55:59 +00:00
|
|
|
where
|
2014-12-16 19:26:13 +00:00
|
|
|
this = Remote
|
|
|
|
|
{ uuid = u
|
|
|
|
|
, cost = cst
|
|
|
|
|
, name = Git.repoDescribe r
|
|
|
|
|
, storeKey = storeKeyDummy
|
2020-05-13 21:05:56 +00:00
|
|
|
, retrieveKeyFile = retrieveKeyFileDummy
|
|
|
|
|
, retrieveKeyFileCheap = Nothing
|
2018-06-21 15:35:27 +00:00
|
|
|
-- glacier-cli does not follow redirects and does
|
2018-06-21 18:14:56 +00:00
|
|
|
-- not support file://, as far as we know, but
|
|
|
|
|
-- there's no guarantee that will continue to be
|
|
|
|
|
-- the case, so require verifiable keys.
|
2018-09-25 19:32:50 +00:00
|
|
|
, retrievalSecurityPolicy = mkRetrievalVerifiableKeysSecure gc
|
2014-12-16 19:26:13 +00:00
|
|
|
, removeKey = removeKeyDummy
|
2015-10-08 19:01:38 +00:00
|
|
|
, lockContent = Nothing
|
2014-12-16 19:26:13 +00:00
|
|
|
, checkPresent = checkPresentDummy
|
|
|
|
|
, checkPresentCheap = False
|
2017-09-01 17:02:07 +00:00
|
|
|
, exportActions = exportUnsupported
|
2019-02-20 19:55:01 +00:00
|
|
|
, importActions = importUnsupported
|
2014-12-16 19:26:13 +00:00
|
|
|
, whereisKey = Nothing
|
|
|
|
|
, remoteFsck = Nothing
|
|
|
|
|
, repairRepo = Nothing
|
|
|
|
|
, config = c
|
2018-06-04 18:31:55 +00:00
|
|
|
, getRepo = return r
|
2014-12-16 19:26:13 +00:00
|
|
|
, gitconfig = gc
|
|
|
|
|
, localpath = Nothing
|
|
|
|
|
, readonly = False
|
2018-08-30 15:12:18 +00:00
|
|
|
, appendonly = False
|
2014-12-16 19:26:13 +00:00
|
|
|
, availability = GloballyAvailable
|
|
|
|
|
, remotetype = remote
|
|
|
|
|
, mkUnavailable = return Nothing
|
|
|
|
|
, getInfo = includeCredsInfo c (AWS.creds u) $
|
|
|
|
|
[ ("glacier vault", getVault c) ]
|
|
|
|
|
, claimUrl = Nothing
|
|
|
|
|
, checkUrl = Nothing
|
add RemoteStateHandle
This solves the problem of sameas remotes trampling over per-remote
state. Used for:
* per-remote state, of course
* per-remote metadata, also of course
* per-remote content identifiers, because two remote implementations
could in theory generate the same content identifier for two different
peices of content
While chunk logs are per-remote data, they don't use this, because the
number and size of chunks stored is a common property across sameas
remotes.
External special remote had a complication, where it was theoretically
possible for a remote to send SETSTATE or GETSTATE during INITREMOTE or
EXPORTSUPPORTED. Since the uuid of the remote is typically generate in
Remote.setup, it would only be possible to pass a Maybe
RemoteStateHandle into it, and it would otherwise have to construct its
own. Rather than go that route, I decided to send an ERROR in this case.
It seems unlikely that any existing external special remote will be
affected. They would have to make up a git-annex key, and set state for
some reason during INITREMOTE. I can imagine such a hack, but it doesn't
seem worth complicating the code in such an ugly way to support it.
Unfortunately, both TestRemote and Annex.Import needed the Remote
to have a new field added that holds its RemoteStateHandle.
2019-10-14 16:33:27 +00:00
|
|
|
, remoteStateHandle = rs
|
2014-12-16 19:26:13 +00:00
|
|
|
}
|
fix encryption of content to gcrypt and git-lfs
Fix serious regression in gcrypt and encrypted git-lfs remotes.
Since version 7.20200202.7, git-annex incorrectly stored content
on those remotes without encrypting it.
Problem was, Remote.Git enumerates all git remotes, including git-lfs
and gcrypt. It then dispatches to those. So, Remote.List used the
RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt,
and that parser does not know about encryption fields, so did not
include them in the ParsedRemoteConfig. (Also didn't include other
fields specific to those remotes, perhaps chunking etc also didn't
get through.)
To fix, had to move RemoteConfig parsing down into the generate methods
of each remote, rather than doing it in Remote.List.
And a consequence of that was that ParsedRemoteConfig had to change to
include the RemoteConfig that got parsed, so that testremote can
generate a new remote based on an existing remote.
(I would have rather fixed this just inside Remote.Git, but that was not
practical, at least not w/o re-doing work that Remote.List already did.
Big ugly mostly mechanical patch seemed preferable to making git-annex
slower.)
2020-02-26 21:20:56 +00:00
|
|
|
specialcfg = (specialRemoteCfg c)
|
|
|
|
|
-- Disabled until jobList gets support for chunks.
|
|
|
|
|
{ chunkConfig = NoChunks
|
|
|
|
|
}
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2017-02-07 18:35:58 +00:00
|
|
|
glacierSetup :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
|
glacierSetup ss mu mcreds c gc = do
|
2013-09-07 22:38:00 +00:00
|
|
|
u <- maybe (liftIO genUUID) return mu
|
2017-02-07 18:35:58 +00:00
|
|
|
glacierSetup' ss u mcreds c gc
|
|
|
|
|
glacierSetup' :: SetupStage -> UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
|
glacierSetup' ss u mcreds c gc = do
|
fix embedcreds=yes reversion
Fix bug that made enableremote of S3 and webdav remotes, that have
embedcreds=yes, fail to set up the embedded creds, so accessing the remotes
failed.
(Regression introduced in version 7.20200202.7 in when reworking all the
remote configs to be parsed.)
Root problem is that parseEncryptionConfig excludes all other config keys
except encryption ones, so it is then unable to find the
credPairRemoteField. And since that field is not required to be
present, it proceeds as if it's not, rather than failing in any visible
way.
This causes it to not find any creds, and so it does not cache
them. When when the S3 remote tries to make a S3 connection, it finds no
creds, so assumes it's being used in no-creds mode, and tries to find a
public url. With no public url available, it fails, but the failure doesn't
say a lack of creds is the problem.
Fix is to provide setRemoteCredPair with a ParsedRemoteConfig, so the full
set of configs of the remote can be parsed. A bit annoying to need to
parse the remote config before the full config (as returned by
setRemoteCredPair) is available, but this avoids the problem.
I assume webdav also had the problem by inspection, but didn't try to
reproduce it with it.
Also, getRemoteCredPair used getRemoteConfigValue to get a ProposedAccepted
String, but that does not seem right. Now that it runs that code, it
crashed saying it had just a String.
Remotes that have already been enableremoted, and so lack the cached creds
file will work after this fix, because getRemoteCredPair will extract
the creds from the remote config, writing the missing file.
This commit was sponsored by Ilya Shlyakhter on Patreon.
2020-05-21 18:34:29 +00:00
|
|
|
(c', encsetup) <- encryptionSetup (c `M.union` defaults) gc
|
|
|
|
|
pc <- either giveup return . parseRemoteConfig c'
|
|
|
|
|
=<< configParser remote c'
|
|
|
|
|
c'' <- setRemoteCredPair encsetup pc gc (AWS.creds u) mcreds
|
|
|
|
|
pc' <- either giveup return . parseRemoteConfig c''
|
|
|
|
|
=<< configParser remote c''
|
2017-09-04 16:40:33 +00:00
|
|
|
case ss of
|
fix embedcreds=yes reversion
Fix bug that made enableremote of S3 and webdav remotes, that have
embedcreds=yes, fail to set up the embedded creds, so accessing the remotes
failed.
(Regression introduced in version 7.20200202.7 in when reworking all the
remote configs to be parsed.)
Root problem is that parseEncryptionConfig excludes all other config keys
except encryption ones, so it is then unable to find the
credPairRemoteField. And since that field is not required to be
present, it proceeds as if it's not, rather than failing in any visible
way.
This causes it to not find any creds, and so it does not cache
them. When when the S3 remote tries to make a S3 connection, it finds no
creds, so assumes it's being used in no-creds mode, and tries to find a
public url. With no public url available, it fails, but the failure doesn't
say a lack of creds is the problem.
Fix is to provide setRemoteCredPair with a ParsedRemoteConfig, so the full
set of configs of the remote can be parsed. A bit annoying to need to
parse the remote config before the full config (as returned by
setRemoteCredPair) is available, but this avoids the problem.
I assume webdav also had the problem by inspection, but didn't try to
reproduce it with it.
Also, getRemoteCredPair used getRemoteConfigValue to get a ProposedAccepted
String, but that does not seem right. Now that it runs that code, it
crashed saying it had just a String.
Remotes that have already been enableremoted, and so lack the cached creds
file will work after this fix, because getRemoteCredPair will extract
the creds from the remote config, writing the missing file.
This commit was sponsored by Ilya Shlyakhter on Patreon.
2020-05-21 18:34:29 +00:00
|
|
|
Init -> genVault pc' gc u
|
2017-09-04 16:40:33 +00:00
|
|
|
_ -> return ()
|
fix embedcreds=yes reversion
Fix bug that made enableremote of S3 and webdav remotes, that have
embedcreds=yes, fail to set up the embedded creds, so accessing the remotes
failed.
(Regression introduced in version 7.20200202.7 in when reworking all the
remote configs to be parsed.)
Root problem is that parseEncryptionConfig excludes all other config keys
except encryption ones, so it is then unable to find the
credPairRemoteField. And since that field is not required to be
present, it proceeds as if it's not, rather than failing in any visible
way.
This causes it to not find any creds, and so it does not cache
them. When when the S3 remote tries to make a S3 connection, it finds no
creds, so assumes it's being used in no-creds mode, and tries to find a
public url. With no public url available, it fails, but the failure doesn't
say a lack of creds is the problem.
Fix is to provide setRemoteCredPair with a ParsedRemoteConfig, so the full
set of configs of the remote can be parsed. A bit annoying to need to
parse the remote config before the full config (as returned by
setRemoteCredPair) is available, but this avoids the problem.
I assume webdav also had the problem by inspection, but didn't try to
reproduce it with it.
Also, getRemoteCredPair used getRemoteConfigValue to get a ProposedAccepted
String, but that does not seem right. Now that it runs that code, it
crashed saying it had just a String.
Remotes that have already been enableremoted, and so lack the cached creds
file will work after this fix, because getRemoteCredPair will extract
the creds from the remote config, writing the missing file.
This commit was sponsored by Ilya Shlyakhter on Patreon.
2020-05-21 18:34:29 +00:00
|
|
|
gitConfigSpecialRemote u c'' [("glacier", "true")]
|
|
|
|
|
return (c'', u)
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
2019-10-10 17:08:17 +00:00
|
|
|
remotename = fromJust (lookupName c)
|
2012-11-20 20:43:58 +00:00
|
|
|
defvault = remotename ++ "-" ++ fromUUID u
|
|
|
|
|
defaults = M.fromList
|
2020-01-15 15:05:07 +00:00
|
|
|
[ (datacenterField, Proposed $ T.unpack $ AWS.defaultRegion AWS.Glacier)
|
|
|
|
|
, (vaultField, Proposed defvault)
|
2012-11-20 20:43:58 +00:00
|
|
|
]
|
|
|
|
|
|
2020-05-13 15:50:31 +00:00
|
|
|
store :: Remote -> Storer
|
|
|
|
|
store r k b p = do
|
|
|
|
|
checkNonEmpty k
|
|
|
|
|
byteStorer (store' r) k b p
|
2014-08-02 20:47:21 +00:00
|
|
|
|
2020-05-13 15:50:31 +00:00
|
|
|
checkNonEmpty :: Key -> Annex ()
|
|
|
|
|
checkNonEmpty k
|
|
|
|
|
| fromKey keySize k == Just 0 =
|
|
|
|
|
giveup "Cannot store empty files in Glacier."
|
|
|
|
|
| otherwise = return ()
|
2012-11-25 17:42:28 +00:00
|
|
|
|
2020-05-13 18:03:00 +00:00
|
|
|
store' :: Remote -> Key -> L.ByteString -> MeterUpdate -> Annex ()
|
2020-05-13 15:50:31 +00:00
|
|
|
store' r k b p = go =<< glacierEnv c gc u
|
2012-11-25 17:27:20 +00:00
|
|
|
where
|
2012-11-30 04:55:59 +00:00
|
|
|
c = config r
|
2016-05-23 21:03:20 +00:00
|
|
|
gc = gitconfig r
|
2012-11-25 17:27:20 +00:00
|
|
|
u = uuid r
|
|
|
|
|
params = glacierParams c
|
2012-11-20 20:43:58 +00:00
|
|
|
[ Param "archive"
|
|
|
|
|
, Param "upload"
|
|
|
|
|
, Param "--name", Param $ archive r k
|
2012-11-30 04:55:59 +00:00
|
|
|
, Param $ getVault $ config r
|
2012-11-25 17:27:20 +00:00
|
|
|
, Param "-"
|
2012-11-20 20:43:58 +00:00
|
|
|
]
|
2020-05-13 18:03:00 +00:00
|
|
|
go Nothing = giveup "Glacier not usable."
|
|
|
|
|
go (Just e) = liftIO $ do
|
2014-08-02 20:47:21 +00:00
|
|
|
let cmd = (proc "glacier" (toCommand params)) { env = Just e }
|
2020-05-13 18:03:00 +00:00
|
|
|
withHandle StdinHandle createProcessSuccess cmd $ \h ->
|
|
|
|
|
meteredWrite p h b
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-05-13 15:50:31 +00:00
|
|
|
retrieve :: Remote -> Retriever
|
|
|
|
|
retrieve = byteRetriever . retrieve'
|
2014-08-02 20:47:21 +00:00
|
|
|
|
2020-05-13 21:05:56 +00:00
|
|
|
retrieve' :: Remote -> Key -> (L.ByteString -> Annex ()) -> Annex ()
|
2020-05-13 15:50:31 +00:00
|
|
|
retrieve' r k sink = go =<< glacierEnv c gc u
|
2012-11-25 17:42:28 +00:00
|
|
|
where
|
2012-11-30 04:55:59 +00:00
|
|
|
c = config r
|
2016-05-23 21:03:20 +00:00
|
|
|
gc = gitconfig r
|
2012-11-25 17:42:28 +00:00
|
|
|
u = uuid r
|
|
|
|
|
params = glacierParams c
|
2012-11-20 20:43:58 +00:00
|
|
|
[ Param "archive"
|
|
|
|
|
, Param "retrieve"
|
2012-11-25 17:42:28 +00:00
|
|
|
, Param "-o-"
|
2012-11-30 04:55:59 +00:00
|
|
|
, Param $ getVault $ config r
|
2012-11-20 20:43:58 +00:00
|
|
|
, Param $ archive r k
|
|
|
|
|
]
|
2016-11-16 01:29:54 +00:00
|
|
|
go Nothing = giveup "cannot retrieve from glacier"
|
2020-05-13 21:05:56 +00:00
|
|
|
go (Just environ) = do
|
2020-06-04 16:13:26 +00:00
|
|
|
let p = (proc "glacier" (toCommand params))
|
2020-05-13 21:05:56 +00:00
|
|
|
{ env = Just environ
|
2014-10-20 19:11:01 +00:00
|
|
|
, std_out = CreatePipe
|
|
|
|
|
}
|
2020-06-04 16:13:26 +00:00
|
|
|
bracketIO (createProcess p) cleanupProcess (go' p)
|
|
|
|
|
go' p (_, Just h, _, pid) = do
|
2020-05-13 21:05:56 +00:00
|
|
|
let cleanup = liftIO $ do
|
|
|
|
|
hClose h
|
2020-06-04 16:13:26 +00:00
|
|
|
forceSuccessProcess p pid
|
2020-05-13 21:05:56 +00:00
|
|
|
flip finally cleanup $ do
|
|
|
|
|
-- Glacier cannot store empty files, so if
|
|
|
|
|
-- the output is empty, the content is not
|
|
|
|
|
-- available yet.
|
|
|
|
|
whenM (liftIO $ hIsEOF h) $
|
|
|
|
|
giveup "Content is not available from glacier yet. Recommend you wait up to 4 hours, and then run this command again."
|
|
|
|
|
sink =<< liftIO (L.hGetContents h)
|
2020-06-04 16:13:26 +00:00
|
|
|
go' _ _ = error "internal"
|
2012-11-20 20:43:58 +00:00
|
|
|
|
run Preparer to get Remover and CheckPresent actions
This will allow special remotes to eg, open a http connection and reuse it,
while checking if chunks are present, or removing chunks.
S3 and WebDAV both need this to support chunks with reasonable speed.
Note that a special remote might want to cache a http connection across
multiple requests. A simple case of this is that CheckPresent is typically
called before Store or Remove. A remote using this interface can certianly
use a Preparer that eg, uses a MVar to cache a http connection.
However, it's up to the remote to then deal with things like stale or
stalled http connections when eg, doing a series of downloads from a remote
and other places. There could be long delays between calls to a remote,
which could lead to eg, http connection stalls; the machine might even
move to a new network, etc.
It might be nice to improve this interface later to allow
the simple case without needing to handle the full complex case.
One way to do it would be to have a `Transaction SpecialRemote cache`,
where SpecialRemote contains methods for Storer, Retriever, Remover, and
CheckPresent, that all expect to be passed a `cache`.
2014-08-06 18:28:36 +00:00
|
|
|
remove :: Remote -> Remover
|
2020-05-14 18:08:09 +00:00
|
|
|
remove r k = unlessM go $
|
|
|
|
|
giveup "removal from glacier failed"
|
|
|
|
|
where
|
|
|
|
|
go = glacierAction r
|
|
|
|
|
[ Param "archive"
|
|
|
|
|
, Param "delete"
|
|
|
|
|
, Param $ getVault $ config r
|
|
|
|
|
, Param $ archive r k
|
|
|
|
|
]
|
2012-11-20 20:43:58 +00:00
|
|
|
|
run Preparer to get Remover and CheckPresent actions
This will allow special remotes to eg, open a http connection and reuse it,
while checking if chunks are present, or removing chunks.
S3 and WebDAV both need this to support chunks with reasonable speed.
Note that a special remote might want to cache a http connection across
multiple requests. A simple case of this is that CheckPresent is typically
called before Store or Remove. A remote using this interface can certianly
use a Preparer that eg, uses a MVar to cache a http connection.
However, it's up to the remote to then deal with things like stale or
stalled http connections when eg, doing a series of downloads from a remote
and other places. There could be long delays between calls to a remote,
which could lead to eg, http connection stalls; the machine might even
move to a new network, etc.
It might be nice to improve this interface later to allow
the simple case without needing to handle the full complex case.
One way to do it would be to have a `Transaction SpecialRemote cache`,
where SpecialRemote contains methods for Storer, Retriever, Remover, and
CheckPresent, that all expect to be passed a `cache`.
2014-08-06 18:28:36 +00:00
|
|
|
checkKey :: Remote -> CheckPresent
|
2014-08-06 17:45:19 +00:00
|
|
|
checkKey r k = do
|
2015-08-17 14:42:14 +00:00
|
|
|
showChecking r
|
2016-05-23 21:03:20 +00:00
|
|
|
go =<< glacierEnv (config r) (gitconfig r) (uuid r)
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
2016-11-16 01:29:54 +00:00
|
|
|
go Nothing = giveup "cannot check glacier"
|
2012-11-25 17:27:20 +00:00
|
|
|
go (Just e) = do
|
2012-11-20 20:43:58 +00:00
|
|
|
{- glacier checkpresent outputs the archive name to stdout if
|
|
|
|
|
- it's present. -}
|
2014-08-06 17:45:19 +00:00
|
|
|
s <- liftIO $ readProcessEnv "glacier" (toCommand params) (Just e)
|
2019-01-14 17:03:35 +00:00
|
|
|
let probablypresent = serializeKey k `elem` lines s
|
2014-08-06 17:45:19 +00:00
|
|
|
if probablypresent
|
|
|
|
|
then ifM (Annex.getFlag "trustglacier")
|
2016-11-16 01:29:54 +00:00
|
|
|
( return True, giveup untrusted )
|
2014-08-06 17:45:19 +00:00
|
|
|
else return False
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2014-03-05 03:22:24 +00:00
|
|
|
params = glacierParams (config r)
|
2012-11-20 20:43:58 +00:00
|
|
|
[ Param "archive"
|
|
|
|
|
, Param "checkpresent"
|
2012-11-30 04:55:59 +00:00
|
|
|
, Param $ getVault $ config r
|
2012-11-21 23:35:28 +00:00
|
|
|
, Param "--quiet"
|
2012-11-20 20:43:58 +00:00
|
|
|
, Param $ archive r k
|
|
|
|
|
]
|
|
|
|
|
|
2014-08-06 17:45:19 +00:00
|
|
|
untrusted = unlines
|
2012-11-20 20:43:58 +00:00
|
|
|
[ "Glacier's inventory says it has a copy."
|
|
|
|
|
, "However, the inventory could be out of date, if it was recently removed."
|
|
|
|
|
, "(Use --trust-glacier if you're sure it's still in Glacier.)"
|
|
|
|
|
, ""
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
glacierAction :: Remote -> [CommandParam] -> Annex Bool
|
2016-05-23 21:03:20 +00:00
|
|
|
glacierAction r = runGlacier (config r) (gitconfig r) (uuid r)
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
runGlacier :: ParsedRemoteConfig -> RemoteGitConfig -> UUID -> [CommandParam] -> Annex Bool
|
2016-05-23 21:03:20 +00:00
|
|
|
runGlacier c gc u params = go =<< glacierEnv c gc u
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
|
|
|
|
go Nothing = return False
|
2012-11-25 17:27:20 +00:00
|
|
|
go (Just e) = liftIO $
|
|
|
|
|
boolSystemEnv "glacier" (glacierParams c params) (Just e)
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
glacierParams :: ParsedRemoteConfig -> [CommandParam] -> [CommandParam]
|
2012-11-25 17:27:20 +00:00
|
|
|
glacierParams c params = datacenter:params
|
|
|
|
|
where
|
2012-11-20 20:43:58 +00:00
|
|
|
datacenter = Param $ "--region=" ++
|
2020-01-14 19:41:34 +00:00
|
|
|
fromMaybe (giveup "Missing datacenter configuration")
|
|
|
|
|
(getRemoteConfigValue datacenterField c)
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
glacierEnv :: ParsedRemoteConfig -> RemoteGitConfig -> UUID -> Annex (Maybe [(String, String)])
|
2016-05-23 21:03:20 +00:00
|
|
|
glacierEnv c gc u = do
|
2015-02-06 18:39:27 +00:00
|
|
|
liftIO checkSaneGlacierCommand
|
2016-05-23 21:03:20 +00:00
|
|
|
go =<< getRemoteCredPairFor "glacier" c gc creds
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
|
|
|
|
go Nothing = return Nothing
|
|
|
|
|
go (Just (user, pass)) = do
|
2012-11-25 17:27:20 +00:00
|
|
|
e <- liftIO getEnvironment
|
2014-01-14 20:42:10 +00:00
|
|
|
return $ Just $ addEntries [(uk, user), (pk, pass)] e
|
2012-11-20 20:43:58 +00:00
|
|
|
|
|
|
|
|
creds = AWS.creds u
|
|
|
|
|
(uk, pk) = credPairEnvironment creds
|
|
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
getVault :: ParsedRemoteConfig -> Vault
|
|
|
|
|
getVault = fromMaybe (giveup "Missing vault configuration")
|
|
|
|
|
. getRemoteConfigValue vaultField
|
2012-11-20 20:43:58 +00:00
|
|
|
|
|
|
|
|
archive :: Remote -> Key -> Archive
|
2019-01-14 17:03:35 +00:00
|
|
|
archive r k = fileprefix ++ serializeKey k
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
2020-01-14 19:41:34 +00:00
|
|
|
fileprefix = fromMaybe "" $
|
|
|
|
|
getRemoteConfigValue fileprefixField $ config r
|
2012-11-20 20:43:58 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
genVault :: ParsedRemoteConfig -> RemoteGitConfig -> UUID -> Annex ()
|
2016-05-23 21:03:20 +00:00
|
|
|
genVault c gc u = unlessM (runGlacier c gc u params) $
|
2016-11-16 01:29:54 +00:00
|
|
|
giveup "Failed creating glacier vault."
|
2012-11-20 20:43:58 +00:00
|
|
|
where
|
|
|
|
|
params =
|
|
|
|
|
[ Param "vault"
|
|
|
|
|
, Param "create"
|
2012-11-29 18:49:20 +00:00
|
|
|
, Param $ getVault c
|
2012-11-20 20:43:58 +00:00
|
|
|
]
|
2012-11-29 18:49:20 +00:00
|
|
|
|
|
|
|
|
{- Partitions the input list of keys into ones which have
|
|
|
|
|
- glacier retieval jobs that have succeeded, or failed.
|
|
|
|
|
-
|
|
|
|
|
- A complication is that `glacier job list` will display the encrypted
|
|
|
|
|
- keys when the remote is encrypted.
|
2014-08-02 20:47:21 +00:00
|
|
|
-
|
|
|
|
|
- Dealing with encrypted chunked keys would be tricky. However, there
|
|
|
|
|
- seems to be no benefit to using chunking with glacier, so chunking is
|
|
|
|
|
- not supported.
|
2012-11-29 18:49:20 +00:00
|
|
|
-}
|
|
|
|
|
jobList :: Remote -> [Key] -> Annex ([Key], [Key])
|
2016-05-23 21:03:20 +00:00
|
|
|
jobList r keys = go =<< glacierEnv (config r) (gitconfig r) (uuid r)
|
2012-11-29 18:49:20 +00:00
|
|
|
where
|
|
|
|
|
params = [ Param "job", Param "list" ]
|
|
|
|
|
nada = ([], [])
|
2012-11-30 04:55:59 +00:00
|
|
|
myvault = getVault $ config r
|
2012-11-29 18:49:20 +00:00
|
|
|
|
|
|
|
|
go Nothing = return nada
|
|
|
|
|
go (Just e) = do
|
|
|
|
|
v <- liftIO $ catchMaybeIO $
|
|
|
|
|
readProcessEnv "glacier" (toCommand params) (Just e)
|
|
|
|
|
maybe (return nada) extract v
|
|
|
|
|
|
|
|
|
|
extract s = do
|
|
|
|
|
let result@(succeeded, failed) =
|
|
|
|
|
parse nada $ (map words . lines) s
|
|
|
|
|
if result == nada
|
|
|
|
|
then return nada
|
|
|
|
|
else do
|
|
|
|
|
enckeys <- forM keys $ \k ->
|
2014-07-27 00:21:36 +00:00
|
|
|
maybe k (\(_, enck) -> enck k)
|
2016-05-23 21:27:15 +00:00
|
|
|
<$> cipherKey (config r) (gitconfig r)
|
2012-11-29 18:49:20 +00:00
|
|
|
let keymap = M.fromList $ zip enckeys keys
|
2013-09-26 03:19:01 +00:00
|
|
|
let convert = mapMaybe (`M.lookup` keymap)
|
2012-11-29 18:49:20 +00:00
|
|
|
return (convert succeeded, convert failed)
|
|
|
|
|
|
|
|
|
|
parse c [] = c
|
|
|
|
|
parse c@(succeeded, failed) ((status:_date:vault:key:[]):rest)
|
|
|
|
|
| vault == myvault =
|
2019-01-14 17:03:35 +00:00
|
|
|
case deserializeKey key of
|
2012-11-29 18:49:20 +00:00
|
|
|
Nothing -> parse c rest
|
|
|
|
|
Just k
|
|
|
|
|
| "a/d" `isPrefixOf` status ->
|
|
|
|
|
parse (k:succeeded, failed) rest
|
|
|
|
|
| "a/e" `isPrefixOf` status ->
|
|
|
|
|
parse (succeeded, k:failed) rest
|
|
|
|
|
| otherwise ->
|
|
|
|
|
parse c rest
|
|
|
|
|
parse c (_:rest) = parse c rest
|
2015-02-06 18:39:27 +00:00
|
|
|
|
|
|
|
|
-- boto's version of glacier exits 0 when given a parameter it doesn't
|
|
|
|
|
-- understand. See https://github.com/boto/boto/issues/2942
|
|
|
|
|
checkSaneGlacierCommand :: IO ()
|
|
|
|
|
checkSaneGlacierCommand =
|
|
|
|
|
whenM ((Nothing /=) <$> catchMaybeIO shouldfail) $
|
2016-11-16 01:29:54 +00:00
|
|
|
giveup wrongcmd
|
2015-02-06 18:39:27 +00:00
|
|
|
where
|
|
|
|
|
test = proc "glacier" ["--compatibility-test-git-annex"]
|
|
|
|
|
shouldfail = withQuietOutput createProcessSuccess test
|
|
|
|
|
wrongcmd = "The glacier program in PATH seems to be from boto, not glacier-cli. Cannot use this program."
|