2014-01-08 20:14:37 +00:00
|
|
|
{- Tahoe-LAFS special remotes.
|
|
|
|
-
|
|
|
|
- Tahoe capabilities for accessing objects stored in the remote
|
|
|
|
- are preserved in the remote state log.
|
|
|
|
-
|
|
|
|
- In order to allow multiple clones of a repository to access the same
|
|
|
|
- tahoe repository, git-annex needs to store the introducer furl,
|
|
|
|
- and the shared-convergence-secret. These are stored in the remote
|
|
|
|
- configuration, when embedcreds is enabled.
|
|
|
|
-
|
|
|
|
- Using those creds, git-annex sets up a tahoe configuration directory in
|
2015-06-09 19:29:16 +00:00
|
|
|
- ~/.tahoe-git-annex/UUID/
|
2014-01-08 20:14:37 +00:00
|
|
|
-
|
|
|
|
- Tahoe has its own encryption, so git-annex's encryption is not used.
|
|
|
|
-
|
2015-01-21 16:50:09 +00:00
|
|
|
- Copyright 2014 Joey Hess <id@joeyh.name>
|
2014-01-08 20:14:37 +00:00
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
|
|
|
|
|
|
|
module Remote.Tahoe (remote) where
|
|
|
|
|
|
|
|
import qualified Data.Map as M
|
Fix mangling of --json output of utf-8 characters when not running in a utf-8 locale
As long as all code imports Utility.Aeson rather than Data.Aeson,
and no Strings that may contain utf-8 characters are used for eg, object
keys via T.pack, this is guaranteed to fix the problem everywhere that
git-annex generates json.
It's kind of annoying to need to wrap ToJSON with a ToJSON', especially
since every data type that has a ToJSON instance has to be ported over.
However, that only took 50 lines of code, which is worth it to ensure full
coverage. I initially tried an alternative approach of a newtype FileEncoded,
which had to be used everywhere a String was fed into aeson, and chasing
down all the sites would have been far too hard. Did consider creating an
intentionally overlapping instance ToJSON String, and letting ghc fail
to build anything that passed in a String, but am not sure that wouldn't
pollute some library that git-annex depends on that happens to use ToJSON
String internally.
This commit was supported by the NSF-funded DataLad project.
2018-04-16 19:42:45 +00:00
|
|
|
import Utility.Aeson
|
2014-01-08 20:14:37 +00:00
|
|
|
import Data.ByteString.Lazy.UTF8 (fromString)
|
2014-01-08 23:17:18 +00:00
|
|
|
import Control.Concurrent.STM
|
2014-01-08 20:14:37 +00:00
|
|
|
|
2016-01-20 20:36:33 +00:00
|
|
|
import Annex.Common
|
2014-01-08 20:14:37 +00:00
|
|
|
import Types.Remote
|
2014-02-11 18:06:50 +00:00
|
|
|
import Types.Creds
|
2014-01-08 20:14:37 +00:00
|
|
|
import qualified Git
|
|
|
|
import Config
|
|
|
|
import Config.Cost
|
|
|
|
import Remote.Helper.Special
|
2017-09-01 17:02:07 +00:00
|
|
|
import Remote.Helper.Export
|
2014-01-08 20:14:37 +00:00
|
|
|
import Annex.UUID
|
|
|
|
import Annex.Content
|
|
|
|
import Logs.RemoteState
|
|
|
|
import Utility.UserInfo
|
|
|
|
import Utility.Metered
|
|
|
|
import Utility.Env
|
2014-01-08 23:58:47 +00:00
|
|
|
import Utility.ThreadScheduler
|
2014-01-08 20:14:37 +00:00
|
|
|
|
2014-01-08 23:17:18 +00:00
|
|
|
{- The TMVar is left empty until tahoe has been verified to be running. -}
|
|
|
|
data TahoeHandle = TahoeHandle TahoeConfigDir (TMVar ())
|
|
|
|
|
2014-01-08 20:14:37 +00:00
|
|
|
type TahoeConfigDir = FilePath
|
|
|
|
type SharedConvergenceSecret = String
|
|
|
|
type IntroducerFurl = String
|
|
|
|
type Capability = String
|
|
|
|
|
|
|
|
remote :: RemoteType
|
2017-09-07 17:45:31 +00:00
|
|
|
remote = RemoteType
|
|
|
|
{ typename = "tahoe"
|
|
|
|
, enumerate = const (findSpecialRemotes "tahoe")
|
|
|
|
, generate = gen
|
|
|
|
, setup = tahoeSetup
|
|
|
|
, exportSupported = exportUnsupported
|
|
|
|
}
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> Annex (Maybe Remote)
|
|
|
|
gen r u c gc = do
|
|
|
|
cst <- remoteCost gc expensiveRemoteCost
|
2014-01-08 23:17:18 +00:00
|
|
|
hdl <- liftIO $ TahoeHandle
|
|
|
|
<$> maybe (defaultTahoeConfigDir u) return (remoteAnnexTahoe gc)
|
|
|
|
<*> newEmptyTMVarIO
|
2014-12-16 19:26:13 +00:00
|
|
|
return $ Just $ Remote
|
|
|
|
{ uuid = u
|
|
|
|
, cost = cst
|
|
|
|
, name = Git.repoDescribe r
|
|
|
|
, storeKey = store u hdl
|
|
|
|
, retrieveKeyFile = retrieve u hdl
|
2015-04-14 20:35:10 +00:00
|
|
|
, retrieveKeyFileCheap = \_ _ _ -> return False
|
2018-06-21 15:35:27 +00:00
|
|
|
-- Tahoe cryptographically verifies content.
|
|
|
|
, retrievalSecurityPolicy = RetrievalAllKeysSecure
|
2014-12-16 19:26:13 +00:00
|
|
|
, removeKey = remove
|
2015-10-08 19:01:38 +00:00
|
|
|
, lockContent = Nothing
|
2014-12-16 19:26:13 +00:00
|
|
|
, checkPresent = checkKey u hdl
|
|
|
|
, checkPresentCheap = False
|
2017-09-01 17:02:07 +00:00
|
|
|
, exportActions = exportUnsupported
|
2015-11-30 19:35:53 +00:00
|
|
|
, whereisKey = Just (getWhereisKey u)
|
2014-12-16 19:26:13 +00:00
|
|
|
, remoteFsck = Nothing
|
|
|
|
, repairRepo = Nothing
|
|
|
|
, config = c
|
2018-06-04 18:31:55 +00:00
|
|
|
, getRepo = return r
|
2014-12-16 19:26:13 +00:00
|
|
|
, gitconfig = gc
|
|
|
|
, localpath = Nothing
|
|
|
|
, readonly = False
|
|
|
|
, availability = GloballyAvailable
|
|
|
|
, remotetype = remote
|
|
|
|
, mkUnavailable = return Nothing
|
|
|
|
, getInfo = return []
|
|
|
|
, claimUrl = Nothing
|
|
|
|
, checkUrl = Nothing
|
|
|
|
}
|
2014-01-08 20:14:37 +00:00
|
|
|
|
2017-02-07 18:35:58 +00:00
|
|
|
tahoeSetup :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
tahoeSetup _ mu _ c _ = do
|
2014-01-08 20:14:37 +00:00
|
|
|
furl <- fromMaybe (fromMaybe missingfurl $ M.lookup furlk c)
|
|
|
|
<$> liftIO (getEnv "TAHOE_FURL")
|
|
|
|
u <- maybe (liftIO genUUID) return mu
|
|
|
|
configdir <- liftIO $ defaultTahoeConfigDir u
|
|
|
|
scs <- liftIO $ tahoeConfigure configdir furl (M.lookup scsk c)
|
|
|
|
let c' = if M.lookup "embedcreds" c == Just "yes"
|
|
|
|
then flip M.union c $ M.fromList
|
|
|
|
[ (furlk, furl)
|
|
|
|
, (scsk, scs)
|
|
|
|
]
|
|
|
|
else c
|
2018-03-27 16:41:57 +00:00
|
|
|
gitConfigSpecialRemote u c' [("tahoe", configdir)]
|
2014-01-08 20:14:37 +00:00
|
|
|
return (c', u)
|
|
|
|
where
|
|
|
|
scsk = "shared-convergence-secret"
|
|
|
|
furlk = "introducer-furl"
|
2016-11-16 01:29:54 +00:00
|
|
|
missingfurl = giveup "Set TAHOE_FURL to the introducer furl to use."
|
2014-01-08 20:14:37 +00:00
|
|
|
|
2014-01-08 23:17:18 +00:00
|
|
|
store :: UUID -> TahoeHandle -> Key -> AssociatedFile -> MeterUpdate -> Annex Bool
|
|
|
|
store u hdl k _f _p = sendAnnex k noop $ \src ->
|
|
|
|
parsePut <$> liftIO (readTahoe hdl "put" [File src]) >>= maybe
|
2014-01-08 20:14:37 +00:00
|
|
|
(return False)
|
|
|
|
(\cap -> storeCapability u k cap >> return True)
|
|
|
|
|
other 80% of avoding verification when hard linking to objects in shared repo
In c6632ee5c8e66c26ef18317f56ae02bae1e7e280, it actually only handled
uploading objects to a shared repository. To avoid verification when
downloading objects from a shared repository, was a lot harder.
On the plus side, if the process of downloading a file from a remote
is able to verify its content on the side, the remote can indicate this
now, and avoid the extra post-download verification.
As of yet, I don't have any remotes (except Git) using this ability.
Some more work would be needed to support it in special remotes.
It would make sense for tahoe to implicitly verify things downloaded from it;
as long as you trust your tahoe server (which typically runs locally),
there's cryptographic integrity. OTOH, despite bup being based on shas,
a bup repo under an attacker's control could have the git ref used for an
object changed, and so a bup repo shouldn't implicitly verify. Indeed,
tahoe seems unique in being trustworthy enough to implicitly verify.
2015-10-02 17:56:42 +00:00
|
|
|
retrieve :: UUID -> TahoeHandle -> Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex (Bool, Verification)
|
|
|
|
retrieve u hdl k _f d _p = unVerified $ go =<< getCapability u k
|
2014-01-08 20:14:37 +00:00
|
|
|
where
|
|
|
|
go Nothing = return False
|
2014-01-08 23:17:18 +00:00
|
|
|
go (Just cap) = liftIO $ requestTahoe hdl "get" [Param cap, File d]
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
remove :: Key -> Annex Bool
|
|
|
|
remove _k = do
|
|
|
|
warning "content cannot be removed from tahoe remote"
|
|
|
|
return False
|
|
|
|
|
2014-08-06 17:45:19 +00:00
|
|
|
checkKey :: UUID -> TahoeHandle -> Key -> Annex Bool
|
|
|
|
checkKey u hdl k = go =<< getCapability u k
|
2014-01-08 20:14:37 +00:00
|
|
|
where
|
2014-08-06 17:45:19 +00:00
|
|
|
go Nothing = return False
|
|
|
|
go (Just cap) = liftIO $ do
|
|
|
|
v <- parseCheck <$> readTahoe hdl "check"
|
|
|
|
[ Param "--raw"
|
|
|
|
, Param cap
|
|
|
|
]
|
2016-11-16 01:29:54 +00:00
|
|
|
either giveup return v
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
defaultTahoeConfigDir :: UUID -> IO TahoeConfigDir
|
|
|
|
defaultTahoeConfigDir u = do
|
|
|
|
h <- myHomeDir
|
2015-06-09 19:29:16 +00:00
|
|
|
return $ h </> ".tahoe-git-annex" </> fromUUID u
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
tahoeConfigure :: TahoeConfigDir -> IntroducerFurl -> Maybe SharedConvergenceSecret -> IO SharedConvergenceSecret
|
|
|
|
tahoeConfigure configdir furl mscs = do
|
|
|
|
unlessM (createClient configdir furl) $
|
2016-11-16 01:29:54 +00:00
|
|
|
giveup "tahoe create-client failed"
|
2014-01-08 20:14:37 +00:00
|
|
|
maybe noop (writeSharedConvergenceSecret configdir) mscs
|
|
|
|
startTahoeDaemon configdir
|
|
|
|
getSharedConvergenceSecret configdir
|
|
|
|
|
|
|
|
createClient :: TahoeConfigDir -> IntroducerFurl -> IO Bool
|
|
|
|
createClient configdir furl = do
|
2015-01-09 17:11:56 +00:00
|
|
|
createDirectoryIfMissing True (parentDir configdir)
|
2014-01-08 20:14:37 +00:00
|
|
|
boolTahoe configdir "create-client"
|
|
|
|
[ Param "--nickname", Param "git-annex"
|
|
|
|
, Param "--introducer", Param furl
|
|
|
|
]
|
|
|
|
|
|
|
|
writeSharedConvergenceSecret :: TahoeConfigDir -> SharedConvergenceSecret -> IO ()
|
|
|
|
writeSharedConvergenceSecret configdir scs =
|
|
|
|
writeFile (convergenceFile configdir) (unlines [scs])
|
|
|
|
|
|
|
|
{- The tahoe daemon writes the convergenceFile shortly after it starts
|
|
|
|
- (it does not need to connect to the network). So, try repeatedly to read
|
|
|
|
- the file, for up to 1 minute. To avoid reading a partially written
|
|
|
|
- file, look for the newline after the value. -}
|
|
|
|
getSharedConvergenceSecret :: TahoeConfigDir -> IO SharedConvergenceSecret
|
|
|
|
getSharedConvergenceSecret configdir = go (60 :: Int)
|
|
|
|
where
|
2014-10-09 18:53:13 +00:00
|
|
|
f = convergenceFile configdir
|
2014-01-08 20:14:37 +00:00
|
|
|
go n
|
2016-11-16 01:29:54 +00:00
|
|
|
| n == 0 = giveup $ "tahoe did not write " ++ f ++ " after 1 minute. Perhaps the daemon failed to start?"
|
2014-01-08 20:14:37 +00:00
|
|
|
| otherwise = do
|
|
|
|
v <- catchMaybeIO (readFile f)
|
|
|
|
case v of
|
|
|
|
Just s | "\n" `isSuffixOf` s || "\r" `isSuffixOf` s ->
|
2015-05-10 19:41:41 +00:00
|
|
|
return $ takeWhile (`notElem` ("\n\r" :: String)) s
|
2014-01-08 23:58:47 +00:00
|
|
|
_ -> do
|
|
|
|
threadDelaySeconds (Seconds 1)
|
|
|
|
go (n - 1)
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
convergenceFile :: TahoeConfigDir -> FilePath
|
|
|
|
convergenceFile configdir = configdir </> "private" </> "convergence"
|
|
|
|
|
|
|
|
startTahoeDaemon :: TahoeConfigDir -> IO ()
|
|
|
|
startTahoeDaemon configdir = void $ boolTahoe configdir "start" []
|
|
|
|
|
2014-01-08 23:17:18 +00:00
|
|
|
{- Ensures that tahoe has been started, before running an action
|
|
|
|
- that uses it. -}
|
|
|
|
withTahoeConfigDir :: TahoeHandle -> (TahoeConfigDir -> IO a) -> IO a
|
|
|
|
withTahoeConfigDir (TahoeHandle configdir v) a = go =<< atomically needsstart
|
|
|
|
where
|
2014-10-09 18:53:13 +00:00
|
|
|
go True = do
|
2014-01-08 23:17:18 +00:00
|
|
|
startTahoeDaemon configdir
|
|
|
|
a configdir
|
|
|
|
go False = a configdir
|
|
|
|
needsstart = ifM (isEmptyTMVar v)
|
|
|
|
( do
|
|
|
|
putTMVar v ()
|
|
|
|
return True
|
|
|
|
, return False
|
|
|
|
)
|
|
|
|
|
2014-01-08 20:14:37 +00:00
|
|
|
boolTahoe :: TahoeConfigDir -> String -> [CommandParam] -> IO Bool
|
|
|
|
boolTahoe configdir command params = boolSystem "tahoe" $
|
|
|
|
tahoeParams configdir command params
|
|
|
|
|
2014-01-08 23:17:18 +00:00
|
|
|
{- Runs a tahoe command that requests the daemon do something. -}
|
|
|
|
requestTahoe :: TahoeHandle -> String -> [CommandParam] -> IO Bool
|
|
|
|
requestTahoe hdl command params = withTahoeConfigDir hdl $ \configdir ->
|
|
|
|
boolTahoe configdir command params
|
|
|
|
|
|
|
|
{- Runs a tahoe command that requests the daemon output something. -}
|
|
|
|
readTahoe :: TahoeHandle -> String -> [CommandParam] -> IO String
|
|
|
|
readTahoe hdl command params = withTahoeConfigDir hdl $ \configdir ->
|
|
|
|
catchDefaultIO "" $
|
|
|
|
readProcess "tahoe" $ toCommand $
|
|
|
|
tahoeParams configdir command params
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
tahoeParams :: TahoeConfigDir -> String -> [CommandParam] -> [CommandParam]
|
|
|
|
tahoeParams configdir command params =
|
2014-03-25 23:31:02 +00:00
|
|
|
Param "-d" : File configdir : Param command : params
|
2014-01-08 20:14:37 +00:00
|
|
|
|
|
|
|
storeCapability :: UUID -> Key -> Capability -> Annex ()
|
|
|
|
storeCapability u k cap = setRemoteState u k cap
|
|
|
|
|
|
|
|
getCapability :: UUID -> Key -> Annex (Maybe Capability)
|
|
|
|
getCapability u k = getRemoteState u k
|
|
|
|
|
2015-11-30 19:35:53 +00:00
|
|
|
getWhereisKey :: UUID -> Key -> Annex [String]
|
|
|
|
getWhereisKey u k = disp <$> getCapability u k
|
|
|
|
where
|
|
|
|
disp Nothing = []
|
|
|
|
disp (Just c) = [c]
|
|
|
|
|
2014-01-08 20:14:37 +00:00
|
|
|
{- tahoe put outputs a single line, containing the capability. -}
|
|
|
|
parsePut :: String -> Maybe Capability
|
|
|
|
parsePut s = case lines s of
|
|
|
|
[cap] | "URI" `isPrefixOf` cap -> Just cap
|
|
|
|
_ -> Nothing
|
|
|
|
|
|
|
|
{- tahoe check --raw outputs a json document.
|
|
|
|
- Its contents will vary (for LIT capabilities, it lacks most info),
|
|
|
|
- but should always contain a results object with a healthy value
|
|
|
|
- that's true or false.
|
|
|
|
-}
|
|
|
|
parseCheck :: String -> Either String Bool
|
|
|
|
parseCheck s = maybe parseerror (Right . healthy . results) (decode $ fromString s)
|
|
|
|
where
|
|
|
|
parseerror
|
|
|
|
| null s = Left "tahoe check failed to run"
|
|
|
|
| otherwise = Left "unable to parse tahoe check output"
|
|
|
|
|
|
|
|
data CheckRet = CheckRet { results :: Results }
|
|
|
|
data Results = Results { healthy :: Bool }
|
|
|
|
|
|
|
|
instance FromJSON CheckRet where
|
|
|
|
parseJSON (Object v) = CheckRet
|
|
|
|
<$> v .: "results"
|
|
|
|
parseJSON _ = mzero
|
|
|
|
|
|
|
|
instance FromJSON Results where
|
|
|
|
parseJSON (Object v) = Results
|
|
|
|
<$> v .: "healthy"
|
|
|
|
parseJSON _ = mzero
|