2011-07-01 21:15:46 +00:00
|
|
|
{- git-annex command
|
|
|
|
-
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
- Copyright 2011-2020 Joey Hess <id@joeyh.name>
|
2011-07-01 21:15:46 +00:00
|
|
|
-
|
2019-03-13 19:48:14 +00:00
|
|
|
- Licensed under the GNU AGPL version 3 or higher.
|
2011-07-01 21:15:46 +00:00
|
|
|
-}
|
|
|
|
|
|
|
|
module Command.AddUrl where
|
|
|
|
|
|
|
|
import Command
|
2012-06-05 23:51:03 +00:00
|
|
|
import Backend
|
2011-07-01 22:46:07 +00:00
|
|
|
import qualified Annex
|
2013-09-28 18:35:21 +00:00
|
|
|
import qualified Annex.Url as Url
|
2011-08-06 18:57:22 +00:00
|
|
|
import qualified Backend.URL
|
2014-12-08 23:14:24 +00:00
|
|
|
import qualified Remote
|
|
|
|
import qualified Types.Remote as Remote
|
2015-12-22 17:23:33 +00:00
|
|
|
import qualified Command.Add
|
2011-10-04 04:40:47 +00:00
|
|
|
import Annex.Content
|
2015-12-22 17:23:33 +00:00
|
|
|
import Annex.Ingest
|
2016-09-21 21:21:48 +00:00
|
|
|
import Annex.CheckIgnore
|
2020-03-06 15:57:15 +00:00
|
|
|
import Annex.Perms
|
2014-12-17 17:57:52 +00:00
|
|
|
import Annex.UUID
|
2017-11-29 19:49:05 +00:00
|
|
|
import Annex.YoutubeDl
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
import Annex.UntrustedFilePath
|
2011-10-15 20:36:56 +00:00
|
|
|
import Logs.Web
|
2012-06-20 20:07:14 +00:00
|
|
|
import Types.KeySource
|
2014-12-11 19:32:42 +00:00
|
|
|
import Types.UrlContents
|
2015-12-02 19:12:33 +00:00
|
|
|
import Annex.FileMatcher
|
2013-04-11 17:35:52 +00:00
|
|
|
import Logs.Location
|
2014-12-08 23:14:24 +00:00
|
|
|
import Utility.Metered
|
2017-11-28 21:17:40 +00:00
|
|
|
import Utility.HtmlDetect
|
2017-12-31 20:08:31 +00:00
|
|
|
import Utility.Path.Max
|
2020-11-03 14:11:04 +00:00
|
|
|
import qualified Utility.RawFilePath as R
|
2014-03-22 14:42:38 +00:00
|
|
|
import qualified Annex.Transfer as Transfer
|
2011-07-01 21:15:46 +00:00
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
import Network.URI
|
|
|
|
import qualified System.FilePath.ByteString as P
|
|
|
|
|
2015-07-08 16:33:27 +00:00
|
|
|
cmd :: Command
|
2018-02-19 18:28:17 +00:00
|
|
|
cmd = notBareRepo $ withGlobalOptions [jobsOption, jsonOptions, jsonProgressOption] $
|
2015-07-08 19:08:02 +00:00
|
|
|
command "addurl" SectionCommon "add urls to annex"
|
2015-07-13 14:57:49 +00:00
|
|
|
(paramRepeating paramUrl) (seek <$$> optParser)
|
2012-02-08 19:35:18 +00:00
|
|
|
|
2015-07-13 14:57:49 +00:00
|
|
|
data AddUrlOptions = AddUrlOptions
|
|
|
|
{ addUrls :: CmdParams
|
|
|
|
, pathdepthOption :: Maybe Int
|
2015-07-21 16:50:05 +00:00
|
|
|
, prefixOption :: Maybe String
|
|
|
|
, suffixOption :: Maybe String
|
2017-11-30 20:48:35 +00:00
|
|
|
, downloadOptions :: DownloadOptions
|
2015-12-21 16:57:13 +00:00
|
|
|
, batchOption :: BatchMode
|
2015-12-22 16:20:39 +00:00
|
|
|
, batchFilesOption :: Bool
|
2015-07-13 14:57:49 +00:00
|
|
|
}
|
2011-07-01 21:15:46 +00:00
|
|
|
|
2017-11-30 20:48:35 +00:00
|
|
|
data DownloadOptions = DownloadOptions
|
|
|
|
{ relaxedOption :: Bool
|
|
|
|
, rawOption :: Bool
|
|
|
|
, fileOption :: Maybe FilePath
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
, preserveFilenameOption :: Bool
|
Added --no-check-gitignore option for finer grained control than using --force.
add, addurl, importfeed, import: Added --no-check-gitignore option
for finer grained control than using --force.
(--force is used for too many different things, and at least one
of these also uses it for something else. I would like to reduce
--force's footprint until it only forces drops or a few other data
losses. For now, --force still disables checking ignores too.)
addunused: Don't check .gitignores when adding files. This is a behavior
change, but I justify it by analogy with git add of a gitignored file
adding it, asking to add all unused files back should add them all back,
not skip some. The old behavior was surprising.
In Command.Lock and Command.ReKey, CheckGitIgnore False does not change
behavior, it only makes explicit what is done. Since these commands are run
on annexed files, the file is already checked into git, so git add won't
check ignores.
2020-09-18 17:12:04 +00:00
|
|
|
, checkGitIgnoreOption :: CheckGitIgnore
|
2017-11-30 20:48:35 +00:00
|
|
|
}
|
|
|
|
|
2015-07-13 14:57:49 +00:00
|
|
|
optParser :: CmdParamsDesc -> Parser AddUrlOptions
|
|
|
|
optParser desc = AddUrlOptions
|
|
|
|
<$> cmdParams desc
|
|
|
|
<*> optional (option auto
|
|
|
|
( long "pathdepth" <> metavar paramNumber
|
2015-07-21 16:50:05 +00:00
|
|
|
<> help "number of url path components to use in filename"
|
|
|
|
))
|
|
|
|
<*> optional (strOption
|
|
|
|
( long "prefix" <> metavar paramValue
|
|
|
|
<> help "add a prefix to the filename"
|
|
|
|
))
|
|
|
|
<*> optional (strOption
|
|
|
|
( long "suffix" <> metavar paramValue
|
|
|
|
<> help "add a suffix to the filename"
|
2015-07-13 14:57:49 +00:00
|
|
|
))
|
2017-11-30 20:48:35 +00:00
|
|
|
<*> parseDownloadOptions True
|
2015-12-21 16:57:13 +00:00
|
|
|
<*> parseBatchOption
|
2015-12-22 16:20:39 +00:00
|
|
|
<*> switch
|
|
|
|
( long "with-files"
|
|
|
|
<> help "parse batch mode lines of the form \"$url $file\""
|
|
|
|
)
|
2015-07-13 15:06:41 +00:00
|
|
|
|
2017-11-30 20:48:35 +00:00
|
|
|
parseDownloadOptions :: Bool -> Parser DownloadOptions
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
parseDownloadOptions withfileoptions = DownloadOptions
|
2017-11-30 20:48:35 +00:00
|
|
|
<$> switch
|
|
|
|
( long "relaxed"
|
|
|
|
<> help "skip size check"
|
|
|
|
)
|
|
|
|
<*> switch
|
|
|
|
( long "raw"
|
|
|
|
<> help "disable special handling for torrents, youtube-dl, etc"
|
|
|
|
)
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
<*> (if withfileoptions
|
2017-11-30 20:48:35 +00:00
|
|
|
then optional (strOption
|
|
|
|
( long "file" <> metavar paramFile
|
|
|
|
<> help "specify what file the url is added to"
|
|
|
|
))
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
else pure Nothing)
|
|
|
|
<*> (if withfileoptions
|
|
|
|
then switch
|
|
|
|
( long "preserve-filename"
|
|
|
|
<> help "use filename provided by server as-is"
|
|
|
|
)
|
|
|
|
else pure False)
|
Added --no-check-gitignore option for finer grained control than using --force.
add, addurl, importfeed, import: Added --no-check-gitignore option
for finer grained control than using --force.
(--force is used for too many different things, and at least one
of these also uses it for something else. I would like to reduce
--force's footprint until it only forces drops or a few other data
losses. For now, --force still disables checking ignores too.)
addunused: Don't check .gitignores when adding files. This is a behavior
change, but I justify it by analogy with git add of a gitignored file
adding it, asking to add all unused files back should add them all back,
not skip some. The old behavior was surprising.
In Command.Lock and Command.ReKey, CheckGitIgnore False does not change
behavior, it only makes explicit what is done. Since these commands are run
on annexed files, the file is already checked into git, so git add won't
check ignores.
2020-09-18 17:12:04 +00:00
|
|
|
<*> Command.Add.checkGitIgnoreSwitch
|
2012-02-16 16:25:19 +00:00
|
|
|
|
2015-07-13 14:57:49 +00:00
|
|
|
seek :: AddUrlOptions -> CommandSeek
|
2019-06-19 16:35:08 +00:00
|
|
|
seek o = startConcurrency commandStages $ do
|
2019-12-20 19:01:34 +00:00
|
|
|
addunlockedmatcher <- addUnlockedMatcher
|
2020-09-14 20:49:33 +00:00
|
|
|
let go (si, (o', u)) = do
|
2019-12-20 19:01:34 +00:00
|
|
|
r <- Remote.claimingUrl u
|
|
|
|
if Remote.uuid r == webUUID || rawOption (downloadOptions o')
|
2020-09-14 20:49:33 +00:00
|
|
|
then void $ commandAction $
|
|
|
|
startWeb addunlockedmatcher o' si u
|
|
|
|
else checkUrl addunlockedmatcher r o' si u
|
|
|
|
forM_ (addUrls o) (\u -> go (SeekInput [u], (o, u)))
|
2015-12-21 16:57:13 +00:00
|
|
|
case batchOption o of
|
2020-04-15 20:04:05 +00:00
|
|
|
Batch fmt -> batchInput fmt (pure . parseBatchInput o) go
|
2015-12-21 16:57:13 +00:00
|
|
|
NoBatch -> noop
|
2015-12-22 16:20:39 +00:00
|
|
|
|
|
|
|
parseBatchInput :: AddUrlOptions -> String -> Either String (AddUrlOptions, URLString)
|
|
|
|
parseBatchInput o s
|
|
|
|
| batchFilesOption o =
|
|
|
|
let (u, f) = separate (== ' ') s
|
|
|
|
in if null u || null f
|
|
|
|
then Left ("parsed empty url or filename in input: " ++ s)
|
2017-11-30 20:48:35 +00:00
|
|
|
else Right (o { downloadOptions = (downloadOptions o) { fileOption = Just f } }, u)
|
2015-12-22 16:20:39 +00:00
|
|
|
| otherwise = Right (o, s)
|
2015-03-31 19:20:29 +00:00
|
|
|
|
2020-09-14 20:49:33 +00:00
|
|
|
checkUrl :: AddUnlockedMatcher -> Remote -> AddUrlOptions -> SeekInput -> URLString -> Annex ()
|
|
|
|
checkUrl addunlockedmatcher r o si u = do
|
2015-03-31 19:20:29 +00:00
|
|
|
pathmax <- liftIO $ fileNameLengthLimit "."
|
2017-11-30 20:48:35 +00:00
|
|
|
let deffile = fromMaybe (urlString2file u (pathdepthOption o) pathmax) (fileOption (downloadOptions o))
|
2015-03-31 19:20:29 +00:00
|
|
|
go deffile =<< maybe
|
|
|
|
(error $ "unable to checkUrl of " ++ Remote.name r)
|
|
|
|
(tryNonAsync . flip id u)
|
|
|
|
(Remote.checkUrl r)
|
|
|
|
where
|
|
|
|
|
2020-09-14 20:49:33 +00:00
|
|
|
go _ (Left e) = void $ commandAction $ startingAddUrl si u o $ do
|
2015-03-31 19:20:29 +00:00
|
|
|
warning (show e)
|
make CommandStart return a StartMessage
The goal is to be able to run CommandStart in the main thread when -J is
used, rather than unncessarily passing it off to a worker thread, which
incurs overhead that is signficant when the CommandStart is going to
quickly decide to stop.
To do that, the message it displays needs to be displayed in the worker
thread, after the CommandStart has run.
Also, the change will mean that CommandStart will no longer necessarily
run with the same Annex state as CommandPerform. While its docs already
said it should avoid modifying Annex state, I audited all the
CommandStart code as part of the conversion. (Note that CommandSeek
already sometimes runs with a different Annex state, and that has not been
a source of any problems, so I am not too worried that this change will
lead to breakage going forward.)
The only modification of Annex state I found was it calling
allowMessages in some Commands that default to noMessages. Dealt with
that by adding a startCustomOutput and a startingUsualMessages.
This lets a command start with noMessages and then select the output it
wants for each CommandStart.
One bit of breakage: onlyActionOn has been removed from commands that used it.
The plan is that, since a StartMessage contains an ActionItem,
when a Key can be extracted from that, the parallel job runner can
run onlyActionOn' automatically. Then commands won't need to worry about
this detail. Future work.
Otherwise, this was a fairly straightforward process of making each
CommandStart compile again. Hopefully other behavior changes were mostly
avoided.
In a few cases, a command had a CommandStart that called a CommandPerform
that then called showStart multiple times. I have collapsed those
down to a single start action. The main command to perhaps suffer from it
is Command.Direct, which used to show a start for each file, and no
longer does.
Another minor behavior change is that some commands used showStart
before, but had an associated file and a Key available, so were changed
to ShowStart with an ActionItemAssociatedFile. That will not change the
normal output or behavior, but --json output will now include the key.
This should not break it for anyone using a real json parser.
2019-06-06 19:42:30 +00:00
|
|
|
next $ return False
|
2020-05-11 18:32:36 +00:00
|
|
|
go deffile (Right (UrlContents sz mf)) = do
|
|
|
|
f <- maybe (pure deffile) (sanitizeOrPreserveFilePath o) mf
|
|
|
|
let f' = adjustFile o (fromMaybe f (fileOption (downloadOptions o)))
|
2020-09-14 20:49:33 +00:00
|
|
|
void $ commandAction $ startRemote addunlockedmatcher r o si f' u sz
|
2018-10-29 18:41:41 +00:00
|
|
|
go deffile (Right (UrlMulti l)) = case fileOption (downloadOptions o) of
|
|
|
|
Nothing ->
|
2015-07-21 16:50:05 +00:00
|
|
|
forM_ l $ \(u', sz, f) -> do
|
2020-05-11 18:32:36 +00:00
|
|
|
f' <- sanitizeOrPreserveFilePath o f
|
2020-05-26 14:45:57 +00:00
|
|
|
let f'' = adjustFile o (deffile </> f')
|
2020-09-14 20:49:33 +00:00
|
|
|
void $ commandAction $ startRemote addunlockedmatcher r o si f'' u' sz
|
2018-10-29 18:41:41 +00:00
|
|
|
Just f -> case l of
|
|
|
|
[] -> noop
|
|
|
|
((u',sz,_):[]) -> do
|
|
|
|
let f' = adjustFile o f
|
2020-09-14 20:49:33 +00:00
|
|
|
void $ commandAction $ startRemote addunlockedmatcher r o si f' u' sz
|
2018-10-29 18:41:41 +00:00
|
|
|
_ -> giveup $ unwords
|
|
|
|
[ "That url contains multiple files according to the"
|
|
|
|
, Remote.name r
|
|
|
|
, " remote; cannot add it to a single file."
|
|
|
|
]
|
2014-12-08 23:14:24 +00:00
|
|
|
|
2020-09-14 20:49:33 +00:00
|
|
|
startRemote :: AddUnlockedMatcher -> Remote -> AddUrlOptions -> SeekInput -> FilePath -> URLString -> Maybe Integer -> CommandStart
|
|
|
|
startRemote addunlockedmatcher r o si file uri sz = do
|
2014-12-12 00:10:45 +00:00
|
|
|
pathmax <- liftIO $ fileNameLengthLimit "."
|
2020-11-03 22:34:27 +00:00
|
|
|
let file' = joinPath $ map (truncateFilePath pathmax) $
|
|
|
|
splitDirectories file
|
2020-09-14 20:49:33 +00:00
|
|
|
startingAddUrl si uri o $ do
|
make CommandStart return a StartMessage
The goal is to be able to run CommandStart in the main thread when -J is
used, rather than unncessarily passing it off to a worker thread, which
incurs overhead that is signficant when the CommandStart is going to
quickly decide to stop.
To do that, the message it displays needs to be displayed in the worker
thread, after the CommandStart has run.
Also, the change will mean that CommandStart will no longer necessarily
run with the same Annex state as CommandPerform. While its docs already
said it should avoid modifying Annex state, I audited all the
CommandStart code as part of the conversion. (Note that CommandSeek
already sometimes runs with a different Annex state, and that has not been
a source of any problems, so I am not too worried that this change will
lead to breakage going forward.)
The only modification of Annex state I found was it calling
allowMessages in some Commands that default to noMessages. Dealt with
that by adding a startCustomOutput and a startingUsualMessages.
This lets a command start with noMessages and then select the output it
wants for each CommandStart.
One bit of breakage: onlyActionOn has been removed from commands that used it.
The plan is that, since a StartMessage contains an ActionItem,
when a Key can be extracted from that, the parallel job runner can
run onlyActionOn' automatically. Then commands won't need to worry about
this detail. Future work.
Otherwise, this was a fairly straightforward process of making each
CommandStart compile again. Hopefully other behavior changes were mostly
avoided.
In a few cases, a command had a CommandStart that called a CommandPerform
that then called showStart multiple times. I have collapsed those
down to a single start action. The main command to perhaps suffer from it
is Command.Direct, which used to show a start for each file, and no
longer does.
Another minor behavior change is that some commands used showStart
before, but had an associated file and a Key available, so were changed
to ShowStart with an ActionItemAssociatedFile. That will not change the
normal output or behavior, but --json output will now include the key.
This should not break it for anyone using a real json parser.
2019-06-06 19:42:30 +00:00
|
|
|
showNote $ "from " ++ Remote.name r
|
|
|
|
showDestinationFile file'
|
2020-11-03 22:34:27 +00:00
|
|
|
performRemote addunlockedmatcher r o uri (toRawFilePath file') sz
|
2014-12-08 23:14:24 +00:00
|
|
|
|
2020-11-03 22:34:27 +00:00
|
|
|
performRemote :: AddUnlockedMatcher -> Remote -> AddUrlOptions -> URLString -> RawFilePath -> Maybe Integer -> CommandPerform
|
|
|
|
performRemote addunlockedmatcher r o uri file sz = ifAnnexed file adduri geturi
|
2014-12-08 23:14:24 +00:00
|
|
|
where
|
|
|
|
loguri = setDownloader uri OtherDownloader
|
2017-11-30 20:48:35 +00:00
|
|
|
adduri = addUrlChecked o loguri file (Remote.uuid r) checkexistssize
|
2014-12-11 19:32:42 +00:00
|
|
|
checkexistssize key = return $ case sz of
|
2017-12-11 17:41:41 +00:00
|
|
|
Nothing -> (True, True, loguri)
|
2019-11-22 20:24:04 +00:00
|
|
|
Just n -> (True, n == fromMaybe n (fromKey keySize key), loguri)
|
2019-12-20 19:01:34 +00:00
|
|
|
geturi = next $ isJust <$> downloadRemoteFile addunlockedmatcher r (downloadOptions o) uri file sz
|
2014-12-11 20:43:46 +00:00
|
|
|
|
2020-11-03 22:34:27 +00:00
|
|
|
downloadRemoteFile :: AddUnlockedMatcher -> Remote -> DownloadOptions -> URLString -> RawFilePath -> Maybe Integer -> Annex (Maybe Key)
|
2020-09-29 17:00:41 +00:00
|
|
|
downloadRemoteFile addunlockedmatcher r o uri file sz = checkCanAdd o file $ \canadd -> do
|
2015-05-23 02:41:36 +00:00
|
|
|
let urlkey = Backend.URL.fromUrl uri sz
|
2020-11-03 22:34:27 +00:00
|
|
|
createWorkTreeDirectory (parentDir file)
|
2017-11-30 20:48:35 +00:00
|
|
|
ifM (Annex.getState Annex.fast <||> pure (relaxedOption o))
|
2014-12-11 20:43:46 +00:00
|
|
|
( do
|
2020-09-29 17:00:41 +00:00
|
|
|
addWorkTree canadd addunlockedmatcher (Remote.uuid r) loguri file urlkey Nothing
|
2014-12-11 20:43:46 +00:00
|
|
|
return (Just urlkey)
|
|
|
|
, do
|
|
|
|
-- Set temporary url for the urlkey
|
|
|
|
-- so that the remote knows what url it
|
|
|
|
-- should use to download it.
|
2014-12-17 18:34:42 +00:00
|
|
|
setTempUrl urlkey loguri
|
2020-05-13 21:05:56 +00:00
|
|
|
let downloader = \dest p ->
|
2020-05-14 18:19:28 +00:00
|
|
|
fst <$> Remote.verifiedAction (Remote.retrieveKeyFile r urlkey af dest p)
|
2020-09-29 17:00:41 +00:00
|
|
|
ret <- downloadWith canadd addunlockedmatcher downloader urlkey (Remote.uuid r) loguri file
|
2014-12-11 20:43:46 +00:00
|
|
|
removeTempUrl urlkey
|
|
|
|
return ret
|
|
|
|
)
|
|
|
|
where
|
|
|
|
loguri = setDownloader uri OtherDownloader
|
2020-11-03 22:34:27 +00:00
|
|
|
af = AssociatedFile (Just file)
|
2014-12-08 23:14:24 +00:00
|
|
|
|
2020-09-14 20:49:33 +00:00
|
|
|
startWeb :: AddUnlockedMatcher -> AddUrlOptions -> SeekInput -> URLString -> CommandStart
|
|
|
|
startWeb addunlockedmatcher o si urlstring = go $ fromMaybe bad $ parseURI urlstring
|
2012-11-12 05:05:04 +00:00
|
|
|
where
|
2016-11-16 01:29:54 +00:00
|
|
|
bad = fromMaybe (giveup $ "bad url " ++ urlstring) $
|
2015-06-14 17:39:44 +00:00
|
|
|
Url.parseURIRelaxed $ urlstring
|
2020-09-14 20:49:33 +00:00
|
|
|
go url = startingAddUrl si urlstring o $
|
2020-04-27 17:48:14 +00:00
|
|
|
if relaxedOption (downloadOptions o)
|
|
|
|
then go' url Url.assumeUrlExists
|
|
|
|
else Url.withUrlOptions (Url.getUrlInfo urlstring) >>= \case
|
|
|
|
Right urlinfo -> go' url urlinfo
|
|
|
|
Left err -> do
|
|
|
|
warning err
|
|
|
|
next $ return False
|
|
|
|
go' url urlinfo = do
|
2013-09-09 06:16:22 +00:00
|
|
|
pathmax <- liftIO $ fileNameLengthLimit "."
|
2017-11-30 20:48:35 +00:00
|
|
|
file <- adjustFile o <$> case fileOption (downloadOptions o) of
|
2015-01-22 18:52:52 +00:00
|
|
|
Just f -> pure f
|
|
|
|
Nothing -> case Url.urlSuggestedFile urlinfo of
|
2020-05-11 18:32:36 +00:00
|
|
|
Just sf -> do
|
|
|
|
f <- sanitizeOrPreserveFilePath o sf
|
|
|
|
if preserveFilenameOption (downloadOptions o)
|
|
|
|
then pure f
|
|
|
|
else ifM (liftIO $ doesFileExist f <||> doesDirectoryExist f)
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
( pure $ url2file url (pathdepthOption o) pathmax
|
|
|
|
, pure f
|
|
|
|
)
|
|
|
|
_ -> pure $ url2file url (pathdepthOption o) pathmax
|
2020-11-03 22:34:27 +00:00
|
|
|
performWeb addunlockedmatcher o urlstring (toRawFilePath file) urlinfo
|
2013-08-22 22:25:21 +00:00
|
|
|
|
2020-05-11 18:32:36 +00:00
|
|
|
sanitizeOrPreserveFilePath :: AddUrlOptions -> FilePath -> Annex FilePath
|
|
|
|
sanitizeOrPreserveFilePath o f
|
|
|
|
| preserveFilenameOption (downloadOptions o) && not (null f) = do
|
|
|
|
checkPreserveFileNameSecurity f
|
|
|
|
return f
|
|
|
|
| otherwise = do
|
|
|
|
pathmax <- liftIO $ fileNameLengthLimit "."
|
|
|
|
return $ truncateFilePath pathmax $ sanitizeFilePath f
|
|
|
|
|
addurl --preserve-filename and a few related changes
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
Not yet implemented for remotes other than the web.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
This might be considered a security fix, but a CVE seems unwattanted.
It was possible for addurl to create a dotfile, which could change
behavior of some program. It was also possible for a web server to say
the file name was ".git" or "foo/.git". That would not overrwrite the
.git directory, but would cause addurl to fail; of course git won't
add "foo/.git".
sanitizeFilePath is too opinionated to remain in Utility, so moved it.
The changes to mkSafeFilePath are because it used sanitizeFilePath.
In particular:
isDrive will never succeed, because "c:" gets munged to "c_"
".." gets sanitized now
".git" gets sanitized now
It will never be null, because sanitizeFilePath keeps the length
the same, and splitDirectories never returns a null path.
Also, on the off chance a web server suggests a filename of "",
ignore that, rather than trying to save to such a filename, which would
fail in some way.
2020-05-08 20:09:29 +00:00
|
|
|
-- sanitizeFilePath avoids all these security problems
|
|
|
|
-- (and probably others, but at least this catches the most egrarious ones).
|
|
|
|
checkPreserveFileNameSecurity :: FilePath -> Annex ()
|
|
|
|
checkPreserveFileNameSecurity f = do
|
|
|
|
checksecurity escapeSequenceInFilePath False "escape sequence"
|
|
|
|
checksecurity pathTraversalInFilePath True "path traversal"
|
|
|
|
checksecurity gitDirectoryInFilePath True "contains a .git directory"
|
|
|
|
where
|
|
|
|
checksecurity p canshow d = when (p f) $
|
|
|
|
giveup $ concat
|
|
|
|
[ "--preserve-filename was used, but the filename "
|
|
|
|
, if canshow then "(" ++ f ++ ") " else ""
|
|
|
|
, "has a security problem (" ++ d ++ "), not adding."
|
|
|
|
]
|
|
|
|
|
2020-11-03 22:34:27 +00:00
|
|
|
performWeb :: AddUnlockedMatcher -> AddUrlOptions -> URLString -> RawFilePath -> Url.UrlInfo -> CommandPerform
|
|
|
|
performWeb addunlockedmatcher o url file urlinfo = ifAnnexed file addurl geturl
|
2014-12-11 20:11:38 +00:00
|
|
|
where
|
2019-12-20 19:01:34 +00:00
|
|
|
geturl = next $ isJust <$> addUrlFile addunlockedmatcher (downloadOptions o) url urlinfo file
|
2019-03-18 17:34:29 +00:00
|
|
|
addurl = addUrlChecked o url file webUUID $ \k ->
|
2017-11-30 20:48:35 +00:00
|
|
|
ifM (pure (not (rawOption (downloadOptions o))) <&&> youtubeDlSupported url)
|
2017-11-30 17:45:43 +00:00
|
|
|
( return (True, True, setDownloader url YoutubeDownloader)
|
2019-11-22 20:24:04 +00:00
|
|
|
, return (Url.urlExists urlinfo, Url.urlSize urlinfo == fromKey keySize k, url)
|
2017-11-30 17:45:43 +00:00
|
|
|
)
|
2014-12-11 20:11:38 +00:00
|
|
|
|
2017-11-30 17:45:43 +00:00
|
|
|
{- Check that the url exists, and has the same size as the key,
|
|
|
|
- and add it as an url to the key. -}
|
2020-11-03 22:34:27 +00:00
|
|
|
addUrlChecked :: AddUrlOptions -> URLString -> RawFilePath -> UUID -> (Key -> Annex (Bool, Bool, URLString)) -> Key -> CommandPerform
|
2017-11-30 20:48:35 +00:00
|
|
|
addUrlChecked o url file u checkexistssize key =
|
2017-11-30 17:45:43 +00:00
|
|
|
ifM ((elem url <$> getUrls key) <&&> (elem u <$> loggedLocations key))
|
2017-11-30 19:06:21 +00:00
|
|
|
( do
|
2020-11-03 22:34:27 +00:00
|
|
|
showDestinationFile (fromRawFilePath file)
|
2017-11-30 19:06:21 +00:00
|
|
|
next $ return True
|
2014-12-08 23:14:24 +00:00
|
|
|
, do
|
2017-11-30 17:45:43 +00:00
|
|
|
(exists, samesize, url') <- checkexistssize key
|
2017-11-30 20:48:35 +00:00
|
|
|
if exists && (samesize || relaxedOption (downloadOptions o))
|
2014-12-08 23:14:24 +00:00
|
|
|
then do
|
2018-10-04 21:33:25 +00:00
|
|
|
setUrlPresent key url'
|
|
|
|
logChange key u InfoPresent
|
2014-12-08 23:14:24 +00:00
|
|
|
next $ return True
|
|
|
|
else do
|
|
|
|
warning $ "while adding a new url to an already annexed file, " ++ if exists
|
|
|
|
then "url does not have expected file size (use --relaxed to bypass this check) " ++ url
|
|
|
|
else "failed to verify url exists: " ++ url
|
|
|
|
stop
|
|
|
|
)
|
2011-08-06 18:57:22 +00:00
|
|
|
|
2017-11-30 17:45:43 +00:00
|
|
|
{- Downloads an url (except in fast or relaxed mode) and adds it to the
|
|
|
|
- repository, normally at the specified FilePath.
|
|
|
|
- But, if youtube-dl supports the url, it will be written to a
|
2017-11-30 17:24:52 +00:00
|
|
|
- different file, based on the title of the media. Unless the user
|
|
|
|
- specified fileOption, which then forces using the FilePath.
|
2017-11-28 21:17:40 +00:00
|
|
|
-}
|
2020-11-03 22:34:27 +00:00
|
|
|
addUrlFile :: AddUnlockedMatcher -> DownloadOptions -> URLString -> Url.UrlInfo -> RawFilePath -> Annex (Maybe Key)
|
2019-12-20 19:01:34 +00:00
|
|
|
addUrlFile addunlockedmatcher o url urlinfo file =
|
2017-11-30 20:48:35 +00:00
|
|
|
ifM (Annex.getState Annex.fast <||> pure (relaxedOption o))
|
2019-12-20 19:01:34 +00:00
|
|
|
( nodownloadWeb addunlockedmatcher o url urlinfo file
|
|
|
|
, downloadWeb addunlockedmatcher o url urlinfo file
|
2013-07-28 19:27:36 +00:00
|
|
|
)
|
|
|
|
|
2020-11-03 22:34:27 +00:00
|
|
|
downloadWeb :: AddUnlockedMatcher -> DownloadOptions -> URLString -> Url.UrlInfo -> RawFilePath -> Annex (Maybe Key)
|
2019-12-20 19:01:34 +00:00
|
|
|
downloadWeb addunlockedmatcher o url urlinfo file =
|
2020-11-03 22:34:27 +00:00
|
|
|
go =<< downloadWith' downloader urlkey webUUID url (AssociatedFile (Just file))
|
2017-11-28 21:17:40 +00:00
|
|
|
where
|
2017-11-29 19:49:05 +00:00
|
|
|
urlkey = addSizeUrlKey urlinfo $ Backend.URL.fromUrl url Nothing
|
2020-01-22 20:13:48 +00:00
|
|
|
downloader f p = Url.withUrlOptions $ downloadUrl urlkey p [url] f
|
2017-11-28 21:17:40 +00:00
|
|
|
go Nothing = return Nothing
|
2020-11-03 22:34:27 +00:00
|
|
|
go (Just tmp) = ifM (pure (not (rawOption o)) <&&> liftIO (isHtml <$> readFile (fromRawFilePath tmp)))
|
2017-11-29 19:49:05 +00:00
|
|
|
( tryyoutubedl tmp
|
2017-11-28 21:17:40 +00:00
|
|
|
, normalfinish tmp
|
|
|
|
)
|
2020-09-29 17:00:41 +00:00
|
|
|
normalfinish tmp = checkCanAdd o file $ \canadd -> do
|
2020-11-03 22:34:27 +00:00
|
|
|
showDestinationFile (fromRawFilePath file)
|
|
|
|
createWorkTreeDirectory (parentDir file)
|
2020-09-29 17:00:41 +00:00
|
|
|
Just <$> finishDownloadWith canadd addunlockedmatcher tmp webUUID url file
|
2020-08-25 16:56:38 +00:00
|
|
|
-- Ask youtube-dl what filename it will download first,
|
|
|
|
-- so it's only used when the file contains embedded media.
|
|
|
|
tryyoutubedl tmp = youtubeDlFileNameHtmlOnly url >>= \case
|
|
|
|
Right mediafile ->
|
2020-11-03 22:34:27 +00:00
|
|
|
let f = youtubeDlDestFile o file (toRawFilePath mediafile)
|
|
|
|
in ifAnnexed f
|
|
|
|
(alreadyannexed (fromRawFilePath f))
|
2020-08-25 16:56:38 +00:00
|
|
|
(dl f)
|
|
|
|
Left _ -> normalfinish tmp
|
2017-11-30 17:45:43 +00:00
|
|
|
where
|
2018-06-28 16:48:54 +00:00
|
|
|
dl dest = withTmpWorkDir mediakey $ \workdir -> do
|
2020-11-03 14:11:04 +00:00
|
|
|
let cleanuptmp = pruneTmpWorkDirBefore tmp (liftIO . removeWhenExistsWith R.removeLink)
|
2020-09-29 21:53:48 +00:00
|
|
|
showNote "using youtube-dl"
|
2017-12-31 18:55:51 +00:00
|
|
|
Transfer.notifyTransfer Transfer.Download url $
|
2020-09-29 21:53:48 +00:00
|
|
|
Transfer.download webUUID mediakey (AssociatedFile Nothing) Transfer.noRetry $ \p ->
|
2020-11-03 22:34:27 +00:00
|
|
|
youtubeDl url (fromRawFilePath workdir) p >>= \case
|
2017-12-31 18:55:51 +00:00
|
|
|
Right (Just mediafile) -> do
|
2018-06-28 16:48:54 +00:00
|
|
|
cleanuptmp
|
2020-09-29 17:00:41 +00:00
|
|
|
checkCanAdd o dest $ \canadd -> do
|
2020-11-03 22:34:27 +00:00
|
|
|
showDestinationFile (fromRawFilePath dest)
|
|
|
|
addWorkTree canadd addunlockedmatcher webUUID mediaurl dest mediakey (Just (toRawFilePath mediafile))
|
2017-12-31 18:55:51 +00:00
|
|
|
return $ Just mediakey
|
|
|
|
Right Nothing -> normalfinish tmp
|
|
|
|
Left msg -> do
|
2018-06-28 16:48:54 +00:00
|
|
|
cleanuptmp
|
2017-12-31 18:55:51 +00:00
|
|
|
warning msg
|
|
|
|
return Nothing
|
2017-11-30 17:45:43 +00:00
|
|
|
mediaurl = setDownloader url YoutubeDownloader
|
|
|
|
mediakey = Backend.URL.fromUrl mediaurl Nothing
|
2017-12-31 18:55:51 +00:00
|
|
|
-- Does the already annexed file have the mediaurl
|
|
|
|
-- as an url? If so nothing to do.
|
|
|
|
alreadyannexed dest k = do
|
|
|
|
us <- getUrls k
|
|
|
|
if mediaurl `elem` us
|
|
|
|
then return (Just k)
|
|
|
|
else do
|
|
|
|
warning $ dest ++ " already exists; not overwriting"
|
|
|
|
return Nothing
|
2017-11-28 21:17:40 +00:00
|
|
|
|
2018-08-06 16:52:09 +00:00
|
|
|
{- The destination file is not known at start time unless the user provided
|
|
|
|
- a filename. It's not displayed then for output consistency,
|
|
|
|
- but is added to the json when available. -}
|
2020-09-14 20:49:33 +00:00
|
|
|
startingAddUrl :: SeekInput -> URLString -> AddUrlOptions -> CommandPerform -> CommandStart
|
|
|
|
startingAddUrl si url o p = starting "addurl" (ActionItemOther (Just url)) si $ do
|
2018-08-06 16:52:09 +00:00
|
|
|
case fileOption (downloadOptions o) of
|
|
|
|
Nothing -> noop
|
|
|
|
Just file -> maybeShowJSON $ JSONChunk [("file", file)]
|
make CommandStart return a StartMessage
The goal is to be able to run CommandStart in the main thread when -J is
used, rather than unncessarily passing it off to a worker thread, which
incurs overhead that is signficant when the CommandStart is going to
quickly decide to stop.
To do that, the message it displays needs to be displayed in the worker
thread, after the CommandStart has run.
Also, the change will mean that CommandStart will no longer necessarily
run with the same Annex state as CommandPerform. While its docs already
said it should avoid modifying Annex state, I audited all the
CommandStart code as part of the conversion. (Note that CommandSeek
already sometimes runs with a different Annex state, and that has not been
a source of any problems, so I am not too worried that this change will
lead to breakage going forward.)
The only modification of Annex state I found was it calling
allowMessages in some Commands that default to noMessages. Dealt with
that by adding a startCustomOutput and a startingUsualMessages.
This lets a command start with noMessages and then select the output it
wants for each CommandStart.
One bit of breakage: onlyActionOn has been removed from commands that used it.
The plan is that, since a StartMessage contains an ActionItem,
when a Key can be extracted from that, the parallel job runner can
run onlyActionOn' automatically. Then commands won't need to worry about
this detail. Future work.
Otherwise, this was a fairly straightforward process of making each
CommandStart compile again. Hopefully other behavior changes were mostly
avoided.
In a few cases, a command had a CommandStart that called a CommandPerform
that then called showStart multiple times. I have collapsed those
down to a single start action. The main command to perhaps suffer from it
is Command.Direct, which used to show a start for each file, and no
longer does.
Another minor behavior change is that some commands used showStart
before, but had an associated file and a Key available, so were changed
to ShowStart with an ActionItemAssociatedFile. That will not change the
normal output or behavior, but --json output will now include the key.
This should not break it for anyone using a real json parser.
2019-06-06 19:42:30 +00:00
|
|
|
p
|
2018-08-06 16:52:09 +00:00
|
|
|
|
2017-11-28 21:17:40 +00:00
|
|
|
showDestinationFile :: FilePath -> Annex ()
|
|
|
|
showDestinationFile file = do
|
|
|
|
showNote ("to " ++ file)
|
|
|
|
maybeShowJSON $ JSONChunk [("file", file)]
|
2014-12-08 23:14:24 +00:00
|
|
|
|
|
|
|
{- The Key should be a dummy key, based on the URL, which is used
|
|
|
|
- for this download, before we can examine the file and find its real key.
|
|
|
|
- For resuming downloads to work, the dummy key for a given url should be
|
2017-11-28 21:17:40 +00:00
|
|
|
- stable. For disk space checking to work, the dummy key should have
|
|
|
|
- the size of the url already set.
|
|
|
|
-
|
|
|
|
- Downloads the url, sets up the worktree file, and returns the
|
|
|
|
- real key.
|
|
|
|
-}
|
2020-11-03 22:34:27 +00:00
|
|
|
downloadWith :: CanAddFile -> AddUnlockedMatcher -> (FilePath -> MeterUpdate -> Annex Bool) -> Key -> UUID -> URLString -> RawFilePath -> Annex (Maybe Key)
|
2020-09-29 17:00:41 +00:00
|
|
|
downloadWith canadd addunlockedmatcher downloader dummykey u url file =
|
2017-11-28 21:17:40 +00:00
|
|
|
go =<< downloadWith' downloader dummykey u url afile
|
2013-04-11 20:14:17 +00:00
|
|
|
where
|
2020-11-03 22:34:27 +00:00
|
|
|
afile = AssociatedFile (Just file)
|
2017-11-28 21:17:40 +00:00
|
|
|
go Nothing = return Nothing
|
2020-09-29 17:00:41 +00:00
|
|
|
go (Just tmp) = Just <$> finishDownloadWith canadd addunlockedmatcher tmp u url file
|
2017-11-28 21:17:40 +00:00
|
|
|
|
|
|
|
{- Like downloadWith, but leaves the dummy key content in
|
|
|
|
- the returned location. -}
|
2020-11-03 22:34:27 +00:00
|
|
|
downloadWith' :: (FilePath -> MeterUpdate -> Annex Bool) -> Key -> UUID -> URLString -> AssociatedFile -> Annex (Maybe RawFilePath)
|
2017-11-28 21:17:40 +00:00
|
|
|
downloadWith' downloader dummykey u url afile =
|
|
|
|
checkDiskSpaceToGet dummykey Nothing $ do
|
|
|
|
tmp <- fromRepo $ gitAnnexTmpObjectLocation dummykey
|
|
|
|
ok <- Transfer.notifyTransfer Transfer.Download url $
|
2018-03-29 17:04:07 +00:00
|
|
|
Transfer.download u dummykey afile Transfer.stdRetry $ \p -> do
|
2020-03-06 15:57:15 +00:00
|
|
|
createAnnexDirectory (parentDir tmp)
|
2020-11-03 22:34:27 +00:00
|
|
|
downloader (fromRawFilePath tmp) p
|
2017-11-28 21:17:40 +00:00
|
|
|
if ok
|
|
|
|
then return (Just tmp)
|
|
|
|
else return Nothing
|
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
finishDownloadWith :: CanAddFile -> AddUnlockedMatcher -> RawFilePath -> UUID -> URLString -> RawFilePath -> Annex Key
|
2020-09-29 17:00:41 +00:00
|
|
|
finishDownloadWith canadd addunlockedmatcher tmp u url file = do
|
2017-11-28 21:17:40 +00:00
|
|
|
backend <- chooseBackend file
|
|
|
|
let source = KeySource
|
2020-11-03 22:34:27 +00:00
|
|
|
{ keyFilename = file
|
|
|
|
, contentLocation = tmp
|
2017-11-28 21:17:40 +00:00
|
|
|
, inodeCache = Nothing
|
|
|
|
}
|
2020-05-15 16:51:09 +00:00
|
|
|
key <- fst <$> genKey source nullMeterUpdate backend
|
2020-09-29 17:00:41 +00:00
|
|
|
addWorkTree canadd addunlockedmatcher u url file key (Just tmp)
|
2020-05-15 16:51:09 +00:00
|
|
|
return key
|
2013-04-11 17:35:52 +00:00
|
|
|
|
2015-01-22 18:52:52 +00:00
|
|
|
{- Adds the url size to the Key. -}
|
|
|
|
addSizeUrlKey :: Url.UrlInfo -> Key -> Key
|
2019-11-22 20:24:04 +00:00
|
|
|
addSizeUrlKey urlinfo key = alterKey key $ \d -> d
|
|
|
|
{ keySize = Url.urlSize urlinfo
|
|
|
|
}
|
2014-01-04 19:38:59 +00:00
|
|
|
|
convert importfeed to youtube-dl
Fully working, including --fast/--relaxed.
Note that, while git-annex addurl --relaxed is not going to check
youtube-dl, I kept git annex importfeed --relaxed checking it.
Thinking is that, let's not break people's importfeed cron jobs, and
importfeed does not typically have to check a large number of new items,
so it's ok if it's a little bit slower when used with youtube playlist
feeds.
importfeed's behavior is also improved (?) when a feed has links in it
to non-media files. Before, those were skipped. Now, the content of the
link is downloaded. This had to be done, because trying to use
youtube-dl is slow, and if those were skipped, it would have to check
every time importfeed was run. While this behavior change may not be
desirable for some feeds, that intersperse links to web pages with
enclosures, it will be desirable for other feeds, that have
non-enclosure directy links to media files.
Remove old quvi modules.
This commit was sponsored by Øyvind Andersen Holm.
2017-11-29 21:05:27 +00:00
|
|
|
{- Adds worktree file to the repository. -}
|
2020-11-03 14:11:04 +00:00
|
|
|
addWorkTree :: CanAddFile -> AddUnlockedMatcher -> UUID -> URLString -> RawFilePath -> Key -> Maybe RawFilePath -> Annex ()
|
2020-09-29 17:00:41 +00:00
|
|
|
addWorkTree _ addunlockedmatcher u url file key mtmp = case mtmp of
|
2015-12-02 19:12:33 +00:00
|
|
|
Nothing -> go
|
|
|
|
Just tmp -> do
|
2016-11-22 15:12:33 +00:00
|
|
|
-- Move to final location for large file check.
|
2020-03-06 15:57:15 +00:00
|
|
|
pruneTmpWorkDirBefore tmp $ \_ -> do
|
2020-11-03 14:11:04 +00:00
|
|
|
createWorkTreeDirectory (P.takeDirectory file)
|
|
|
|
liftIO $ renameFile
|
|
|
|
(fromRawFilePath tmp)
|
|
|
|
(fromRawFilePath file)
|
2015-12-02 19:12:33 +00:00
|
|
|
largematcher <- largeFilesMatcher
|
2016-11-22 15:12:33 +00:00
|
|
|
large <- checkFileMatcher largematcher file
|
|
|
|
if large
|
|
|
|
then do
|
|
|
|
-- Move back to tmp because addAnnexedFile
|
|
|
|
-- needs the file in a different location
|
|
|
|
-- than the work tree file.
|
2020-11-03 14:11:04 +00:00
|
|
|
liftIO $ renameFile
|
|
|
|
(fromRawFilePath file)
|
|
|
|
(fromRawFilePath tmp)
|
2016-11-22 15:12:33 +00:00
|
|
|
go
|
2020-11-03 14:11:04 +00:00
|
|
|
else void $ Command.Add.addSmall noci file
|
2015-12-02 19:12:33 +00:00
|
|
|
where
|
|
|
|
go = do
|
2019-01-14 17:03:35 +00:00
|
|
|
maybeShowJSON $ JSONChunk [("key", serializeKey key)]
|
2018-10-04 21:33:25 +00:00
|
|
|
setUrlPresent key url
|
|
|
|
logChange key u InfoPresent
|
2020-09-29 17:00:41 +00:00
|
|
|
ifM (addAnnexedFile noci addunlockedmatcher file key mtmp)
|
annex.securehashesonly
Cryptographically secure hashes can be forced to be used in a repository,
by setting annex.securehashesonly. This does not prevent the git repository
from containing files with insecure hashes, but it does prevent the content
of such files from being pulled into .git/annex/objects from another
repository.
We want to make sure that at no point does git-annex accept content into
.git/annex/objects that is hashed with an insecure key. Here's how it
was done:
* .git/annex/objects/xx/yy/KEY/ is kept frozen, so nothing can be
written to it normally
* So every place that writes content must call, thawContent or modifyContent.
We can audit for these, and be sure we've considered all cases.
* The main functions are moveAnnex, and linkToAnnex; these were made to
check annex.securehashesonly, and are the main security boundary
for annex.securehashesonly.
* Most other calls to modifyContent deal with other files in the KEY
directory (inode cache etc). The other ones that mess with the content
are:
- Annex.Direct.toDirectGen, in which content already in the
annex directory is moved to the direct mode file, so not relevant.
- fix and lock, which don't add new content
- Command.ReKey.linkKey, which manually unlocks it to make a
copy.
* All other calls to thawContent appear safe.
Made moveAnnex return a Bool, so checked all callsites and made them
deal with a failure in appropriate ways.
linkToAnnex simply returns LinkAnnexFailed; all callsites already deal
with it failing in appropriate ways.
This commit was sponsored by Riku Voipio.
2017-02-27 17:01:32 +00:00
|
|
|
( do
|
|
|
|
when (isJust mtmp) $
|
|
|
|
logStatus key InfoPresent
|
2020-11-03 14:11:04 +00:00
|
|
|
, maybe noop (\tmp -> pruneTmpWorkDirBefore tmp (liftIO . removeWhenExistsWith R.removeLink)) mtmp
|
annex.securehashesonly
Cryptographically secure hashes can be forced to be used in a repository,
by setting annex.securehashesonly. This does not prevent the git repository
from containing files with insecure hashes, but it does prevent the content
of such files from being pulled into .git/annex/objects from another
repository.
We want to make sure that at no point does git-annex accept content into
.git/annex/objects that is hashed with an insecure key. Here's how it
was done:
* .git/annex/objects/xx/yy/KEY/ is kept frozen, so nothing can be
written to it normally
* So every place that writes content must call, thawContent or modifyContent.
We can audit for these, and be sure we've considered all cases.
* The main functions are moveAnnex, and linkToAnnex; these were made to
check annex.securehashesonly, and are the main security boundary
for annex.securehashesonly.
* Most other calls to modifyContent deal with other files in the KEY
directory (inode cache etc). The other ones that mess with the content
are:
- Annex.Direct.toDirectGen, in which content already in the
annex directory is moved to the direct mode file, so not relevant.
- fix and lock, which don't add new content
- Command.ReKey.linkKey, which manually unlocks it to make a
copy.
* All other calls to thawContent appear safe.
Made moveAnnex return a Bool, so checked all callsites and made them
deal with a failure in appropriate ways.
linkToAnnex simply returns LinkAnnexFailed; all callsites already deal
with it failing in appropriate ways.
This commit was sponsored by Riku Voipio.
2017-02-27 17:01:32 +00:00
|
|
|
)
|
2020-09-29 17:00:41 +00:00
|
|
|
|
|
|
|
-- git does not need to check ignores, because that has already
|
|
|
|
-- been done, as witnessed by the CannAddFile.
|
|
|
|
noci = CheckGitIgnore False
|
2011-07-01 21:15:46 +00:00
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
nodownloadWeb :: AddUnlockedMatcher -> DownloadOptions -> URLString -> Url.UrlInfo -> RawFilePath -> Annex (Maybe Key)
|
2019-12-20 19:01:34 +00:00
|
|
|
nodownloadWeb addunlockedmatcher o url urlinfo file
|
2017-11-30 20:48:35 +00:00
|
|
|
| Url.urlExists urlinfo = if rawOption o
|
|
|
|
then nomedia
|
2020-11-03 14:11:04 +00:00
|
|
|
else either (const nomedia) (usemedia . toRawFilePath)
|
2017-11-30 20:48:35 +00:00
|
|
|
=<< youtubeDlFileName url
|
2015-01-22 18:52:52 +00:00
|
|
|
| otherwise = do
|
|
|
|
warning $ "unable to access url: " ++ url
|
|
|
|
return Nothing
|
2017-11-30 18:35:25 +00:00
|
|
|
where
|
2017-11-30 20:48:35 +00:00
|
|
|
nomedia = do
|
2017-11-30 18:35:25 +00:00
|
|
|
let key = Backend.URL.fromUrl url (Url.urlSize urlinfo)
|
Added --no-check-gitignore option for finer grained control than using --force.
add, addurl, importfeed, import: Added --no-check-gitignore option
for finer grained control than using --force.
(--force is used for too many different things, and at least one
of these also uses it for something else. I would like to reduce
--force's footprint until it only forces drops or a few other data
losses. For now, --force still disables checking ignores too.)
addunused: Don't check .gitignores when adding files. This is a behavior
change, but I justify it by analogy with git add of a gitignored file
adding it, asking to add all unused files back should add them all back,
not skip some. The old behavior was surprising.
In Command.Lock and Command.ReKey, CheckGitIgnore False does not change
behavior, it only makes explicit what is done. Since these commands are run
on annexed files, the file is already checked into git, so git add won't
check ignores.
2020-09-18 17:12:04 +00:00
|
|
|
nodownloadWeb' o addunlockedmatcher url key file
|
2017-11-30 20:48:35 +00:00
|
|
|
usemedia mediafile = do
|
2020-08-25 16:56:38 +00:00
|
|
|
let dest = youtubeDlDestFile o file mediafile
|
2017-11-30 18:35:25 +00:00
|
|
|
let mediaurl = setDownloader url YoutubeDownloader
|
|
|
|
let mediakey = Backend.URL.fromUrl mediaurl Nothing
|
Added --no-check-gitignore option for finer grained control than using --force.
add, addurl, importfeed, import: Added --no-check-gitignore option
for finer grained control than using --force.
(--force is used for too many different things, and at least one
of these also uses it for something else. I would like to reduce
--force's footprint until it only forces drops or a few other data
losses. For now, --force still disables checking ignores too.)
addunused: Don't check .gitignores when adding files. This is a behavior
change, but I justify it by analogy with git add of a gitignored file
adding it, asking to add all unused files back should add them all back,
not skip some. The old behavior was surprising.
In Command.Lock and Command.ReKey, CheckGitIgnore False does not change
behavior, it only makes explicit what is done. Since these commands are run
on annexed files, the file is already checked into git, so git add won't
check ignores.
2020-09-18 17:12:04 +00:00
|
|
|
nodownloadWeb' o addunlockedmatcher mediaurl mediakey dest
|
2017-11-30 18:35:25 +00:00
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
youtubeDlDestFile :: DownloadOptions -> RawFilePath -> RawFilePath -> RawFilePath
|
2020-08-25 16:56:38 +00:00
|
|
|
youtubeDlDestFile o destfile mediafile
|
|
|
|
| isJust (fileOption o) = destfile
|
2020-11-03 14:11:04 +00:00
|
|
|
| otherwise = P.takeFileName mediafile
|
2020-08-25 16:56:38 +00:00
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
nodownloadWeb' :: DownloadOptions -> AddUnlockedMatcher -> URLString -> Key -> RawFilePath -> Annex (Maybe Key)
|
2020-09-29 17:00:41 +00:00
|
|
|
nodownloadWeb' o addunlockedmatcher url key file = checkCanAdd o file $ \canadd -> do
|
2020-11-03 14:11:04 +00:00
|
|
|
showDestinationFile (fromRawFilePath file)
|
2020-03-06 15:57:15 +00:00
|
|
|
createWorkTreeDirectory (parentDir file)
|
2020-09-29 17:00:41 +00:00
|
|
|
addWorkTree canadd addunlockedmatcher webUUID url file key Nothing
|
2017-11-30 18:35:25 +00:00
|
|
|
return (Just key)
|
2011-08-06 18:57:22 +00:00
|
|
|
|
Fix a few bugs involving filenames that are at or near the filesystem's maximum filename length limit.
Started with a problem when running addurl on a really long url,
because the whole url is munged into the filename. Ended up doing
a fairly extensive review for places where filenames could get too large,
although it's hard to say I'm not missed any..
Backend.Url had a 128 character limit, which is fine when the limit is 255,
but not if it's a lot shorter on some systems. So check the pathconf()
limit. Note that this could result in fromUrl creating different keys
for the same url, if run on systems with different limits. I don't see
this is likely to cause any problems. That can already happen when using
addurl --fast, or if the content of an url changes.
Both Command.AddUrl and Backend.Url assumed that urls don't contain a
lot of multi-byte unicode, and would fail to truncate an url that did
properly.
A few places use a filename as the template to make a temp file.
While that's nice in that the temp file name can be easily related back to
the original filename, it could lead to `git annex add` failing to add a
filename that was at or close to the maximum length.
Note that in Command.Add.lockdown, the template is still derived from the
filename, just with enough space left to turn it into a temp file.
This is an important optimisation, because the assistant may lock down
a bunch of files all at once, and using the same template for all of them
would cause openTempFile to iterate through the same set of names,
looking for an unused temp file. I'm not very happy with the relatedTemplate
hack, but it avoids that slowdown.
Backend.WORM does not limit the filename stored in the key.
I have not tried to change that; so git annex add will fail on really long
filenames when using the WORM backend. It seems better to preserve the
invariant that a WORM key always contains the complete filename, since
the filename is the only unique material in the key, other than mtime and
size. Since nobody has complained about add failing (I think I saw it
once?) on WORM, probably it's ok, or nobody but me uses it.
There may be compatability problems if using git annex addurl --fast
or the WORM backend on a system with the 255 limit and then trying to use
that repo in a system with a smaller limit. I have not tried to deal with
those.
This commit was sponsored by Alexander Brem. Thanks!
2013-07-30 21:49:11 +00:00
|
|
|
url2file :: URI -> Maybe Int -> Int -> FilePath
|
|
|
|
url2file url pathdepth pathmax = case pathdepth of
|
2013-10-05 17:32:42 +00:00
|
|
|
Nothing -> truncateFilePath pathmax $ sanitizeFilePath fullurl
|
2012-02-16 16:25:19 +00:00
|
|
|
Just depth
|
2013-07-05 16:46:38 +00:00
|
|
|
| depth >= length urlbits -> frombits id
|
2012-02-16 18:26:53 +00:00
|
|
|
| depth > 0 -> frombits $ drop depth
|
2012-02-16 18:28:17 +00:00
|
|
|
| depth < 0 -> frombits $ reverse . take (negate depth) . reverse
|
2016-11-16 01:29:54 +00:00
|
|
|
| otherwise -> giveup "bad --pathdepth"
|
2012-11-12 05:05:04 +00:00
|
|
|
where
|
2014-12-08 23:14:24 +00:00
|
|
|
fullurl = concat
|
|
|
|
[ maybe "" uriRegName (uriAuthority url)
|
|
|
|
, uriPath url
|
|
|
|
, uriQuery url
|
|
|
|
]
|
2013-04-23 00:24:53 +00:00
|
|
|
frombits a = intercalate "/" $ a urlbits
|
2013-10-05 17:30:13 +00:00
|
|
|
urlbits = map (truncateFilePath pathmax . sanitizeFilePath) $
|
2017-01-31 22:40:42 +00:00
|
|
|
filter (not . null) $ splitc '/' fullurl
|
2014-12-11 20:09:56 +00:00
|
|
|
|
|
|
|
urlString2file :: URLString -> Maybe Int -> Int -> FilePath
|
|
|
|
urlString2file s pathdepth pathmax = case Url.parseURIRelaxed s of
|
2016-11-16 01:29:54 +00:00
|
|
|
Nothing -> giveup $ "bad uri " ++ s
|
2014-12-11 20:09:56 +00:00
|
|
|
Just u -> url2file u pathdepth pathmax
|
2015-07-21 16:50:05 +00:00
|
|
|
|
|
|
|
adjustFile :: AddUrlOptions -> FilePath -> FilePath
|
|
|
|
adjustFile o = addprefix . addsuffix
|
|
|
|
where
|
|
|
|
addprefix f = maybe f (++ f) (prefixOption o)
|
|
|
|
addsuffix f = maybe f (f ++) (suffixOption o)
|
2016-09-21 21:21:48 +00:00
|
|
|
|
2020-09-29 17:00:41 +00:00
|
|
|
data CanAddFile = CanAddFile
|
|
|
|
|
2020-11-03 14:11:04 +00:00
|
|
|
checkCanAdd :: DownloadOptions -> RawFilePath -> (CanAddFile -> Annex (Maybe a)) -> Annex (Maybe a)
|
|
|
|
checkCanAdd o file a = ifM (isJust <$> (liftIO $ catchMaybeIO $ R.getSymbolicLinkStatus file))
|
2016-09-21 21:21:48 +00:00
|
|
|
( do
|
2020-11-03 14:11:04 +00:00
|
|
|
warning $ fromRawFilePath file ++ " already exists; not overwriting"
|
2016-09-21 21:21:48 +00:00
|
|
|
return Nothing
|
Added --no-check-gitignore option for finer grained control than using --force.
add, addurl, importfeed, import: Added --no-check-gitignore option
for finer grained control than using --force.
(--force is used for too many different things, and at least one
of these also uses it for something else. I would like to reduce
--force's footprint until it only forces drops or a few other data
losses. For now, --force still disables checking ignores too.)
addunused: Don't check .gitignores when adding files. This is a behavior
change, but I justify it by analogy with git add of a gitignored file
adding it, asking to add all unused files back should add them all back,
not skip some. The old behavior was surprising.
In Command.Lock and Command.ReKey, CheckGitIgnore False does not change
behavior, it only makes explicit what is done. Since these commands are run
on annexed files, the file is already checked into git, so git add won't
check ignores.
2020-09-18 17:12:04 +00:00
|
|
|
, ifM (checkIgnored (checkGitIgnoreOption o) file)
|
2016-09-21 21:21:48 +00:00
|
|
|
( do
|
2020-11-03 14:11:04 +00:00
|
|
|
warning $ "not adding " ++ fromRawFilePath file ++ " which is .gitignored (use --no-check-gitignore to override)"
|
2016-09-21 21:21:48 +00:00
|
|
|
return Nothing
|
2020-09-29 17:00:41 +00:00
|
|
|
, a CanAddFile
|
2016-09-21 21:21:48 +00:00
|
|
|
)
|
|
|
|
)
|