git-annex/doc/bugs/p2phttp__58___drop_difference_wideopen_unauth-readonly.mdwn

### Please describe the problem.

With `p2phttp --wideopen`, a `git annex drop` will lock content on the remote before dropping. With `p2phttp --unauth-readonly` `git annex drop` will instead be satisfied with a "RecentlyVerifiedCopy". This is an issue for forgejo-aneksajo, as it does its own authentication before handing over to `p2phttp --wideopen`, at which point a drop will try to lock the file on the remote but authentication will fail. Instead, it should fallback to the "recently verified is enough" behavior of unauth-readonly (and dumb http).

Sorry for the rather unuseful title, the character limit makes coming up with a good summary hard.


### What steps will reproduce the problem?

- serve a repository with `git annex --debug p2phttp --wideopen`
- get and drop a file in a clone
- observe file locking
- do the same with `git annex --debug p2phttp --unauth-readonly`
- do not observe file locking


### What version of git-annex are you using? On what operating system?

```
git-annex version: 10.20240927-g3d7f94ea398b5e84dab3bc89bc5b37746de1d40c
build flags: Assistant Webapp Pairing Inotify DBus DesktopNotify TorrentParser MagicMime Servant Benchmark Feeds Testsuite S3 WebDAV
dependency versions: aws-0.24.1 bloomfilter-2.0.1.2 crypton-0.33 DAV-1.3.4 feed-1.3.2.1 ghc-9.4.7 http-client-0.7.14 persistent-sqlite-2.13.2.0 torrent-10000.1.3 uuid-1.3.15 yesod-1.6.2.1
key/value backends: SHA256E SHA256 SHA512E SHA512 SHA224E SHA224 SHA384E SHA384 SHA3_256E SHA3_256 SHA3_512E SHA3_512 SHA3_224E SHA3_224 SHA3_384E SHA3_384 SKEIN256E SKEIN256 SKEIN512E SKEIN512 BLAKE2B256E BLAKE2B256 BLAKE2B512E BLAKE2B512 BLAKE2B160E BLAKE2B160 BLAKE2B224E BLAKE2B224 BLAKE2B384E BLAKE2B384 BLAKE2BP512E BLAKE2BP512 BLAKE2S256E BLAKE2S256 BLAKE2S160E BLAKE2S160 BLAKE2S224E BLAKE2S224 BLAKE2SP256E BLAKE2SP256 BLAKE2SP224E BLAKE2SP224 SHA1E SHA1 MD5E MD5 WORM URL GITBUNDLE GITMANIFEST VURL X*
remote types: git gcrypt p2p S3 bup directory rsync web bittorrent webdav adb tahoe glacier ddar git-lfs httpalso borg rclone hook external
operating system: linux x86_64
supported repository versions: 8 9 10
upgrade supported from repository versions: 0 1 2 3 4 5 6 7 8 9 10
local repository version: 10
```

### Please provide any additional information below.

[[!format sh """
# If you can, paste a complete transcript of the problem occurring here.
# If the problem is with the git-annex assistant, paste in .git/annex/daemon.log


# End of transcript or log.
"""]]

### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)

[[!tag projects/INM7]]

> [[fixed|done]] --[[Joey]]
2024-10-07 13:59:56 +00:00			`### Please describe the problem.`

			With `p2phttp --wideopen`, a `git annex drop` will lock content on the remote before dropping. With `p2phttp --unauth-readonly` `git annex drop` will instead be satisfied with a "RecentlyVerifiedCopy". This is an issue for forgejo-aneksajo, as it does its own authentication before handing over to `p2phttp --wideopen`, at which point a drop will try to lock the file on the remote but authentication will fail. Instead, it should fallback to the "recently verified is enough" behavior of unauth-readonly (and dumb http).

			`Sorry for the rather unuseful title, the character limit makes coming up with a good summary hard.`


			`### What steps will reproduce the problem?`

			- serve a repository with `git annex --debug p2phttp --wideopen`
			`- get and drop a file in a clone`
			`- observe file locking`
			- do the same with `git annex --debug p2phttp --unauth-readonly`
			`- do not observe file locking`


			`### What version of git-annex are you using? On what operating system?`

			```
			`git-annex version: 10.20240927-g3d7f94ea398b5e84dab3bc89bc5b37746de1d40c`
			`build flags: Assistant Webapp Pairing Inotify DBus DesktopNotify TorrentParser MagicMime Servant Benchmark Feeds Testsuite S3 WebDAV`
			`dependency versions: aws-0.24.1 bloomfilter-2.0.1.2 crypton-0.33 DAV-1.3.4 feed-1.3.2.1 ghc-9.4.7 http-client-0.7.14 persistent-sqlite-2.13.2.0 torrent-10000.1.3 uuid-1.3.15 yesod-1.6.2.1`
			key/value backends: SHA256E SHA256 SHA512E SHA512 SHA224E SHA224 SHA384E SHA384 SHA3_256E SHA3_256 SHA3_512E SHA3_512 SHA3_224E SHA3_224 SHA3_384E SHA3_384 SKEIN256E SKEIN256 SKEIN512E SKEIN512 BLAKE2B256E BLAKE2B256 BLAKE2B512E BLAKE2B512 BLAKE2B160E BLAKE2B160 BLAKE2B224E BLAKE2B224 BLAKE2B384E BLAKE2B384 BLAKE2BP512E BLAKE2BP512 BLAKE2S256E BLAKE2S256 BLAKE2S160E BLAKE2S160 BLAKE2S224E BLAKE2S224 BLAKE2SP256E BLAKE2SP256 BLAKE2SP224E BLAKE2SP224 SHA1E SHA1 MD5E MD5 WORM URL GITBUNDLE GITMANIFEST VURL X*
			`remote types: git gcrypt p2p S3 bup directory rsync web bittorrent webdav adb tahoe glacier ddar git-lfs httpalso borg rclone hook external`
			`operating system: linux x86_64`
			`supported repository versions: 8 9 10`
			`upgrade supported from repository versions: 0 1 2 3 4 5 6 7 8 9 10`
			`local repository version: 10`
			```

			`### Please provide any additional information below.`

			`[[!format sh """`
			`# If you can, paste a complete transcript of the problem occurring here.`
			`# If the problem is with the git-annex assistant, paste in .git/annex/daemon.log`


			`# End of transcript or log.`
			`"""]]`

			`### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)`

add IMN7 to projects and tag a relevant issue 2024-10-17 14:06:08 +00:00			`[[!tag projects/INM7]]`
p2phttp: Allow unauthenticated users to lock content by default * p2phttp: Allow unauthenticated users to lock content by default. * p2phttp: Added --unauth-nolocking option to prevent unauthenticated users from locking content. The rationalle for this is that locking is not really a write operation, so makes sense to allow in a repository that only allows read-only access. Not supporting locking in that situation will prevent the user from dropping content from a special remote they control in cases where the other copy of the content is on the p2phttp server. Also, when p2phttp is configured to also allow authenticated access, lockcontent was resulting in a password prompt for users who had no way to authenticate. And there is no good way to distinguish between the two types of users client side. --unauth-nolocking anticipates that this might be abused, and seems better than disabling unauthenticated access entirely if a server is being attacked. It may be that rate limiting locking by IP address or similar would be an effective measure in such a situation. Or just limiting the number of locks by anonymous users that can be live at any one time. Since the impact of such an DOS attempt is limited to preventing dropping content from the server, it seems not a very appealing target anyway. 2024-10-21 14:02:12 +00:00
			`> [[fixed\|done]] --[[Joey]]`