2011-04-08 20:44:43 +00:00
|
|
|
{- Using bup as a remote.
|
|
|
|
-
|
2022-08-05 17:57:20 +00:00
|
|
|
- Copyright 2011-2022 Joey Hess <id@joeyh.name>
|
2011-04-08 20:44:43 +00:00
|
|
|
-
|
2019-03-13 19:48:14 +00:00
|
|
|
- Licensed under the GNU AGPL version 3 or higher.
|
2011-04-08 20:44:43 +00:00
|
|
|
-}
|
|
|
|
|
2022-08-08 22:54:06 +00:00
|
|
|
{-# LANGUAGE RankNTypes, OverloadedStrings #-}
|
incremental verify for byteRetriever special remotes
Several special remotes verify content while it is being retrieved,
avoiding a separate checksum pass. They are: S3, bup, ddar, and
gcrypt (with a local repository).
Not done when using chunking, yet.
Complicated by Retriever needing to change to be polymorphic. Which in turn
meant RankNTypes is needed, and also needed some code changes. The
change in Remote.External does not change behavior at all but avoids
the type checking failing because of a "rigid, skolem type" which
"would escape its scope". So I refactored slightly to make the type
checker's job easier there.
Unfortunately, directory uses fileRetriever (except when chunked),
so it is not amoung the improved ones. Fixing that would need a way for
FileRetriever to return a Verification. But, since the file retrieved
may be encrypted or chunked, it would be extra work to always
incrementally checksum the file while retrieving it. Hm.
Some other special remotes use fileRetriever, and so don't get incremental
verification, but could be converted to byteRetriever later. One is
GitLFS, which uses downloadConduit, which writes to the file, so could
verify as it goes. Other special remotes like web could too, but don't
use Remote.Helper.Special and so will need to be addressed separately.
Sponsored-by: Dartmouth College's DANDI project
2021-08-11 17:43:30 +00:00
|
|
|
|
2011-04-08 20:44:43 +00:00
|
|
|
module Remote.Bup (remote) where
|
|
|
|
|
|
|
|
import qualified Data.Map as M
|
2019-12-02 16:26:33 +00:00
|
|
|
import qualified Data.ByteString as S
|
2014-08-03 05:12:24 +00:00
|
|
|
import qualified Data.ByteString.Lazy as L
|
2022-08-08 22:54:06 +00:00
|
|
|
import qualified System.FilePath.ByteString as P
|
Use cryptohash rather than SHA for hashing.
This is a massive win on OSX, which doesn't have a sha256sum normally.
Only use external hash commands when the file is > 1 mb,
since cryptohash is quite close to them in speed.
SHA is still used to calculate HMACs. I don't quite understand
cryptohash's API for those.
Used the following benchmark to arrive at the 1 mb number.
1 mb file:
benchmarking sha256/internal
mean: 13.86696 ms, lb 13.83010 ms, ub 13.93453 ms, ci 0.950
std dev: 249.3235 us, lb 162.0448 us, ub 458.1744 us, ci 0.950
found 5 outliers among 100 samples (5.0%)
4 (4.0%) high mild
1 (1.0%) high severe
variance introduced by outliers: 10.415%
variance is moderately inflated by outliers
benchmarking sha256/external
mean: 14.20670 ms, lb 14.17237 ms, ub 14.27004 ms, ci 0.950
std dev: 230.5448 us, lb 150.7310 us, ub 427.6068 us, ci 0.950
found 3 outliers among 100 samples (3.0%)
2 (2.0%) high mild
1 (1.0%) high severe
2 mb file:
benchmarking sha256/internal
mean: 26.44270 ms, lb 26.23701 ms, ub 26.63414 ms, ci 0.950
std dev: 1.012303 ms, lb 925.8921 us, ub 1.122267 ms, ci 0.950
variance introduced by outliers: 35.540%
variance is moderately inflated by outliers
benchmarking sha256/external
mean: 26.84521 ms, lb 26.77644 ms, ub 26.91433 ms, ci 0.950
std dev: 347.7867 us, lb 210.6283 us, ub 571.3351 us, ci 0.950
found 6 outliers among 100 samples (6.0%)
import Crypto.Hash
import Data.ByteString.Lazy as L
import Criterion.Main
import Common
testfile :: FilePath
testfile = "/run/shm/data" -- on ram disk
main = defaultMain
[ bgroup "sha256"
[ bench "internal" $ whnfIO internal
, bench "external" $ whnfIO external
]
]
sha256 :: L.ByteString -> Digest SHA256
sha256 = hashlazy
internal :: IO String
internal = show . sha256 <$> L.readFile testfile
external :: IO String
external = do
s <- readProcess "sha256sum" [testfile]
return $ fst $ separate (== ' ') s
2013-09-22 23:45:08 +00:00
|
|
|
import Data.ByteString.Lazy.UTF8 (fromString)
|
2022-08-05 17:57:20 +00:00
|
|
|
import Control.Concurrent.Async
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2016-01-20 20:36:33 +00:00
|
|
|
import Annex.Common
|
2014-05-16 20:08:20 +00:00
|
|
|
import qualified Annex
|
2011-06-02 01:56:04 +00:00
|
|
|
import Types.Remote
|
2014-02-11 18:06:50 +00:00
|
|
|
import Types.Creds
|
2019-12-05 18:36:43 +00:00
|
|
|
import Git.Types (ConfigValue(..), fromConfigKey)
|
2011-06-30 17:16:57 +00:00
|
|
|
import qualified Git
|
2011-12-14 19:56:11 +00:00
|
|
|
import qualified Git.Command
|
2011-12-13 19:05:07 +00:00
|
|
|
import qualified Git.Config
|
|
|
|
import qualified Git.Construct
|
2012-04-11 16:45:05 +00:00
|
|
|
import qualified Git.Ref
|
2011-04-08 20:44:43 +00:00
|
|
|
import Config
|
2013-03-13 20:16:01 +00:00
|
|
|
import Config.Cost
|
2013-09-24 17:37:41 +00:00
|
|
|
import qualified Remote.Helper.Ssh as Ssh
|
2020-01-14 19:41:34 +00:00
|
|
|
import Annex.SpecialRemote.Config
|
2011-08-17 00:49:54 +00:00
|
|
|
import Remote.Helper.Special
|
2019-02-20 19:55:01 +00:00
|
|
|
import Remote.Helper.ExportImport
|
2023-08-16 19:48:09 +00:00
|
|
|
import Remote.Helper.Path
|
Use cryptohash rather than SHA for hashing.
This is a massive win on OSX, which doesn't have a sha256sum normally.
Only use external hash commands when the file is > 1 mb,
since cryptohash is quite close to them in speed.
SHA is still used to calculate HMACs. I don't quite understand
cryptohash's API for those.
Used the following benchmark to arrive at the 1 mb number.
1 mb file:
benchmarking sha256/internal
mean: 13.86696 ms, lb 13.83010 ms, ub 13.93453 ms, ci 0.950
std dev: 249.3235 us, lb 162.0448 us, ub 458.1744 us, ci 0.950
found 5 outliers among 100 samples (5.0%)
4 (4.0%) high mild
1 (1.0%) high severe
variance introduced by outliers: 10.415%
variance is moderately inflated by outliers
benchmarking sha256/external
mean: 14.20670 ms, lb 14.17237 ms, ub 14.27004 ms, ci 0.950
std dev: 230.5448 us, lb 150.7310 us, ub 427.6068 us, ci 0.950
found 3 outliers among 100 samples (3.0%)
2 (2.0%) high mild
1 (1.0%) high severe
2 mb file:
benchmarking sha256/internal
mean: 26.44270 ms, lb 26.23701 ms, ub 26.63414 ms, ci 0.950
std dev: 1.012303 ms, lb 925.8921 us, ub 1.122267 ms, ci 0.950
variance introduced by outliers: 35.540%
variance is moderately inflated by outliers
benchmarking sha256/external
mean: 26.84521 ms, lb 26.77644 ms, ub 26.91433 ms, ci 0.950
std dev: 347.7867 us, lb 210.6283 us, ub 571.3351 us, ci 0.950
found 6 outliers among 100 samples (6.0%)
import Crypto.Hash
import Data.ByteString.Lazy as L
import Criterion.Main
import Common
testfile :: FilePath
testfile = "/run/shm/data" -- on ram disk
main = defaultMain
[ bgroup "sha256"
[ bench "internal" $ whnfIO internal
, bench "external" $ whnfIO external
]
]
sha256 :: L.ByteString -> Digest SHA256
sha256 = hashlazy
internal :: IO String
internal = show . sha256 <$> L.readFile testfile
external :: IO String
external = do
s <- readProcess "sha256sum" [testfile]
return $ fst $ separate (== ' ') s
2013-09-22 23:45:08 +00:00
|
|
|
import Utility.Hash
|
2012-10-25 22:17:32 +00:00
|
|
|
import Utility.UserInfo
|
2013-09-07 22:38:00 +00:00
|
|
|
import Annex.UUID
|
2017-02-15 19:08:46 +00:00
|
|
|
import Annex.Ssh
|
2022-08-08 22:54:06 +00:00
|
|
|
import Annex.LockFile
|
|
|
|
import Annex.Perms
|
2013-03-28 21:03:04 +00:00
|
|
|
import Utility.Metered
|
2020-01-10 18:10:20 +00:00
|
|
|
import Types.ProposedAccepted
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2011-04-09 19:36:54 +00:00
|
|
|
type BupRepo = String
|
|
|
|
|
2011-12-31 08:11:39 +00:00
|
|
|
remote :: RemoteType
|
2020-01-14 19:41:34 +00:00
|
|
|
remote = specialRemoteType $ RemoteType
|
2017-09-07 17:45:31 +00:00
|
|
|
{ typename = "bup"
|
|
|
|
, enumerate = const (findSpecialRemotes "buprepo")
|
|
|
|
, generate = gen
|
2020-01-14 19:41:34 +00:00
|
|
|
, configParser = mkRemoteConfigParser
|
2020-01-20 19:20:04 +00:00
|
|
|
[ optionalStringParser buprepoField
|
|
|
|
(FieldDesc "(required) bup repository to use")
|
|
|
|
]
|
2017-09-07 17:45:31 +00:00
|
|
|
, setup = bupSetup
|
|
|
|
, exportSupported = exportUnsupported
|
2019-02-20 19:55:01 +00:00
|
|
|
, importSupported = importUnsupported
|
add thirdPartyPopulated interface
This is to support, eg a borg repo as a special remote, which is
populated not by running git-annex commands, but by using borg. Then
git-annex sync lists the content of the remote, learns which files are
annex objects, and treats those as present in the remote.
So, most of the import machinery is reused, to a new purpose. While
normally importtree maintains a remote tracking branch, this does not,
because the files stored in the remote are annex object files, not
user-visible filenames. But, internally, a git tree is still generated,
of the files on the remote that are annex objects. This tree is used
by retrieveExportWithContentIdentifier, etc. As with other import/export
remotes, that the tree is recorded in the export log, and gets grafted
into the git-annex branch.
importKey changed to be able to return Nothing, to indicate when an
ImportLocation is not an annex object and so should be skipped from
being included in the tree.
It did not seem to make sense to have git-annex import do this, since
from the user's perspective, it's not like other imports. So only
git-annex sync does it.
Note that, git-annex sync does not yet download objects from such
remotes that are preferred content. importKeys is run with
content downloading disabled, to avoid getting the content of all
objects. Perhaps what's needed is for seekSyncContent to be run with these
remotes, but I don't know if it will just work (in particular, it needs
to avoid trying to transfer objects to them), so I skipped that for now.
(Untested and unused as of yet.)
This commit was sponsored by Jochen Bartl on Patreon.
2020-12-18 18:52:57 +00:00
|
|
|
, thirdPartyPopulated = False
|
2017-09-07 17:45:31 +00:00
|
|
|
}
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2020-01-14 19:41:34 +00:00
|
|
|
buprepoField :: RemoteConfigField
|
|
|
|
buprepoField = Accepted "buprepo"
|
|
|
|
|
fix encryption of content to gcrypt and git-lfs
Fix serious regression in gcrypt and encrypted git-lfs remotes.
Since version 7.20200202.7, git-annex incorrectly stored content
on those remotes without encrypting it.
Problem was, Remote.Git enumerates all git remotes, including git-lfs
and gcrypt. It then dispatches to those. So, Remote.List used the
RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt,
and that parser does not know about encryption fields, so did not
include them in the ParsedRemoteConfig. (Also didn't include other
fields specific to those remotes, perhaps chunking etc also didn't
get through.)
To fix, had to move RemoteConfig parsing down into the generate methods
of each remote, rather than doing it in Remote.List.
And a consequence of that was that ParsedRemoteConfig had to change to
include the RemoteConfig that got parsed, so that testremote can
generate a new remote based on an existing remote.
(I would have rather fixed this just inside Remote.Git, but that was not
practical, at least not w/o re-doing work that Remote.List already did.
Big ugly mostly mechanical patch seemed preferable to making git-annex
slower.)
2020-02-26 21:20:56 +00:00
|
|
|
gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> RemoteStateHandle -> Annex (Maybe Remote)
|
|
|
|
gen r u rc gc rs = do
|
|
|
|
c <- parsedRemoteConfig remote rc
|
2011-04-09 19:36:54 +00:00
|
|
|
bupr <- liftIO $ bup2GitRemote buprepo
|
2023-01-12 17:42:28 +00:00
|
|
|
cst <- remoteCost gc c $
|
2013-01-01 17:52:47 +00:00
|
|
|
if bupLocal buprepo
|
2013-03-13 20:16:01 +00:00
|
|
|
then nearlyCheapRemoteCost
|
2013-01-01 17:52:47 +00:00
|
|
|
else expensiveRemoteCost
|
2011-04-09 19:36:54 +00:00
|
|
|
(u', bupr') <- getBupUUID bupr u
|
2011-04-09 01:37:59 +00:00
|
|
|
|
2014-08-02 22:36:26 +00:00
|
|
|
let this = Remote
|
2013-01-01 17:52:47 +00:00
|
|
|
{ uuid = u'
|
|
|
|
, cost = cst
|
|
|
|
, name = Git.repoDescribe r
|
2014-08-02 22:36:26 +00:00
|
|
|
, storeKey = storeKeyDummy
|
2020-05-13 21:05:56 +00:00
|
|
|
, retrieveKeyFile = retrieveKeyFileDummy
|
|
|
|
, retrieveKeyFileCheap = Nothing
|
2018-06-21 15:35:27 +00:00
|
|
|
-- Bup uses git, which cryptographically verifies content
|
|
|
|
-- (with SHA1, but sufficiently for this).
|
|
|
|
, retrievalSecurityPolicy = RetrievalAllKeysSecure
|
run Preparer to get Remover and CheckPresent actions
This will allow special remotes to eg, open a http connection and reuse it,
while checking if chunks are present, or removing chunks.
S3 and WebDAV both need this to support chunks with reasonable speed.
Note that a special remote might want to cache a http connection across
multiple requests. A simple case of this is that CheckPresent is typically
called before Store or Remove. A remote using this interface can certianly
use a Preparer that eg, uses a MVar to cache a http connection.
However, it's up to the remote to then deal with things like stale or
stalled http connections when eg, doing a series of downloads from a remote
and other places. There could be long delays between calls to a remote,
which could lead to eg, http connection stalls; the machine might even
move to a new network, etc.
It might be nice to improve this interface later to allow
the simple case without needing to handle the full complex case.
One way to do it would be to have a `Transaction SpecialRemote cache`,
where SpecialRemote contains methods for Storer, Retriever, Remover, and
CheckPresent, that all expect to be passed a `cache`.
2014-08-06 18:28:36 +00:00
|
|
|
, removeKey = removeKeyDummy
|
2015-10-08 19:01:38 +00:00
|
|
|
, lockContent = Nothing
|
run Preparer to get Remover and CheckPresent actions
This will allow special remotes to eg, open a http connection and reuse it,
while checking if chunks are present, or removing chunks.
S3 and WebDAV both need this to support chunks with reasonable speed.
Note that a special remote might want to cache a http connection across
multiple requests. A simple case of this is that CheckPresent is typically
called before Store or Remove. A remote using this interface can certianly
use a Preparer that eg, uses a MVar to cache a http connection.
However, it's up to the remote to then deal with things like stale or
stalled http connections when eg, doing a series of downloads from a remote
and other places. There could be long delays between calls to a remote,
which could lead to eg, http connection stalls; the machine might even
move to a new network, etc.
It might be nice to improve this interface later to allow
the simple case without needing to handle the full complex case.
One way to do it would be to have a `Transaction SpecialRemote cache`,
where SpecialRemote contains methods for Storer, Retriever, Remover, and
CheckPresent, that all expect to be passed a `cache`.
2014-08-06 18:28:36 +00:00
|
|
|
, checkPresent = checkPresentDummy
|
2014-08-06 17:45:19 +00:00
|
|
|
, checkPresentCheap = bupLocal buprepo
|
2017-09-01 17:02:07 +00:00
|
|
|
, exportActions = exportUnsupported
|
2019-02-20 19:55:01 +00:00
|
|
|
, importActions = importUnsupported
|
2013-01-01 17:52:47 +00:00
|
|
|
, whereisKey = Nothing
|
2013-10-11 20:03:18 +00:00
|
|
|
, remoteFsck = Nothing
|
2013-10-27 19:38:59 +00:00
|
|
|
, repairRepo = Nothing
|
2013-01-01 17:52:47 +00:00
|
|
|
, config = c
|
2018-06-04 18:31:55 +00:00
|
|
|
, getRepo = return r
|
2013-01-01 17:52:47 +00:00
|
|
|
, gitconfig = gc
|
|
|
|
, localpath = if bupLocal buprepo && not (null buprepo)
|
|
|
|
then Just buprepo
|
|
|
|
else Nothing
|
|
|
|
, remotetype = remote
|
2023-08-16 19:48:09 +00:00
|
|
|
, availability = if null buprepo
|
|
|
|
then pure LocallyAvailable
|
|
|
|
else checkPathAvailability (bupLocal buprepo) buprepo
|
2013-01-01 17:52:47 +00:00
|
|
|
, readonly = False
|
2018-08-30 15:18:20 +00:00
|
|
|
, appendonly = False
|
2020-12-28 19:08:53 +00:00
|
|
|
, untrustworthy = False
|
2014-08-10 18:52:58 +00:00
|
|
|
, mkUnavailable = return Nothing
|
2014-10-21 18:36:09 +00:00
|
|
|
, getInfo = return [("repo", buprepo)]
|
2014-12-08 17:40:15 +00:00
|
|
|
, claimUrl = Nothing
|
2014-12-11 19:32:42 +00:00
|
|
|
, checkUrl = Nothing
|
add RemoteStateHandle
This solves the problem of sameas remotes trampling over per-remote
state. Used for:
* per-remote state, of course
* per-remote metadata, also of course
* per-remote content identifiers, because two remote implementations
could in theory generate the same content identifier for two different
peices of content
While chunk logs are per-remote data, they don't use this, because the
number and size of chunks stored is a common property across sameas
remotes.
External special remote had a complication, where it was theoretically
possible for a remote to send SETSTATE or GETSTATE during INITREMOTE or
EXPORTSUPPORTED. Since the uuid of the remote is typically generate in
Remote.setup, it would only be possible to pass a Maybe
RemoteStateHandle into it, and it would otherwise have to construct its
own. Rather than go that route, I decided to send an ERROR in this case.
It seems unlikely that any existing external special remote will be
affected. They would have to make up a git-annex key, and set state for
some reason during INITREMOTE. I can imagine such a hack, but it doesn't
seem worth complicating the code in such an ugly way to support it.
Unfortunately, both TestRemote and Annex.Import needed the Remote
to have a new field added that holds its RemoteStateHandle.
2019-10-14 16:33:27 +00:00
|
|
|
, remoteStateHandle = rs
|
2013-01-01 17:52:47 +00:00
|
|
|
}
|
fix encryption of content to gcrypt and git-lfs
Fix serious regression in gcrypt and encrypted git-lfs remotes.
Since version 7.20200202.7, git-annex incorrectly stored content
on those remotes without encrypting it.
Problem was, Remote.Git enumerates all git remotes, including git-lfs
and gcrypt. It then dispatches to those. So, Remote.List used the
RemoteConfigParser from Remote.Git, instead of from git-lfs or gcrypt,
and that parser does not know about encryption fields, so did not
include them in the ParsedRemoteConfig. (Also didn't include other
fields specific to those remotes, perhaps chunking etc also didn't
get through.)
To fix, had to move RemoteConfig parsing down into the generate methods
of each remote, rather than doing it in Remote.List.
And a consequence of that was that ParsedRemoteConfig had to change to
include the RemoteConfig that got parsed, so that testremote can
generate a new remote based on an existing remote.
(I would have rather fixed this just inside Remote.Git, but that was not
practical, at least not w/o re-doing work that Remote.List already did.
Big ugly mostly mechanical patch seemed preferable to making git-annex
slower.)
2020-02-26 21:20:56 +00:00
|
|
|
let specialcfg = (specialRemoteCfg c)
|
|
|
|
-- chunking would not improve bup
|
|
|
|
{ chunkConfig = NoChunks
|
|
|
|
}
|
2014-08-03 19:35:23 +00:00
|
|
|
return $ Just $ specialRemote' specialcfg c
|
2020-05-13 15:50:31 +00:00
|
|
|
(store this buprepo)
|
2022-08-09 14:40:45 +00:00
|
|
|
(retrieve this buprepo)
|
2020-05-13 15:50:31 +00:00
|
|
|
(remove buprepo)
|
remove "checking remotename" message
This fixes fsck of a remote that uses chunking displaying
(checking remotename) (checking remotename)" for every chunk.
Also, some remotes displayed the message, and others did not, with no
consistency. It was originally displayed only when accessing remotes
that were expensive or might involve a password prompt, I think, but
nothing in the API said when to do it so it became an inconsistent mess.
Originally I thought fsck should always display it. But it only displays
in fsck --from remote, so the user knows the remote is being accessed,
so there is no reason to tell them it's accessing it over and over.
It was also possible for git-annex move to sometimes display it twice,
due to checking if content is present twice. But, the user of move
specifies --from/--to, so it does not need to display when it's
accessing the remote, as the user expects it to access the remote.
git-annex get might display it, but only if the remote also supports
hasKeyCheap, which is really only local git remotes, which didn't
display it always; and in any case nothing displayed it before hasKeyCheap,
which is checked first, so I don't think this needs to display it ever.
mirror is like move. And that's all the main places it would have been
displayed.
This commit was sponsored by Jochen Bartl on Patreon.
2021-04-27 16:50:45 +00:00
|
|
|
(checkKey bupr')
|
2014-08-02 22:36:26 +00:00
|
|
|
this
|
2013-01-01 17:52:47 +00:00
|
|
|
where
|
2016-11-16 01:29:54 +00:00
|
|
|
buprepo = fromMaybe (giveup "missing buprepo") $ remoteAnnexBupRepo gc
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2017-02-07 18:35:58 +00:00
|
|
|
bupSetup :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
bupSetup _ mu _ c gc = do
|
2013-09-07 22:38:00 +00:00
|
|
|
u <- maybe (liftIO genUUID) return mu
|
|
|
|
|
2011-04-08 20:44:43 +00:00
|
|
|
-- verify configuration is sane
|
2020-01-10 18:10:20 +00:00
|
|
|
let buprepo = maybe (giveup "Specify buprepo=") fromProposedAccepted $
|
2020-01-14 19:41:34 +00:00
|
|
|
M.lookup buprepoField c
|
2016-05-23 21:27:15 +00:00
|
|
|
(c', _encsetup) <- encryptionSetup c gc
|
2011-04-08 20:44:43 +00:00
|
|
|
|
|
|
|
-- bup init will create the repository.
|
|
|
|
-- (If the repository already exists, bup init again appears safe.)
|
2011-07-19 18:07:23 +00:00
|
|
|
showAction "bup init"
|
2016-11-16 01:29:54 +00:00
|
|
|
unlessM (bup "init" buprepo []) $ giveup "bup init failed"
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2011-04-09 16:41:17 +00:00
|
|
|
storeBupUUID u buprepo
|
2011-04-09 16:34:49 +00:00
|
|
|
|
2011-04-09 16:41:17 +00:00
|
|
|
-- The buprepo is stored in git config, as well as this repo's
|
2023-03-14 02:39:16 +00:00
|
|
|
-- persistent state, so it can vary between hosts.
|
2018-03-27 16:41:57 +00:00
|
|
|
gitConfigSpecialRemote u c' [("buprepo", buprepo)]
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2013-09-07 22:38:00 +00:00
|
|
|
return (c', u)
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2011-04-09 19:36:54 +00:00
|
|
|
bupParams :: String -> BupRepo -> [CommandParam] -> [CommandParam]
|
2011-04-09 16:41:17 +00:00
|
|
|
bupParams command buprepo params =
|
2011-07-15 16:47:14 +00:00
|
|
|
Param command : [Param "-r", Param buprepo] ++ params
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2011-04-09 19:36:54 +00:00
|
|
|
bup :: String -> BupRepo -> [CommandParam] -> Annex Bool
|
2011-04-09 16:41:17 +00:00
|
|
|
bup command buprepo params = do
|
2011-07-19 18:07:23 +00:00
|
|
|
showOutput -- make way for bup output
|
2012-01-28 19:23:28 +00:00
|
|
|
liftIO $ boolSystem "bup" $ bupParams command buprepo params
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2015-04-04 18:34:03 +00:00
|
|
|
bupSplitParams :: Remote -> BupRepo -> Key -> [CommandParam] -> [CommandParam]
|
|
|
|
bupSplitParams r buprepo k src =
|
2013-01-01 17:52:47 +00:00
|
|
|
let os = map Param $ remoteAnnexBupSplitOptions $ gitconfig r
|
2015-04-04 18:34:03 +00:00
|
|
|
in bupParams "split" buprepo
|
2014-08-02 22:36:26 +00:00
|
|
|
(os ++ [Param "-q", Param "-n", Param (bupRef k)] ++ src)
|
|
|
|
|
|
|
|
store :: Remote -> BupRepo -> Storer
|
2022-08-09 14:40:45 +00:00
|
|
|
store r buprepo = byteStorer $ \k b p -> lockBup True r $ do
|
2020-06-04 19:36:34 +00:00
|
|
|
liftIO $ withNullHandle $ \nullh ->
|
|
|
|
let params = bupSplitParams r buprepo k []
|
|
|
|
cmd = (proc "bup" (toCommand params))
|
2022-08-05 16:29:33 +00:00
|
|
|
{ std_in = CreatePipe
|
|
|
|
, std_out = UseHandle nullh
|
2022-08-05 17:57:20 +00:00
|
|
|
, std_err = CreatePipe
|
2022-08-05 16:29:33 +00:00
|
|
|
}
|
2020-06-05 21:10:52 +00:00
|
|
|
feeder = \h -> do
|
2021-02-09 21:03:27 +00:00
|
|
|
meteredWrite p (S.hPut h) b
|
2020-06-05 21:10:52 +00:00
|
|
|
hClose h
|
2022-08-05 16:29:33 +00:00
|
|
|
in withCreateProcess cmd (go feeder cmd)
|
2020-06-04 19:36:34 +00:00
|
|
|
where
|
2022-08-05 17:57:20 +00:00
|
|
|
go feeder p (Just inh) _ (Just errh) pid = do
|
|
|
|
-- bup split is noisy to stderr even with the -q
|
|
|
|
-- option. But when bup fails, the stderr needs
|
|
|
|
-- to be displayed.
|
|
|
|
(feedresult, erroutput) <- tryNonAsync (feeder inh)
|
|
|
|
`concurrently` hGetContentsStrict errh
|
|
|
|
waitForProcess pid >>= \case
|
|
|
|
ExitSuccess -> case feedresult of
|
|
|
|
Right () -> return ()
|
|
|
|
Left e -> throwM e
|
|
|
|
ExitFailure n -> giveup $
|
|
|
|
showCmd p ++ " exited " ++ show n ++
|
|
|
|
" (stderr output: " ++ erroutput ++ ")"
|
2020-06-04 19:36:34 +00:00
|
|
|
go _ _ _ _ _ _ = error "internal"
|
2014-08-02 22:36:26 +00:00
|
|
|
|
2022-08-09 14:40:45 +00:00
|
|
|
retrieve :: Remote -> BupRepo -> Retriever
|
|
|
|
retrieve r buprepo = byteRetriever $ \k sink -> lockBup True r $ do
|
2014-08-03 05:12:24 +00:00
|
|
|
let params = bupParams "join" buprepo [Param $ bupRef k]
|
2020-06-04 16:13:26 +00:00
|
|
|
let p = (proc "bup" (toCommand params))
|
|
|
|
{ std_out = CreatePipe }
|
|
|
|
bracketIO (createProcess p) cleanupProcess (go sink p)
|
|
|
|
where
|
|
|
|
go sink p (_, Just h, _, pid) = do
|
2022-08-09 14:40:45 +00:00
|
|
|
v <- sink =<< liftIO (L.hGetContents h)
|
2020-06-04 16:13:26 +00:00
|
|
|
liftIO $ do
|
|
|
|
hClose h
|
|
|
|
forceSuccessProcess p pid
|
2022-08-09 14:40:45 +00:00
|
|
|
return v
|
2020-06-04 16:13:26 +00:00
|
|
|
go _ _ _ = error "internal"
|
2011-04-08 20:44:43 +00:00
|
|
|
|
2013-01-09 22:42:29 +00:00
|
|
|
{- Cannot revert having stored a key in bup, but at least the data for the
|
|
|
|
- key will be used for deltaing data of other keys stored later.
|
|
|
|
-
|
|
|
|
- We can, however, remove the git branch that bup created for the key.
|
|
|
|
-}
|
run Preparer to get Remover and CheckPresent actions
This will allow special remotes to eg, open a http connection and reuse it,
while checking if chunks are present, or removing chunks.
S3 and WebDAV both need this to support chunks with reasonable speed.
Note that a special remote might want to cache a http connection across
multiple requests. A simple case of this is that CheckPresent is typically
called before Store or Remove. A remote using this interface can certianly
use a Preparer that eg, uses a MVar to cache a http connection.
However, it's up to the remote to then deal with things like stale or
stalled http connections when eg, doing a series of downloads from a remote
and other places. There could be long delays between calls to a remote,
which could lead to eg, http connection stalls; the machine might even
move to a new network, etc.
It might be nice to improve this interface later to allow
the simple case without needing to handle the full complex case.
One way to do it would be to have a `Transaction SpecialRemote cache`,
where SpecialRemote contains methods for Storer, Retriever, Remover, and
CheckPresent, that all expect to be passed a `cache`.
2014-08-06 18:28:36 +00:00
|
|
|
remove :: BupRepo -> Remover
|
toward SafeDropProof expiry checking
Added Maybe POSIXTime to SafeDropProof, which gets set when the proof is
based on a LockedCopy. If there are several LockedCopies, it uses the
closest expiry time. That is not optimal, it may be that the proof
expires based on one LockedCopy but another one has not expired. But
that seems unlikely to really happen, and anyway the user can just
re-run a drop if it fails due to expiry.
Pass the SafeDropProof to removeKey, which is responsible for checking
it for expiry in situations where that could be a problem. Which really
only means in Remote.Git.
Made Remote.Git check expiry when dropping from a local remote.
Checking expiry when dropping from a P2P remote is not yet implemented.
P2P.Protocol.remove has SafeDropProof plumbed through to it for that
purpose.
Fixing the remaining 2 build warnings should complete this work.
Note that the use of a POSIXTime here means that if the clock gets set
forward while git-annex is in the middle of a drop, it may say that
dropping took too long. That seems ok. Less ok is that if the clock gets
turned back a sufficient amount (eg 5 minutes), proof expiry won't be
noticed. It might be better to use the Monotonic clock, but that doesn't
advance when a laptop is suspended, and while there is the linux
Boottime clock, that is not available on other systems. Perhaps a
combination of POSIXTime and the Monotonic clock could detect laptop
suspension and also detect clock being turned back?
There is a potential future flag day where
p2pDefaultLockContentRetentionDuration is not assumed, but is probed
using the P2P protocol, and peers that don't support it can no longer
produce a LockedCopy. Until that happens, when git-annex is
communicating with older peers there is a risk of data loss when
a ssh connection closes during LOCKCONTENT.
2024-07-04 16:23:46 +00:00
|
|
|
remove buprepo _proof k = do
|
2014-08-02 22:36:26 +00:00
|
|
|
go =<< liftIO (bup2GitRemote buprepo)
|
2020-06-05 23:06:09 +00:00
|
|
|
warning "content cannot be completely removed from bup remote"
|
2013-01-09 22:42:29 +00:00
|
|
|
where
|
|
|
|
go r
|
|
|
|
| Git.repoIsUrl r = void $ onBupRemote r boolSystem "git" params
|
2014-08-02 22:36:26 +00:00
|
|
|
| otherwise = void $ liftIO $ catchMaybeIO $ do
|
|
|
|
r' <- Git.Config.read r
|
|
|
|
boolSystem "git" $ Git.Command.gitCommandLine params r'
|
2015-06-01 17:52:23 +00:00
|
|
|
params = [ Param "branch", Param "-q", Param "-D", Param (bupRef k) ]
|
2013-01-09 22:42:29 +00:00
|
|
|
|
2011-04-08 20:44:43 +00:00
|
|
|
{- Bup does not provide a way to tell if a given dataset is present
|
|
|
|
- in a bup repository. One way it to check if the git repository has
|
|
|
|
- a branch matching the name (as created by bup split -n).
|
|
|
|
-}
|
remove "checking remotename" message
This fixes fsck of a remote that uses chunking displaying
(checking remotename) (checking remotename)" for every chunk.
Also, some remotes displayed the message, and others did not, with no
consistency. It was originally displayed only when accessing remotes
that were expensive or might involve a password prompt, I think, but
nothing in the API said when to do it so it became an inconsistent mess.
Originally I thought fsck should always display it. But it only displays
in fsck --from remote, so the user knows the remote is being accessed,
so there is no reason to tell them it's accessing it over and over.
It was also possible for git-annex move to sometimes display it twice,
due to checking if content is present twice. But, the user of move
specifies --from/--to, so it does not need to display when it's
accessing the remote, as the user expects it to access the remote.
git-annex get might display it, but only if the remote also supports
hasKeyCheap, which is really only local git remotes, which didn't
display it always; and in any case nothing displayed it before hasKeyCheap,
which is checked first, so I don't think this needs to display it ever.
mirror is like move. And that's all the main places it would have been
displayed.
This commit was sponsored by Jochen Bartl on Patreon.
2021-04-27 16:50:45 +00:00
|
|
|
checkKey :: Git.Repo -> CheckPresent
|
|
|
|
checkKey bupr k
|
|
|
|
| Git.repoIsUrl bupr = onBupRemote bupr boolSystem "git" params
|
2014-08-06 17:45:19 +00:00
|
|
|
| otherwise = liftIO $ boolSystem "git" $
|
|
|
|
Git.Command.gitCommandLine params bupr
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
|
|
|
params =
|
2015-06-01 17:52:23 +00:00
|
|
|
[ Param "show-ref"
|
|
|
|
, Param "--quiet"
|
|
|
|
, Param "--verify"
|
2012-11-11 04:51:07 +00:00
|
|
|
, Param $ "refs/heads/" ++ bupRef k
|
|
|
|
]
|
2011-04-09 16:34:49 +00:00
|
|
|
|
|
|
|
{- Store UUID in the annex.uuid setting of the bup repository. -}
|
2011-04-09 19:36:54 +00:00
|
|
|
storeBupUUID :: UUID -> BupRepo -> Annex ()
|
2011-04-09 16:41:17 +00:00
|
|
|
storeBupUUID u buprepo = do
|
|
|
|
r <- liftIO $ bup2GitRemote buprepo
|
2011-04-09 16:34:49 +00:00
|
|
|
if Git.repoIsUrl r
|
|
|
|
then do
|
2011-07-19 18:07:23 +00:00
|
|
|
showAction "storing uuid"
|
2012-01-24 19:28:13 +00:00
|
|
|
unlessM (onBupRemote r boolSystem "git"
|
2019-12-02 16:26:33 +00:00
|
|
|
[Param "config", Param (fromConfigKey configkeyUUID), Param v]) $
|
2016-11-16 01:29:54 +00:00
|
|
|
giveup "ssh failed"
|
2011-04-09 16:34:49 +00:00
|
|
|
else liftIO $ do
|
2011-12-13 19:05:07 +00:00
|
|
|
r' <- Git.Config.read r
|
2020-04-15 17:55:08 +00:00
|
|
|
let noolduuid = case Git.Config.get configkeyUUID mempty r' of
|
|
|
|
ConfigValue olduuid -> S.null olduuid
|
|
|
|
NoConfigValue -> True
|
|
|
|
when noolduuid $
|
2013-03-03 17:39:07 +00:00
|
|
|
Git.Command.run
|
|
|
|
[ Param "config"
|
|
|
|
, Param "annex.uuid"
|
|
|
|
, Param v
|
|
|
|
] r'
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
|
|
|
v = fromUUID u
|
2011-04-09 16:34:49 +00:00
|
|
|
|
2011-04-09 19:36:54 +00:00
|
|
|
onBupRemote :: Git.Repo -> (FilePath -> [CommandParam] -> IO a) -> FilePath -> [CommandParam] -> Annex a
|
2017-03-17 20:02:47 +00:00
|
|
|
onBupRemote r runner command params = do
|
2014-05-16 20:08:20 +00:00
|
|
|
c <- Annex.getRemoteGitConfig r
|
2017-03-17 20:02:47 +00:00
|
|
|
let remotecmd = "cd " ++ dir ++ " && " ++ unwords (command : toCommand params)
|
|
|
|
(sshcmd, sshparams) <- Ssh.toRepo NoConsumeStdin r c remotecmd
|
|
|
|
liftIO $ runner sshcmd sshparams
|
2013-06-21 08:28:43 +00:00
|
|
|
where
|
2019-12-09 17:49:05 +00:00
|
|
|
path = fromRawFilePath $ Git.repoPath r
|
2013-06-21 08:28:43 +00:00
|
|
|
base = fromMaybe path (stripPrefix "/~/" path)
|
|
|
|
dir = shellEscape base
|
2011-04-09 19:36:54 +00:00
|
|
|
|
2011-04-09 16:41:17 +00:00
|
|
|
{- Allow for bup repositories on removable media by checking
|
2011-04-09 16:59:18 +00:00
|
|
|
- local bup repositories to see if they are available, and getting their
|
|
|
|
- uuid (which may be different from the stored uuid for the bup remote).
|
|
|
|
-
|
2011-12-10 22:51:01 +00:00
|
|
|
- If a bup repository is not available, returns NoUUID.
|
2011-04-09 16:59:18 +00:00
|
|
|
- This will cause checkPresent to indicate nothing from the bup remote
|
|
|
|
- is known to be present.
|
2011-04-09 19:36:54 +00:00
|
|
|
-
|
|
|
|
- Also, returns a version of the repo with config read, if it is local.
|
2011-04-09 16:59:18 +00:00
|
|
|
-}
|
2011-04-09 19:36:54 +00:00
|
|
|
getBupUUID :: Git.Repo -> UUID -> Annex (UUID, Git.Repo)
|
|
|
|
getBupUUID r u
|
|
|
|
| Git.repoIsUrl r = return (u, r)
|
|
|
|
| otherwise = liftIO $ do
|
2012-02-03 20:47:24 +00:00
|
|
|
ret <- tryIO $ Git.Config.read r
|
2011-04-09 19:36:54 +00:00
|
|
|
case ret of
|
2019-12-02 16:26:33 +00:00
|
|
|
Right r' -> return (toUUID $ Git.Config.get configkeyUUID mempty r', r')
|
2011-11-07 18:46:01 +00:00
|
|
|
Left _ -> return (NoUUID, r)
|
2011-04-09 16:41:17 +00:00
|
|
|
|
2011-04-09 16:34:49 +00:00
|
|
|
{- Converts a bup remote path spec into a Git.Repo. There are some
|
|
|
|
- differences in path representation between git and bup. -}
|
2011-04-09 19:36:54 +00:00
|
|
|
bup2GitRemote :: BupRepo -> IO Git.Repo
|
2011-04-09 16:34:49 +00:00
|
|
|
bup2GitRemote "" = do
|
|
|
|
-- bup -r "" operates on ~/.bup
|
|
|
|
h <- myHomeDir
|
avoid making absolute git remote path relative
When a git remote is configured with an absolute path, use that path,
rather than making it relative. If it's configured with a relative path,
use that.
Git.Construct.fromPath changed to preserve the path as-is,
rather than making it absolute. And Annex.new changed to not
convert the path to relative. Instead, Git.CurrentRepo.get
generates a relative path.
A few things that used fromAbsPath unncessarily were changed in passing to
use fromPath instead. I'm seeing fromAbsPath as a security check,
while before it was being used in some cases when the path was
known absolute already. It may be that fromAbsPath is not really needed,
but only git-annex-shell uses it now, and I'm not 100% sure that there's
not some input that would cause a relative path to be used, opening a
security hole, without the security check. So left it as-is.
Test suite passes and strace shows the configured remote url is used
unchanged in the path into it. I can't be 100% sure there's not some code
somewhere that takes an absolute path to the repo and converts it to
relative and uses it, but it seems pretty unlikely that the code paths used
for a git remote would call such code. One place I know of is gitAnnexLink,
but I'm pretty sure that git remotes never deal with annex symlinks. If
that did get called, it generates a path relative to cwd, which would have
been wrong before this change as well, when operating on a remote.
2021-02-08 17:18:01 +00:00
|
|
|
Git.Construct.fromPath $ toRawFilePath $ h </> ".bup"
|
2011-04-09 16:34:49 +00:00
|
|
|
bup2GitRemote r
|
|
|
|
| bupLocal r =
|
2011-12-15 22:11:42 +00:00
|
|
|
if "/" `isPrefixOf` r
|
avoid making absolute git remote path relative
When a git remote is configured with an absolute path, use that path,
rather than making it relative. If it's configured with a relative path,
use that.
Git.Construct.fromPath changed to preserve the path as-is,
rather than making it absolute. And Annex.new changed to not
convert the path to relative. Instead, Git.CurrentRepo.get
generates a relative path.
A few things that used fromAbsPath unncessarily were changed in passing to
use fromPath instead. I'm seeing fromAbsPath as a security check,
while before it was being used in some cases when the path was
known absolute already. It may be that fromAbsPath is not really needed,
but only git-annex-shell uses it now, and I'm not 100% sure that there's
not some input that would cause a relative path to be used, opening a
security hole, without the security check. So left it as-is.
Test suite passes and strace shows the configured remote url is used
unchanged in the path into it. I can't be 100% sure there's not some code
somewhere that takes an absolute path to the repo and converts it to
relative and uses it, but it seems pretty unlikely that the code paths used
for a git remote would call such code. One place I know of is gitAnnexLink,
but I'm pretty sure that git remotes never deal with annex symlinks. If
that did get called, it generates a path relative to cwd, which would have
been wrong before this change as well, when operating on a remote.
2021-02-08 17:18:01 +00:00
|
|
|
then Git.Construct.fromPath (toRawFilePath r)
|
2016-11-16 01:29:54 +00:00
|
|
|
else giveup "please specify an absolute path"
|
2011-12-13 19:05:07 +00:00
|
|
|
| otherwise = Git.Construct.fromUrl $ "ssh://" ++ host ++ slash dir
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
2017-01-31 22:40:42 +00:00
|
|
|
bits = splitc ':' r
|
2012-11-11 04:51:07 +00:00
|
|
|
host = Prelude.head bits
|
2013-04-23 00:24:53 +00:00
|
|
|
dir = intercalate ":" $ drop 1 bits
|
2012-11-11 04:51:07 +00:00
|
|
|
-- "host:~user/dir" is not supported specially by bup;
|
|
|
|
-- "host:dir" is relative to the home directory;
|
|
|
|
-- "host:" goes in ~/.bup
|
|
|
|
slash d
|
|
|
|
| null d = "/~/.bup"
|
|
|
|
| "/" `isPrefixOf` d = d
|
|
|
|
| otherwise = "/~/" ++ d
|
2011-04-09 16:34:49 +00:00
|
|
|
|
2012-04-11 16:45:05 +00:00
|
|
|
{- Converts a key into a git ref name, which bup-split -n will use to point
|
|
|
|
- to it. -}
|
|
|
|
bupRef :: Key -> String
|
|
|
|
bupRef k
|
|
|
|
| Git.Ref.legal True shown = shown
|
2015-08-06 19:02:25 +00:00
|
|
|
| otherwise = "git-annex-" ++ show (sha2_256 (fromString shown))
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
2019-01-14 17:03:35 +00:00
|
|
|
shown = serializeKey k
|
2012-04-11 16:45:05 +00:00
|
|
|
|
2011-04-09 19:36:54 +00:00
|
|
|
bupLocal :: BupRepo -> Bool
|
2011-04-09 16:34:49 +00:00
|
|
|
bupLocal = notElem ':'
|
2022-08-09 14:40:45 +00:00
|
|
|
|
|
|
|
{- Bup is not concurrency safe, so use a lock file. Only one writer process
|
|
|
|
- should run at a time; multiple readers may run if no writer is running. -}
|
|
|
|
lockBup :: Bool -> Remote -> Annex a -> Annex a
|
|
|
|
lockBup writer r a = do
|
|
|
|
dir <- fromRepo gitAnnexRemotesDir
|
|
|
|
unlessM (liftIO $ doesDirectoryExist (fromRawFilePath dir)) $
|
|
|
|
createAnnexDirectory dir
|
|
|
|
let remoteid = fromUUID (uuid r)
|
|
|
|
let lck = dir P.</> remoteid <> ".lck"
|
|
|
|
if writer
|
2022-08-11 20:57:44 +00:00
|
|
|
then withExclusiveLock lck a
|
|
|
|
else withSharedLock lck a
|