2012-02-16 20:36:35 +00:00
|
|
|
{- git-annex command
|
|
|
|
-
|
2016-01-07 18:51:28 +00:00
|
|
|
- Copyright 2012-2016 Joey Hess <id@joeyh.name>
|
2012-02-16 20:36:35 +00:00
|
|
|
-
|
2019-03-13 19:48:14 +00:00
|
|
|
- Licensed under the GNU AGPL version 3 or higher.
|
2012-02-16 20:36:35 +00:00
|
|
|
-}
|
|
|
|
|
2023-04-10 16:56:45 +00:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
|
|
|
|
2012-02-16 20:36:35 +00:00
|
|
|
module Command.ReKey where
|
|
|
|
|
|
|
|
import Command
|
|
|
|
import qualified Annex
|
|
|
|
import Annex.Content
|
2015-12-22 17:23:33 +00:00
|
|
|
import Annex.Ingest
|
2016-01-07 18:51:28 +00:00
|
|
|
import Annex.Link
|
|
|
|
import Annex.Perms
|
|
|
|
import Annex.ReplaceFile
|
2013-04-11 17:35:52 +00:00
|
|
|
import Logs.Location
|
2016-01-07 18:51:28 +00:00
|
|
|
import Annex.InodeSentinal
|
2022-10-26 17:58:20 +00:00
|
|
|
import Annex.WorkTree
|
2016-01-07 18:51:28 +00:00
|
|
|
import Utility.InodeCache
|
2019-12-06 18:44:42 +00:00
|
|
|
import qualified Utility.RawFilePath as R
|
2012-02-16 20:36:35 +00:00
|
|
|
|
2023-03-01 19:55:58 +00:00
|
|
|
import System.PosixCompat.Files (linkCount, fileMode)
|
|
|
|
|
2015-07-08 16:33:27 +00:00
|
|
|
cmd :: Command
|
2023-05-04 20:03:54 +00:00
|
|
|
cmd = withAnnexOptions [jsonOptions] $
|
|
|
|
command "rekey" SectionPlumbing
|
|
|
|
"change keys used for files"
|
|
|
|
(paramRepeating $ paramPair paramPath paramKey)
|
|
|
|
(seek <$$> optParser)
|
2012-02-16 20:36:35 +00:00
|
|
|
|
2016-12-05 16:55:50 +00:00
|
|
|
data ReKeyOptions = ReKeyOptions
|
|
|
|
{ reKeyThese :: CmdParams
|
|
|
|
, batchOption :: BatchMode
|
|
|
|
}
|
2012-02-16 20:36:35 +00:00
|
|
|
|
2016-12-05 16:55:50 +00:00
|
|
|
optParser :: CmdParamsDesc -> Parser ReKeyOptions
|
|
|
|
optParser desc = ReKeyOptions
|
|
|
|
<$> cmdParams desc
|
2021-08-25 18:20:33 +00:00
|
|
|
<*> parseBatchOption False
|
2016-12-05 16:55:50 +00:00
|
|
|
|
|
|
|
-- Split on the last space, since a FilePath can contain whitespace,
|
|
|
|
-- but a Key very rarely does.
|
2020-04-15 20:04:05 +00:00
|
|
|
batchParser :: String -> Annex (Either String (RawFilePath, Key))
|
2016-12-05 16:55:50 +00:00
|
|
|
batchParser s = case separate (== ' ') (reverse s) of
|
|
|
|
(rk, rf)
|
2020-04-15 20:04:05 +00:00
|
|
|
| null rk || null rf -> return $ Left "Expected: \"file key\""
|
2019-01-14 17:17:47 +00:00
|
|
|
| otherwise -> case deserializeKey (reverse rk) of
|
2020-04-15 20:04:05 +00:00
|
|
|
Nothing -> return $ Left "bad key"
|
|
|
|
Just k -> do
|
|
|
|
let f = reverse rf
|
2020-11-02 20:31:28 +00:00
|
|
|
f' <- liftIO $ relPathCwdToFile (toRawFilePath f)
|
|
|
|
return $ Right (f', k)
|
2016-12-05 16:55:50 +00:00
|
|
|
|
|
|
|
seek :: ReKeyOptions -> CommandSeek
|
|
|
|
seek o = case batchOption o of
|
2022-01-26 16:59:55 +00:00
|
|
|
Batch fmt -> batchOnly Nothing (reKeyThese o) $
|
|
|
|
batchInput fmt batchParser
|
|
|
|
(batchCommandAction . uncurry start)
|
2020-09-14 20:49:33 +00:00
|
|
|
NoBatch -> withPairs
|
|
|
|
(\(si, p) -> commandAction (start si (parsekey p)))
|
|
|
|
(reKeyThese o)
|
2016-12-05 16:55:50 +00:00
|
|
|
where
|
|
|
|
parsekey (file, skey) =
|
2019-12-05 15:40:10 +00:00
|
|
|
(toRawFilePath file, fromMaybe (giveup "bad key") (deserializeKey skey))
|
2016-12-05 16:55:50 +00:00
|
|
|
|
2020-09-14 20:49:33 +00:00
|
|
|
start :: SeekInput -> (RawFilePath, Key) -> CommandStart
|
2022-10-26 17:58:20 +00:00
|
|
|
start si (file, newkey) = lookupKey file >>= \case
|
|
|
|
Just k -> go k
|
|
|
|
Nothing -> stop
|
2012-11-12 05:05:04 +00:00
|
|
|
where
|
2014-04-17 22:03:39 +00:00
|
|
|
go oldkey
|
2012-11-12 05:05:04 +00:00
|
|
|
| oldkey == newkey = stop
|
2020-09-14 20:49:33 +00:00
|
|
|
| otherwise = starting "rekey" ai si $
|
make CommandStart return a StartMessage
The goal is to be able to run CommandStart in the main thread when -J is
used, rather than unncessarily passing it off to a worker thread, which
incurs overhead that is signficant when the CommandStart is going to
quickly decide to stop.
To do that, the message it displays needs to be displayed in the worker
thread, after the CommandStart has run.
Also, the change will mean that CommandStart will no longer necessarily
run with the same Annex state as CommandPerform. While its docs already
said it should avoid modifying Annex state, I audited all the
CommandStart code as part of the conversion. (Note that CommandSeek
already sometimes runs with a different Annex state, and that has not been
a source of any problems, so I am not too worried that this change will
lead to breakage going forward.)
The only modification of Annex state I found was it calling
allowMessages in some Commands that default to noMessages. Dealt with
that by adding a startCustomOutput and a startingUsualMessages.
This lets a command start with noMessages and then select the output it
wants for each CommandStart.
One bit of breakage: onlyActionOn has been removed from commands that used it.
The plan is that, since a StartMessage contains an ActionItem,
when a Key can be extracted from that, the parallel job runner can
run onlyActionOn' automatically. Then commands won't need to worry about
this detail. Future work.
Otherwise, this was a fairly straightforward process of making each
CommandStart compile again. Hopefully other behavior changes were mostly
avoided.
In a few cases, a command had a CommandStart that called a CommandPerform
that then called showStart multiple times. I have collapsed those
down to a single start action. The main command to perhaps suffer from it
is Command.Direct, which used to show a start for each file, and no
longer does.
Another minor behavior change is that some commands used showStart
before, but had an associated file and a Key available, so were changed
to ShowStart with an ActionItemAssociatedFile. That will not change the
normal output or behavior, but --json output will now include the key.
This should not break it for anyone using a real json parser.
2019-06-06 19:42:30 +00:00
|
|
|
perform file oldkey newkey
|
2012-02-16 20:36:35 +00:00
|
|
|
|
2021-03-12 18:09:19 +00:00
|
|
|
ai = ActionItemTreeFile file
|
2020-09-14 20:49:33 +00:00
|
|
|
|
2019-12-05 15:40:10 +00:00
|
|
|
perform :: RawFilePath -> Key -> Key -> CommandPerform
|
2012-02-16 20:36:35 +00:00
|
|
|
perform file oldkey newkey = do
|
2016-01-07 18:51:28 +00:00
|
|
|
ifM (inAnnex oldkey)
|
|
|
|
( unlessM (linkKey file oldkey newkey) $
|
2018-10-16 19:52:40 +00:00
|
|
|
giveup "failed creating link from old to new key"
|
2023-04-10 16:56:45 +00:00
|
|
|
, unlessM (Annex.getRead Annex.force) $ do
|
|
|
|
qp <- coreQuotePath <$> Annex.getGitConfig
|
|
|
|
giveup $ decodeBS $ quote qp $ QuotedPath file
|
|
|
|
<> " is not available (use --force to override)"
|
2016-01-07 18:51:28 +00:00
|
|
|
)
|
include locked files in the keys database associated files
Before only unlocked files were included.
The initial scan now scans for locked as well as unlocked files. This
does mean it gets a little bit slower, although I optimised it as well
as I think it can be.
reconcileStaged changed to diff from the current index to the tree of
the previous index. This lets it handle deletions as well, removing
associated files for both locked and unlocked files, which did not
always happen before.
On upgrade, there will be no recorded previous tree, so it will diff
from the empty tree to current index, and so will fully populate the
associated files, as well as removing any stale associated files
that were present due to them not being removed before.
reconcileStaged now does a bit more work. Most of the time, this will
just be due to running more often, after some change is made to the
index, and since there will be few changes since the last time, it will
not be a noticable overhead. What may turn out to be a noticable
slowdown is after changing to a branch, it has to go through the diff
from the previous index to the new one, and if there are lots of
changes, that could take a long time. Also, after adding a lot of files,
or deleting a lot of files, or moving a large subdirectory, etc.
Command.Lock used removeAssociatedFile, but now that's wrong because a
newly locked file still needs to have its associated file tracked.
Command.Rekey used removeAssociatedFile when the file was unlocked.
It could remove it also when it's locked, but it is not really
necessary, because it changes the index, and so the next time git-annex
run and accesses the keys db, reconcileStaged will run and update it.
There are probably several other places that use addAssociatedFile and
don't need to any more for similar reasons. But there's no harm in
keeping them, and it probably is a good idea to, if only to support
mixing this with older versions of git-annex.
However, mixing this and older versions does risk reconcileStaged not
running, if the older version already ran it on a given index state. So
it's not a good idea to mix versions. This problem could be dealt with
by changing the name of the gitAnnexKeysDbIndexCache, but that would
leave the old file dangling, or it would need to keep trying to remove
it.
2021-05-21 19:47:37 +00:00
|
|
|
next $ cleanup file newkey
|
2012-02-17 02:36:56 +00:00
|
|
|
|
2013-06-10 17:10:30 +00:00
|
|
|
{- Make a hard link to the old key content (when supported),
|
|
|
|
- to avoid wasting disk space. -}
|
2019-12-05 15:40:10 +00:00
|
|
|
linkKey :: RawFilePath -> Key -> Key -> Annex Bool
|
2016-01-07 18:51:28 +00:00
|
|
|
linkKey file oldkey newkey = ifM (isJust <$> isAnnexLink file)
|
|
|
|
{- If the object file is already hardlinked to elsewhere, a hard
|
2018-03-13 18:18:30 +00:00
|
|
|
- link won't be made by getViaTmpFromDisk, but a copy instead.
|
2016-01-07 18:51:28 +00:00
|
|
|
- This avoids hard linking to content linked to an
|
|
|
|
- unlocked file, which would leave the new key unlocked
|
|
|
|
- and vulnerable to corruption. -}
|
2020-11-16 18:09:55 +00:00
|
|
|
( getViaTmpFromDisk RetrievalAllKeysSecure DefaultVerify newkey (AssociatedFile Nothing) $ \tmp -> unVerified $ do
|
2020-11-02 20:31:28 +00:00
|
|
|
oldobj <- calcRepo (gitAnnexLocation oldkey)
|
2018-09-05 21:26:12 +00:00
|
|
|
isJust <$> linkOrCopy' (return True) newkey oldobj tmp Nothing
|
2016-01-07 18:51:28 +00:00
|
|
|
, do
|
2018-10-16 21:18:21 +00:00
|
|
|
{- The file being rekeyed is itself an unlocked file; if
|
|
|
|
- it's hard linked to the old key, that link must be broken. -}
|
2020-11-06 18:10:58 +00:00
|
|
|
oldobj <- calcRepo (gitAnnexLocation oldkey)
|
2018-10-16 21:18:21 +00:00
|
|
|
v <- tryNonAsync $ do
|
2019-12-06 18:44:42 +00:00
|
|
|
st <- liftIO $ R.getFileStatus file
|
2018-10-16 21:18:21 +00:00
|
|
|
when (linkCount st > 1) $ do
|
|
|
|
freezeContent oldobj
|
2020-03-06 15:31:01 +00:00
|
|
|
replaceWorkTreeFile (fromRawFilePath file) $ \tmp -> do
|
2023-10-26 17:36:49 +00:00
|
|
|
unlessM (checkedCopyFile oldkey oldobj tmp Nothing) $
|
2023-04-10 17:38:14 +00:00
|
|
|
giveup "can't lock old key"
|
2023-10-26 17:36:49 +00:00
|
|
|
thawContent tmp
|
2019-12-11 18:12:22 +00:00
|
|
|
ic <- withTSDelta (liftIO . genInodeCache file)
|
2016-01-07 18:51:28 +00:00
|
|
|
case v of
|
|
|
|
Left e -> do
|
filter out control characters in warning messages
Converted warning and similar to use StringContainingQuotedPath. Most
warnings are static strings, some do refer to filepaths that need to be
quoted, and others don't need quoting.
Note that, since quote filters out control characters of even
UnquotedString, this makes all warnings safe, even when an attacker
sneaks in a control character in some other way.
When json is being output, no quoting is done, since json gets its own
quoting.
This does, as a side effect, make warning messages in json output not
be indented. The indentation is only needed to offset warning messages
underneath the display of the file they apply to, so that's ok.
Sponsored-by: Brett Eisenberg on Patreon
2023-04-10 18:47:32 +00:00
|
|
|
warning (UnquotedString (show e))
|
2016-01-07 18:51:28 +00:00
|
|
|
return False
|
|
|
|
Right () -> do
|
2020-11-02 20:31:28 +00:00
|
|
|
r <- linkToAnnex newkey file ic
|
2016-01-07 18:51:28 +00:00
|
|
|
return $ case r of
|
|
|
|
LinkAnnexFailed -> False
|
|
|
|
LinkAnnexOk -> True
|
|
|
|
LinkAnnexNoop -> True
|
|
|
|
)
|
2012-02-17 02:36:56 +00:00
|
|
|
|
include locked files in the keys database associated files
Before only unlocked files were included.
The initial scan now scans for locked as well as unlocked files. This
does mean it gets a little bit slower, although I optimised it as well
as I think it can be.
reconcileStaged changed to diff from the current index to the tree of
the previous index. This lets it handle deletions as well, removing
associated files for both locked and unlocked files, which did not
always happen before.
On upgrade, there will be no recorded previous tree, so it will diff
from the empty tree to current index, and so will fully populate the
associated files, as well as removing any stale associated files
that were present due to them not being removed before.
reconcileStaged now does a bit more work. Most of the time, this will
just be due to running more often, after some change is made to the
index, and since there will be few changes since the last time, it will
not be a noticable overhead. What may turn out to be a noticable
slowdown is after changing to a branch, it has to go through the diff
from the previous index to the new one, and if there are lots of
changes, that could take a long time. Also, after adding a lot of files,
or deleting a lot of files, or moving a large subdirectory, etc.
Command.Lock used removeAssociatedFile, but now that's wrong because a
newly locked file still needs to have its associated file tracked.
Command.Rekey used removeAssociatedFile when the file was unlocked.
It could remove it also when it's locked, but it is not really
necessary, because it changes the index, and so the next time git-annex
run and accesses the keys db, reconcileStaged will run and update it.
There are probably several other places that use addAssociatedFile and
don't need to any more for similar reasons. But there's no harm in
keeping them, and it probably is a good idea to, if only to support
mixing this with older versions of git-annex.
However, mixing this and older versions does risk reconcileStaged not
running, if the older version already ran it on a given index state. So
it's not a good idea to mix versions. This problem could be dealt with
by changing the name of the gitAnnexKeysDbIndexCache, but that would
leave the old file dangling, or it would need to keep trying to remove
it.
2021-05-21 19:47:37 +00:00
|
|
|
cleanup :: RawFilePath -> Key -> CommandCleanup
|
|
|
|
cleanup file newkey = do
|
2016-01-07 18:51:28 +00:00
|
|
|
ifM (isJust <$> isAnnexLink file)
|
|
|
|
( do
|
|
|
|
-- Update symlink to use the new key.
|
2022-06-14 18:40:55 +00:00
|
|
|
addSymlink file newkey Nothing
|
2016-01-07 18:51:28 +00:00
|
|
|
, do
|
2019-12-06 18:44:42 +00:00
|
|
|
mode <- liftIO $ catchMaybeIO $ fileMode <$> R.getFileStatus file
|
2016-01-07 18:51:28 +00:00
|
|
|
liftIO $ whenM (isJust <$> isPointerFile file) $
|
2016-04-14 18:30:15 +00:00
|
|
|
writePointerFile file newkey mode
|
|
|
|
stagePointerFile file mode =<< hashPointerFile newkey
|
2016-01-07 18:51:28 +00:00
|
|
|
)
|
2016-12-19 22:18:57 +00:00
|
|
|
whenM (inAnnex newkey) $
|
|
|
|
logStatus newkey InfoPresent
|
2013-04-11 17:35:52 +00:00
|
|
|
return True
|