2011-10-31 16:33:41 +00:00
|
|
|
{- git-annex command
|
|
|
|
-
|
2016-04-22 17:49:32 +00:00
|
|
|
- Copyright 2011-2016 Joey Hess <id@joeyh.name>
|
2011-10-31 16:33:41 +00:00
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
2011-10-31 19:18:41 +00:00
|
|
|
module Command.Reinject where
|
2011-10-31 16:33:41 +00:00
|
|
|
|
|
|
|
import Command
|
|
|
|
import Logs.Location
|
|
|
|
import Annex.Content
|
2016-04-22 17:49:32 +00:00
|
|
|
import Backend
|
|
|
|
import Types.KeySource
|
2011-10-31 16:33:41 +00:00
|
|
|
|
2015-07-08 19:08:02 +00:00
|
|
|
cmd :: Command
|
|
|
|
cmd = command "reinject" SectionUtility
|
2016-04-22 17:49:32 +00:00
|
|
|
"inject content of file back into annex"
|
2016-11-30 18:16:57 +00:00
|
|
|
(paramRepeating (paramPair "SRC" "DEST"))
|
2016-04-22 17:49:32 +00:00
|
|
|
(seek <$$> optParser)
|
2011-10-31 16:33:41 +00:00
|
|
|
|
2016-04-22 17:49:32 +00:00
|
|
|
data ReinjectOptions = ReinjectOptions
|
|
|
|
{ params :: CmdParams
|
|
|
|
, knownOpt :: Bool
|
|
|
|
}
|
2011-10-31 16:33:41 +00:00
|
|
|
|
2016-04-22 17:49:32 +00:00
|
|
|
optParser :: CmdParamsDesc -> Parser ReinjectOptions
|
|
|
|
optParser desc = ReinjectOptions
|
|
|
|
<$> cmdParams desc
|
|
|
|
<*> switch
|
|
|
|
( long "known"
|
|
|
|
<> help "inject all known files"
|
|
|
|
<> hidden
|
|
|
|
)
|
|
|
|
|
|
|
|
seek :: ReinjectOptions -> CommandSeek
|
|
|
|
seek os
|
|
|
|
| knownOpt os = withStrings startKnown (params os)
|
|
|
|
| otherwise = withWords startSrcDest (params os)
|
|
|
|
|
|
|
|
startSrcDest :: [FilePath] -> CommandStart
|
|
|
|
startSrcDest (src:dest:[])
|
2011-10-31 20:46:51 +00:00
|
|
|
| src == dest = stop
|
2016-04-22 17:49:32 +00:00
|
|
|
| otherwise = notAnnexed src $ do
|
2012-11-12 05:05:04 +00:00
|
|
|
showStart "reinject" dest
|
2017-02-09 19:40:44 +00:00
|
|
|
next $ ifAnnexed dest go stop
|
|
|
|
where
|
|
|
|
go key = ifM (verifyKeyContent DefaultVerify UnVerified key src)
|
|
|
|
( perform src key
|
|
|
|
, error "failed"
|
|
|
|
)
|
2016-11-16 01:29:54 +00:00
|
|
|
startSrcDest _ = giveup "specify a src file and a dest file"
|
2016-04-22 17:49:32 +00:00
|
|
|
|
|
|
|
startKnown :: FilePath -> CommandStart
|
|
|
|
startKnown src = notAnnexed src $ do
|
|
|
|
showStart "reinject" src
|
|
|
|
mkb <- genKey (KeySource src src Nothing) Nothing
|
|
|
|
case mkb of
|
|
|
|
Nothing -> error "Failed to generate key"
|
|
|
|
Just (key, _) -> ifM (isKnownKey key)
|
2017-02-09 19:40:44 +00:00
|
|
|
( next $ perform src key
|
2016-04-22 17:49:32 +00:00
|
|
|
, do
|
|
|
|
warning "Not known content; skipping"
|
|
|
|
next $ next $ return True
|
|
|
|
)
|
|
|
|
|
|
|
|
notAnnexed :: FilePath -> CommandStart -> CommandStart
|
2016-11-16 01:29:54 +00:00
|
|
|
notAnnexed src = ifAnnexed src $
|
|
|
|
giveup $ "cannot used annexed file as src: " ++ src
|
2011-10-31 16:33:41 +00:00
|
|
|
|
2017-02-09 19:40:44 +00:00
|
|
|
perform :: FilePath -> Key -> CommandPerform
|
|
|
|
perform src key = ifM move
|
Do verification of checksums of annex objects downloaded from remotes.
* When annex objects are received into git repositories, their checksums are
verified then too.
* To get the old, faster, behavior of not verifying checksums, set
annex.verify=false, or remote.<name>.annex-verify=false.
* setkey, rekey: These commands also now verify that the provided file
matches the key, unless annex.verify=false.
* reinject: Already verified content; this can now be disabled by
setting annex.verify=false.
recvkey and reinject already did verification, so removed now duplicate
code from them. fsck still does its own verification, which is ok since it
does not use getViaTmp, so verification doesn't happen twice when using fsck
--from.
2015-10-01 19:54:37 +00:00
|
|
|
( next $ cleanup key
|
|
|
|
, error "failed"
|
|
|
|
)
|
2012-11-12 05:05:04 +00:00
|
|
|
where
|
annex.securehashesonly
Cryptographically secure hashes can be forced to be used in a repository,
by setting annex.securehashesonly. This does not prevent the git repository
from containing files with insecure hashes, but it does prevent the content
of such files from being pulled into .git/annex/objects from another
repository.
We want to make sure that at no point does git-annex accept content into
.git/annex/objects that is hashed with an insecure key. Here's how it
was done:
* .git/annex/objects/xx/yy/KEY/ is kept frozen, so nothing can be
written to it normally
* So every place that writes content must call, thawContent or modifyContent.
We can audit for these, and be sure we've considered all cases.
* The main functions are moveAnnex, and linkToAnnex; these were made to
check annex.securehashesonly, and are the main security boundary
for annex.securehashesonly.
* Most other calls to modifyContent deal with other files in the KEY
directory (inode cache etc). The other ones that mess with the content
are:
- Annex.Direct.toDirectGen, in which content already in the
annex directory is moved to the direct mode file, so not relevant.
- fix and lock, which don't add new content
- Command.ReKey.linkKey, which manually unlocks it to make a
copy.
* All other calls to thawContent appear safe.
Made moveAnnex return a Bool, so checked all callsites and made them
deal with a failure in appropriate ways.
linkToAnnex simply returns LinkAnnexFailed; all callsites already deal
with it failing in appropriate ways.
This commit was sponsored by Riku Voipio.
2017-02-27 17:01:32 +00:00
|
|
|
move = checkDiskSpaceToGet key False $
|
2017-02-09 19:40:44 +00:00
|
|
|
moveAnnex key src
|
2011-10-31 16:33:41 +00:00
|
|
|
|
2012-09-16 05:17:48 +00:00
|
|
|
cleanup :: Key -> CommandCleanup
|
|
|
|
cleanup key = do
|
2011-10-31 16:33:41 +00:00
|
|
|
logStatus key InfoPresent
|
2012-09-16 05:17:48 +00:00
|
|
|
return True
|