2010-12-30 20:52:24 +00:00
|
|
|
# NAME
|
|
|
|
|
|
|
|
git-annex-shell - Restricted login shell for git-annex only SSH access
|
|
|
|
|
|
|
|
# SYNOPSIS
|
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
git-annex-shell [-c] command [params ...]
|
2010-12-30 20:52:24 +00:00
|
|
|
|
|
|
|
# DESCRIPTION
|
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
git-annex-shell is a restricted shell, similar to git-shell, which
|
|
|
|
can be used as a login shell for SSH accounts.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2011-03-04 01:55:56 +00:00
|
|
|
Since its syntax is identical to git-shell's, it can be used as a drop-in
|
|
|
|
replacement anywhere git-shell is used. For example it can be used as a
|
|
|
|
user's restricted login shell.
|
|
|
|
|
2010-12-30 20:52:24 +00:00
|
|
|
# COMMANDS
|
|
|
|
|
2011-04-09 18:15:38 +00:00
|
|
|
Any command not listed below is passed through to git-shell.
|
|
|
|
|
2011-10-15 23:06:35 +00:00
|
|
|
Note that the directory parameter should be an absolute path, otherwise
|
|
|
|
it is assumed to be relative to the user's home directory. Also the
|
|
|
|
first "/~/" or "/~user/" is expanded to the specified home directory.
|
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
* configlist directory
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2011-03-04 01:55:56 +00:00
|
|
|
This outputs a subset of the git configuration, in the same form as
|
2014-03-26 18:22:21 +00:00
|
|
|
`git config --list`. This is used to get the annex.uuid of the remote
|
|
|
|
repository.
|
|
|
|
|
|
|
|
When run in a repository that does not yet have an annex.uuid, one
|
|
|
|
will be created, as long as a git-annex branch has already been pushed to
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
the repository, or if the autoinit=1 flag is used to indicate
|
2015-08-05 17:49:54 +00:00
|
|
|
initialization is desired.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
* p2pstdio directory uuid
|
2010-12-30 20:52:24 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
This causes git-annex-shell to communicate using the git-annex p2p
|
|
|
|
protocol over stdio.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
The uuid is the one belonging to the repository that will be
|
|
|
|
communicating with git-annex-shell.
|
2015-05-19 18:35:56 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
* notifychanges directory
|
2015-10-08 18:47:46 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
This is used by `git-annex remotedaemon` to be notified when
|
|
|
|
refs in the remote repository are changed.
|
2015-10-08 18:47:46 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
* gcryptsetup directory gcryptid
|
2015-10-08 18:47:46 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
Sets up a repository as a gcrypt repository.
|
2015-10-08 18:47:46 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
* inannex directory [key ...]
|
2010-12-30 20:52:24 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
This checks if all specified keys are present in the annex,
|
|
|
|
and exits zero if so.
|
|
|
|
|
|
|
|
Exits 1 if the key is certainly not present in the annex.
|
|
|
|
Exits 100 if it's unable to tell (perhaps the key is in the process of
|
|
|
|
being removed from the annex).
|
|
|
|
|
|
|
|
Used only by the gcrypt special remote.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
* recvkey directory key
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
This runs rsync in server mode to receive the content of a key,
|
|
|
|
and stores the content in the annex.
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
|
|
|
|
Used only by the gcrypt special remote.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
* sendkey directory key
|
2010-12-30 20:52:24 +00:00
|
|
|
|
2010-12-31 00:08:22 +00:00
|
|
|
This runs rsync in server mode to transfer out the content of a key.
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
|
|
|
|
Used only by the gcrypt special remote.
|
2010-12-30 20:52:24 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
* dropkey directory [key ...]
|
2018-03-07 19:15:23 +00:00
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
This drops the annexed data for the specified keys.
|
|
|
|
|
|
|
|
Used only by the gcrypt special remote.
|
2018-03-08 20:21:16 +00:00
|
|
|
|
2011-05-14 16:26:06 +00:00
|
|
|
# OPTIONS
|
2011-04-09 18:15:38 +00:00
|
|
|
|
2011-10-15 23:06:35 +00:00
|
|
|
* --uuid=UUID
|
|
|
|
|
|
|
|
git-annex uses this to specify the UUID of the repository it was expecting
|
git-annex-shell: accept uuid of remote that proxying is enabled for
For NotifyChanges and also for the fallthrough case where
git-annex-shell passes a command off to git-shell, proxying is currently
ignored. So every remote that is accessed via a proxy will be treated as
the same git repository.
Every other command listed in cmdsMap will need to check if
Annex.proxyremote is set, and if so handle the proxying appropriately.
Probably only P2PStdio will need to support proxying. For now,
everything else refuses to work when proxying.
The part of that I don't like is that there's the possibility a command
later gets added to the list that doesn't check proxying.
When proxying is not enabled, it's important that git-annex-shell not
leak information that it would not have exposed before. Such as the
names or uuids of remotes.
I decided that, in the case where a repository used to have proxying
enabled, but no longer supports any proxies, it's ok to give the user a
clear error message indicating that proxying is not configured, rather
than a confusing uuid mismatch message.
Similarly, if a repository has proxying enabled, but not for the
requested repository, give a clear error message.
A tricky thing here is how to handle the case where there is more than
one remote, with proxying enabled, with the specified uuid. One way to
handle that would be to plumb the proxyRemoteName all the way through
from the remote git-annex to git-annex-shell, eg as a field, and use
only a remote with the same name. That would be very intrusive though.
Instead, I decided to let the proxy pick which remote it uses to access
a given Remote. And so it picks the least expensive one.
The client after all doesn't necessarily know any details about the
proxy's configuration. This does mean though, that if the least
expensive remote is not accessible, but another remote would have
worked, an access via the proxy will fail.
2024-06-10 16:05:03 +00:00
|
|
|
git-annex-shell to access. This is both a sanity check, and allows
|
|
|
|
git-annex shell to proxy access to remotes, when configured
|
|
|
|
by [[git-annex-update-proxy]].
|
2011-10-15 23:06:35 +00:00
|
|
|
|
2021-05-10 19:00:13 +00:00
|
|
|
* Also the [[git-annex-common-options]](1) can be used.
|
|
|
|
|
2012-07-02 04:53:00 +00:00
|
|
|
* -- fields=val fields=val.. --
|
|
|
|
|
2015-04-17 14:42:16 +00:00
|
|
|
Additional fields may be specified this way, to retain compatibility with
|
2012-07-02 04:53:00 +00:00
|
|
|
past versions of git-annex-shell (that ignore these, but would choke
|
|
|
|
on new dashed options).
|
|
|
|
|
remove git-annex-shell compat code
* Removed support for accessing git remotes that use versions of
git-annex older than 6.20180312.
* git-annex-shell: Removed several commands that were only needed to
support git-annex versions older than 6.20180312.
(lockcontent, recvkey, sendkey, transferinfo, commit)
The P2P protocol was added in that version, and used ever since, so
this code was only needed for interop with older versions.
"git-annex-shell commit" is used by newer git-annex versions, though
unnecessarily so, because the p2pstdio command makes a single commit at
shutdown. Luckily, it was run with stderr and stdout sent to /dev/null,
and non-zero exit status or other exceptions are caught and ignored. So,
that was able to be removed from git-annex-shell too.
git-annex-shell inannex, recvkey, sendkey, and dropkey are still used by
gcrypt special remotes accessed over ssh, so those had to be kept.
It would probably be possible to convert that to using the P2P protocol,
but it would be another multi-year transition.
Some git-annex-shell fields were able to be removed. I hoped to remove
all of them, and the very concept of them, but unfortunately autoinit
is used by git-annex sync, and gcrypt uses remoteuuid.
The main win here is really in Remote.Git, removing piles of hairy fallback
code.
Sponsored-by: Luke Shumaker
2021-10-11 19:35:54 +00:00
|
|
|
Currently used fields are autoinit= and remoteuuid=
|
2012-07-02 04:53:00 +00:00
|
|
|
|
2012-03-14 16:01:56 +00:00
|
|
|
# HOOK
|
|
|
|
|
|
|
|
After content is received or dropped from the repository by git-annex-shell,
|
|
|
|
it runs a hook, `.git/hooks/annex-content` (or `hooks/annex-content` on a bare
|
|
|
|
repository). The hook is not currently passed any information about what
|
|
|
|
changed.
|
|
|
|
|
2011-10-15 23:06:35 +00:00
|
|
|
# ENVIRONMENT
|
|
|
|
|
|
|
|
* GIT_ANNEX_SHELL_READONLY
|
|
|
|
|
2018-05-25 16:16:11 +00:00
|
|
|
If set, disallows any action that could modify the git-annex
|
|
|
|
repository.
|
2011-10-15 23:06:35 +00:00
|
|
|
|
2014-04-11 16:08:31 +00:00
|
|
|
Note that this does not prevent passing commands on to git-shell.
|
|
|
|
For that, you also need ...
|
|
|
|
|
2011-10-15 23:06:35 +00:00
|
|
|
* GIT_ANNEX_SHELL_LIMITED
|
|
|
|
|
|
|
|
If set, disallows running git-shell to handle unknown commands.
|
2011-01-04 21:33:24 +00:00
|
|
|
|
2018-05-25 17:17:56 +00:00
|
|
|
* GIT_ANNEX_SHELL_APPENDONLY
|
|
|
|
|
|
|
|
If set, allows data to be written to the git-annex repository,
|
|
|
|
but does not allow data to be removed from it.
|
|
|
|
|
|
|
|
Note that this does not prevent passing commands on to git-shell,
|
|
|
|
so you will have to separately configure git to reject pushes that
|
|
|
|
overwrite branches or are otherwise not appends. The git pre-receive
|
|
|
|
hook may be useful for accomplishing this.
|
|
|
|
|
|
|
|
It's a good idea to enable annex.securehashesonly in a repository
|
|
|
|
that's set up this way.
|
|
|
|
|
2012-11-05 15:29:12 +00:00
|
|
|
* GIT_ANNEX_SHELL_DIRECTORY
|
|
|
|
|
|
|
|
If set, git-annex-shell will refuse to run commands that do not operate
|
|
|
|
on the specified directory.
|
|
|
|
|
2016-04-04 19:58:43 +00:00
|
|
|
# EXAMPLES
|
|
|
|
|
2016-04-04 20:57:13 +00:00
|
|
|
To make a `~/.ssh/authorized_keys` file that only allows git-annex-shell
|
|
|
|
to be run, and not other commands, pass the original command to the -c
|
|
|
|
option:
|
|
|
|
|
|
|
|
command="git-annex-shell -c \"$SSH_ORIGINAL_COMMAND\"",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1y[...] user@example.com
|
2016-04-04 19:58:43 +00:00
|
|
|
|
2016-04-04 20:57:13 +00:00
|
|
|
To further restrict git-annex-shell to a particular repository,
|
|
|
|
and fully lock it down to read-only mode:
|
2016-04-04 19:58:43 +00:00
|
|
|
|
2018-07-06 01:39:36 +00:00
|
|
|
command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_LIMITED=true GIT_ANNEX_SHELL_READONLY=true git-annex-shell -c \"$SSH_ORIGINAL_COMMAND\"",restrict ssh-rsa AAAAB3NzaC1y[...] user@example.com
|
2016-04-04 19:58:43 +00:00
|
|
|
|
|
|
|
Obviously, `ssh-rsa AAAAB3NzaC1y[...] user@example.com` needs to
|
2016-04-04 20:33:02 +00:00
|
|
|
replaced with your SSH key. The above also assumes `git-annex-shell`
|
2017-02-11 09:14:27 +00:00
|
|
|
is available in your `$PATH`, use an absolute path if it is not the
|
2018-07-06 01:39:36 +00:00
|
|
|
case. Also note how the above uses the `restrict` option instead of an
|
|
|
|
explicit list of functionality to disallow. This only works in certain
|
|
|
|
OpenSSH releases, starting from 7.1p2.
|
|
|
|
|
2018-07-06 01:40:26 +00:00
|
|
|
To only allow adding new objects to the repository, the
|
|
|
|
`GIT_ANNEX_SHELL_APPENDONLY` variable can be used as well:
|
|
|
|
|
|
|
|
command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_APPENDONLY=true git-annex-shell -c \"$SSH_ORIGINAL_COMMAND\"",restrict ssh-rsa AAAAB3NzaC1y[...] user@example.com
|
|
|
|
|
|
|
|
This will not keep an attacker from destroying the git history, as
|
|
|
|
explained above. For this you might want to disallow certain
|
|
|
|
operations, like branch deletion and force-push, with options from
|
|
|
|
git-config(1). For example:
|
|
|
|
|
|
|
|
git config receive.denyDeletes true
|
|
|
|
git config receive.denyNonFastForwards true
|
|
|
|
|
2018-07-06 16:32:58 +00:00
|
|
|
With this configuration, git commits can still remove files,
|
|
|
|
but they will still be available in the git history and git-annex will
|
|
|
|
retain their contents. Changes to `git-annex` branch, however, can
|
|
|
|
negatively impact git-annex's location tracking information and might
|
|
|
|
cause data loss. To work around this problem, more complex hooks
|
|
|
|
are required, see for example the `update-paranoid` hook in the git
|
|
|
|
source distribution.
|
|
|
|
|
2016-04-04 19:58:43 +00:00
|
|
|
|
2010-12-30 20:52:24 +00:00
|
|
|
# SEE ALSO
|
|
|
|
|
|
|
|
[[git-annex]](1)
|
|
|
|
|
|
|
|
git-shell(1)
|
|
|
|
|
|
|
|
# AUTHOR
|
|
|
|
|
2015-01-21 16:50:09 +00:00
|
|
|
Joey Hess <id@joeyh.name>
|
2010-12-30 20:52:24 +00:00
|
|
|
|
|
|
|
<http://git-annex.branchable.com/>
|
|
|
|
|
2011-12-07 17:17:00 +00:00
|
|
|
Warning: Automatically converted into a man page by mdwn2man. Edit with care
|