mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
git-annex/doc/backends.mdwn

107 lines
4.7 KiB
Text
Raw Normal View History

external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
When a file is annexed, a [[key|internals/key_format]] is generated from
its content and/or filesystem metadata. The file checked into git symlinks
to the key. This key can later be used to retrieve the file's content (its
value).
update
2010-10-19 19:59:40 +00:00
external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
Multiple key-value backends are supported, and a single repository
devblog
2017-02-25 00:03:36 +00:00
can use different ones for different files.
external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
## configuring which backend to use
The `annex.backend` git-config setting can be used to configure the
default backend to use when adding new files.
For finer control of what backend is used when adding different types of
files, the `.gitattributes` file can be used. The `annex.backend`
attribute can be set to the name of the backend to use for matching files.
For example, to use the SHA256E backend for sound files, which tend to be
smallish and might be modified or copied over time,
while using the WORM backend for everything else, you could set
in `.gitattributes`:
* annex.backend=WORM
*.mp3 annex.backend=SHA256E
*.ogg annex.backend=SHA256E
## recommended backends to use
document S3 remotes
2011-03-28 02:52:13 +00:00
mention SKEIN*E variants
2014-07-16 17:31:01 +00:00
* `SHA256E` -- The default backend for new files, combines a 256 bit SHA-2
hash of the file's content with the file's extension. This allows
update to not overstate the danger or WORM
2011-08-29 16:08:54 +00:00
verifying that the file content is right, and can avoid duplicates of
files with the same content. Its need to generate checksums
use SHA256 by default To get old behavior, add a .gitattributes containing: * annex.backend=WORM I feel that SHA256 is a better default for most people, as long as their systems are fast enough that checksumming their files isn't a problem. git-annex should default to preserving the integrity of data as well as git does. Checksum backends also work better with editing files via unlock/lock. I considered just using SHA1, but since that hash is believed to be somewhat near to being broken, and git-annex deals with large files which would be a perfect exploit medium, I decided to go to a SHA-2 hash. SHA512 is annoyingly long when displayed, and git-annex displays it in a few places (and notably it is shown in ls -l), so I picked the shorter hash. Considered SHA224 as it's even shorter, but feel it's a bit weird. I expect git-annex will use SHA-3 at some point in the future, but probably not soon! Note that systems without a sha256sum (or sha256) program will fall back to defaulting to SHA1.
2011-11-04 19:21:45 +00:00
can make it slower for large files.
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
* `SHA256` -- SHA-2 hash that does not include the file extension in the
key, which can lead to better deduplication but can confuse some programs.
mention SKEIN*E variants
2014-07-16 17:31:01 +00:00
* `SHA512`, `SHA512E` -- Best SHA-2 hash, for the very paranoid.
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
* `SHA384`, `SHA384E`, `SHA224`, `SHA224E` -- SHA-2 hashes for
people who like unusual sizes.
backends.mdwn: Typo fix, 'SHA_512E' → 'SHA3_512E' Really awesome that git-annex got SHA3 support the day after the standard was released.
2015-08-13 02:19:11 +00:00
* `SHA3_512`, `SHA3_512E`, `SHA3_384`, `SHA3_384E`, `SHA3_256`, `SHA3_256E`, `SHA3_224`, `SHA3_224E`
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
-- SHA-3 hashes, for bleeding edge fun.
mention SKEIN*E variants
2014-07-16 17:31:01 +00:00
* `SKEIN512`, `SKEIN512E`, `SKEIN256`, `SKEIN256E`
-- [Skein hash](http://en.wikipedia.org/wiki/Skein_hash),
Added SKEIN256 and SKEIN512 backends SHA3 is still waiting for final standardization. Although this is looking less likely given https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3 In the meantime, cryptohash implements skein, and it's used by some of the haskell ecosystem (for yesod sessions, IIRC), so this implementation is likely to continue working. Also, I've talked with the cryprohash author and he's a reasonable guy. It makes sense to have an alternate high security hash, in case some horrible attack is found against SHA2 tomorrow, or in case SHA3 comes out and worst fears are realized. I'd also like to support using skein for HMAC. But no hurry there and a new version of cryptohash has much nicer HMAC code, so I will probably wait until I can use that version.
2013-10-02 00:34:06 +00:00
a well-regarded SHA3 hash competition finalist.
Added backends for the BLAKE2 family of hashes. There are a lot of different variants and sizes, I suppose we might as well export all the common ones. Bump dep to cryptonite to 0.16, earlier versions lacked BLAKE2 support. Even android has 0.16 or newer. On Debian, Blake2bp_512 is buggy, so I have omitted it for now. http://bugs.debian.org/892855 This commit was sponsored by andrea rota.
2018-03-13 20:15:35 +00:00
* `BLAKE2B160`, `BLAKE2B224`, `BLAKE2B256`, `BLAKE2B384`, `BLAKE2B512`
`BLAKE2B160E`, `BLAKE2B224E`, `BLAKE2B256E`, `BLAKE2B384E`, `BLAKE2B512E`
-- Fast [Blake2 hash](https://blake2.net/) variants optimised for 64 bit
platforms.
* `BLAKE2S160`, `BLAKE2S224`, `BLAKE2S256`
`BLAKE2S160E`, `BLAKE2S224E`, `BLAKE2S256E`
-- Fast [Blake2 hash](https://blake2.net/) variants optimised for 32 bit
platforms.
Add BLAKE2BP512 and BLAKE2BP512E backends using a blake2 variant optimised for 4-way CPUs This had been deferred because the Debian package of cryptonite, and possibly other builds, was broken for blake2bp, but I've confirmed #892855 is fixed. This commit was sponsored by Brett Eisenberg on Patreon.
2019-07-05 19:29:00 +00:00
* `BLAKE2BP512`, `BLAKE2BP512E`
-- Fast [Blake2 hash](https://blake2.net/) variants optimised for
4-way CPUs.
Added backends for the BLAKE2 family of hashes. There are a lot of different variants and sizes, I suppose we might as well export all the common ones. Bump dep to cryptonite to 0.16, earlier versions lacked BLAKE2 support. Even android has 0.16 or newer. On Debian, Blake2bp_512 is buggy, so I have omitted it for now. http://bugs.debian.org/892855 This commit was sponsored by andrea rota.
2018-03-13 20:15:35 +00:00
* `BLAKE2SP224`, `BLAKE2SP256`
`BLAKE2SP224E`, `BLAKE2SP256E`
-- Fast [Blake2 hash](https://blake2.net/) variants optimised for
8-way CPUs.
devblog
2017-02-25 00:03:36 +00:00
external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
## non-cryptograpgically secure backends
devblog
2017-02-25 00:03:36 +00:00
The backends below do not guarantee cryptographically that the
content of an annexed file remains unchanged.
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
* `SHA1`, `SHA1E`, `MD5`, `MD5E` -- Smaller hashes than `SHA256`
for those who want a checksum but are not concerned about security.
* `WORM` ("Write Once, Read Many") -- This assumes that any file with
the same filename, size, and modification time has the same content.
This is the least expensive backend, recommended for really large
files or slow systems.
* `URL` -- This is a key that is generated from the url to a file.
It's generated when using eg, `git annex addurl --fast`, when the file
added details about the URL backend
2018-10-12 20:28:25 +00:00
content is not available for hashing. The key may not contain the full
URL; for long URLs, part of the URL may be represented by a checksum.
The URL key may contain `&` characters; be sure to quote the key if
passing it to a shell script. The URL-backend key is distinct from URLs/URIs
that may be attached to a key (from any backend) indicating the key's location
on the web or in one of [[special_remotes]].
document S3 remotes
2011-03-28 02:52:13 +00:00
external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
## external backends
While most backends are built into git-annex, it also supports external
backends. These are programs with names like `git-annex-backend-XFOO`,
which can be provided by others. See [[design/external_backend_protocol]]
for details about how to write them.
Here's a list of external backends. Edit this page to add yours to the list.
* [[design/external_backend_protocol/git-annex-backend-XFOO]]
is a demo program implementing the protocol with a shell script.
## notes
devblog
2017-02-25 00:03:36 +00:00
If you want to be able to prove that you're working with the same file
contents that were checked into a repository earlier, you should avoid
external backends wip It's able to start them up, the only thing not implemented is generating and verifying keys. And, the key translation for HasExt.
2020-07-29 19:23:18 +00:00
using non-cryptographically-secure backends, and will need to use
devblog
2017-02-25 00:03:36 +00:00
signed git commits. See [[tips/using_signed_git_commits]] for details.
mention new limitation
2018-06-22 14:30:10 +00:00
Retrieval of WORM and URL from many [[special_remotes]] is prohibited
for [[security_reasons|security/CVE-2018-10857_and_CVE-2018-10859]].
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
Note that the various 512 and 384 length hashes result in long paths,
note about windows path length issues with larger hashes
2015-01-07 02:33:57 +00:00
which are known to not work on Windows. If interoperability on Windows is a
Added support for SHA3 hashed keys (in 8 varieties), when git-annex is built using the cryptonite library. While cryptohash has SHA3 support, it has not been updated for the final version of the spec. Note that cryptonite has not been ported to all arches that cryptohash builds on yet.
2015-08-06 19:02:25 +00:00
concern, avoid those.
note about windows path length issues with larger hashes
2015-01-07 02:33:57 +00:00
added details about the URL backend
2018-10-12 20:28:25 +00:00
See also: [[git-annex-examinekey]]
Reference in a new issue Copy permalink