Merge remote-tracking branch 'origin/master' into xmpp

Conflicts:
	doc/design/assistant/cloud.mdwn
This commit is contained in:
Joey Hess 2012-10-25 13:04:25 -04:00
commit 041c99c175
19 changed files with 331 additions and 51 deletions

View file

@ -19,7 +19,7 @@ tests =
, testCp "cp_a" "-a"
, testCp "cp_p" "-p"
, testCp "cp_reflink_auto" "--reflink=auto"
, TestCase "uuid generator" $ selectCmd "uuid" ["uuid -m", "uuid", "uuidgen"] ""
, TestCase "uuid generator" $ selectCmd "uuid" [("uuid -m", ""), ("uuid", ""), ("uuidgen", "")]
, TestCase "xargs -0" $ requireCmd "xargs_0" "xargs -0 </dev/null"
, TestCase "rsync" $ requireCmd "rsync" "rsync --version >/dev/null"
, TestCase "curl" $ testCmd "curl" "curl --version >/dev/null"
@ -28,19 +28,33 @@ tests =
, TestCase "gpg" $ testCmd "gpg" "gpg --version >/dev/null"
, TestCase "lsof" $ testCmd "lsof" "lsof -v >/dev/null 2>&1"
, TestCase "ssh connection caching" getSshConnectionCaching
] ++ shaTestCases [1, 256, 512, 224, 384]
] ++ shaTestCases
[ (1, "da39a3ee5e6b4b0d3255bfef95601890afd80709")
, (256, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
, (512, "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e")
, (224, "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f")
, (384, "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b")
]
shaTestCases :: [Int] -> [TestCase]
{- shaNsum are the program names used by coreutils.
- On some systems, shaN is used instead, but on other
- systems, it might be "hashalot", which does not produce
- usable checksums. Only accept programs that produce
- known-good hashes. -}
shaTestCases :: [(Int, String)] -> [TestCase]
shaTestCases l = map make l
where
make n = TestCase key $ maybeSelectCmd key (shacmds n) "</dev/null"
make (n, knowngood) =
TestCase key $ maybeSelectCmd key $
zip (shacmds n) (repeat check)
where
key = "sha" ++ show n
check = "</dev/null | grep -q '" ++ knowngood ++ "'"
shacmds n = concatMap (\x -> [x, osxpath </> x]) $
map (\x -> "sha" ++ show n ++ x) ["", "sum"]
-- Max OSX puts GNU tools outside PATH, so look in
-- the location it uses, and remember where to run them
-- from.
map (\x -> "sha" ++ show n ++ x) ["sum", ""]
{- Max OSX puts GNU tools outside PATH, so look in
- the location it uses, and remember where to run them
- from. -}
osxpath = "/opt/local/libexec/gnubin"
tmpDir :: String

View file

@ -75,7 +75,7 @@ testCmd k cmdline = do
{- Ensures that one of a set of commands is available by running each in
- turn. The Config is set to the first one found. -}
selectCmd :: ConfigKey -> [String] -> String -> Test
selectCmd :: ConfigKey -> [(String, String)] -> Test
selectCmd k = searchCmd
(return . Config k . StringConfig)
(\cmds -> do
@ -83,17 +83,17 @@ selectCmd k = searchCmd
error $ "* need one of these commands, but none are available: " ++ show cmds
)
maybeSelectCmd :: ConfigKey -> [String] -> String -> Test
maybeSelectCmd :: ConfigKey -> [(String, String)] -> Test
maybeSelectCmd k = searchCmd
(return . Config k . MaybeStringConfig . Just)
(\_ -> return $ Config k $ MaybeStringConfig Nothing)
searchCmd :: (String -> Test) -> ([String] -> Test) -> [String] -> String -> Test
searchCmd success failure cmds param = search cmds
searchCmd :: (String -> Test) -> ([String] -> Test) -> [(String, String)] -> Test
searchCmd success failure cmdsparams = search cmdsparams
where
search [] = failure cmds
search (c:cs) = do
ret <- system $ quiet c ++ " " ++ param
search [] = failure $ fst $ unzip cmdsparams
search ((c, params):cs) = do
ret <- system $ quiet $ c ++ " " ++ params
if ret == ExitSuccess
then success c
else search cs

1
debian/changelog vendored
View file

@ -21,6 +21,7 @@ git-annex (3.20121018) UNRELEASED; urgency=low
does not accept that.
* bugfix: Don't fail transferring content from read-only repos.
Closes: #691341
* configure: Check that checksum programs produce correct checksums.
-- Joey Hess <joeyh@debian.org> Wed, 17 Oct 2012 14:24:10 -0400

View file

@ -48,3 +48,10 @@ git annex assistant makes that easy too.
And also, you can pair with as many other computers as you like, not just
one!
## What does pairing actually do behind the scenes?
It ensures that both repositories have correctly configured
[[remotes|walkthrough/adding_a_remote]] pointing to each other.
If you have already configured this manually, you do not need to
perform pairing.

View file

@ -0,0 +1,57 @@
git-annex's configure step finds hashalot's /usr/sbin/sha256, /usr/sbin/sha384, and /usr/sbin/sha512 executables and mistakes them for sha256sum, sha384sum, and sha512sum and prefers them over the correct executables. Hashalot is not compatible, but the build does not fail producing a broken git-annex executable which tries to use hashalot's programs instead of the appropriate shaXXXsum program and is non-functional.
Hashalot can be found at: <http://www.paranoiacs.org/~sluskyb/hacks/hashalot/>
What steps will reproduce the problem?
Compile with hashalot's programs in the path.
What is the expected output? What do you see instead?
Expect to see configure output:
[...]
<pre>
checking sha1... sha1sum
checking sha512... sha512sum
checking sha224... sha224sum
checking sha384... sha384sum
checking sha256... sha256sum
</pre>
[...]
Instead I see configure output:
[...]
<pre>
checking sha1... sha1sum
checking sha512... sha512
checking sha224... sha224sum
checking sha384... sha384
checking sha256... sha256
</pre>
[...]
What version of git-annex are you using? On what operating system?
I am using 3.20120605, but have checked out the latest GIT and confirmed the bug is still there.
Please provide any additional information below.
This is not a runtime bug, only compile time. Uninstalling Hashalot or simply removing it from the PATH is enough to work around this bug. The bug is, however, frustrating because at first glance there appears to be no problem. However any functions of git-annex which use the affected SHA hash functions will fail with the resulting executable and the failure gives no clear indication of why.
I found this bug on Gentoo when I installed git-annex on a system which already had hashalot installed. In the case of Gentoo, git-annex is compiled with hashalot's executables in the path, but normal users don't have /usr/sbin/ in their path so git-annex just fails to find the executable. If you put hashalot in the path, then git annex still fails to work as hashalot is not a replacement for sha1sum and friends.
It may be enough to just prefer sha???sum over sha??? if they both exist.
> Grr. There is no consistency across unixes as to the names of these
> programs and now something is installing shaN commands that don't
> generate a checksum?!
>
> Ok, fine, configure now checks that the program it finds outputs a known
> good checksum. [[done]] --[[Joey]]

View file

@ -0,0 +1,12 @@
What steps will reproduce the problem?
Start "./git-annex-webapp"
What is the expected output? What do you see instead?
The webapp should start, but I get the error "git-annex: getUserEntryForID: failed (Success)"
What version of git-annex are you using? On what operating system?
3.20121017 on "Ubuntu 10.04.4 LTS" 32-Bit
Please provide any additional information below.

View file

@ -11,7 +11,7 @@ and use cases to add. Feel free to chip in with comments! --[[Joey]]
We are, approximately, here:
* Month 4 "cloud": [[!traillink cloud]] [[!traillink transfer_control]]
* Month 4 "cloud": [[!traillink cloud]] [[!traillink xmpp]] [[!traillink transfer_control]]
* Month 5 user-driven features (see [[polls]])
* Months 6-7 "9k bonus round": [[!traillink Android]] [[!traillink partial_content]] [[!traillink leftovers]]
* Months 8-11: more user-driven features and polishing (see remaining TODO items in all pages above)

View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.154.0.23"
subject="comment 3"
date="2012-10-24T22:44:41Z"
content="""
Google talk does not seem to support PEP. At least, I'm sending something that prosody accepts and that looks like the example at <http://xmpp.org/extensions/xep-0163.html#howitworks>, and it replies with an IQ Error.
"""]]

View file

@ -30,7 +30,7 @@ been a change to Alice's git repo. Then he needs to pull from Alice's git repo,
or some other repo in the cloud she pushed to. Once both steps are done,
the assistant will transfer the file from the cloud to Bob.
* dvcs-autosync uses jabber; all repos need to have the same jabber account
* dvcs-autosync uses xmppp; all repos need to have the same xmpp account
configured, and send self-messages. An alternative would be to have
different accounts that join a channel or message each other. Still needs
account configuration.
@ -44,39 +44,7 @@ the assistant will transfer the file from the cloud to Bob.
* pubsubhubbub does not seem like an option; its hubs want to pull down
a feed over http.
### jabber TODO
* test with big servers, eg google chat
* Prevent idle disconnection. Probably means sending or receiving pings,
but would prefer to avoid eg pinging every 60 seconds as some clients do.
* Make the git-annex clients invisible, so a user can use their regular
account without always seeming to be present when git-annex is logged in.
See <http://xmpp.org/extensions/xep-0126.html>
* webapp configuration
* After pulling from a remote, may need to scan for transfers, which
could involve other remotes (ie, S3). Since the remote client is not able to
talk to us directly, it won't be able to upload any new files to us.
Need a fast way to find new files, and get them transferring. The expensive
transfer scan may be needed to get fully in sync, but is too expensive to
run every time this happens.
### jabber security
Any data git-annex sends over this XMPP will be visible to the XMPP
account's buddies, to the XMPP server, and quite likely to other interested
parties. So it's important to consider the security exposure of using it.
If git-annex sends only a single bit notification, this lets attackers know
when the user is active and changing files. Although the assistant's other
syncing activities can somewhat mask this.
As soon as git-annex does anything unlike any other client, an attacker can
see how many clients are connected for a user, and fingerprint the ones
running git-annex, and determine how many clients are running git-annex.
If git-annex sent the UUID of the remote it pushed to, this would let
attackers determine how many different remotes are being used,
and map some of the connections between clients and remotes.
See [[xmpp]] for design of git-annex's use of xmpp for notifications.
## storing git repos in the cloud

View file

@ -81,3 +81,4 @@ is escaped before going to the browser.
It should be possible for third parties to tell when pairing is done,
but it's actually rather hard since they don't necessarily share the secret.
* Pairing over XMPP.

View file

@ -6,7 +6,7 @@ locally paired systems, and remote servers with rsync.
Help me prioritize my work: What special remote would you most like
to use with the git-annex assistant?
[[!poll open=yes 15 "Amazon S3 (done)" 9 "Amazon Glacier" 7 "Box.com" 57 "My phone (or MP3 player)" 15 "Tahoe-LAFS" 5 "OpenStack SWIFT" 20 "Google Drive"]]
[[!poll open=yes 15 "Amazon S3 (done)" 9 "Amazon Glacier" 7 "Box.com" 57 "My phone (or MP3 player)" 15 "Tahoe-LAFS" 5 "OpenStack SWIFT" 21 "Google Drive"]]
This poll is ordered with the options I consider easiest to build
listed first. Mostly because git-annex already supports them and they

View file

@ -0,0 +1,70 @@
The git-annex assistant uses XMPP to communicate between peers that
cannot directly talk to one-another. A typical scenario is two users
who share a repository, that is stored in the [[cloud]].
### TODO
* test with big servers, eg google chat
* Prevent idle disconnection. Probably means sending or receiving pings,
but would prefer to avoid eg pinging every 60 seconds as some clients do.
* Make the git-annex clients invisible, so a user can use their regular
account without always seeming to be present when git-annex is logged in.
See <http://xmpp.org/extensions/xep-0126.html>
* webapp configuration
* After pulling from a remote, may need to scan for transfers, which
could involve other remotes (ie, S3). Since the remote client is not able to
talk to us directly, it won't be able to upload any new files to us.
Need a fast way to find new files, and get them transferring. The expensive
transfer scan may be needed to get fully in sync, but is too expensive to
run every time this happens.
## design goals
1. Avoid user-visible messages. dvcs-autosync uses XMPP similarly, but
sends user-visible messages. Avoiding user-visible messages lets
the user configure git-annex to use his existing XMPP account
(eg, Google Talk).
2. Send notifications to buddies. dvcs-autosync sends only self-messages,
but that requires every node have the same XMPP account configured.
git-annex should support that mode, but it should also send notifications
to a user's buddies. (This will also allow for using XMPP for pairing
in the future.)
3. Don't make account appear active. Just because git-annex is being an XMPP
client, it doesn't mean that it wants to get chat messages, or make the
user appear active when he's not using his chat program.
## protocol
To avoid relying on XMPP extensions, git-annex communicates
using presence messages. These always mark it as extended away.
To this, it adds its own tag as [extended content](http://xmpp.org/rfcs/rfc6121.html#presence-extended).
The xml namespace is "git-annex" (not an URL because I hate wasting bandwidth).
To indicate it's pushed changes to a git repo, a client uses:
<git-annex xmlns='git-annex' push="uuid" />
The push attribute can be repeated when the push was sent to multiple repos.
### security
Data git-annex sends over XMPP will be visible to the XMPP
account's buddies, to the XMPP server, and quite likely to other interested
parties. So it's important to consider the security exposure of using it.
Even if git-annex sends only a single bit notification, this lets attackers
know when the user is active and changing files. Although the assistant's other
syncing activities can somewhat mask this.
As soon as git-annex does anything unlike any other client, an attacker can
see how many clients are connected for a user, and fingerprint the ones
running git-annex, and determine how many clients are running git-annex.
If git-annex sent the UUID of the remote it pushed to, this would let
attackers determine how many different remotes are being used,
and map some of the connections between clients and remotes.
An attacker could replay push notification messages, reusing UUIDs it's
observed. This would make clients pull repeatedly, perhaps as a DOS.

View file

@ -0,0 +1,13 @@
[[!comment format=mdwn
username="http://www.openid.albertlash.com/openid/"
ip="74.96.185.87"
subject="It works!"
date="2012-10-24T22:00:31Z"
content="""
This works great! I first tried it with WORM, no-go. I can see why the SHA backends are so powerful, they appear to circumvent the commits which git usually uses for merging. When I first do the merge, it reports this:
warning: no common commits
Compared to how I've managed CD/DVD backups in the past, this is a quantum leap forward, and I don't find it convoluted in comparison. Yes, there is dar, but I prefer this method. In my case, its the perfect solution for original files, which in generally are treated as immutable, and not accessed very often. They are usually large, too! I'm using them for digital pictures.
"""]]

View file

@ -0,0 +1,13 @@
[[!comment format=mdwn
username="Steve"
ip="92.104.175.136"
subject="web and hook special remotes"
date="2012-10-24T23:26:53Z"
content="""
Hi Joey,
Thanks for the advice. I had thought of the web special remote; but as you may have noticed from my example, I don't use automount so my DVDs and CDs all get mounted in the same place. (/mnt/cdrom) so the web special remote won't work for me.
I'll try to play around with the hook special remote this weekend. I had a thought it might be interesting to have it search for the DVDs in some common places or even by parsing the mounted file systems, and allow an override or augmentation through git config.
"""]]

View file

@ -0,0 +1,26 @@
[[!comment format=mdwn
username="Steve"
ip="92.104.175.136"
subject="no need to merge"
date="2012-10-24T23:52:30Z"
content="""
Albert,
Thanks for feedback! I'm glad that somebody else found the method I worked out useful. As I'm going to try and turn it into a proper special remote, let me know if there is any particular use case or feature you'd like me to address.
Note that in my testing, I found that you don't actually need to merge the DVD's branch into the local branch you are using for git annex to be able to find the files on it that are identical to files in your local branch.
I haven't played around with cloning the repo, but I will try that this weekend. I'm thinking it *might* be necessary to create local branches from the DVD remotes so that they'll get carried along when you clone the repo.
As far as the repos on the DVD's not having a shared ancestry with main repo, that was a conscious choice that I made. I wanted to add as little extra data to the DVDs as possible since I usually fill them to the brim anyway. I didn't feel that it would be beneficial for the DVD's to know about the history of the main repo and other files that they don't contain. Furthermore, besides all the links and history, you'd be replicating all the files in the main repo that aren't annexed.
If you want to avoid the error, but still have a local branch for the DVD repos you should be able to do something like the following:
<b>WARNING:</b> these commands are untested!
<pre>
git checkout -b disc1 disc1/master
git checkout -b disc2 disc2/master
</pre>
Working from the original example, you should then get local branches for the DVDs that don't have a common ancestor with your master local repo. I haven't actually tested that though. Testing will have to wait for this weekend.
"""]]

View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.152.108.138"
subject="comment 9"
date="2012-10-25T03:33:29Z"
content="""
@Steve, it seems to me you could still use the web special remote, just pointing it at an url that goes through a symlink to the mount point.
"""]]

View file

@ -0,0 +1,66 @@
hi,
i think of use git-annex as the backbone of a archival systems. at first point no distributed storage, just 1 node.
but now i run into the topic below ( deleted the "named" symlink of the "object" -- how to recover ?)
maybe someone can enlighten me...
thanks,
.ka
// about the version. ( debian-squeeze, bpo )
$ git-annex version
git-annex version: 3.20120629~bpo60+2
local repository version: 3
default repository version: 3
supported repository versions: 3
upgrade supported from repository versions: 0 1 2
// building up a testcase.
$ git init
Initialized empty Git repository in ...test2/.git/
$ git annex init
init ok
(Recording state in git...)
$ echo "aaa" > 1.txt
$ echo "bbb" > 2.txt
$ git-annex add .
add 1.txt (checksum...) ok
add 2.txt (checksum...) ok
(Recording state in git...)
$ git commit -a -m "added 2 files"
fatal: No HEAD commit to compare with (yet)
fatal: No HEAD commit to compare with (yet)
[master (root-commit) fc2a5d7] added 2 files
Committer: userhere user <bla@bla>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
...
2 files changed, 2 insertions(+), 0 deletions(-)
create mode 120000 1.txt
create mode 120000 2.txt
// ok, so far standard. i have now 2 files - lets delete one.
$ rm 2.txt
$ ls -l
lrwxrwxrwx 1 xp xp 176 24. Okt 22:55 1.txt -> .git/annex/objects/Z6/7q/SHA256-s4--17e682f060b5f8e47ea04c5c4855908b0a5ad612022260fe50e11ecb0cc0ab76/SHA256-s4--17e682f060b5f8e47ea04c5c4855908b0a5ad612022260fe50e11ecb0cc0ab76
// eek, delete of 2.txt was a bad idea (it was just the symlink) -- try to recover...
$ git-annex fix
$ git-annex fsck
fsck 1.txt (checksum...) ok
$ ls
1.txt
// still not here.. how to recover the link to 2.txt ???
// i still see the content of the file in the object folder
// if I want to use git-annex as the backend of a archival system, this is important.

View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://ciffer.net/~svend/"
ip="2001:1938:81:1ff::2"
subject="git checkout"
date="2012-10-24T22:50:05Z"
content="""
You can use `git checkout -- file` to restore the link. `git status` will display information for restoring the file.
"""]]

View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.152.108.138"
subject="it's a git repository..."
date="2012-10-25T03:29:20Z"
content="""
So any git stuff can be used. If you deleted a file, committed it, and want to undo that, you can `git log --stat` to find the commit, and `git revert` it. If you deleted a file, haven't committed yet, and want one more look at it, you can `git stash` to get it back, and `git stash apply` to re-stash the change. Or yeah, just `git checkout` to get back a deleted file you have not committed yet.
"""]]