From 2bf34fc17f081618f07e33a8e7ff633906962bc3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 7 Jan 2021 10:12:37 -0400 Subject: [PATCH] Behavior change: --trust option no longer overrides trust Since that can lead to data loss, which should never be enabled by an option other than --force. I suppose that using --trust was in some situation, safer than --force, because it doesn't entirely disable checking for data loss, but only disables checking involving data that is on the specified repository. But it seems better to be able to say that data loss only happens with --force. This commit was sponsored by Graham Spencer on Patreon. --- CHANGELOG | 3 +++ CmdLine/GitAnnex/Options.hs | 2 +- Remote.hs | 6 ++++-- doc/git-annex.mdwn | 7 ++++++- doc/trust.mdwn | 4 ---- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ff2fa9adbb..4c16316a27 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -10,6 +10,9 @@ git-annex (8.20201130) UNRELEASED; urgency=medium behavior, mincopies also needs to be set to 0. * Behavior change: git-annex trust now needs --force, since unconsidered use of trusted repositories can lead to data loss. + * Behavior change: --trust option no longer overrides trust, since + that can lead to data loss, which should never be enabled by an option + other than --force. * add: Significantly speed up adding lots of non-large files to git, by disabling the annex smudge filter when running git add. * add --force-small: Run git add rather than updating the index itself, diff --git a/CmdLine/GitAnnex/Options.hs b/CmdLine/GitAnnex/Options.hs index 568fc7de4c..d015cdeb76 100644 --- a/CmdLine/GitAnnex/Options.hs +++ b/CmdLine/GitAnnex/Options.hs @@ -55,7 +55,7 @@ gitAnnexGlobalOptions = commonGlobalOptions ++ ) , globalSetter (Remote.forceTrust Trusted) $ strOption ( long "trust" <> metavar paramRemote - <> help "override trust setting" + <> help "deprecated, does not override trust setting" <> hidden <> completeRemotes ) diff --git a/Remote.hs b/Remote.hs index 1d6250f9e2..588457f728 100644 --- a/Remote.hs +++ b/Remote.hs @@ -384,8 +384,10 @@ listRemoteNames remotes = intercalate ", " (map name remotes) forceTrust :: TrustLevel -> String -> Annex () forceTrust level remotename = do u <- nameToUUID remotename - Annex.changeState $ \s -> - s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) } + if level >= Trusted + then toplevelWarning False "Ignoring request to trust repository, because that can lead to data loss." + else Annex.changeState $ \s -> + s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) } {- Used to log a change in a remote's having a key. The change is logged - in the local repo, not on the remote. The process of transferring the diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index 7571fdfd33..7d4c9b34f1 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -797,7 +797,6 @@ may not be explicitly listed on their individual man pages. Also, note that if the time limit prevents git-annex from doing all it was asked to, it will exit with a special code, 101. -* `--trust=repository` * `--semitrust=repository` * `--untrust=repository` @@ -806,6 +805,12 @@ may not be explicitly listed on their individual man pages. The repository should be specified using the name of a configured remote, or the UUID or description of a repository. +* `--trust=repository` + + This used to override trust settings for a repository, but now will + not do so, because trusting a repository can lead to data loss, + and data loss is now only enabled when using the `--force` option. + * `--trust-glacier` Amazon Glacier inventories take hours to retrieve, and may not represent diff --git a/doc/trust.mdwn b/doc/trust.mdwn index 75781b7acb..b348a6dc06 100644 --- a/doc/trust.mdwn +++ b/doc/trust.mdwn @@ -44,10 +44,6 @@ information for a repository. For example, it may be an offline archival drive, from which you rarely or never remove content. Deciding when it makes sense to trust the tracking info is up to you. -One way to handle this is just to use `--force` when a command cannot -access a remote you trust. Or to use `--trust` to specify a repository to -trust temporarily. - To configure a repository as fully and permanently trusted, use the [[git-annex-trust]] command.