Behavior change: --trust option no longer overrides trust

Since that can lead to data loss, which should never be enabled by an
option other than --force.

I suppose that using --trust was in some situation, safer than --force,
because it doesn't entirely disable checking for data loss, but only
disables checking involving data that is on the specified repository.
But it seems better to be able to say that data loss only happens with
--force.

This commit was sponsored by Graham Spencer on Patreon.
This commit is contained in:
Joey Hess 2021-01-07 10:12:37 -04:00
parent 6a0030a110
commit 2bf34fc17f
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
5 changed files with 14 additions and 8 deletions

View file

@ -10,6 +10,9 @@ git-annex (8.20201130) UNRELEASED; urgency=medium
behavior, mincopies also needs to be set to 0. behavior, mincopies also needs to be set to 0.
* Behavior change: git-annex trust now needs --force, since unconsidered * Behavior change: git-annex trust now needs --force, since unconsidered
use of trusted repositories can lead to data loss. use of trusted repositories can lead to data loss.
* Behavior change: --trust option no longer overrides trust, since
that can lead to data loss, which should never be enabled by an option
other than --force.
* add: Significantly speed up adding lots of non-large files to git, * add: Significantly speed up adding lots of non-large files to git,
by disabling the annex smudge filter when running git add. by disabling the annex smudge filter when running git add.
* add --force-small: Run git add rather than updating the index itself, * add --force-small: Run git add rather than updating the index itself,

View file

@ -55,7 +55,7 @@ gitAnnexGlobalOptions = commonGlobalOptions ++
) )
, globalSetter (Remote.forceTrust Trusted) $ strOption , globalSetter (Remote.forceTrust Trusted) $ strOption
( long "trust" <> metavar paramRemote ( long "trust" <> metavar paramRemote
<> help "override trust setting" <> help "deprecated, does not override trust setting"
<> hidden <> hidden
<> completeRemotes <> completeRemotes
) )

View file

@ -384,7 +384,9 @@ listRemoteNames remotes = intercalate ", " (map name remotes)
forceTrust :: TrustLevel -> String -> Annex () forceTrust :: TrustLevel -> String -> Annex ()
forceTrust level remotename = do forceTrust level remotename = do
u <- nameToUUID remotename u <- nameToUUID remotename
Annex.changeState $ \s -> if level >= Trusted
then toplevelWarning False "Ignoring request to trust repository, because that can lead to data loss."
else Annex.changeState $ \s ->
s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) } s { Annex.forcetrust = M.insert u level (Annex.forcetrust s) }
{- Used to log a change in a remote's having a key. The change is logged {- Used to log a change in a remote's having a key. The change is logged

View file

@ -797,7 +797,6 @@ may not be explicitly listed on their individual man pages.
Also, note that if the time limit prevents git-annex from doing all it Also, note that if the time limit prevents git-annex from doing all it
was asked to, it will exit with a special code, 101. was asked to, it will exit with a special code, 101.
* `--trust=repository`
* `--semitrust=repository` * `--semitrust=repository`
* `--untrust=repository` * `--untrust=repository`
@ -806,6 +805,12 @@ may not be explicitly listed on their individual man pages.
The repository should be specified using the name of a configured remote, The repository should be specified using the name of a configured remote,
or the UUID or description of a repository. or the UUID or description of a repository.
* `--trust=repository`
This used to override trust settings for a repository, but now will
not do so, because trusting a repository can lead to data loss,
and data loss is now only enabled when using the `--force` option.
* `--trust-glacier` * `--trust-glacier`
Amazon Glacier inventories take hours to retrieve, and may not represent Amazon Glacier inventories take hours to retrieve, and may not represent

View file

@ -44,10 +44,6 @@ information for a repository. For example, it may be an offline
archival drive, from which you rarely or never remove content. Deciding archival drive, from which you rarely or never remove content. Deciding
when it makes sense to trust the tracking info is up to you. when it makes sense to trust the tracking info is up to you.
One way to handle this is just to use `--force` when a command cannot
access a remote you trust. Or to use `--trust` to specify a repository to
trust temporarily.
To configure a repository as fully and permanently trusted, To configure a repository as fully and permanently trusted,
use the [[git-annex-trust]] command. use the [[git-annex-trust]] command.