avoid always decrypting cipher
Last change moved cipher decryption to remote setup time. Fixed this with a bit of a hack.
This commit is contained in:
Joey Hess
parent
2ddade8132
commit
3c319cd844
3 changed files with 27 additions and 23 deletions
|
|
@ -80,6 +80,7 @@ remoteCipher c = do
|
|||
Nothing -> case extractCipher c of
|
||||
Nothing -> return Nothing
|
||||
Just encipher -> do
|
||||
showNote "gpg"
|
||||
cipher <- liftIO $ decryptCipher c encipher
|
||||
Annex.changeState (\s -> s { Annex.cipher = Just cipher })
|
||||
return $ Just cipher
|
||||
|
|
|
|||
|
|
@ -15,10 +15,11 @@ import Network.AWS.AWSResult
|
|||
import qualified Data.ByteString.Lazy.Char8 as L
|
||||
import qualified Data.Map as M
|
||||
import Data.Maybe
|
||||
import Control.Monad (when, liftM)
|
||||
import Control.Monad (when)
|
||||
import Control.Monad.State (liftIO)
|
||||
import System.Environment
|
||||
import System.Posix.Files
|
||||
import System.Posix.Env (setEnv)
|
||||
|
||||
import RemoteClass
|
||||
import Types
|
||||
|
|
@ -46,8 +47,7 @@ remote = RemoteType {
|
|||
gen :: Git.Repo -> UUID -> Maybe RemoteConfig -> Annex (Remote Annex)
|
||||
gen r u c = do
|
||||
cst <- remoteCost r expensiveRemoteCost
|
||||
c' <- s3GetCreds c
|
||||
return $ gen' r u c' cst
|
||||
return $ gen' r u c cst
|
||||
gen' :: Git.Repo -> UUID -> Maybe RemoteConfig -> Int -> Remote Annex
|
||||
gen' r u c cst = do
|
||||
encryptableRemote c
|
||||
|
|
@ -71,8 +71,7 @@ s3Setup :: UUID -> RemoteConfig -> Annex RemoteConfig
|
|||
s3Setup u c = do
|
||||
-- verify configuration is sane
|
||||
c' <- encryptionSetup c
|
||||
c'' <- liftM fromJust (s3GetCreds $ Just c')
|
||||
let fullconfig = M.union c'' defaults
|
||||
let fullconfig = M.union c' defaults
|
||||
|
||||
-- check bucket location to see if the bucket exists, and create it
|
||||
let datacenter = fromJust $ M.lookup "datacenter" fullconfig
|
||||
|
|
@ -210,8 +209,9 @@ s3ConnectionRequired c = do
|
|||
|
||||
s3Connection :: RemoteConfig -> Annex (Maybe AWSConnection)
|
||||
s3Connection c = do
|
||||
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of
|
||||
(Just ak, Just sk) -> return $ Just $ AWSConnection host port ak sk
|
||||
creds <- s3GetCreds c
|
||||
case creds of
|
||||
Just (ak, sk) -> return $ Just $ AWSConnection host port ak sk
|
||||
_ -> do
|
||||
warning $ "Set both " ++ s3AccessKey ++ " and " ++ s3SecretKey ++ " to use S3"
|
||||
return Nothing
|
||||
|
|
@ -224,9 +224,8 @@ s3Connection c = do
|
|||
|
||||
{- S3 creds come from the environment if set.
|
||||
- Otherwise, might be stored encrypted in the remote's config. -}
|
||||
s3GetCreds :: Maybe RemoteConfig -> Annex (Maybe RemoteConfig)
|
||||
s3GetCreds Nothing = return Nothing
|
||||
s3GetCreds (Just c) = do
|
||||
s3GetCreds :: RemoteConfig -> Annex (Maybe (String, String))
|
||||
s3GetCreds c = do
|
||||
ak <- getEnvKey s3AccessKey
|
||||
sk <- getEnvKey s3SecretKey
|
||||
if (null ak || null sk)
|
||||
|
|
@ -238,28 +237,32 @@ s3GetCreds (Just c) = do
|
|||
(return $ L.pack $ fromB64 encrypted)
|
||||
(return . L.unpack)
|
||||
let line = lines s
|
||||
creds (line !! 0) (line !! 1)
|
||||
_ -> return $ Just c
|
||||
else creds ak sk
|
||||
let ak' = line !! 0
|
||||
let sk' = line !! 1
|
||||
liftIO $ do
|
||||
setEnv s3AccessKey ak True
|
||||
setEnv s3SecretKey sk True
|
||||
return $ Just (ak', sk')
|
||||
_ -> return Nothing
|
||||
else return $ Just (ak, sk)
|
||||
where
|
||||
getEnvKey s = liftIO $ catch (getEnv s) (const $ return "")
|
||||
creds ak sk = return $ Just $ M.insert s3AccessKey ak $ M.insert s3SecretKey sk c
|
||||
|
||||
{- Stores S3 creds encrypted in the remote's config if possible. -}
|
||||
s3SetCreds :: RemoteConfig -> Annex RemoteConfig
|
||||
s3SetCreds c = do
|
||||
let cleanconfig = M.delete s3AccessKey $ M.delete s3SecretKey c
|
||||
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of
|
||||
(Just ak, Just sk) -> do
|
||||
creds <- s3GetCreds c
|
||||
case creds of
|
||||
Just (ak, sk) -> do
|
||||
mcipher <- remoteCipher c
|
||||
case mcipher of
|
||||
Just cipher -> do
|
||||
s <- liftIO $ withEncryptedContent cipher
|
||||
(return $ L.pack $ unlines [ak, sk])
|
||||
(return . L.unpack)
|
||||
return $ M.insert "s3creds" (toB64 s) cleanconfig
|
||||
Nothing -> return cleanconfig
|
||||
_ -> return cleanconfig
|
||||
return $ M.insert "s3creds" (toB64 s) c
|
||||
Nothing -> return c
|
||||
_ -> return c
|
||||
|
||||
s3AccessKey :: String
|
||||
s3AccessKey = "AWS_ACCESS_KEY_ID"
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ like "2512E3C7"
|
|||
Next, create the S3 remote, and describe it.
|
||||
|
||||
# git annex initremote cloud type=S3 encryption=2512E3C7
|
||||
initremote cloud (encryption setup with gpg key C910D9222512E3C7) (checking bucket) (creating bucket in US) ok
|
||||
initremote cloud (encryption setup with gpg key C910D9222512E3C7) (checking bucket) (creating bucket in US) (gpg) ok
|
||||
# git annex describe cloud "at Amazon's US datacenter"
|
||||
describe cloud ok
|
||||
|
||||
|
|
@ -25,12 +25,12 @@ repository use the same S3 remote is easy:
|
|||
# cd /media/usb/annex
|
||||
# git pull laptop master
|
||||
# git annex initremote cloud
|
||||
initremote cloud (checking bucket) ok
|
||||
initremote cloud (gpg) (checking bucket) ok
|
||||
|
||||
Now the remote can be used like any other remote.
|
||||
|
||||
# git annex copy my_cool_big_file --to cloud
|
||||
copy my_cool_big_file (checking cloud...) (to cloud...) ok
|
||||
copy my_cool_big_file (gpg) (checking cloud...) (to cloud...) ok
|
||||
# git annex move video/hackity_hack_and_kaxxt.mov --to cloud
|
||||
move video/hackity_hack_and_kaxxt.mov (checking cloud...) (to cloud...) ok
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue