mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

avoid always decrypting cipher

Browse source 
Last change moved cipher decryption to remote setup time.
Fixed this with a bit of a hack.
This commit is contained in:
Joey Hess 2011-05-01 15:13:54 -04:00
parent 2ddade8132
commit 3c319cd844
3 changed files with 27 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Remote/Encryptable.hs
View file

@ -80,6 +80,7 @@ remoteCipher c = do
Nothing -> case extractCipher c of Nothing -> case extractCipher c of
Nothing -> return Nothing Nothing -> return Nothing
Just encipher -> do Just encipher -> do
showNote "gpg"
cipher <- liftIO $ decryptCipher c encipher cipher <- liftIO $ decryptCipher c encipher
Annex.changeState (\s -> s { Annex.cipher = Just cipher }) Annex.changeState (\s -> s { Annex.cipher = Just cipher })
return $ Just cipher return $ Just cipher

43
Remote/S3real.hs
View file

@ -15,10 +15,11 @@ import Network.AWS.AWSResult
import qualified Data.ByteString.Lazy.Char8 as L import qualified Data.ByteString.Lazy.Char8 as L
import qualified Data.Map as M import qualified Data.Map as M
import Data.Maybe import Data.Maybe
import Control.Monad (when, liftM) import Control.Monad (when)
import Control.Monad.State (liftIO) import Control.Monad.State (liftIO)
import System.Environment import System.Environment
import System.Posix.Files import System.Posix.Files
import System.Posix.Env (setEnv)
import RemoteClass import RemoteClass
import Types import Types
@ -46,8 +47,7 @@ remote = RemoteType {
gen :: Git.Repo -> UUID -> Maybe RemoteConfig -> Annex (Remote Annex) gen :: Git.Repo -> UUID -> Maybe RemoteConfig -> Annex (Remote Annex)
gen r u c = do gen r u c = do
cst <- remoteCost r expensiveRemoteCost cst <- remoteCost r expensiveRemoteCost
c' <- s3GetCreds c return $ gen' r u c cst
return $ gen' r u c' cst
gen' :: Git.Repo -> UUID -> Maybe RemoteConfig -> Int -> Remote Annex gen' :: Git.Repo -> UUID -> Maybe RemoteConfig -> Int -> Remote Annex
gen' r u c cst = do gen' r u c cst = do
encryptableRemote c encryptableRemote c
@ -71,8 +71,7 @@ s3Setup :: UUID -> RemoteConfig -> Annex RemoteConfig
s3Setup u c = do s3Setup u c = do
-- verify configuration is sane -- verify configuration is sane
c' <- encryptionSetup c c' <- encryptionSetup c
c'' <- liftM fromJust (s3GetCreds $ Just c') let fullconfig = M.union c' defaults
let fullconfig = M.union c'' defaults
-- check bucket location to see if the bucket exists, and create it -- check bucket location to see if the bucket exists, and create it
let datacenter = fromJust $ M.lookup "datacenter" fullconfig let datacenter = fromJust $ M.lookup "datacenter" fullconfig
@ -210,8 +209,9 @@ s3ConnectionRequired c = do
s3Connection :: RemoteConfig -> Annex (Maybe AWSConnection) s3Connection :: RemoteConfig -> Annex (Maybe AWSConnection)
s3Connection c = do s3Connection c = do
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of creds <- s3GetCreds c
(Just ak, Just sk) -> return $ Just $ AWSConnection host port ak sk case creds of
Just (ak, sk) -> return $ Just $ AWSConnection host port ak sk
_ -> do _ -> do
warning $ "Set both " ++ s3AccessKey ++ " and " ++ s3SecretKey ++ " to use S3" warning $ "Set both " ++ s3AccessKey ++ " and " ++ s3SecretKey ++ " to use S3"
return Nothing return Nothing
@ -224,9 +224,8 @@ s3Connection c = do
{- S3 creds come from the environment if set. {- S3 creds come from the environment if set.
- Otherwise, might be stored encrypted in the remote's config. -} - Otherwise, might be stored encrypted in the remote's config. -}
s3GetCreds :: Maybe RemoteConfig -> Annex (Maybe RemoteConfig) s3GetCreds :: RemoteConfig -> Annex (Maybe (String, String))
s3GetCreds Nothing = return Nothing s3GetCreds c = do
s3GetCreds (Just c) = do
ak <- getEnvKey s3AccessKey ak <- getEnvKey s3AccessKey
sk <- getEnvKey s3SecretKey sk <- getEnvKey s3SecretKey
if (null ak || null sk) if (null ak || null sk)
@ -238,28 +237,32 @@ s3GetCreds (Just c) = do
(return $ L.pack $ fromB64 encrypted) (return $ L.pack $ fromB64 encrypted)
(return . L.unpack) (return . L.unpack)
let line = lines s let line = lines s
creds (line !! 0) (line !! 1) let ak' = line !! 0
_ -> return $ Just c let sk' = line !! 1
else creds ak sk liftIO $ do
setEnv s3AccessKey ak True
setEnv s3SecretKey sk True
return $ Just (ak', sk')
_ -> return Nothing
else return $ Just (ak, sk)
where where
getEnvKey s = liftIO $ catch (getEnv s) (const $ return "") getEnvKey s = liftIO $ catch (getEnv s) (const $ return "")
creds ak sk = return $ Just $ M.insert s3AccessKey ak $ M.insert s3SecretKey sk c
{- Stores S3 creds encrypted in the remote's config if possible. -} {- Stores S3 creds encrypted in the remote's config if possible. -}
s3SetCreds :: RemoteConfig -> Annex RemoteConfig s3SetCreds :: RemoteConfig -> Annex RemoteConfig
s3SetCreds c = do s3SetCreds c = do
let cleanconfig = M.delete s3AccessKey $ M.delete s3SecretKey c creds <- s3GetCreds c
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of case creds of
(Just ak, Just sk) -> do Just (ak, sk) -> do
mcipher <- remoteCipher c mcipher <- remoteCipher c
case mcipher of case mcipher of
Just cipher -> do Just cipher -> do
s <- liftIO $ withEncryptedContent cipher s <- liftIO $ withEncryptedContent cipher
(return $ L.pack $ unlines [ak, sk]) (return $ L.pack $ unlines [ak, sk])
(return . L.unpack) (return . L.unpack)
return $ M.insert "s3creds" (toB64 s) cleanconfig return $ M.insert "s3creds" (toB64 s) c
Nothing -> return cleanconfig Nothing -> return c
_ -> return cleanconfig _ -> return c
s3AccessKey :: String s3AccessKey :: String
s3AccessKey = "AWS_ACCESS_KEY_ID" s3AccessKey = "AWS_ACCESS_KEY_ID"

6
doc/walkthrough/using_Amazon_S3.mdwn
View file

@ -15,7 +15,7 @@ like "2512E3C7"
Next, create the S3 remote, and describe it. Next, create the S3 remote, and describe it.
# git annex initremote cloud type=S3 encryption=2512E3C7 # git annex initremote cloud type=S3 encryption=2512E3C7
initremote cloud (encryption setup with gpg key C910D9222512E3C7) (checking bucket) (creating bucket in US) ok initremote cloud (encryption setup with gpg key C910D9222512E3C7) (checking bucket) (creating bucket in US) (gpg) ok
# git annex describe cloud "at Amazon's US datacenter" # git annex describe cloud "at Amazon's US datacenter"
describe cloud ok describe cloud ok
@ -25,12 +25,12 @@ repository use the same S3 remote is easy:
# cd /media/usb/annex # cd /media/usb/annex
# git pull laptop master # git pull laptop master
# git annex initremote cloud # git annex initremote cloud
initremote cloud (checking bucket) ok initremote cloud (gpg) (checking bucket) ok
Now the remote can be used like any other remote. Now the remote can be used like any other remote.
# git annex copy my_cool_big_file --to cloud # git annex copy my_cool_big_file --to cloud
copy my_cool_big_file (checking cloud...) (to cloud...) ok copy my_cool_big_file (gpg) (checking cloud...) (to cloud...) ok
# git annex move video/hackity_hack_and_kaxxt.mov --to cloud # git annex move video/hackity_hack_and_kaxxt.mov --to cloud
move video/hackity_hack_and_kaxxt.mov (checking cloud...) (to cloud...) ok move video/hackity_hack_and_kaxxt.mov (checking cloud...) (to cloud...) ok