proxied exporttree=yes versionedexport=yes remotes are not untrusted

This removes versionedExport, which was only used by the S3 special
remote. Instead, versionedexport=yes is a common way for remotes to
indicate that they are versioned.

Annex/Import.hs

@@ -44,6 +44,7 @@ import Annex.Transfer
 import Annex.CheckIgnore
 import Annex.CatFile
 import Annex.VectorClock
+import Annex.SpecialRemote.Config
 import Command
 import Backend
 import Types.Key
@@ -194,7 +195,7 @@ recordImportTree remote importtreeconfig imported = do
 			_ -> noop
 		-- When the remote is versioned, it still contains keys
 		-- that are not present in the new tree.
-		unless (Remote.versionedExport (Remote.exportActions remote)) $ do
+		unless (isVersioning (Remote.config remote)) $ do
 			db <- Export.openDb (Remote.uuid remote)
 			forM_ (exportedTreeishes oldexport) $ \oldtree ->
 				Export.runExportDiffUpdater updater db oldtree finaltree

Annex/SpecialRemote/Config.hs

@@ -93,6 +93,9 @@ exportTreeField = Accepted "exporttree"
 
 importTreeField :: RemoteConfigField
 importTreeField = Accepted "importtree"
+			
+versioningField :: RemoteConfigField
+versioningField = Accepted "versioning"
 
 exportTree :: ParsedRemoteConfig -> Bool
 exportTree = fromMaybe False . getRemoteConfigValue exportTreeField
@@ -100,6 +103,9 @@ exportTree = fromMaybe False . getRemoteConfigValue exportTreeField
 importTree :: ParsedRemoteConfig -> Bool
 importTree = fromMaybe False . getRemoteConfigValue importTreeField
 
+isVersioning :: ParsedRemoteConfig -> Bool
+isVersioning = fromMaybe False . getRemoteConfigValue versioningField
+
 annexObjectsField :: RemoteConfigField
 annexObjectsField = Accepted "annexobjects"
 

Command/Export.hs

@@ -422,10 +422,10 @@ cleanupUnexport r db eks loc = do
 			removeExportedLocation db ek loc
 		flushDbQueue db
 
-	-- A versionedExport remote supports removeExportLocation to remove
+	-- A versioned remote supports removeExportLocation to remove
 	-- the file from the exported tree, but still retains the content
 	-- and allows retrieving it.
-	unless (versionedExport (exportActions r)) $ do
+	unless (isVersioning (Remote.config r)) $ do
 		remaininglocs <- liftIO $ 
 			concat <$> forM eks (getExportedLocation db)
 		when (null remaininglocs) $

Remote/Adb.hs

@@ -91,7 +91,6 @@ gen r u rc gc rs = do
 			{ storeExport = storeExportM serial adir
 			, retrieveExport = retrieveExportM serial adir
 			, removeExport = removeExportM serial adir
-			, versionedExport = False
 			, checkPresentExport = checkPresentExportM serial adir
 			, removeExportDirectory = Just $ removeExportDirectoryM serial adir
 			, renameExport = Just $ renameExportM serial adir

Remote/Directory.hs

@@ -107,7 +107,6 @@ gen r u rc gc rs = do
 				{ storeExport = storeExportM dir cow
 				, retrieveExport = retrieveExportM dir cow
 				, removeExport = removeExportM dir
-				, versionedExport = False
 				, checkPresentExport = checkPresentExportM dir
 				-- Not needed because removeExportLocation
 				-- auto-removes empty directories.

Remote/External.hs

@@ -95,7 +95,6 @@ gen rt externalprogram r u rc gc rs
 				{ storeExport = storeExportM external
 				, retrieveExport = retrieveExportM external
 				, removeExport = removeExportM external
-				, versionedExport = False
 				, checkPresentExport = checkPresentExportM external
 				, removeExportDirectory = Just $ removeExportDirectoryM external
 				, renameExport = Just $ renameExportM external

Remote/Git.hs

@@ -84,6 +84,7 @@ remote = RemoteType
 	, configParser = mkRemoteConfigParser
 		[ optionalStringParser locationField
 			(FieldDesc "url of git remote to remember with special remote")
+		, yesNoParser versioningField (Just False) HiddenField
 		]
 	, setup = gitSetup
 	, exportSupported = exportUnsupported
@@ -230,7 +231,7 @@ gen r u rc gc rs
 			, readonly = Git.repoIsHttp r && not (isP2PHttp' gc)
 			, appendonly = False
 			, untrustworthy = isJust (remoteAnnexProxiedBy gc) 
-				&& exportTree c
+				&& exportTree c && not (isVersioning c)
 			, availability = repoAvail r
 			, remotetype = remote
 			, mkUnavailable = unavailable r u rc gc rs

Remote/Helper/ExportImport.hs

@@ -42,7 +42,6 @@ instance HasExportUnsupported (ExportActions Annex) where
 		, retrieveExport = nope
 		, checkPresentExport = \_ _ -> return False
 		, removeExport = nope
-		, versionedExport = False
 		, removeExportDirectory = nope
 		, renameExport = Nothing
 		}
@@ -137,7 +136,6 @@ adjustExportImport' :: Bool -> Bool -> Bool -> Remote -> RemoteStateHandle -> Gi
 adjustExportImport' isexport isimport annexobjects r rs gc = do
 	dbv <- prepdbv
 	ciddbv <- prepciddb
-	let versioned = versionedExport (exportActions r)
 	return $ r
 		{ exportActions = if isexport
 			then if isimport
@@ -249,6 +247,8 @@ adjustExportImport' isexport isimport annexobjects r rs gc = do
 				else is'
 		}
   where
+	versioned = isVersioning (config r)
+	
 	thirdpartypopulated = thirdPartyPopulated (remotetype r)
 
 	-- exportActions adjusted to use the equivalent import actions,
@@ -457,12 +457,12 @@ adjustExportImport' isexport isimport annexobjects r rs gc = do
 					_ -> throwM err
 		| otherwise = a
 
-	-- versionedExport remotes have a key/value store which
+	-- versioned remotes have a key/value store which
 	-- the usual retrieveKeyFile can be used with, rather than
 	-- an import/export variant. However, fall back to that
 	-- if retrieveKeyFile fails.
 	supportversionedretrieve k af dest p vc a
-		| versionedExport (exportActions r) =
+		| versioned =
 			retrieveKeyFile r k af dest p vc
 				`catchNonAsync` const a
 		| otherwise = a

Remote/HttpAlso.hs

@@ -79,7 +79,6 @@ gen r u rc gc rs = do
 			{ storeExport = cannotModify
 			, retrieveExport = retriveExportHttpAlso url
 			, removeExport = cannotModify
-			, versionedExport = False
 			, checkPresentExport = checkPresentExportHttpAlso url
 			, removeExportDirectory = Nothing
 			, renameExport = cannotModify

Remote/Rsync.hs

@@ -103,7 +103,6 @@ gen r u rc gc rs = do
 				{ storeExport = storeExportM o
 				, retrieveExport = retrieveExportM o
 				, removeExport = removeExportM o
-				, versionedExport = False
 				, checkPresentExport = checkPresentExportM o
 				, removeExportDirectory = Just (removeExportDirectoryM o)
 				, renameExport = Just $ renameExportM o

Remote/S3.hs

@@ -143,10 +143,7 @@ storageclassField = Accepted "storageclass"
 
 fileprefixField :: RemoteConfigField
 fileprefixField = Accepted "fileprefix"
-
-versioningField :: RemoteConfigField
-versioningField = Accepted "versioning"
-
+			
 publicField :: RemoteConfigField
 publicField = Accepted "public"
 
@@ -224,7 +221,6 @@ gen r u rc gc rs = do
 				{ storeExport = storeExportS3 hdl this rs info magic
 				, retrieveExport = retrieveExportS3 hdl this info
 				, removeExport = removeExportS3 hdl this rs info
-				, versionedExport = versioning info
 				, checkPresentExport = checkPresentExportS3 hdl this info
 				-- S3 does not have directories.
 				, removeExportDirectory = Nothing

Remote/WebDAV.hs

@@ -101,7 +101,6 @@ gen r u rc gc rs = do
 				, retrieveExport = retrieveExportDav hdl
 				, checkPresentExport = checkPresentExportDav hdl this
 				, removeExport = removeExportDav hdl
-				, versionedExport = False
 				, removeExportDirectory = Just $
 					removeExportDirectoryDav hdl
 				, renameExport = Just $ renameExportDav hdl

Types/Remote.hs

@@ -278,11 +278,6 @@ data ExportActions a = ExportActions
 	-- Can throw exception if unable to access remote, or if remote
 	-- refuses to remove the content.
 	, removeExport :: Key -> ExportLocation -> a ()
-	-- Set when the remote is versioned, so once a Key is stored
-	-- to an ExportLocation, a subsequent deletion of that
-	-- ExportLocation leaves the key still accessible to retrieveKeyFile
-	-- and checkPresent.
-	, versionedExport :: Bool
 	-- Removes an exported directory. Typically the directory will be
 	-- empty, but it could possibly contain files or other directories,
 	-- and it's ok to delete those (but not required to). 

doc/design/external_special_remote_protocol.mdwn

@@ -189,8 +189,9 @@ the special remote can reply with `UNSUPPORTED-REQUEST`.
   a list of settings with descriptions. Note that the user is not required
   to provided all the settings listed here. A block of responses
   can be made to this, which must always end with `CONFIGEND`.  
-  (Do not include settings like "encryption" that are common to all external
-  special remotes.)
+  (Do not include config like "encryption" that are common to all external
+  special remotes. Also avoid including a config named "versioning"
+  unless using it as desribed in the [[export_and_import_appendix]].)
   * `CONFIG Name Description`  
     Indicates the name and description of a config setting. The description
     should be reasonably short. Example:

doc/design/external_special_remote_protocol/export_and_import_appendix.mdwn

@@ -153,13 +153,6 @@ support a request, it can reply with `UNSUPPORTED-REQUEST`.
     Indicates that `IMPORTKEY` can be used.
   * `IMPORTKEYSUPPORTED-FAILURE`  
     Indicates that `IMPORTKEY` cannot be used.
- * `VERSIONED`
-  Used to check if the special remote is versioned.
-  Note that this request may be made before or after `PREPARE`.
-  * `ISVERSIONED`  
-    Indicates that the remote is versioned.
-  * `NOTVERSIONED`  
-    Indicates that the remote is not versioned.
 * `LISTIMPORTABLECONTENTS`  
   Used to get a list of all the files that are stored in the special 
   remote. A block of responses
@@ -178,10 +171,9 @@ support a request, it can reply with `UNSUPPORTED-REQUEST`.
     block of responses. This can be repeated any number of times
     (indicating a branching history), and histories can also
     be nested multiple levels deep.  
-    This should only be used when the remote supports using
-    "TRANSFER RECEIVE Key" to retrieve historical versions of files.
-    And, it should only be used when the remote replies `ISVERSIONED`
-    to the `VERSIONED` message.
+    This should only be a response when the remote supports using
+    "TRANSFER RECEIVE Key" to retrieve historical versions of files,
+    and when "GETCONFIG versioning" yields "VALUE TRUE".
   * `END`  
     Indicates the end of a block of responses.
 * `LOCATION Name`  

doc/todo/git-annex_proxies.mdwn

@@ -33,22 +33,6 @@ Planned schedule of work:
 * Working on `exportreeplus` branch which is groundwork for proxying to
   exporttree=yes special remotes. Need to merge it to master.
 
-* Versioned exports are not untrustworthy. But checking that for a proxied
-  remote would need to construct a Remote using the special remote's config. 
-  
-  For eg S3 (the only versioned one currently), that would need the S3
-  creds to be set in the environment. 
-
-  For an external special remote that uses the (currently draft) extension,
-  the program would need to be installed to check how it responds to
-  VERSIONED.
-
-  Constructing a special remote in order to use it proxied does not seem
-  feasible.
-
-  versionedExport could be changed be a pure function from
-  ParsedRemoteConfig. But that would not help with external special remotes.
-
 ## completed items for August
 
 * Special remotes configured with exporttree=yes annexobjects=yes