add encryption warning
This commit is contained in:
Joey Hess
parent
ecf7f34c23
commit
3f450f0f4a
2 changed files with 21 additions and 9 deletions
|
|
@ -12,6 +12,7 @@ import Types.Remote
|
|||
import Annex.Url
|
||||
import Types.Key
|
||||
import Types.Creds
|
||||
import qualified Annex
|
||||
import qualified Git
|
||||
import qualified Git.Types as Git
|
||||
import qualified Git.Url
|
||||
|
|
@ -108,11 +109,21 @@ mySetup _ mu _ c gc = do
|
|||
|
||||
let repo = fromMaybe (giveup "Specify url=") $
|
||||
M.lookup "url" c
|
||||
-- TODO: don't allow using encryption w/o the user indicating they
|
||||
-- know it will only encrypt git-annex objects, not git pushes
|
||||
-- TODO: don't allow using encryption=shared w/o the user
|
||||
-- indicating that pushing to the git-lfs remote will expose the
|
||||
-- encrypted data.
|
||||
|
||||
when (isEncrypted c) $
|
||||
unlessM (Annex.getState Annex.force) $
|
||||
giveup $ unwords $
|
||||
[ "You asked that encryption be enabled for"
|
||||
, "this remote, but only the files that"
|
||||
, "git-annex stores on it would be encrypted;"
|
||||
, "anything that git push sends to it would"
|
||||
, "not be encrypted. Even encryption=shared"
|
||||
, "encryption keys will be stored on the"
|
||||
, "remote for anyone who can access it to"
|
||||
, "see."
|
||||
, "(Use --force if you want to use this"
|
||||
, "likely insecure configuration.)"
|
||||
]
|
||||
(c', _encsetup) <- encryptionSetup c gc
|
||||
|
||||
-- The repo is not stored in the remote log, because the same
|
||||
|
|
|
|||
|
|
@ -41,11 +41,12 @@ store its SHA256 checksum in the git-annex branch.
|
|||
|
||||
## encryption notes
|
||||
|
||||
The encryption= parameter only makes git-annex encrypt data stored on the
|
||||
remote. `git push` can also be used with the remote (it is a git repository
|
||||
after all), and data pushed to it with git will *not* be encrypted.
|
||||
The encryption= parameter only makes git-annex encrypt data it stores
|
||||
on the remote. `git push` can also be used with the remote
|
||||
(it is a git repository after all), and data pushed to it with
|
||||
git will *not* be encrypted.
|
||||
|
||||
This makes using encryption=shared with a git-lfs special remote very
|
||||
Using encryption=shared with a git-lfs special remote is especially
|
||||
unlikely to be secure, because the encryption key is committed to the git
|
||||
repository. It would only make sense if you never pushed it to the
|
||||
remote, or trusted the remote's host to keep it secure.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue