mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

add encryption warning

Browse source
This commit is contained in:
Joey Hess 2019-08-05 11:29:32 -04:00
parent ecf7f34c23
commit 3f450f0f4a
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Remote/GitLFS.hs
View file

@ -12,6 +12,7 @@ import Types.Remote
import Annex.Url import Annex.Url
import Types.Key import Types.Key
import Types.Creds import Types.Creds
import qualified Annex
import qualified Git import qualified Git
import qualified Git.Types as Git import qualified Git.Types as Git
import qualified Git.Url import qualified Git.Url
@ -108,11 +109,21 @@ mySetup _ mu _ c gc = do
let repo = fromMaybe (giveup "Specify url=") $ let repo = fromMaybe (giveup "Specify url=") $
M.lookup "url" c M.lookup "url" c
-- TODO: don't allow using encryption w/o the user indicating they
-- know it will only encrypt git-annex objects, not git pushes when (isEncrypted c) $
-- TODO: don't allow using encryption=shared w/o the user unlessM (Annex.getState Annex.force) $
-- indicating that pushing to the git-lfs remote will expose the giveup $ unwords $
-- encrypted data. [ "You asked that encryption be enabled for"
, "this remote, but only the files that"
, "git-annex stores on it would be encrypted;"
, "anything that git push sends to it would"
, "not be encrypted. Even encryption=shared"
, "encryption keys will be stored on the"
, "remote for anyone who can access it to"
, "see."
, "(Use --force if you want to use this"
, "likely insecure configuration.)"
]
(c', _encsetup) <- encryptionSetup c gc (c', _encsetup) <- encryptionSetup c gc
-- The repo is not stored in the remote log, because the same -- The repo is not stored in the remote log, because the same

9
doc/special_remotes/git-lfs.mdwn
View file

@ -41,11 +41,12 @@ store its SHA256 checksum in the git-annex branch.
## encryption notes ## encryption notes
The encryption= parameter only makes git-annex encrypt data stored on the The encryption= parameter only makes git-annex encrypt data it stores
remote. `git push` can also be used with the remote (it is a git repository on the remote. `git push` can also be used with the remote
after all), and data pushed to it with git will *not* be encrypted. (it is a git repository after all), and data pushed to it with
git will *not* be encrypted.
This makes using encryption=shared with a git-lfs special remote very Using encryption=shared with a git-lfs special remote is especially
unlikely to be secure, because the encryption key is committed to the git unlikely to be secure, because the encryption key is committed to the git
repository. It would only make sense if you never pushed it to the repository. It would only make sense if you never pushed it to the
remote, or trusted the remote's host to keep it secure. remote, or trusted the remote's host to keep it secure.