From 51b974d9f03c080378cabdf0d70eec11146962af Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 8 Dec 2023 12:39:18 -0400 Subject: [PATCH] skip distributed migration to insecure key when annex.securehashesonly is set This only avoids extra work and a warning messsage. It seems likely that in such a situation, the user does not want migrations to insecure hashes, and so best to ignore them as much as possible. If the user merges a branch that switches annexed files to an insecure hash, they will notice that the file contents are unavailable, and git-annex get will tell them the problem then. So it does not seem useful to have migrate --update also complain about it. --- Command/Migrate.hs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Command/Migrate.hs b/Command/Migrate.hs index 65652a8c63..e184bf588f 100644 --- a/Command/Migrate.hs +++ b/Command/Migrate.hs @@ -149,7 +149,7 @@ perform onlyremovesize o file oldkey oldkeyrec oldbackend newbackend = go =<< ge update :: Key -> Key -> CommandStart update oldkey newkey = - stopUnless ((not <$> inAnnex newkey) <&&> inAnnex oldkey) $ do + stopUnless ((not <$> inAnnex newkey) <&&> inAnnex oldkey <&&> allowed) $ do ai <- findworktreefile >>= return . \case Just f -> ActionItemAssociatedFile (AssociatedFile (Just f)) newkey Nothing -> ActionItemKey newkey @@ -161,6 +161,11 @@ update oldkey newkey = , next $ return False ) where + -- annex.securehashesonly will block adding keys with insecure + -- hashes, this check is only to avoid doing extra work and + -- displaying a message when it fails. + allowed = isNothing <$> checkSecureHashes newkey + findworktreefile = do fs <- Database.Keys.getAssociatedFiles newkey g <- Annex.gitRepo