rename config to annex.security.allowed-compute-programs

And require for enable as well as autoenable. It seemed asking for trouble for `git-annex enable foo` to use whatever compute program is stored in the git config, without verifying that the user wants that program to be used. Note that it would be good to allow `git-annex enable foo program=...` to be used without the program being in the git config. Not implemented yet though.
2025-03-03 16:07:04 -04:00 · 2025-03-03 16:07:04 -04:00 · 52f51d065a
commit 52f51d065a
parent f32d2aecce
5 changed files with 24 additions and 24 deletions
--- a/Remote/Compute.hs
+++ b/Remote/Compute.hs
@ -121,21 +121,19 @@ gen r u rc gc rs = case getComputeProgram' rc of
 setupInstance :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
 setupInstance ss mu _ c _ = do
 	ComputeProgram program <- either giveup return $ getComputeProgram' c
+	allowedprograms <- maybe [] words . annexAllowedComputePrograms
+		<$> Annex.getGitConfig
 	case ss of
-		AutoEnable _ -> do
-			l <- maybe [] words 
-				. annexAutoEnableComputePrograms
-				<$> Annex.getGitConfig
-			unless (program `elem` l) $ do
-				let remotename = fromMaybe "(unknown)" (lookupName c)
-				giveup $ unwords
-					[ "Not auto-enabling compute special remote"
-					, remotename
-					, "because its compute program"
-					, program
-					, " is not listed in annex.security.autoenable-compute-programs"
-					]
-		_ -> noop
+		Init -> noop
+		_ -> unless (program `elem` allowedprograms) $ do
+			let remotename = fromMaybe "(unknown)" (lookupName c)
+			giveup $ unwords
+				[ "Not enabling compute special remote"
+				, remotename
+				, "because its compute program"
+				, program
+				, "is not listed in annex.security-allowed-compute-programs"
+				]
 	unlessM (liftIO $ inSearchPath program) $
 		giveup $ "Cannot find " ++ program ++ " in PATH"
 	u <- maybe (liftIO genUUID) return mu
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+* allow git-annex enableremote with program= explicitly specified,
+  without checking annex.security.allowed-compute-programs
+
 * need progress bars for computations and implement PROGRESS message

 * get input files for a computation (so `git-annex get .` gets every file,
--- a/Types/GitConfig.hs
+++ b/Types/GitConfig.hs
@ -146,7 +146,7 @@ data GitConfig = GitConfig
 	, annexAllowedUrlSchemes :: S.Set Scheme
 	, annexAllowedIPAddresses :: String
 	, annexAllowUnverifiedDownloads :: Bool
-	, annexAutoEnableComputePrograms :: Maybe String
+	, annexAllowedComputePrograms :: Maybe String
 	, annexMaxExtensionLength :: Maybe Int
 	, annexMaxExtensions :: Maybe Int
 	, annexJobs :: Concurrency
@ -262,8 +262,8 @@ extractGitConfig configsource r = GitConfig
 		getmaybe (annexConfig "security.allowed-http-addresses") -- old name
 	, annexAllowUnverifiedDownloads = (== Just "ACKTHPPT") $
 		getmaybe (annexConfig "security.allow-unverified-downloads")
-	, annexAutoEnableComputePrograms =
-		getmaybe (annexConfig "security.autoenable-compute-programs")
+	, annexAllowedComputePrograms =
+		getmaybe (annexConfig "security.allowed-compute-programs")
 	, annexMaxExtensionLength = getmayberead (annexConfig "maxextensionlength")
 	, annexMaxExtensions = getmayberead (annexConfig "maxextensions")
 	, annexJobs = fromMaybe NonConcurrent $ 
--- a/doc/git-annex.mdwn
+++ b/doc/git-annex.mdwn
@ -2201,12 +2201,12 @@ Remotes are configured using these settings in `.git/config`.

  Per-remote configuration of annex.security.allow-unverified-downloads.

-* `annex.security.autoenable-compute-programs`
+* `annex.security.allowed-compute-programs`

  This is a space separated list of compute programs eg
  "git-annex-compute-foo git-annex-compute-bar". Listing a compute
  program here allows compute special remotes that use that program to be
-  autoenabled.
+  enabled by `git-annex enableremote` or autoenabled.

 # CONFIGURATION OF ASSISTANT

--- a/doc/special_remotes/compute.mdwn
+++ b/doc/special_remotes/compute.mdwn
@ -15,11 +15,10 @@ program to use to compute the contents of annexed files. It must start with
 "git-annex-compute-". The program needs to be installed somewhere in the
 `PATH`.

-The `autoenable` parameter can be set to "true" like with other special
-remotes to make git-annex automatically enable this special remote when
-run in a new clone of the repository. However, for security, autoenabling
-is only done when the git config `annex.security.autoenable-compute-programs`
-includes the name of the compute program.
+Any program can be passed to `git-annex initremote`. However, when enabling
+a compute special remote later with `git-annex enableremote` or due to
+"autoenable=true", the program must be listed in the git config
+`annex.security.allowed-compute-programs`.

 All other "field=value" parameters passed to `initremote` will be passed
 to the program when running [[git-annex-addcomputed]]. Note that when the