From 5c36177e58f74a8f240fb6f156b632bc486c18b3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 8 Aug 2024 14:43:53 -0400 Subject: [PATCH] proxied exporttree=yes remotes are untrustworthy This is not perfect because it does not handle versioned special remotes, which should not be untrustworthy, but now are when proxied. The implementation turned out to be easy, because the exporttree field is a default field, so is available in RemoteConfig even for git remotes. --- Remote/Git.hs | 3 ++- doc/todo/git-annex_proxies.mdwn | 19 ++----------------- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/Remote/Git.hs b/Remote/Git.hs index f59ef528b6..2fd85392b7 100644 --- a/Remote/Git.hs +++ b/Remote/Git.hs @@ -229,7 +229,8 @@ gen r u rc gc rs , gitconfig = gc , readonly = Git.repoIsHttp r && not (isP2PHttp' gc) , appendonly = False - , untrustworthy = False + , untrustworthy = isJust (remoteAnnexProxiedBy gc) + && exportTree c , availability = repoAvail r , remotetype = remote , mkUnavailable = unavailable r u rc gc rs diff --git a/doc/todo/git-annex_proxies.mdwn b/doc/todo/git-annex_proxies.mdwn index 082bbe0eac..87ed8b4907 100644 --- a/doc/todo/git-annex_proxies.mdwn +++ b/doc/todo/git-annex_proxies.mdwn @@ -33,23 +33,8 @@ Planned schedule of work: * Working on `exportreeplus` branch which is groundwork for proxying to exporttree=yes special remotes. Need to merge it to master. -* A proxied exporttree=yes special remote is not untrusted, and should be. - - This needs Remote.untrustworthy to be set when constucting a proxied - Remote that uses exporttree=yes. So will need to load the remote config - to see if it does. - - But, the proxy.log uses the UUID of a remote. There could be multiple - special remotes that share a UUID. Which config to load? Maybe load the - configs of them all and check if any has exporttree=yes. - Probably all ought to if any do. - - Alternatively, make annexobjects=yes remotes not untrusted. - This was considered in [[todo/exporttree_remotes_could_store_any_key]], - but didn't seem very feasible. - -* Also, versioned exports are not untrustworthy. But checking that would - need to construct a Remote using the special remote's config. +* Versioned exports are not untrustworthy. But checking that for a proxied + remote would need to construct a Remote using the special remote's config. For eg S3 (the only versioned one currently), that would need the S3 creds to be set in the environment.