mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

reject an insecure configuration

Browse source 
A user might expect onlyencryptcreds=yes to do some useful encryption of
the creds despite using encryption=shared. Prevent them from thinking
they have somehow secured the creds in their repository in that case.

Also reject onlyencryptcreds=yes encryption=none in case the user
somehow thinks there is creds-only encryption going on in that case.

Sponsored-by: Graham Spencer
This commit is contained in:
Joey Hess 2025-08-22 13:35:33 -04:00
commit 640bc43c38
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Remote/Helper/Encryptable.hs
View file

@ -166,6 +166,10 @@ parseMac (Just (Proposed s)) = case readMac s of
encryptionSetup :: SetupStage -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, EncryptionIsSetup)
encryptionSetup setupstage c gc = do
pc <- either giveup return $ parseEncryptionConfig c
when (onlyEncryptCreds pc && encryption == Right SharedEncryption) $
giveup "There is no security benefit to using onlyencryptcreds=yes with encryption=shared"
when (onlyEncryptCreds pc && encryption == Right NoneEncryption) $
giveup "There is no security benefit to using onlyencryptcreds=yes with encryption=none"
checkallowedchange pc
gpgcmd <- gpgCmd <$> Annex.getGitConfig
maybe (genCipher pc gpgcmd) (updateCipher pc gpgcmd) (extractCipher pc)