diff --git a/CHANGELOG b/CHANGELOG index 9006934c42..ff2fa9adbb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,8 @@ git-annex (8.20201130) UNRELEASED; urgency=medium * Behavior change: When numcopies is set to 0, git-annex used to drop content without requiring any copies. Now to get that (highly unsafe) behavior, mincopies also needs to be set to 0. + * Behavior change: git-annex trust now needs --force, since unconsidered + use of trusted repositories can lead to data loss. * add: Significantly speed up adding lots of non-large files to git, by disabling the annex smudge filter when running git add. * add --force-small: Run git add rather than updating the index itself, diff --git a/Command/Trust.hs b/Command/Trust.hs index b056c566ec..9eb538de82 100644 --- a/Command/Trust.hs +++ b/Command/Trust.hs @@ -1,6 +1,6 @@ {- git-annex command - - - Copyright 2010, 2014 Joey Hess + - Copyright 2010-2021 Joey Hess - - Licensed under the GNU AGPL version 3 or higher. -} @@ -9,6 +9,7 @@ module Command.Trust where import Command import qualified Remote +import qualified Annex import Types.TrustLevel import Logs.Trust import Logs.Group @@ -29,8 +30,11 @@ trustCommand c level = withWords (commandAction . start) let name = unwords ws u <- Remote.nameToUUID name let si = SeekInput ws - starting c (ActionItemOther (Just name)) si (perform u) - perform uuid = do + starting c (ActionItemOther (Just name)) si (perform name u) + perform name uuid = do + when (level >= Trusted) $ + unlessM (Annex.getState Annex.force) $ + giveup $ trustedNeedsForce name trustSet uuid level when (level == DeadTrusted) $ groupSet uuid S.empty @@ -38,3 +42,14 @@ trustCommand c level = withWords (commandAction . start) when (l /= level) $ warning $ "This remote's trust level is overridden to " ++ showTrustLevel l ++ "." next $ return True + +trustedNeedsForce :: String -> String +trustedNeedsForce name = unlines + [ "Trusting a repository can lead to data loss." + , "" + , "If you're sure you know what you're doing, use --force to" + , "make this take effect." + , "" + , "If you choose to do so, bear in mind that any time you drop" + , "content from " ++ name ++ ", you will risk losing data." + ] diff --git a/doc/git-annex-trust.mdwn b/doc/git-annex-trust.mdwn index d8adbba0b0..f29ced7ed6 100644 --- a/doc/git-annex-trust.mdwn +++ b/doc/git-annex-trust.mdwn @@ -14,6 +14,13 @@ content. Use with care. Repositories can be specified using their remote name, their description, or their UUID. To trust the current repository, use "here". +Before trusting a repository, consider this scenario. Repository A +is trusted and B is not; both contain the same content. `git-annex drop` +is run on repository A, which checks that B still contains the content, +and so the drop proceeds. Then `git-annex drop` is run on repository B, +which trusts A to still contain the content, so the drop succeeds. Now +the content has been lost. + # SEE ALSO [[git-annex]](1)