Behavior change: git-annex trust now needs --force

Since unconsidered use of trusted repositories can lead to data loss.

Trusted has always been this way, but it used to be acceptable for
git-annex to be set up so that data could be lost without using --force,
and most or all other ways that can happen have already been eliminated.

This commit was sponsored by Mark Reidenbach on Patreon.
This commit is contained in:
Joey Hess 2021-01-07 09:59:52 -04:00
parent f354697648
commit 6a0030a110
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
3 changed files with 27 additions and 3 deletions

View file

@ -1,6 +1,6 @@
{- git-annex command
-
- Copyright 2010, 2014 Joey Hess <id@joeyh.name>
- Copyright 2010-2021 Joey Hess <id@joeyh.name>
-
- Licensed under the GNU AGPL version 3 or higher.
-}
@ -9,6 +9,7 @@ module Command.Trust where
import Command
import qualified Remote
import qualified Annex
import Types.TrustLevel
import Logs.Trust
import Logs.Group
@ -29,8 +30,11 @@ trustCommand c level = withWords (commandAction . start)
let name = unwords ws
u <- Remote.nameToUUID name
let si = SeekInput ws
starting c (ActionItemOther (Just name)) si (perform u)
perform uuid = do
starting c (ActionItemOther (Just name)) si (perform name u)
perform name uuid = do
when (level >= Trusted) $
unlessM (Annex.getState Annex.force) $
giveup $ trustedNeedsForce name
trustSet uuid level
when (level == DeadTrusted) $
groupSet uuid S.empty
@ -38,3 +42,14 @@ trustCommand c level = withWords (commandAction . start)
when (l /= level) $
warning $ "This remote's trust level is overridden to " ++ showTrustLevel l ++ "."
next $ return True
trustedNeedsForce :: String -> String
trustedNeedsForce name = unlines
[ "Trusting a repository can lead to data loss."
, ""
, "If you're sure you know what you're doing, use --force to"
, "make this take effect."
, ""
, "If you choose to do so, bear in mind that any time you drop"
, "content from " ++ name ++ ", you will risk losing data."
]