From 6c890d62f6fff886e37dfa78b05a3bdb3b408550 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 15 Dec 2020 12:08:08 -0400 Subject: [PATCH] initremote: Prevent enabling encryption with exporttree=yes/importtree=yes I do think this was a reversion, but I have not tracked back to what version. While involving the remote config, it's not the same class of problems that I kept having to chase down for a while after the remote config parser reworking. --- CHANGELOG | 1 + Remote/Helper/Encryptable.hs | 9 +++++++++ Remote/Helper/ExportImport.hs | 4 ++-- ...e_with_export_and_import_allowed_with_encryption.mdwn | 2 ++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index c8aa120ea7..b91d58eaba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -22,6 +22,7 @@ git-annex (8.20201128) UNRELEASED; urgency=medium current directory, rather than the path from the top of the repository. * importfeed: Avoid using youtube-dl when a feed does not contain an enclosure, but only a link to an url which youtube-dl does not support. + * initremote: Prevent enabling encryption with exporttree=yes/importtree=yes. -- Joey Hess Mon, 30 Nov 2020 12:55:49 -0400 diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index 25980a937d..296f3836c7 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -20,6 +20,7 @@ module Remote.Helper.Encryptable ( cipherKey, extractCipher, isEncrypted, + encryptionIsEnabled, describeEncryption, encryptionField, highRandomQualityField @@ -282,6 +283,14 @@ extractCipher c = case (getRemoteConfigValue cipherField c, isEncrypted :: ParsedRemoteConfig -> Bool isEncrypted = isJust . extractCipher +-- Check if encryption is enabled. This can be done before encryption +-- is fully set up yet, so the cipher might not be present yet. +encryptionIsEnabled :: ParsedRemoteConfig -> Bool +encryptionIsEnabled c = case getRemoteConfigValue encryptionField c of + Nothing -> False + Just NoneEncryption -> False + Just _ -> True + describeEncryption :: ParsedRemoteConfig -> String describeEncryption c = case extractCipher c of Nothing -> "none" diff --git a/Remote/Helper/ExportImport.hs b/Remote/Helper/ExportImport.hs index 245b7a940f..27b63bab4d 100644 --- a/Remote/Helper/ExportImport.hs +++ b/Remote/Helper/ExportImport.hs @@ -14,7 +14,7 @@ import Types.Remote import Types.Key import Types.ProposedAccepted import Backend -import Remote.Helper.Encryptable (isEncrypted) +import Remote.Helper.Encryptable (encryptionIsEnabled) import qualified Database.Export as Export import qualified Database.ContentIdentifier as ContentIdentifier import Annex.Export @@ -83,7 +83,7 @@ adjustExportImportRemoteType rt = rt { setup = setup' } ifM (supported rt pc gc) ( case st of Init - | configured pc && isEncrypted pc -> + | configured pc && encryptionIsEnabled pc -> giveup $ "cannot enable both encryption and " ++ fromProposedAccepted configfield | otherwise -> cont Enable oldc -> do diff --git a/doc/bugs/initremote_with_export_and_import_allowed_with_encryption.mdwn b/doc/bugs/initremote_with_export_and_import_allowed_with_encryption.mdwn index ef3ac00a2f..8f1a6b0cd0 100644 --- a/doc/bugs/initremote_with_export_and_import_allowed_with_encryption.mdwn +++ b/doc/bugs/initremote_with_export_and_import_allowed_with_encryption.mdwn @@ -4,3 +4,5 @@ This should be rejected, but currently succeeds: There is code in adjustExportImportRemoteType, and I remember it used to work. --[[Joey]] + +> [[fixed|done]] --[[Joey]]