mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

prevent using git-remote-annex with unsuitable special remote configs

Browse source 
I hope to support importtree=yes eventually, but it does not currently
work.

Added remote.<name>.allow-encrypted-gitrepo that needs to be set to
allow using it with encrypted git repos.

Note that even encryption=pubkey uses a cipher stored in the git repo
to encrypt the keys stored in the remote. While it would be possible to
not encrypt the GITBUNDLE and GITMANIFEST keys, and then allow using
encryption=pubkey, it doesn't currently work, and that would be a
complication that I doubt is worth it.
This commit is contained in:
Joey Hess 2024-05-14 13:52:20 -04:00
parent 8bf6dab615
commit 6f1039900d
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
6 changed files with 63 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

17
CmdLine/GitRemoteAnnex.hs
View file

@ -23,6 +23,7 @@ import qualified Annex.SpecialRemote as SpecialRemote
import qualified Annex.Branch
import qualified Types.Remote as Remote
import qualified Logs.Remote
import Remote.Helper.Encryptable (parseEncryptionMethod)
import Annex.Transfer
import Backend.GitRemoteAnnex
import Config
@ -32,6 +33,7 @@ import Types.ProposedAccepted
import Types.Export
import Types.GitConfig
import Types.Difference
import Types.Crypto
import Git.Types
import Logs.Difference
import Annex.Init
@ -558,8 +560,21 @@ parseManifest b =
checkSpecialRemoteProblems :: Remote -> Maybe String
checkSpecialRemoteProblems rmt
| Remote.thirdPartyPopulated (Remote.remotetype rmt) =
Just "Cannot use this thirdparty-populated special remote as a git remote"
Just $ "Cannot use this thirdparty-populated special"
++ " remote as a git remote."
| importTree (Remote.config rmt) =
Just $ "Using importtree=yes special remotes as git remotes"
++ " is not yet supported."
| parseEncryptionMethod (unparsedRemoteConfig (Remote.config rmt)) /= Right NoneEncryption
&& not (remoteAnnexAllowEncryptedGitRepo (Remote.gitconfig rmt)) =
Just $ "Using an encrypted special remote as a git"
++ " remote makes it impossible to clone"
++ " from it. If you will never need to"
++ " clone from this remote, set: git config "
++ decodeBS allowencryptedgitrepo ++ " true"
| otherwise = Nothing
where
ConfigKey allowencryptedgitrepo = remoteAnnexConfig rmt "allow-encrypted-gitrepo"
-- Downloads the Manifest when present in the remote. When not present,
-- returns an empty Manifest.