prevent using git-remote-annex with unsuitable special remote configs

I hope to support importtree=yes eventually, but it does not currently
work.

Added remote.<name>.allow-encrypted-gitrepo that needs to be set to
allow using it with encrypted git repos.

Note that even encryption=pubkey uses a cipher stored in the git repo
to encrypt the keys stored in the remote. While it would be possible to
not encrypt the GITBUNDLE and GITMANIFEST keys, and then allow using
encryption=pubkey, it doesn't currently work, and that would be a
complication that I doubt is worth it.
This commit is contained in:
Joey Hess 2024-05-14 13:52:20 -04:00
parent 8bf6dab615
commit 6f1039900d
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
6 changed files with 63 additions and 39 deletions

View file

@ -14,6 +14,7 @@ module Remote.Helper.Encryptable (
encryptionAlreadySetup,
encryptionConfigParsers,
parseEncryptionConfig,
parseEncryptionMethod,
remoteCipher,
remoteCipher',
embedCreds,
@ -85,7 +86,7 @@ encryptionFieldParser :: RemoteConfigFieldParser
encryptionFieldParser = RemoteConfigFieldParser
{ parserForField = encryptionField
, valueParser = \v c -> Just . RemoteConfigValue
<$> parseEncryptionMethod (fmap fromProposedAccepted v) c
<$> parseEncryptionMethod' v c
, fieldDesc = FieldDesc "how to encrypt data stored in the special remote"
, valueDesc = Just $ ValueDesc $
intercalate " or " (M.keys encryptionMethods)
@ -100,14 +101,18 @@ encryptionMethods = M.fromList
, ("sharedpubkey", SharedPubKeyEncryption)
]
parseEncryptionMethod :: Maybe String -> RemoteConfig -> Either String EncryptionMethod
parseEncryptionMethod (Just s) _ = case M.lookup s encryptionMethods of
Just em -> Right em
Nothing -> Left badEncryptionMethod
parseEncryptionMethod :: RemoteConfig -> Either String EncryptionMethod
parseEncryptionMethod c = parseEncryptionMethod' (M.lookup encryptionField c) c
parseEncryptionMethod' :: Maybe (ProposedAccepted String) -> RemoteConfig -> Either String EncryptionMethod
parseEncryptionMethod' (Just s) _ =
case M.lookup (fromProposedAccepted s) encryptionMethods of
Just em -> Right em
Nothing -> Left badEncryptionMethod
-- Hybrid encryption is the default when a keyid is specified without
-- an encryption field, or when there's a cipher already but no encryption
-- field.
parseEncryptionMethod Nothing c
parseEncryptionMethod' Nothing c
| M.member (Accepted "keyid") c || M.member cipherField c = Right HybridEncryption
| otherwise = Left badEncryptionMethod
@ -162,7 +167,7 @@ encryptionSetup c gc = do
maybe (genCipher pc gpgcmd) (updateCipher pc gpgcmd) (extractCipher pc)
where
-- The type of encryption
encryption = parseEncryptionMethod (fromProposedAccepted <$> M.lookup encryptionField c) c
encryption = parseEncryptionMethod c
-- Generate a new cipher, depending on the chosen encryption scheme
genCipher pc gpgcmd = case encryption of
Right NoneEncryption -> return (c, NoEncryption)