support annex.shared-sop-command for encryption=shared

This works well, and it interoperates with gpg in my testing (although some SOP commands might choose to use a profile that does not so caveat emptor). Note that for creating the Cipher, gpg --gen-random is still used. SOP does not have an eqivilant, and as long as the user has gpg around, which seems likely, it doesn't matter that it uses gpg here, it's not being used for encryption. That seemed better than implementing a second way to get high quality entropy, at least for now. The need for the sop command to run in an empty directory has each call to encrypt and decrypt creating a new temporary directory. That is some unncessary overhead, though probably swamped by the overhead of running the sop command. This could be improved in the future by passing an already empty directory to them, or a sufficiently empty directory (.git/annex/tmp would probably suffice). Sponsored-by: Brett Eisenberg on Patreon
2024-01-12 13:29:34 -04:00 · 2024-01-12 13:29:34 -04:00 · 7e69063a29
commit 7e69063a29
parent dd3e779020
7 changed files with 116 additions and 68 deletions
--- a/Remote/Helper/Chunked.hs
+++ b/Remote/Helper/Chunked.hs
@ -115,7 +115,7 @@ numChunks = pred . fromJust . fromKey keyChunkNum . fst . nextChunkKeyStream
 - writes a whole L.ByteString at a time.
 -}
 storeChunks
-	:: LensGpgEncParams encc
+	:: LensEncParams encc
 	=> UUID
 	-> ChunkConfig
 	-> EncKey
@ -250,7 +250,7 @@ removeChunks remover u chunkconfig encryptor k = do
 - Handles decrypting the content when encryption is used.
 -}
 retrieveChunks 
-	:: LensGpgEncParams encc
+	:: LensEncParams encc
 	=> Retriever
 	-> UUID
 	-> VerifyConfig
@ -391,7 +391,7 @@ retrieveChunks retriever u vc chunkconfig encryptor basek dest basep enc encc
 - into place. (And it may even already be in the right place..)
 -}
 writeRetrievedContent
-	:: LensGpgEncParams encc
+	:: LensEncParams encc
 	=> FilePath
 	-> Maybe (Cipher, EncKey)
 	-> encc