annex.cachecreds: New config to allow disabling of credentials caching for special remotes.

Note that it does not prevent storing p2p access tokens or multicast
encryption keys, since those are not cached; the previous commit
established the distinction.

How well this works depends on how often getRemoteCredPair is called and
how expensive it is. In some cases setting this will result in an annoying
number of gpg password prompts and/or slowdowns due to reading creds
from the git-annex branch and decrypting, which could be improved by calling
getRemoteCredPair less often.

This commit was sponsored by Ilya Shlyakhter on Patreon.
This commit is contained in:
Joey Hess 2018-12-04 14:16:56 -04:00
parent e89bb4361b
commit ab7746a2ae
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
6 changed files with 61 additions and 2 deletions

View file

@ -139,9 +139,11 @@ getEnvCredPair storage = liftM2 (,)
where
(uenv, penv) = credPairEnvironment storage
{- Writes a cred pair to local cache, unless prevented by configuration. -}
writeCacheCredPair :: CredPair -> CredPairStorage -> Annex ()
writeCacheCredPair credpair storage =
writeCreds (encodeCredPair credpair) (credPairFile storage)
writeCacheCredPair credpair storage =
whenM (annexCacheCreds <$> Annex.getGitConfig) $
writeCreds (encodeCredPair credpair) (credPairFile storage)
readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
readCacheCredPair storage = maybe Nothing decodeCredPair