diff --git a/Remote/Borg.hs b/Remote/Borg.hs index aefe616902..4e241eb4ac 100644 --- a/Remote/Borg.hs +++ b/Remote/Borg.hs @@ -50,6 +50,8 @@ remote = RemoteType (FieldDesc "(required) borg repository to use") , optionalStringParser subdirField (FieldDesc "limit to a subdirectory of the borg repository") + , yesNoParser appendonlyField (Just False) + (FieldDesc "you will not use borg to delete from the repository") ] , setup = borgSetup , exportSupported = exportUnsupported @@ -63,6 +65,9 @@ borgrepoField = Accepted "borgrepo" subdirField :: RemoteConfigField subdirField = Accepted "subdir" +appendonlyField :: RemoteConfigField +appendonlyField = Accepted "appendonly" + gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> RemoteStateHandle -> Annex (Maybe Remote) gen r u rc gc rs = do c <- parsedRemoteConfig remote rc @@ -108,7 +113,11 @@ gen r u rc gc rs = do , availability = if borgLocal borgrepo then LocallyAvailable else GloballyAvailable , readonly = False , appendonly = False - , untrustworthy = True + -- When the user sets the appendonly field, they are + -- promising not to delete content out from under git-annex + -- using borg, so the remote is not untrustworthy. + , untrustworthy = maybe True not $ + getRemoteConfigValue appendonlyField c , mkUnavailable = return Nothing , getInfo = return [("repo", borgrepo)] , claimUrl = Nothing diff --git a/doc/special_remotes/borg.mdwn b/doc/special_remotes/borg.mdwn index 7148012bee..d0cf2556dc 100644 --- a/doc/special_remotes/borg.mdwn +++ b/doc/special_remotes/borg.mdwn @@ -6,6 +6,13 @@ files in this special remote. You store files by using borg as usual, to back up the git-annex repository. Then `git-annex sync` will learn about the annexed files that are stored in the borg repository. +## setup example + + # borg init --encryption=keyfile /path/to/borgrepo + # git annex initremote borg type=borg borgrepo=/path/to/borgrepo + # borg create /path/to/borgrepo `pwd`::{now} + # git annex sync borg + ## configuration These parameters can be passed to `git annex initremote` to configure the @@ -22,9 +29,15 @@ remote: repository that belong to unrelated git-annex repositories. It can also make syncing faster. -## setup example +* `appendonly` - You could use borg to delete content from the + repository at any time, so this defaults to "no", which + makes the remote be untrusted. If you set to "yes", you must + take care to avoid using commands like `borg delete` and + `borg prune` with the borg repository. - # borg init --encryption=keyfile /path/to/borgrepo - # git annex initremote borg type=borg borgrepo=/path/to/borgrepo - # borg create /path/to/borgrepo `pwd`::{now} - # git annex sync borg +## avoid archive name reuse + +Borg repositories contain archives, and git-annex assumes that, once +created, the content of an archive does not change. So if you delete an +archive and then create a new archive with the same name, it will confuse +git-annex about what is contained in the borg repository. diff --git a/doc/todo/allow_overriding_untrust_of_import_remotes.mdwn b/doc/todo/allow_overriding_untrust_of_import_remotes.mdwn index 99d6009d52..f183ddd365 100644 --- a/doc/todo/allow_overriding_untrust_of_import_remotes.mdwn +++ b/doc/todo/allow_overriding_untrust_of_import_remotes.mdwn @@ -18,38 +18,11 @@ to trust it. Below is some docs I wrote for the borg special remote page, should be moved there when this gets fixed. --[[Joey]] -## trust levels, borg delete and borg prune +> There is Remote.appendonly, which prevents making import remotes +> untrusted. So if there were a way to set that for borg, it could +> be configured at initremote/enableremote time. But, +> Remote.Helper.ExportImport also assumes appendonly means that content can +> be accessed by Key, rather than by ImportLocation, which does not work +> for borg. -git-annex will by default treat the borg special remote as untrusted, so -will not trust it to continue to contain a [[copy|copies]] of any annexed -file. This is necessary because you could run `borg delete` or `borg prune` -and remove the copy from the borg repository. If you choose to set the -trust level of the borg repository to a higher level, you need to avoid -using such commands with that borg repository. - -Consider this example: - - git-annex add annexedfile - borg create /path/to/borgrepo `pwd`::foo - git-annex sync borg - git-annex semitrust borg - git-annex drop annexedfile - -Now the only copy of annexedfile is in the borg repository. - - borg create /path/to/borgrepo `pwd`::bar - borg delete /path/to/borgrepo::foo - git-annex sync borg - git-annex whereis annexedfile - -Now no copies of annexfile remain, because the "foo" archive -in the borg repository was the only one to contain it, and it was deleted. - -So either keep the borg special remote as untrusted, and use such borg -commands to delete old archives as needed, or avoid using `borg delete` -and `borg prune`, and then the remote can safely be made semitrusted or -trusted. - -Also, if you do choose to delete old archives, make sure to never reuse -that archive name for a new archive. git-annex may think it's the same -archive it saw before, and not notice the change. +>> [[done]] via Remote.untrustworthy --[[Joey]]