Merge branch 'master' of ssh://git-annex.branchable.com

This commit is contained in:
Joey Hess 2012-11-04 16:03:25 -04:00
commit b528218b0c
6 changed files with 90 additions and 0 deletions

View file

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.152.108.194"
subject="comment 1"
date="2012-11-04T20:01:35Z"
content="""
Are you using the git-annex assistant? It's supposed to have code in it to prevent it from using dead remotes. Perhaps that is not working.
When not using the git-annex assistant, nothing prevents git-annex from trying to continue to use dead remotes. I think this is ok; maybe the dead remote is not 100% dead yet; if it is, the remote can be removed from git's configuration to prevent it being used of course.
"""]]

View file

@ -0,0 +1,18 @@
What steps will reproduce the problem?
try to unlock a file in a git annex checkout
What is the expected output? What do you see instead?
% git annex unlock FILENAME
unlock FILENAME (copying...) cp: illegal option -- -
usage: cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file target_file
cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file ... target_directory
git-annex: copy failed!
(should unlock the file)
What version of git-annex are you using? On what operating system?
latest git annex osx build as of yesterday (12-11-03)

View file

@ -0,0 +1,25 @@
Is there a way to restrict git-annex-shell to a specific directory?
Currently, if git-annex is paired to a remote repository, it adds this to the authorized_keys:
$ cat ~/.ssh/authorized_keys
command="~/.ssh/git-annex-shell",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3...
$ cat ~/.ssh/git-annex-shell
#!/bin/sh
set -e
exec git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
That gives whoever has the pubkey the right to access all repositories of one user.
It would be nice to have a manual way to limit the access to a specific repository like
$ cat ~/.ssh/git-annex-shell
#!/bin/sh
set -e
export GIT_ANNEX_SHELL_REPO=~/annex
exec git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
Or maybe some chroot hackery is the way to go?

View file

@ -0,0 +1,15 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.152.108.194"
subject="comment 3"
date="2012-11-04T19:44:11Z"
content="""
You need two things:
1. A special remote in the cloud. S3, or rsync.net, or whatever.
2. A git repository hosted in the cloud. You could just use github (paying them if you want to avoid it being public).
Is it possible to have an encrypted git remote repository? It's not directly supported by git. The way git needs to be able to request arbitrary objects by SHA, kind of prevents encrypting things to any useful level. The only way I can think of to do that would be to use some cloud storage that can be mounted as a filesystem, and store an encrypted filesystem containing the git repo in a file inside that. Not easy.
The git-annex assistant is going to get around this by not requiring a central git repository and transferring git data peer-to-peer, but that will require both the peers be on the network at the same time.
"""]]

View file

@ -0,0 +1,12 @@
[[!comment format=mdwn
username="http://christian.amsuess.com/chrysn"
nickname="chrysn"
subject="worked well"
date="2012-11-04T12:23:56Z"
content="""
the procedure i outlined originally worked well for me; the method chosen for reinjection was moving over the .git/annex/objects directory and doing a ``git annex fsck``.
special care had to be taken of the special remote (rsync+gpg) -- i guess that's why they are called special ;-) . as described in the forum post you linked, i had to copy over remote.log and the uuid.log line from the old git-annex branch -- otherwise, a ``git annex initremote`` would have generated a new hmac, effectively resetting the remote repo.
the formerly 5gb git-annex branch (admittedly not ``git gc``'d recently, but that just wasn't feasible any more) shrunk down to around 25mb of current location information. i'll keep an eye on how it's growing to see if the problem is inherent or if it was just old bugs causing trouble.
"""]]

View file

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="4.152.108.194"
subject="comment 3"
date="2012-11-04T19:58:28Z"
content="""
I'm not at all comfortable with either idea. Temporarily repointing the symlink could lead to accidentially git committing a bad symlink. Or the user accidentially doing something with a partially transferred file. Running rsync in place would break lots of things that assume that, once the file is present, it can be assumed to be the full and correct file. (Obviously fsck doesn't assume that, but checks made by `git annex drop` do, for example.)
However, you can access partially transferred files by key in `.git/annex/tmp`. It would be easy to write some hack that looks at the symlink to get the key, and then spits out the name of the partial file in `.git/annex/tmp.`.
"""]]