diff --git a/Annex/Content.hs b/Annex/Content.hs index 316f05be0a..7cd2fb561a 100644 --- a/Annex/Content.hs +++ b/Annex/Content.hs @@ -377,6 +377,7 @@ removeAnnex :: Key -> Annex () removeAnnex key = withObjectLoc key remove removedirect where remove file = cleanObjectLoc key $ do + secureErase file liftIO $ nukeFile file removeInodeCache key removedirect fs = do @@ -389,8 +390,19 @@ removeAnnex key = withObjectLoc key remove removedirect cwd <- liftIO getCurrentDirectory let top' = fromMaybe top $ absNormPath cwd top let l' = relPathDirToFile top' (fromMaybe l $ absNormPath top' l) + secureErase f replaceFile f $ makeAnnexLink l' +{- Runs the secure erase command if set, otherwise does nothing. + - File may or may not be deleted at the end; caller is responsible for + - making sure it's deleted. -} +secureErase :: FilePath -> Annex () +secureErase file = maybe noop go =<< annexSecureEraseCommand <$> Annex.getGitConfig + where + go basecmd = void $ liftIO $ + boolSystem "sh" [Param "-c", Param $ gencmd basecmd] + gencmd = massReplace [ ("%file", shellEscape file) ] + {- Moves a key's file out of .git/annex/objects/ -} fromAnnex :: Key -> FilePath -> Annex () fromAnnex key dest = cleanObjectLoc key $ do diff --git a/Types/GitConfig.hs b/Types/GitConfig.hs index 148d73b93d..fa0fdc65a4 100644 --- a/Types/GitConfig.hs +++ b/Types/GitConfig.hs @@ -48,6 +48,7 @@ data GitConfig = GitConfig , annexFsckNudge :: Bool , annexAutoUpgrade :: AutoUpgrade , annexExpireUnused :: Maybe (Maybe Duration) + , annexSecureEraseCommand :: Maybe String , coreSymlinks :: Bool , gcryptId :: Maybe String } @@ -79,6 +80,7 @@ extractGitConfig r = GitConfig , annexAutoUpgrade = toAutoUpgrade $ getmaybe (annex "autoupgrade") , annexExpireUnused = maybe Nothing Just . parseDuration <$> getmaybe (annex "expireunused") + , annexSecureEraseCommand = getmaybe (annex "secure-erase-command") , coreSymlinks = getbool "core.symlinks" True , gcryptId = getmaybe "core.gcrypt-id" } diff --git a/debian/changelog b/debian/changelog index 02624414f4..f5a4605452 100644 --- a/debian/changelog +++ b/debian/changelog @@ -29,6 +29,7 @@ git-annex (5.20140118) UNRELEASED; urgency=medium contents when a lot of them seem to be piling up in the repository. * repair: Check git version at run time. * assistant: Run the periodic git gc in batch mode. + * added annex.secure-erase-command config option. * test suite: Use tasty-rerun, and expose tasty command-line options. -- Joey Hess Sat, 18 Jan 2014 11:54:17 -0400 diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index 3e239f7d6e..59a322e38a 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -1427,8 +1427,16 @@ Here are all the supported configuration settings. In the command line, %url is replaced with the url to download, and %file is replaced with the file that it should be saved to. - Note that both these values will automatically be quoted, since - the command is run in a shell. + +* `annex.secure-erase-command` + + This can be set to a command that should be run whenever git-annex + removes the content of a file from the repository. + + In the command line, %file is replaced with the file that should be + erased. + + For example, to use the wipe command, set it to `wipe -f %file` * `remote..rsyncurl`