diff --git a/doc/design/importing_trees_from_special_remotes.mdwn b/doc/design/importing_trees_from_special_remotes.mdwn index 1c70be01cc..3a1db625d2 100644 --- a/doc/design/importing_trees_from_special_remotes.mdwn +++ b/doc/design/importing_trees_from_special_remotes.mdwn @@ -231,6 +231,12 @@ remote, when it supports storing multiple versions of files. Since it returns a history tree of lists of files, it can represent anything from a linear history to a full branching version control history. +Note that listContents does not need to worry about generating an +ExportLocation that contains a ".." attack or an absolute path or other +such mischief. Since a git tree is built from the ExportLocations, and is +merged the same as a tree pulled from a regular git remote is, +git's usual safety measures avoid such attacks. + retrieveExportWithContentIdentifier is used when downloading a new file from the remote that listContents found. retrieveExport can't be used because it has a Key parameter and the key is not yet known in this case. diff --git a/doc/todo/import_tree.mdwn b/doc/todo/import_tree.mdwn index 5a07085ec5..32cfeebcb8 100644 --- a/doc/todo/import_tree.mdwn +++ b/doc/todo/import_tree.mdwn @@ -10,13 +10,8 @@ this. ## implementation notes -* After adding a new file with different content to local and remote, then - importing and resolving the merge conflict, exporting the resolution - fails. It seems it's lost the old CID for the remote's content. - - Hmm, can't reproduce that now, I may have been confused? - -* getknowncids should run "updateexportdb exportdb exportdbv", +* getknowncids should run "updateexportdb exportdb exportdbv" + to make sure it sees the most current data, but that leads to a STM deadlock for some reason? * Need to support annex-tracking-branch configuration, which documentation @@ -30,10 +25,19 @@ this. It will only need to be updated when listContents returns a ContentIdentifier that is not already known in the database. + How to do the update: Stash the ref of the last git-annex branch it's + updated from in the database. Diff between that ref and the current + git-annex branch. For each file in the diff that's a .cid file, read + the file from the branch, and store into the database. + Update the stashed ref. + * When on an adjusted unlocked branch, need to import the files unlocked. Also, the tracking branch code needs to know about such branches, currently it will generate the wrong tracking branch. + The test case for `export_import` currently has a line commented out + that fails on adjusted unlocked branches. + * What if the remote lists importable filenames that are absolute paths, or contain a "../" attack? Does git already guard against merging such trees?