autoenable security for compute special remote
Added annex.security.autoenable-compute-programs and only allow autoenabling special remotes that use compute programs on that list. The reason this is needed is a user might have some compute programs that are less safe to use than others. They might want to use an unsafe one only with one repository, where they are the only committer or other committers are trusted. They might be ok with others being used by any repository, and if so they can add them to the list. Another reason would be a user who has installed a compute program by accident. Eg, it might be included with git-annex at some point, or pulled in by some dependency. That user doesn't necessarily want that compute program to be used in an autoenabled special remote.
This commit is contained in:
Joey Hess
parent
89bfeada87
commit
f32d2aecce
6 changed files with 36 additions and 7 deletions
|
|
@ -26,13 +26,12 @@ For security, the program should avoid exposing user input to the shell
|
|||
unprotected, or otherwise executing it.
|
||||
|
||||
The program is run in a temporary directory, which will be cleaned up after
|
||||
it exits. Note that it may be run in a subdirectory of its temporary
|
||||
it exits. Note that it may be run in a subdirectory of a temporary
|
||||
directory. This is done when `git-annex addcomputed` was run in a subdirectory
|
||||
of the git repository.
|
||||
|
||||
The content of any annexed file in the repository can be an input
|
||||
to the computation. The program requests an input by writing a line to
|
||||
stdout:
|
||||
The content of any file in the repository can be an input to the
|
||||
computation. The program requests an input by writing a line to stdout:
|
||||
|
||||
INPUT file.raw
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue