Commit graph

42030 commits

Author SHA1 Message Date
yarikoptic
63b65d25b5 Added a comment 2022-05-24 21:05:03 +00:00
yarikoptic
2ad21be338 Added a comment 2022-05-24 20:35:58 +00:00
jkniiv
9109e154c9 Added a comment 2022-05-24 02:46:17 +00:00
jkniiv
fd03ce3984 Added a comment 2022-05-23 19:41:27 +00:00
Joey Hess
85f9193167
fix git-annex test -p
test: When limiting tests to run with -p, work around tasty limitation by
automatically including dependent tests.

This fixes a reversion because it didn't used to use dependencies and
forced tasty to run the init tests first. That changed when parallelizing
the test suite.

It will sometimes do a little more work than strictly required,
because it adds init tests deps when limited to eg quickcheck tests,
which don't depend on them. But this only adds a few seconds work.

Sponsored-by: Dartmouth College's Datalad project
2022-05-23 14:24:54 -04:00
Joey Hess
478ed28f98
revert windows-specific locking changes that broke tests
This reverts windows-specific parts of 5a98f2d509
There were no code paths in common between windows and unix, so this
will return Windows to the old behavior.

The problem that the commit talks about has to do with multiple different
locations where git-annex can store annex object files, but that is not
too relevant to Windows anyway, because on windows the filesystem is always
treated as criplled and/or symlinks are not supported, so it will only
use one object location. It would need to be using a repo populated
in another OS to have the other object location in use probably.
Then a drop and get could possibly lead to a dangling lock file.

And, I was not able to actually reproduce that situation happening
before making that commit, even when I forced a race. So making these
changes on windows was just begging trouble..

I suspect that the change that caused the reversion is in
Annex/Content/Presence.hs. It checks if the content file exists,
and then called modifyContentDirWhenExists, which seems like it would
not fail, but if something deleted the content file at that point,
that call would fail. Which would result in an exception being thrown,
which should not normally happen from a call to inAnnexSafe. That was a
windows-specific change; the unix side did not have an equivilant
change.

Sponsored-by: Dartmouth College's Datalad project
2022-05-23 13:21:26 -04:00
Joey Hess
0aeb6e85f5
Merge branch 'master' of ssh://git-annex.branchable.com 2022-05-23 12:56:48 -04:00
Joey Hess
63624c40a0
fix typo in comment 2022-05-23 12:53:55 -04:00
jkniiv
99964a6ca8 some of the test log output I should've added; formatting 2022-05-23 13:58:43 +00:00
jkniiv
d15ac38fc1 bug: commit 5a98f2d50 causes two failures to appear in repo tests on Windows 2022-05-22 07:52:54 +00:00
Joey Hess
ac113c1a9e
Merge branch 'master' of ssh://git-annex.branchable.com 2022-05-20 14:40:31 -04:00
Joey Hess
af0d854460
deal with git's changes for CVE-2022-24765
Deal with git's recent changes to fix CVE-2022-24765, which prevent using
git in a repository owned by someone else.

That makes git config --list not list the repo's configs, only global
configs. So annex.uuid and annex.version are not visible to git-annex.
It displayed a message about that, which is not right for this situation.
Detect the situation and display a better message, similar to the one other
git commands display.

Also, git-annex init when run in that situation would overwrite annex.uuid
with a new one, since it couldn't see the old one. Add a check to prevent
it running too in this situation. It may be that this fix has security
implications, if a config set by the malicious user who owns the repo
causes git or git-annex to run code. I don't think any git-annex configs
get run by git-annex init. It may be that some git config of a command
does get run by one of the git commands that git-annex init runs. ("git
status" is the command that prompted the CVE-2022-24765, since
core.fsmonitor can cause it to run a command). Since I don't know how
to exploit this, I'm not treating it as a security fix for now.

Note that passing --git-dir makes git bypass the security check. git-annex
does pass --git-dir to most calls to git, which it does to avoid needing
chdir to the directory containing a git repository when accessing a remote.
So, it's possible that somewhere in git-annex it gets as far as running git
with --git-dir, and git reads some configs that are unsafe (what
CVE-2022-24765 is about). This seems unlikely, it would have to be part of
git-annex that runs in git repositories that have no (visible) annex.uuid,
and git-annex init is the only one that I can think of that then goes on to
run git, as discussed earlier. But I've not fully ruled out there being
others..

The git developers seem mostly worried about "git status" or a similar
command implicitly run by a shell prompt, not an explicit use of git in
such a repository. For example, Ævar Arnfjörð Bjarma wrote:
> * There are other bits of config that also point to executable things,
>   e.g. core.editor, aliases etc, but nothing has been found yet that
>   provides the "at a distance" effect that the core.fsmonitor vector
>   does.
>
>   I.e. a user is unlikely to go to /tmp/some-crap/here and run "git
>   commit", but they (or their shell prompt) might run "git status", and
>   if you have a /tmp/.git ...

Sponsored-by: Jarkko Kniivilä on Patreon
2022-05-20 14:38:27 -04:00
nick.guenther@e418ed3c763dff37995c2ed5da4232a7c6cee0a9
a42e76d89f Added a comment 2022-05-20 18:09:45 +00:00
Joey Hess
7f28f41c37
response 2022-05-20 13:17:44 -04:00
Joey Hess
70f25ad757
comment 2022-05-18 17:01:33 -04:00
Joey Hess
bf2e38c3d7
Merge branch 'master' of ssh://git-annex.branchable.com 2022-05-18 16:52:33 -04:00
Joey Hess
296134f15d
comment 2022-05-18 16:49:38 -04:00
Joey Hess
ec42433e55
datalad metadata 2022-05-18 16:49:27 -04:00
Joey Hess
233a0b9b71
remove git-annex test runner segfault workarounds
Those segfaults were caused by setEnv, which should have been fixed by
commits 79017c612e16653d00253f6862b925b287102624 and
ebb76f0486.

Sponsored-by: Dartmouth College's Datalad project
2022-05-18 16:45:27 -04:00
Joey Hess
1cacfd1b19
avoid setEnv in test framework when tasty is running
setEnv is not thread safe and could cause a getEnv by another thread to
segfault, or perhaps other had behavior. This is particularly a problem
when using tasty, because tasty runs the test in a thread, and a getEnv
in another thread.

The use of top-level TMVars is ugly, but ok because only 1 test actually
runs at a time per process. Because it has to chdir into the test repo.

The setEnv that remains happens before tasty is running.

Sponsored-by: Dartmouth College's Datalad project
2022-05-18 16:45:20 -04:00
Joey Hess
ebb76f0486
avoid setEnv while testing gpg
setEnv is not thread safe and could cause a getEnv by another thread to
segfault, or perhaps other had behavior.

Sponsored-by: Dartmouth College's Datalad project
2022-05-18 16:05:11 -04:00
yarikoptic
4e179deb65 get got stuck 2022-05-18 19:48:07 +00:00
Joey Hess
4ba7a97d8c
add comment I made earlier 2022-05-18 14:57:27 -04:00
Joey Hess
6bf09a38ed
comment and open a todo 2022-05-18 14:57:14 -04:00
yarikoptic
969d499a50 initial report on stuck conflict resolution (adjusted branch) 2022-05-17 12:40:56 +00:00
MatusGoljer1
4912edda9a Added a comment 2022-05-16 23:37:55 +00:00
Joey Hess
12119d8bfe
Merge branch 'master' of ssh://git-annex.branchable.com 2022-05-16 15:38:22 -04:00
Joey Hess
aa414d97c9
make fsck normalize object locations
The purpose of this is to fix situations where the annex object file is
stored in a directory structure other than where annex symlinks point to.

But it will also move object files from the hashdirmixed back to
hashdirlower if the repo configuration makes that the normal location.
It would have been more work to avoid that than to let it do it.

Sponsored-by: Dartmouth College's Datalad project
2022-05-16 15:38:06 -04:00
Joey Hess
6b5029db29
fix hardcoding of number of hash directories
It can be changed to 1 via a tuning, rather than the 2 this assumed. So
it would have tried to rmdir .git/annex/objects in that case, which
would not hurt anything, but is not what it is supposed to do.

Sponsored-by: Dartmouth College's Datalad project
2022-05-16 15:08:42 -04:00
Joey Hess
5a98f2d509
avoid creating content directory when locking content
If the content directory does not exist, then it does not make sense to
lock the content file, as it also does not exist, and so it's ok for the
lock operation to fail.

This avoids potential races where the content file exists but is then
deleted/renamed, while another process sees that it exists and goes to
lock it, resulting in a dangling lock file in an otherwise empty object
directory.

Also renamed modifyContent to modifyContentDir since it is not only
necessarily used for modifying content files, but also other files in
the content directory.

Sponsored-by: Dartmouth College's Datalad project
2022-05-16 12:34:56 -04:00
nick.guenther@e418ed3c763dff37995c2ed5da4232a7c6cee0a9
514f50e5be Added a comment: How to disable lockdown in bare repos? 2022-05-15 21:30:50 +00:00
wzhd
6b4a0fa74c Added a comment: Using fuse 2022-05-14 03:10:18 +00:00
yarikoptic
5079891302 Added a comment: shell helper 2022-05-13 16:51:23 +00:00
yarikoptic
e37dddbacb Added a comment 2022-05-13 15:12:29 +00:00
Joey Hess
b6c7819803
thoughts 2022-05-10 14:17:29 -04:00
Joey Hess
c5b5fd364a
thoughts 2022-05-10 14:14:41 -04:00
Joey Hess
997e96ef5e
thoughts 2022-05-10 13:25:38 -04:00
Joey Hess
3b83224e57
followup 2022-05-09 16:10:31 -04:00
Joey Hess
136ad17b94
Merge branch 'master' of ssh://git-annex.branchable.com 2022-05-09 15:54:07 -04:00
Joey Hess
54809e9eb3
fix untrustworthiness of import/export remotes
Commit 36133f27c0 had a boolean flip in it,
aaargh.

Special remotes with importtree=yes or exporttree=yes are once again
treated as untrusted, since files stored in them can be deleted or modified
at any time.

Sponsored-by: Kevin Mueller on Patreon
2022-05-09 15:53:23 -04:00
Joey Hess
e8a601aa24
incremental verification for retrieval from import remotes
Sponsored-by: Dartmouth College's Datalad project
2022-05-09 15:39:43 -04:00
Ilya_Shlyakhter
d39b92c71c Added a comment: interaction of out-of-tree symlinks with exporttree 2022-05-09 19:21:15 +00:00
lh
8b88dcf961 Added a comment 2022-05-09 19:18:01 +00:00
yarikoptic
dfc3bf4daa Added a comment: hm... 2022-05-09 19:10:10 +00:00
Joey Hess
2f2701137d
incremental verification for retrieval from all export remotes
Only for export remotes so far, not export/import.

Sponsored-by: Dartmouth College's Datalad project
2022-05-09 13:49:33 -04:00
Joey Hess
90950a37e5
support incremental verification when retrieving from export/import remotes
None of the special remotes do it yet, but this lays the groundwork.

Added MustFinishIncompleteVerify so that, when an incremental verify is
started but not complete, it can be forced to finish it. Otherwise, it
would have skipped doing it when verification is disabled, but
verification must always be done when retrievin from export remotes
since files can be modified during retrieval.

Note that retrieveExportWithContentIdentifier doesn't support incremental
verification yet. And I'm not sure if it can -- it doesn't know the Key
before it downloads the content. It seems a new API call would need to
be split out of that, which is provided with the key.

Sponsored-by: Dartmouth College's Datalad project
2022-05-09 12:25:04 -04:00
Joey Hess
52b768db45
datalad metadata 2022-05-09 11:32:29 -04:00
Joey Hess
7d25d510e8
comment 2022-05-09 11:31:00 -04:00
Joey Hess
35a2f95ff9
comment 2022-05-09 11:19:34 -04:00
Joey Hess
09c94c3a96
comment 2022-05-09 11:10:35 -04:00