mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
CI to automate build of cargo lockfiles on different Alpine releases for git-annex aports https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/community/git-annex
45396 commits 13 branches 442 tags 103 MiB
Find a file
Joey Hess bd5affa362
use hmac in balanced preferred content 
This deals with the possible security problem that someone could make an
unusually low UUID and generate keys that are all constructed to hash to
a number that, mod the number of repositories in the group, == 0.
So balanced preferred content would always put those keys in the
repository with the low UUID as long as the group contains the
number of repositories that the attacker anticipated.
Presumably the attacker than holds the data for ransom? Dunno.

Anyway, the partial solution is to use HMAC (sha256) with all the UUIDs
combined together as the "secret", and the key as the "message". Now any
change in the set of UUIDs in a group will invalidate the attacker's
constructed keys from hashing to anything in particular.

Given that there are plenty of other things someone can do if they can
write to the repository -- including modifying preferred content so only
their repository wants files, and numcopies so other repositories drom
them -- this seems like safeguard enough.

Note that, in balancedPicker, combineduuids is memoized.
2024-08-10 16:32:54 -04:00
Annex use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Assistant assistant: Fix a race condition that could cause a pointer file to get ingested into the annex 2024-07-02 12:25:30 -04:00
Backend avoid using dropWhileEnd 2024-05-28 10:27:36 -04:00
Build Merge branch 'master' into git-remote-annex 2024-05-10 14:20:36 -04:00
CmdLine balanced preferred content and --rebalance 2024-08-09 14:16:09 -04:00
Command proxied exporttree=yes versionedexport=yes remotes are not untrusted 2024-08-08 15:24:19 -04:00
Config
Database run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
debian Refresh standlone patch to avoid fuzz and offsets 2024-08-06 16:39:48 -04:00
doc use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Git cache credentials for p2phttp in memory 2024-07-23 18:45:02 -04:00
Limit
Logs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Messages
P2P catch ClientError from withClientM 2024-08-07 11:24:34 -04:00
Remote proxied importtree=yes remotes are untrustworthy 2024-08-08 15:26:02 -04:00
RemoteDaemon support a P2PConnection that uses TMVars rather than Handles 2024-06-28 11:22:29 -04:00
standalone disable servant build flag for i386ancient 2024-07-30 10:01:56 -04:00
static
templates
Test
Types use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Upgrade avoid partial functions 2024-07-30 11:28:44 -04:00
Utility use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
.appveyor.yml update stack.yaml to nightly-2024-07-29 and remove stack-lts-18.13.yaml 2024-07-29 20:09:37 -04:00
.codespellrc A few more of typo fixes/skip as detected with bleeding edge codespell 2024-05-01 20:06:08 -04:00
.ghci
.gitattributes
.gitignore ignore git-remote-annex 2024-05-06 13:13:39 -04:00
.mailmap ENH: add one more mailmap for yarikoptic 2024-06-03 13:00:45 -04:00
Annex.hs balanced preferred content and --rebalance 2024-08-09 14:16:09 -04:00
Assistant.hs
Author.hs
Backend.hs implement URL to VURL migration 2024-03-01 16:42:02 -04:00
bash-completion.bash
Benchmark.hs
BuildFlags.hs update servant build flag 2024-07-23 08:53:56 -04:00
BuildInfo.hs
CHANGELOG balanced preferred content and --rebalance 2024-08-09 14:16:09 -04:00
CmdLine.hs remove dead nodes when loading the cluster log 2024-06-16 14:39:44 -04:00
Command.hs Tab completion of many commands like info and trust now includes remotes 2024-06-30 12:39:18 -04:00
Common.hs
Config.hs proxying to exporttree=yes annexobjects=yes basically working 2024-08-06 14:21:23 -04:00
COPYRIGHT Added dependency on unbounded-delays 2024-02-27 13:11:59 -04:00
Creds.hs
Crypto.hs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
git-annex.cabal use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
git-annex.hs add git-remote-annex stub and build machinery 2024-05-06 13:05:58 -04:00
git-union-merge.hs
Git.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
Key.hs
Limit.hs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Logs.hs implement cluster.log 2024-06-13 16:00:58 -04:00
Makefile use cabal list-bin 2024-05-31 10:28:56 -04:00
Messages.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
NEWS
README
Remote.hs git-annex-shell: proxy nodes located beyond remote cluster gateways 2024-06-26 12:56:16 -04:00
Setup.hs
stack-lts-18.13.yaml very temporarily copy stack.yaml to stack-lts-18.13.yaml 2024-07-31 10:09:47 -04:00
stack.yaml deindent 2024-07-30 10:34:18 -04:00
Test.hs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Types.hs
Upgrade.hs

README 

git-annex allows managing large files with git, without storing the file
contents in git. It can sync, backup, and archive your data, offline
and online. Checksums and encryption keep your data safe and secure. Bring
the power and distributed nature of git to bear on your large files with
git-annex.

For documentation, see doc/ or <https://git-annex.branchable.com/>