diff options
| author |  joern.mankiewicz@06fb5bc9b732f143dee3606866362f562531310d <joernmankiewicz@web> | 2017-03-22 14:45:11 +0000 |
|---|---|---|
| committer |  admin <admin@branchable.com> | 2017-03-22 14:45:11 +0000 |
| commit | 8f877c4d1856d512467f1257c94582ebc4decfa3 (patch) | |
| tree | f7a0914b947c14dbbe6e7e7dc0f453e15aa22a0b | |
| parent | 93b7cceb0f193b8a5d44ffc42ecbb858efbec3f6 (diff) | |
| -rw-r--r-- | doc/bugs/git_annex_enableremote_ignoring_encryption_changes.mdwn | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/doc/bugs/git_annex_enableremote_ignoring_encryption_changes.mdwn b/doc/bugs/git_annex_enableremote_ignoring_encryption_changes.mdwn new file mode 100644 index 000000000..e73b2ce8f --- /dev/null +++ b/doc/bugs/git_annex_enableremote_ignoring_encryption_changes.mdwn @@ -0,0 +1,118 @@ +### Please describe the problem. + +Git-Annex enableremote ignores encryption changes to a hybrid-cypher gcrypt remote. So it is not possible to add or remove keys. + + +### What steps will reproduce the problem? + +Having a bare repo prepared do: + + git annex initremote $remotename type=gcrypt encryption=hybrid gitrepo=ssh://giessen@magierenklave.de/annex/test keyid=$myfirstkey + initremote $remotename (encryption setup) (to gpg keys: $myfirstkey) $user@$hosts's password: + (...) + git annex sync $remotename + (...) + git annex info $remotename + (...) + uuid: $remoteuuid + (...) + encryption: hybrid (to gpg keys: $myfirstkey) + (...) + git config --get remote.$remotename.gcrypt-participants + $myfirstkey + +So far, so good. Now we try adding another key + + git annex enableremote $remotename keyid+=$mysecondkey + enableremote $remotename ok + +The command returns instantly, no interaction with the remote. + + git annex sync $remotename + (...) + git annex info $remotename + (...) + uuid: $remoteuuid + (...) + encryption: hybrid (to gpg keys: $myfirstkey) + (...) + git config --get remote.$remotename.gcrypt-participants + $myfirstkey + +Obviously our change had no effect. This can be verified by the repository being inaccessible to the second key. + +A very hacky workaround seems to be: + + git remote remove server.test +(we need this or git will complain about the remote already existing and annex will fail) + git annex enableremote $remoteuuid keyid+=$mysecondkey + enableremote $remoteuuid (encryption update) (to gpg keys: $myfirstkey $mysecondkey) $user@$hosts's password: + (...) + git annex info $remotename + (...) + encryption: hybrid (to gpg keys: $myfirstkey $mysecondkey) + (...) + git config --get remote.$remotename.gcrypt-participants + $myfirstkey $mysecondkey + +...which yields the expected results but is somewhat counterintuitive and probably a bad abuse of enableremote. + +### What version of git-annex are you using? On what operating system? + +git annex version: + + git-annex version: 6.20170302-gb35a50cca + build flags: Assistant Webapp Pairing Testsuite S3(multipartupload)(storageclasses) WebDAV Inotify DBus DesktopNotify ConcurrentOutput TorrentParser MagicMime Feeds Quvi + key/value backends: SHA256E SHA256 SHA512E SHA512 SHA224E SHA224 SHA384E SHA384 SHA3_256E SHA3_256 SHA3_512E SHA3_512 SHA3_224E SHA3_224 SHA3_384E SHA3_384 SKEIN256E SKEIN256 SKEIN512E SKEIN512 SHA1E SHA1 MD5E MD5 WORM URL + remote types: git gcrypt p2p S3 bup directory rsync web bittorrent webdav tahoe glacier ddar hook external + local repository version: 6 + supported repository versions: 3 5 6 + upgrade supported from repository versions: 0 1 2 3 4 5 + operating system: linux x86_64 + +uname -a + + Linux $host.$domain 4.9.3-1-default #1 SMP PREEMPT Thu Jan 12 11:32:53 UTC 2017 (2c7dfab) x86_64 x86_64 x86_64 GNU/Linux + +### Please provide any additional information below. + +gpg is running with -vvv so please don't mind the extra-verbose gpg-output. + +[[!format sh """ +# If you can, paste a complete transcript of the problem occurring here. +# If the problem is with the git-annex assistant, paste in .git/annex/daemon.log +:~/test> git annex enableremote test keyid+=$mysecondkey +enableremote test ok +:~/test> git remote remove test +:~/test> git annex enableremote 1291d1b4-dac1-5c44-b09e-e04c03b755d6 keyid+=$mysecondkey +enableremote 1291d1b4-dac1-5c44-b09e-e04c03b755d6 (encryption update) (to gpg keys: $myfirstkey $mysecondkey) user@server's password: +gcrypt: Decrypting manifest +gpg: Signatur vom Mi 22 Mär 2017 14:50:39 CET +gpg: mittels RSA-Schlüssel 0144XXXXXXXXXXXXXXXXXXXXXXX +gpg: Korrekte Signatur von "XXXXXX" [ultimativ] +gcrypt: Remote ID is :id:Zfhze/U8YGNRIWmfNUV5 +Von gcrypt::ssh://user@server/annex/test + * [neuer Branch] synced/git-annex -> test/synced/git-annex + * [neuer Branch] synced/master -> test/synced/master + * [neuer Branch] git-annex -> test/git-annex + * [neuer Branch] master -> test/master +user@server's password: +gcrypt: Decrypting manifest +gpg: Signatur vom Mi 22 Mär 2017 14:50:39 CET +gpg: mittels RSA-Schlüssel 0144XXXXXXXXXXXXXXXXXXXXXX +gpg: Korrekte Signatur von "XXXXXX" [ultimativ] +Everything up-to-date +user@server's password: +ok +ok +(recording state in git...) +# End of transcript or log. +"""]] + +### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders) + +Yes, definitively. I enjoy using annex to backup and manage my data. I would love to see it used more often and am currently trying to get my boss to introduce it for storage of the digital backups of our documents. While preparing an encrypted test-setup I stumbled upon this. :) + +Thanks + +Jörn |