diff options
| author |  Joey Hess <joey@kitenet.net> | 2013-09-18 15:30:53 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2013-09-18 15:55:31 -0400 |
| commit | 4c86cf524c7a6161af3c9fbb56f61c3cb6305fef (patch) | |
| tree | 745db48f9b7a2fa42894ed7f3182408ba3cc2e72 /Git/GCrypt.hs | |
| parent | ba037cce74469e7e28019b63cdea55e8400bc5e7 (diff) | |
webapp: support adding existing gcrypt special remotes from removable drives
When adding a removable drive, it's now detected if the drive contains
a gcrypt special remote, and that's all handled nicely. This includes
fetching the git-annex branch from the gcrypt repo in order to find
out how to set up the special remote.
Note that gcrypt repos that are not git-annex special remotes are not
supported. It will attempt to detect such a gcrypt repo and refuse
to use it. (But this is hard to do any may fail; see
https://github.com/blake2-ppc/git-remote-gcrypt/issues/6)
The problem with supporting regular gcrypt repos is that we don't know
what the gcrypt.participants setting is intended to be for the repo.
So even if we can decrypt it, if we push changes to it they might not be
visible to other participants.
Anyway, encrypted sneakernet (or mailnet) is now fully possible with the
git-annex assistant! Assuming that the gpg key distribution is handled
somehow, which the assistant doesn't yet help with.
This commit was sponsored by Navishkar Rao.
Diffstat (limited to 'Git/GCrypt.hs')
| -rw-r--r-- | Git/GCrypt.hs | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/Git/GCrypt.hs b/Git/GCrypt.hs index 1260c2ced..c8c193c45 100644 --- a/Git/GCrypt.hs +++ b/Git/GCrypt.hs @@ -13,6 +13,7 @@ import Common import Git.Types import Git.Construct import qualified Git.Config as Config +import qualified Git.Command as Command import Utility.Gpg urlPrefix :: String @@ -44,12 +45,28 @@ encryptedRepo baserepo = go go _ = notencrypted notencrypted = error "not a gcrypt encrypted repository" +{- Checks if the git repo at a location is a gcrypt repo that + - we can decrypt. This works by trying to fetch from the repo + - at the location, into the baserepo. + - + - Returns false if the git repo is not using gcrypt, or if it is using + - gcrypt but cannot be decrypted. We do not try to detect gcrypt + - repos that cannot be decrypted, because gcrypt may change in the future + - to avoid easy fingerprinting of gcrypt repos. + -} +probeGCryptRepo :: FilePath -> Repo -> IO Bool +probeGCryptRepo dir baserepo = catchBoolIO $ Command.runBool + [ Param "fetch" + , Param $ urlPrefix ++ dir + ] baserepo + type RemoteName = String +type GCryptId = String {- gcrypt gives each encrypted repository a uique gcrypt-id, - which is stored in the repository (in encrypted form) - and cached in a per-remote gcrypt-id configuration setting. -} -remoteRepoId :: Repo -> Maybe RemoteName -> Maybe String +remoteRepoId :: Repo -> Maybe RemoteName -> Maybe GCryptId remoteRepoId = getRemoteConfig "gcrypt-id" getRemoteConfig :: String -> Repo -> Maybe RemoteName -> Maybe String |