diff options
| author |  Joey Hess <joey@kitenet.net> | 2014-09-18 17:58:03 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-09-18 17:58:03 -0400 |
| commit | 2df9a6f1c9eff911cf27ab788cb28c78f6d20535 (patch) | |
| tree | 0734065e2c55cea4620facea921da2001956640e /Remote/Helper/Encryptable.hs | |
| parent | 2fb7ad68637cc4e1092f835055a974f141808ca0 (diff) | |
deal with old repositories with non-encrypted creds
See 2fb7ad68637cc4e1092f835055a974f141808ca0 for backstory about how a repo
could be in this state.
When decryption fails, the repo must be using non-encrypted creds. Note
that creds are encrypted/decrypted using the encryption cipher which is
stored in the repo, so the decryption cannot fail due to missing gpg keys
etc. (For !shared encryptiom, the cipher is iteself encrypted using some
gpg key(s), and the decryption of the cipher happens earlier, so not
affected by this change.
Print a warning message for !shared repos, and continue on using the
cipher. Wrote a page explaining what users hit by this bug should do.
This commit was sponsored by Samuel Tardieu.
Diffstat (limited to 'Remote/Helper/Encryptable.hs')
| -rw-r--r-- | Remote/Helper/Encryptable.hs | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index e8e9d3bf1..05f3fc3f9 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -11,6 +11,7 @@ module Remote.Helper.Encryptable ( noEncryptionUsed, encryptionAlreadySetup, remoteCipher, + remoteCipher', embedCreds, cipherKey, storeCipher, @@ -93,21 +94,24 @@ encryptionSetup c = maybe genCipher updateCipher $ extractCipher c -- remotes (while being backward-compatible). [ "keyid", "keyid+", "keyid-", "highRandomQuality" ] +remoteCipher :: RemoteConfig -> Annex (Maybe Cipher) +remoteCipher = fmap fst <$$> remoteCipher' + {- Gets encryption Cipher. The decrypted Ciphers are cached in the Annex - state. -} -remoteCipher :: RemoteConfig -> Annex (Maybe Cipher) -remoteCipher c = go $ extractCipher c +remoteCipher' :: RemoteConfig -> Annex (Maybe (Cipher, StorableCipher)) +remoteCipher' c = go $ extractCipher c where go Nothing = return Nothing go (Just encipher) = do cache <- Annex.getState Annex.ciphers case M.lookup encipher cache of - Just cipher -> return $ Just cipher + Just cipher -> return $ Just (cipher, encipher) Nothing -> do showNote "gpg" cipher <- liftIO $ decryptCipher encipher Annex.changeState (\s -> s { Annex.ciphers = M.insert encipher cipher cache }) - return $ Just cipher + return $ Just (cipher, encipher) {- Checks if the remote's config allows storing creds in the remote's config. - |