summaryrefslogtreecommitdiff
path: root/Annex
Commit message (Collapse)AuthorAge
* annex object file mode for core.sharedRepositoryGravatar Joey Hess2015-11-18
| | | | | | When core.sharedRepository is set, annex object files are not made mode 444, since that prevents a user other than the file owner from locking them. Instead, a mode such as 664 is used in this case.
* avoid spawning file size polling thread when not in -J modeGravatar Joey Hess2015-11-16
|
* Display progress meter in -J mode when downloading from the web.Gravatar Joey Hess2015-11-16
| | | | | Including in addurl, and get --from web, but also in S3 and External special remotes when a web url is known for content in those remotes.
* add missing checkSaneLock wrapper for pidlocksGravatar Joey Hess2015-11-16
|
* init: Automatically enable annex.pidlock when necessary.Gravatar Joey Hess2015-11-13
|
* convert from Utility.LockPool to Annex.LockPool everywhereGravatar Joey Hess2015-11-12
|
* pid locking configuration and abstraction layer for git-annexGravatar Joey Hess2015-11-12
| | | | (not actually used anywhere yet)
* assistant: Pass ssh-options through 3 more git pull/push calls that were ↵Gravatar Joey Hess2015-11-10
| | | | | | | missed before. It was used for regular pull, but not for regular push, tagged push, or the fallback fetching.
* add: Fix error recovery rollback to not move the injested file content out ↵Gravatar Joey Hess2015-11-06
| | | | | | of the annex back to the file, because other files may point to that same content. Instead, copy the injected file content out to recover. That was not a data loss, but it came close!
* fix replaceFile makeAnnexLink raceGravatar Joey Hess2015-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | replaceFile created a temp file, which was guaranteed to not overlap with another temp file. However, makeAnnexLink then deleted that file, in preparation for making the symlink in its place. This caused a race, since some other replaceFile could create a temp file, using the same name! I was able to reproduce the race easily running git-annex add -J10 in a directory with 100 files (all with different contents). Some files would get ingested into the annex, but their annex links would fail to be added. There could be other situations where this same problem could occur. Perhaps when the assistant is adding a file, if the user manually also ran git-annex add. Perhaps in cases not involving adding a file. The new replaceFile makes a temprary directory, which is guaranteed to be unique, and doesn't make a temp file in there. makeAnnexLink can thus create the symlink without problem and the race is avoided. Audited all calls to replaceFile to make sure that the old behavior of providing an empty temp file was not relied on. The general problem of asking for a temp file and deleting it as part of the process of using it could reach beyond replaceFile. Did some quick audits and didn't find other cases of it. Probably only symlink creation stuff would tend to make that mistake, mostly.
* merge git command queue when joining with concurrent threadGravatar Joey Hess2015-11-05
|
* add regions to concurrent outputGravatar Joey Hess2015-11-04
| | | | still no progress displays when getting files etc, but a big improvement
* enableremote: List uuids and descriptions of remotes that can be enabled, ↵Gravatar Joey Hess2015-10-26
| | | | and accept either the uuid or the description in leu if the name.
* Avoid displaying network transport warning when a ssh remote does not yet ↵Gravatar Joey Hess2015-10-15
| | | | | | | | | | | have an annex.uuid set. Instead, only display transport error if the configlist output doesn't include an annex.uuid line, even an empty one. A recent change made git-annex init try to get all the remote uuids, and so the transport error would be displayed by it. It was also displayed when eg, copying files to a remote that had no uuid yet.
* do tmp dir cleanup in error case tooGravatar Joey Hess2015-10-15
|
* avoid making post-merge-conflict-resolution commit when no conflicts were ↵Gravatar Joey Hess2015-10-15
| | | | | | | | | | resolved sync, merge, assistant: When git merge failed for a reason other than a conflicted merge, such as a crippled filesystem not allowing particular characters in filenames, git-annex would make a merge commit that could omit such files or otherwise be bad. Fixed by aborting the whole merge process when git merge fails for any reason other than a merge conflict.
* Changed drop ordering when using git annex sync --content or the assistant, ↵Gravatar Joey Hess2015-10-14
| | | | to drop from remotes first and from the local repo last. This works better with the behavior changes to drop in many cases.
* fix windows buildGravatar Joey Hess2015-10-12
|
* Avoid unncessary write to the location log when a file is unlocked and then ↵Gravatar Joey Hess2015-10-12
| | | | | | | | | | | | | | | added back with unchanged content. Implemented with no additional overhead of compares etc. This is safe to do for presence logs because of their locality of change; a given repo's presence logs are only ever changed in that repo, or in a repo that has just been actively changing the content of that repo. So, we don't need to worry about a split-brain situation where there'd be disagreement about the location of a key in a repo. And so, it's ok to not update the timestamp when that's the only change that would be made due to logging presence info.
* use action, not sideActionGravatar Joey Hess2015-10-11
| | | | | | | | sideAction is for things not generally related to the current action being performed. And, it adds a newline after the side action. This was not the right thing to use for stuff like "checksum", where doing a checksum is part of the git annex get process, and indeed we want it to display "(checksum...) ok"
* implement lockContent for ssh remotesGravatar Joey Hess2015-10-09
|
* also generate a drop safety proof for move --from remoteGravatar Joey Hess2015-10-09
|
* fix local dropping to not require extra locking of copies, but only that the ↵Gravatar Joey Hess2015-10-09
| | | | local copy be locked for removal
* improve message when drop failed due to no locked copyGravatar Joey Hess2015-10-09
|
* rename constructorGravatar Joey Hess2015-10-09
|
* verify local copy of content with lockingGravatar Joey Hess2015-10-09
|
* content locking during drop working for local git remotesGravatar Joey Hess2015-10-09
| | | | Only ssh remotes lack locking now
* finish and use lockContent interfaceGravatar Joey Hess2015-10-09
|
* improve drop proof codeGravatar Joey Hess2015-10-09
|
* refactorGravatar Joey Hess2015-10-09
|
* TrustedCopy is good enough to allow droppingGravatar Joey Hess2015-10-08
| | | | | | | By definition, a trusted repository is trusted to always have its location tracking log accurate. Thus, it should never be in a position where content is being dropped from it concurrently, as that would result in the location tracking log not being accurate.
* try harder to verify until at least one VerifiedCopyLock is obtainedGravatar Joey Hess2015-10-08
| | | | | | | | | This avoids a failure where eg, we start with RecentlyVerifiedCopies for all remotes, and so didn't do any active verification, which is required. Also, dedup the list of VerifiedCopies when checking if we have enough, in case 2 copies of a UUID slip in.
* require 1 locked copy while dropping from local or a remoteGravatar Joey Hess2015-10-08
| | | | | | | | | See doc/bugs/concurrent_drop--from_presence_checking_failures.mdwn for discussion about why 1 locked copy is all we can require, and how this fixes concurrent dropping bugs. Note that, since nothing yet generates a VerifiedCopyLock yet, this commit breaks dropping temporarily.
* support invalidating existing VerifiedCopysGravatar Joey Hess2015-10-08
|
* add VerifiedCopy data typeGravatar Joey Hess2015-10-08
| | | | | | | | | There should be no behavior changes in this commit, it just adds a more expressive data type and adjusts code that had been passing around a [UUID] or sometimes a Maybe Remote to instead use [VerifiedCopy]. Although, since some functions were taking two different [UUID] lists, there's some potential for me to have gotten it horribly wrong.
* unused importGravatar Joey Hess2015-10-08
|
* I think this comment is stale/confusing; removeGravatar Joey Hess2015-10-08
|
* add lockContentSharedGravatar Joey Hess2015-10-08
| | | | | | | | Also, rename lockContent to lockContentExclusive inAnnexSafe should perhaps be eliminated, and instead use `lockContentShared inAnnex`. However, I'm waiting on that, as there are only 2 call sites for inAnnexSafe and it's fiddly.
* other 80% of avoding verification when hard linking to objects in shared repoGravatar Joey Hess2015-10-02
| | | | | | | | | | | | | | | | | | | | In c3b38fb2a075b4250e867ebd910324c65712c747, it actually only handled uploading objects to a shared repository. To avoid verification when downloading objects from a shared repository, was a lot harder. On the plus side, if the process of downloading a file from a remote is able to verify its content on the side, the remote can indicate this now, and avoid the extra post-download verification. As of yet, I don't have any remotes (except Git) using this ability. Some more work would be needed to support it in special remotes. It would make sense for tahoe to implicitly verify things downloaded from it; as long as you trust your tahoe server (which typically runs locally), there's cryptographic integrity. OTOH, despite bup being based on shas, a bup repo under an attacker's control could have the git ref used for an object changed, and so a bup repo shouldn't implicitly verify. Indeed, tahoe seems unique in being trustworthy enough to implicitly verify.
* disabling verification also disables size verificationGravatar Joey Hess2015-10-02
| | | | | It's not expensive to do size verification, but let's be consistent and turn it off too.
* avoid verification when hard linking to objects in shared repositoryGravatar Joey Hess2015-10-02
| | | | Such a repository is implicitly trusted, so there's no point.
* Do verification of checksums of annex objects downloaded from remotes.Gravatar Joey Hess2015-10-01
| | | | | | | | | | | | | | | | * When annex objects are received into git repositories, their checksums are verified then too. * To get the old, faster, behavior of not verifying checksums, set annex.verify=false, or remote.<name>.annex-verify=false. * setkey, rekey: These commands also now verify that the provided file matches the key, unless annex.verify=false. * reinject: Already verified content; this can now be disabled by setting annex.verify=false. recvkey and reinject already did verification, so removed now duplicate code from them. fsck still does its own verification, which is ok since it does not use getViaTmp, so verification doesn't happen twice when using fsck --from.
* rename functionGravatar Joey Hess2015-10-01
|
* refactorGravatar Joey Hess2015-10-01
|
* Improve robustness of direct mode merge, avoiding a crash if the index file ↵Gravatar Joey Hess2015-09-22
| | | | | | | | | | is missing. I couldn't find a good way to make an *empty* index file (zero byte file won't do), so I punted and just don't make index.lock when there's no index yet. This means some other git process could race and write an index file at the same time as the merge is ongoing, in theory. Only happens in new repos though.
* avoid auto-enabling a remote that's already enabledGravatar Joey Hess2015-09-14
|
* avoid autoenable of dead special remotesGravatar Joey Hess2015-09-14
|
* Special remotes configured with autoenable=true will be automatically ↵Gravatar Joey Hess2015-09-14
| | | | enabled when git-annex init is run.
* init: Fix reversion in detection of repo made with git clone --sharedGravatar Joey Hess2015-09-09
|
* Fix reversion in init when ran as root, introduced in version 5.20150731.Gravatar Joey Hess2015-08-19
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 11:10:04 +0000