git-annex-gpl - git-annex without the AGPL

	Commit message (Collapse)	Author	Age
*	avoid the dashed ssh hostname class of security holes	Joey Hess	2017-08-17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Security fix: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted ssh url (for eg a git remote) to execute arbitrary code via ssh -oProxyCommand. No CVE has yet been assigned for this hole. The same class of security hole recently affected git itself, CVE-2017-1000117. Method: Identified all places where ssh is run, by git grep '"ssh"' Converted them all to use a SshHost, if they did not already, for specifying the hostname. SshHost was made a data type with a smart constructor, which rejects hostnames starting with '-'. Note that git-annex already contains extensive use of Utility.SafeCommand, which fixes a similar class of problem where a filename starting with a dash gets passed to a program which treats it as an option. This commit was sponsored by Jochen Bartl on Patreon.
*	basic gitlab support in webapp	Joey Hess	2015-07-22
\| \| \| \| \| \| \|	This works, but needs more testing and work on cases like encrypted repos, enabling existing repositories, etc. This commit was sponsored by Shaun Westmacott.
*	assistant: Fix ANNEX_SHELL_DIR written to ~/.ssh/authorized_keys in local ↵	Joey Hess	2015-07-02
\| \| \| \| \| \| \| \| \| \|	pairing to be the absolute path to the repository, not "." This was a reversion caused by the relative path changes in 5.20150113. Other uses of addAuthorizedKeys seem to be ok. If the user enters a directory like ~/annex, it writes GIT_ANNEX_SHELL_DIRECTORY=annex, and git-annex-shell assumes that's relative to HOME.
*	avoid using now deprecated PortNum constructor	Joey Hess	2015-05-10
\|
*	assistant: Fix local pairing when ssh pubkey comment contains spaces.	Joey Hess	2015-02-04
\|
*	update my email address and homepage url	Joey Hess	2015-01-21
\|
*	external special remotes mostly implemented (untested)	Joey Hess	2013-12-26
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This has not been tested at all. It compiles! The only known missing things are support for encryption, and for get/set of special remote configuration, and of key state. (The latter needs separate work to add a new per-key log file to store that state.) Only thing I don't much like is that initremote needs to be passed both type=external and externaltype=foo. It would be better to have just type=foo Most of this is quite straightforward code, that largely wrote itself given the types. The only tricky parts were: * Need to lock the remote when using it to eg make a request, because in theory git-annex could have multiple threads that each try to use a remote at the same time. I don't think that git-annex ever does that currently, but better safe than sorry. * Rather than starting up every external special remote program when git-annex starts, they are started only on demand, when first used. This will avoid slowdown, especially when running fast git-annex query commands. Once started, they keep running until git-annex stops, currently, which may not be ideal, but it's hard to know a better time to stop them. * Bit of a chicken and egg problem with caching the cost of the remote, because setting annex-cost in the git config needs the remote to already be set up. Managed to finesse that. This commit was sponsored by Lukas Anzinger.
*	webapp can now set up gcrypt repos on ssh servers	Joey Hess	2013-10-01
\|
*	UI for making encrypted ssh remotes with gcrypt	Joey Hess	2013-09-29
\| \| \| \| \| \| \| \| \| \| \| \|	Improved probing the remote server, so it gathers a list of the capabilities it has. From that list, we can determine which types of remotes are supported, and display an appropriate UI. The new buttons for making gcrypt repos don't work yet, but the old buttons for unencrypted git repo and encrypted rsync repo have been adapted to the new data types and are working. This commit was sponsored by David Schmitt.
*	proof of concept remote reordering UI (needs to be changed to use drag and drop)	Joey Hess	2013-03-13
\|
*	split cost out into its own module	Joey Hess	2013-03-13
\| \| \| \| \|	Added a function to insert a new cost into a list, which could be used to asjust costs after a drag and drop.
*	webapp: Set locally paired repositories to a lower cost than other network ↵	Joey Hess	2013-03-13
\| \| \| \|	remotes.
*	webapp: Display any error message from git init if it fails to create a ↵	Joey Hess	2013-02-26
\| \| \| \|	repository.
*	webapp: Allow user to specify the ssh port when setting up a remote.	Joey Hess	2012-12-06
\|
*	finished XMPP pairing!	Joey Hess	2012-11-05
\| \| \| \| \|	This includes keeping track of which buddies we're pairing with, to know which PairAck are legitimate.
*	webapp: When setting up authorized_keys, use GIT_ANNEX_SHELL_DIRECTORY.	Joey Hess	2012-11-05
\|
*	where indentation	Joey Hess	2012-10-31
\|
*	lifted Assistant.Sync into Assistant monad	Joey Hess	2012-10-29
\| \| \| \|	lots of nice cleanups
*	Assistant monad, stage 3	Joey Hess	2012-10-29
\| \| \| \| \| \|	All toplevel named threads are converted to the Assistant monad. Some utility functions still need to be converted.
*	webapp automatic grouping	Joey Hess	2012-10-09
\| \| \| \| \| \| \| \|	webapp: Adds newly created repositories to one of these groups: clients, drives, servers This is heuristic, but it's a pretty good heuristic, and can always be configured.
*	flip catchDefaultIO	Joey Hess	2012-09-17
\|
*	hlint	Joey Hess	2012-09-13
\|
*	clean up authorized_keys handling	Joey Hess	2012-09-11
\| \| \| \| \|	Including rollback of adding the key when a pairing response gets canceled by the user.
*	pairing probably works now (untested)	Joey Hess	2012-09-10