summaryrefslogtreecommitdiff
path: root/Remote/GCrypt.hs
Commit message (Collapse)AuthorAge
* remove Read instance for RefGravatar Joey Hess2014-02-19
| | | | | | | | Removed instance, got it all to build using fromRef. (With a few things that really need to show something using a ref for debugging stubbed out.) Then added back Read instance, and made Logs.View use it for serialization. This changes the view log format.
* plumb creds from webapp to initremoteGravatar Joey Hess2014-02-11
| | | | | Avoids abusing setting environment variables, which was always a hack and won't work on windows.
* add GETAVAILABILITY to external special remote protocolGravatar Joey Hess2014-01-13
| | | | | And some reworking of types, and added an annex-availability git config setting.
* really fix gcrypt for aaf881e8bb22408f671e566ebcd3f59be958a26fGravatar Joey Hess2013-11-02
| | | | Fixed all the other ones, but forgot to fix gcrypt!
* assistant: Support repairing git remotes that are locally accessibleGravatar Joey Hess2013-10-27
| | | | | | | | (eg, on removable drives) gcrypt remotes are not yet handled. This commit was sponsored by Sören Brunk.
* add remote fsck interfaceGravatar Joey Hess2013-10-11
| | | | | | | | | | | | | | | | | | | | Currently only implemented for local git remotes. May try to add support to git-annex-shell for ssh remotes later. Could concevably also be supported by some special remote, although that seems unlikely. Cronner user this when available, and when not falls back to fsck --fast --from remote git annex fsck --from does not itself use this interface. To do so, I would need to pass --fast and all other options that influence fsck on to the git annex fsck that it runs inside the remote. And that seems like a lot of work for a result that would be no better than cd remote; git annex fsck This may need to be revisited if git-annex-shell gets support, since it may be the case that the user cannot ssh to the server to run git-annex fsck there, but can run git-annex-shell there. This commit was sponsored by Damien Diederen.
* typoe and debug infoGravatar Joey Hess2013-10-01
|
* git-annex-shell gcryptsetup commandGravatar Joey Hess2013-10-01
| | | | | This was the least-bad alternative to get dedicated key gcrypt repos working in the assistant.
* Disable receive.denyNonFastForwards when setting up a gcrypt special remoteGravatar Joey Hess2013-10-01
| | | | | | gcrypt needs to be able to fast-forward the master branch. If a git repository is set up with git init --shared --bare, it gets that set, and pushing to it will then fail, even when it's up-to-date.
* fix probing for local gcrypt reposGravatar Joey Hess2013-10-01
|
* fix transferring to gcrypt repo from direct mode repoGravatar Joey Hess2013-10-01
| | | | | | | | | | | | | | | | | | recvkey was told it was receiving a HMAC key from a direct mode repo, and that confused it into rejecting the transfer, since it has no way to verify a key using that backend, since there is no HMAC backend. I considered making recvkey skip verification in the case of an unknown backend. However, that could lead to bad results; a key can legitimately be in the annex with a backend that the remote git-annex-shell doesn't know about. Better to keep it rejecting if it cannot verify. Instead, made the gcrypt special remote not set the direct mode flag when sending (and receiving) files. Also, added some recvkey messages when its checks fail, since otherwise all that is shown is a confusing error message from rsync when the remote git-annex-shell exits nonzero.
* clean up some ugly codeGravatar Joey Hess2013-09-27
|
* blind enabling gcrypt repos on rsync.netGravatar Joey Hess2013-09-27
| | | | | | | | | | | This pulls off quite a nice trick: When given a path on rsync.net, it determines if it is an encrypted git repository that the user has the key to decrypt, and merges with it. This is works even when the local repository had no idea that the gcrypt remote exists! (As previously done with local drives.) This commit sponsored by Pedro Côrte-Real
* support ssh://host/~/dirGravatar Joey Hess2013-09-26
| | | | | | | | When generating the path for rsync, /~/ is not valid, so change to just host:dir Note that git remotes specified in host:dir form are internally converted to the ssh:// url form, so this was especially needed..
* hlintGravatar Joey Hess2013-09-25
|
* add back lost check that git-annex-shell supports gcryptGravatar Joey Hess2013-09-24
|
* git-annex-shell: Added support for operating inside gcrypt repositories.Gravatar Joey Hess2013-09-24
| | | | | | * Note that the layout of gcrypt repositories has changed, and if you created one you must manually upgrade it. See http://git-annex.branchable.com/upgrades/gcrypt/
* better probing for gcrypt repositories using new --check optionGravatar Joey Hess2013-09-19
| | | | | | | | Now can tell if a repo uses gcrypt or not, and whether it's decryptable with the current gpg keys. This closes the hole that undecryptable gcrypt repos could have before been combined into the repo in encrypted mode.
* webapp: support adding existing gcrypt special remotes from removable drivesGravatar Joey Hess2013-09-18
| | | | | | | | | | | | | | | | | | | | | | | When adding a removable drive, it's now detected if the drive contains a gcrypt special remote, and that's all handled nicely. This includes fetching the git-annex branch from the gcrypt repo in order to find out how to set up the special remote. Note that gcrypt repos that are not git-annex special remotes are not supported. It will attempt to detect such a gcrypt repo and refuse to use it. (But this is hard to do any may fail; see https://github.com/blake2-ppc/git-remote-gcrypt/issues/6) The problem with supporting regular gcrypt repos is that we don't know what the gcrypt.participants setting is intended to be for the repo. So even if we can decrypt it, if we push changes to it they might not be visible to other participants. Anyway, encrypted sneakernet (or mailnet) is now fully possible with the git-annex assistant! Assuming that the gpg key distribution is handled somehow, which the assistant doesn't yet help with. This commit was sponsored by Navishkar Rao.
* gcrypt: Ensure that signing key is set to one of the participants keys.Gravatar Joey Hess2013-09-17
| | | | | | Otherwise gcrypt will fail to pull, since it requires this to be the case. This needs a patched gcrypt, which is in my forked version.
* Support hot-swapping of removable drives containing gcrypt repositories.Gravatar Joey Hess2013-09-12
| | | | | | | | | | | To support this, a core.gcrypt-id is stored by git-annex inside the git config of a local gcrypt repository, when setting it up. That is compared with the remote's cached gcrypt-id. When different, a drive has been changed. git-annex then looks up the remote config for the uuid mapped from the core.gcrypt-id, and tweaks the configuration appropriately. When there is no known config for the uuid, it will refuse to use the remote.
* ignore gcrypt remotes w/o an annex-uuidGravatar Joey Hess2013-09-08
|
* gcrypt: now supports rsyncGravatar Joey Hess2013-09-08
| | | | | | | | | | | | | | | | | | | | Use rsync for gcrypt remotes that are not local to the disk. (Note that I have punted on supporting http transport for now, it doesn't seem likely to be very useful.) This was mostly quite easy, it just uses the rsync special remote to handle the transfers. The git repository url is converted to a RsyncOptions structure, which required parsing it separately, since the rsync special remote only supports rsync urls, which use a different format. Note that annexed objects are now stored at the top of the gcrypt repo, rather than inside annex/objects. This simplified the rsync suport, since it doesn't have to arrange to create that directory. And git-annex is not going to be run directly within gcrypt repos -- or if in some strance scenario it was, it would make sense for it to not see the encrypted objects. This commit was sponsored by Sheila Miguez
* local gcrypt fully working!Gravatar Joey Hess2013-09-08
|
* partially complete gcrypt remote (local send done; rest not)Gravatar Joey Hess2013-09-07
This is a git-remote-gcrypt encrypted special remote. Only sending files in to the remote works, and only for local repositories. Most of the work so far has involved making initremote work. A particular problem is that remote setup in this case needs to generate its own uuid, derivied from the gcrypt-id. That required some larger changes in the code to support. For ssh remotes, this will probably just reuse Remote.Rsync's code, so should be easy enough. And for downloading from a web remote, I will need to factor out the part of Remote.Git that does that. One particular thing that will need work is supporting hot-swapping a local gcrypt remote. I think it needs to store the gcrypt-id in the git config of the local remote, so that it can check it every time, and compare with the cached annex-uuid for the remote. If there is a mismatch, it can change both the cached annex-uuid and the gcrypt-id. That should work, and I laid some groundwork for it by already reading the remote's config when it's local. (Also needed for other reasons.) This commit was sponsored by Daniel Callahan.