summaryrefslogtreecommitdiff
path: root/Remote/Helper
Commit message (Collapse)AuthorAge
* Fix bug that prevented resuming of uploads to encrypted special remotes that ↵Gravatar Joey Hess2016-04-27
| | | | | | used chunking. This bug could also expose the names of keys to such remotes. This is a low-severity security hole.
* remove 163 lines of code without changing anything except importsGravatar Joey Hess2016-01-20
|
* add unlocked flag for git-annex-shell recvkeyGravatar Joey Hess2015-12-26
| | | | | | The direct flag is also set when sending unlocked content, to support old versions of git-annex-shell. At some point, the direct flag will be removed, and only the unlocked flag will be used.
* Display progress meter in -J mode when downloading from the web.Gravatar Joey Hess2015-11-16
| | | | | Including in addurl, and get --from web, but also in S3 and External special remotes when a web url is known for content in those remotes.
* convert from Utility.LockPool to Annex.LockPool everywhereGravatar Joey Hess2015-11-12
|
* improve display when lockcontent failsGravatar Joey Hess2015-10-09
| | | | | | | | /dev/null stderr; ssh is still able to display a password prompt despite this Show some messages so the user knows it's locking a remote, and knows if that locking failed.
* implement lockContent for ssh remotesGravatar Joey Hess2015-10-09
|
* other 80% of avoding verification when hard linking to objects in shared repoGravatar Joey Hess2015-10-02
| | | | | | | | | | | | | | | | | | | | In c3b38fb2a075b4250e867ebd910324c65712c747, it actually only handled uploading objects to a shared repository. To avoid verification when downloading objects from a shared repository, was a lot harder. On the plus side, if the process of downloading a file from a remote is able to verify its content on the side, the remote can indicate this now, and avoid the extra post-download verification. As of yet, I don't have any remotes (except Git) using this ability. Some more work would be needed to support it in special remotes. It would make sense for tahoe to implicitly verify things downloaded from it; as long as you trust your tahoe server (which typically runs locally), there's cryptographic integrity. OTOH, despite bup being based on shas, a bup repo under an attacker's control could have the git ref used for an object changed, and so a bup repo shouldn't implicitly verify. Indeed, tahoe seems unique in being trustworthy enough to implicitly verify.
* support gpg.programGravatar Joey Hess2015-09-09
| | | | | | When gpg.program is configured, it's used to get the command to run for gpg. Useful on systems that have only a gpg2 command or want to use it instead of the gpg command.
* disable whereisKey for encrypted or chunked remotesGravatar Joey Hess2015-08-19
| | | | | | | This only makes sense for public repos, that are not chunked, so that there's a 1:1 from Key in the git-annex repo to file on the remote. Rather than making every remote implementation deal with that, just disable whereisKey when it doesn't make sense.
* export some always failing methods for readonly remotesGravatar Joey Hess2015-08-17
|
* refactorGravatar Joey Hess2015-08-17
|
* refactorGravatar Joey Hess2015-08-17
|
* --debug is passed along to git-annex-shell when git-annex is in debug mode.Gravatar Joey Hess2015-08-13
|
* Fix bug that prevented uploads to remotes using new-style chunking from ↵Gravatar Joey Hess2015-07-16
| | | | | | | | | | | | | | | | resuming after the last successfully uploaded chunk. "checkPresent baser" was wrong; the baser has a dummy checkPresent action not the real one. So, to fix this, we need to call preparecheckpresent to get a checkpresent action that can be used to check if chunks are present. Note that, for remotes like S3, this means that the preparer is run, which opens a S3 handle, that will be used for each checkpresent of a chunk. That's a good thing; if we're resuming an upload that's already many chunks in, it'll reuse that same http connection for each chunk it checks. Still, it's not a perfectly ideal thing, since this is a different http connection that the one that will be used to upload chunks. It would be nice to improve the API so that both use the same http connection.
* remove Params constructor from Utility.SafeCommandGravatar Joey Hess2015-06-01
| | | | | | | | | | | | | | | | | | This removes a bit of complexity, and should make things faster (avoids tokenizing Params string), and probably involve less garbage collection. In a few places, it was useful to use Params to avoid needing a list, but that is easily avoided. Problems noticed while doing this conversion: * Some uses of Params "oneword" which was entirely unnecessary overhead. * A few places that built up a list of parameters with ++ and then used Params to split it! Test suite passes.
* use lock pools throughout git-annexGravatar Joey Hess2015-05-19
| | | | | | | | | | | | | The one exception is in Utility.Daemon. As long as a process only daemonizes once, which seems reasonable, and as long as it avoids calling checkDaemon once it's already running as a daemon, the fcntl locking gotchas won't be a problem there. Annex.LockFile has it's own separate lock pool layer, which has been renamed to LockCache. This is a persistent cache of locks that persist until closed. This is not quite done; lockContent stil needs to be converted.
* Merge branch 'master' into concurrentprogressGravatar Joey Hess2015-05-12
|\ | | | | | | | | | | | | | | | | | | | | | | Conflicts: Command/Fsck.hs Messages.hs Remote/Directory.hs Remote/Git.hs Remote/Helper/Special.hs Types/Remote.hs debian/changelog git-annex.cabal
| * remaining dataenc to sandi conversionsGravatar Joey Hess2015-05-07
| | | | | | | | | | | | I've tested all the dataenc to sandi conversions except Assistant.XMPP, and all have unchanged behavior, including behavior on large unicode code points.
| * Fix bogus failure of fsck --fast.Gravatar Joey Hess2015-04-27
| |
| * removed all uses of undefined from code baseGravatar Joey Hess2015-04-19
| | | | | | | | It's a code smell, can lead to hard to diagnose error messages.
* | add filename to progress bar, and display ok/failed at endGravatar Joey Hess2015-04-14
|/ | | | This needed plumbing an AssociatedFile through retrieveKeyFileCheap.
* well along the way to fully quiet --quietGravatar Joey Hess2015-04-04
| | | | | | | Came up with a generic way to filter out progress messages while keeping errors, for commands that use stderr for both. --json mode will disable command outputs too.
* WIP on making --quiet silence progress, and infra for concurrent progress barsGravatar Joey Hess2015-04-03
|
* rename bothHandles -> ioHandlesGravatar Joey Hess2015-04-03
|
* metadata: Fix encoding problem that led to mojibake when storing metadata ↵Gravatar Joey Hess2015-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | strings that contained both unicode characters and a space (or '!') character. The fix is to stop using w82s, which does not properly reconstitute unicode strings. Instrad, use utf8 bytestring to get the [Word8] to base64. This passes unicode through perfectly, including any invalid filesystem encoded characters. Note that toB64 / fromB64 are also used for creds and cipher embedding. It would be unfortunate if this change broke those uses. For cipher embedding, note that ciphers can contain arbitrary bytes (should really be using ByteString.Char8 there). Testing indicated it's not safe to use the new fromB64 there; I think that characters were incorrectly combined. For credpair embedding, the username or password could contain unicode. Before, that unicode would fail to round-trip through the b64. So, I guess this is not going to break any embedded creds that worked before. This bug may have affected some creds before, and if so, this change will not fix old ones, but should fix new ones at least.
* The ssh-options git config is now used by gcrypt, rsync, and ddar special ↵Gravatar Joey Hess2015-02-12
| | | | remotes that use ssh as a transport.
* avoid unncessary IOGravatar Joey Hess2015-02-12
|
* update my email address and homepage urlGravatar Joey Hess2015-01-21
|
* add getFileSize, which can get the real size of a large file on WindowsGravatar Joey Hess2015-01-20
| | | | | | | | | | | | | | Avoid using fileSize which maxes out at just 2 gb on Windows. Instead, use hFileSize, which doesn't have a bounded size. Fixes support for files > 2 gb on Windows. Note that the InodeCache code only needs to compare a file size, so it doesn't matter it the file size wraps. So it has been left as-is. This was necessary both to avoid invalidating existing inode caches, and because the code passed FileStatus around and would have become more expensive if it called getFileSize. This commit was sponsored by Christian Dietrich.
* implemented old Richih wishlist about remote/uuid infoGravatar Joey Hess2015-01-13
| | | | | | | | * info: Can now display info about a given uuid. * Added to remote/uuid info: Count of the number of keys present on the remote, and their size. This is rather expensive to calculate, so comes last and --fast will disable it. * Git remote info now includes the date of the last sync with the remote.
* Fix build with -f-S3.Gravatar Joey Hess2014-12-19
|
* Merge branch 's3-aws'Gravatar Joey Hess2014-12-03
|\
* | Don't show "(gpg)" when decrypting the remote encryption cipher, since this ↵Gravatar Joey Hess2014-12-02
| | | | | | | | could be taken to read that's the only time git-annex runs gpg, which is not the case.
| * fix memory leakGravatar Joey Hess2014-11-04
| | | | | | | | | | | | | | | | | | | | Unfortunately, I don't fully understand why it was leaking using the old method of a lazy bytestring. I just know that it was leaking, despite neither hGetUntilMetered nor byteStringPopper seeming to leak by themselves. The new method avoids the lazy bytestring, and simply reads chunks from the handle and streams them out to the http socket.
| * WIP 2Gravatar Joey Hess2014-11-03
| |
| * enable frankfurtGravatar Joey Hess2014-10-23
| | | | | | | | The aws library supports the AWS4-HMAC-SHA256 that it requires.
| * Merge branch 'master' into s3-awsGravatar Joey Hess2014-10-23
| |\ | |/ |/|
* | add new frankfurt region to list in webappGravatar Joey Hess2014-10-23
| | | | | | | | | | | | | | But commented out for now, because: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256
| * Merge branch 'master' into s3-awsGravatar Joey Hess2014-10-22
| |\ | |/ |/| | | | | Conflicts: Remote/S3.hs
* | show in info whether a remote uses hybrid encryption or notGravatar Joey Hess2014-10-22
| |
* | add per-remote-type infoGravatar Joey Hess2014-10-21
| | | | | | | | | | | | | | | | | | | | Now `git annex info $remote` shows info specific to the type of the remote, for example, it shows the rsync url. Remote types that support encryption or chunking also include that in their info. This commit was sponsored by Ævar Arnfjörð Bjarmason.
* | indent with tabs not spacesGravatar Joey Hess2014-10-09
| | | | | | | | | | | | | | | | | | | | | | Found these with: git grep "^ " $(find -type f -name \*.hs) |grep -v ': where' Unfortunately there is some inline hamlet that cannot use tabs for indentation. Also, Assistant/WebApp/Bootstrap3.hs is a copy of a module and so I'm leaving it as-is.
* | fix some mixed space+tab indentationGravatar Joey Hess2014-10-09
| | | | | | | | | | | | | | | | | | This fixes all instances of " \t" in the code base. Most common case seems to be after a "where" line; probably vim copied the two space layout of that line. Done as a background task while listening to episode 2 of the Type Theory podcast.
* | deal with old repositories with non-encrypted credsGravatar Joey Hess2014-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See 2fb7ad68637cc4e1092f835055a974f141808ca0 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
* | glacier, S3: Fix bug that caused embedded creds to not be encypted using the ↵Gravatar Joey Hess2014-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remote's key. encryptionSetup must be called before setRemoteCredPair. Otherwise, the RemoteConfig doesn't have the cipher in it, and so no cipher is used to encrypt the embedded creds. This is a security fix for non-shared encryption methods! For encryption=shared, there's no security problem, just an inconsistentency in whether the embedded creds are encrypted. This is very important to get right, so used some types to help ensure that setRemoteCredPair is only run after encryptionSetup. Note that the external special remote bypasses the type safety, since creds can be set after the initial remote config, if the external special remote program requests it. Also note that IA remotes never use encryption, so encryptionSetup is not run for them at all, and again the type safety is bypassed. This leaves two open questions: 1. What to do about S3 and glacier remotes that were set up using encryption=pubkey/hybrid with embedcreds? Such a git repo has a security hole embedded in it, and this needs to be communicated to the user. Is the changelog enough? 2. enableremote won't work in such a repo, because git-annex will try to decrypt the embedded creds, which are not encrypted, so fails. This needs to be dealt with, especially for ecryption=shared repos, which are not really broken, just inconsistently configured. Noticing that problem for encryption=shared is what led to commit cc54ff9e49260cd94f938e69e926a273e231ef4e, which tried to fix the problem by not decrypting the embedded creds. This commit was sponsored by Josh Taylor.
* | Revert "S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when ↵Gravatar Joey Hess2014-09-18
| | | | | | | | | | | | | | | | | | | | the repository was configured with encryption=shared embedcreds=yes." This reverts commit cc54ff9e49260cd94f938e69e926a273e231ef4e. I can find no basis for that commit and think that I made it in error. setRemoteCredPair always encrypts using the cipher from remoteCipher, even when the cipher is shared.
| * Merge branch 'master' into s3-awsGravatar Joey Hess2014-09-18
| |\ | |/ |/| | | | | | | | | Conflicts: Utility/Url.hs debian/changelog git-annex.cabal
* | more lock file refactoringGravatar Joey Hess2014-08-20
| | | | | | | | | | | | | | | | Also fixes a test suite failures introduced in recent commits, where inAnnexSafe failed in indirect mode, since it tried to open the lock file ReadWrite. This is why the new checkLocked opens it ReadOnly. This commit was sponsored by Chad Horohoe.
* | reorganize and refactor lock codeGravatar Joey Hess2014-08-20
| | | | | | | | | | | | | | | | Added a convenience Utility.LockFile that is not a windows/posix portability shim, but still manages to cut down on the boilerplate around locking. This commit was sponsored by Johan Herland.