summaryrefslogtreecommitdiff
path: root/RemoteDaemon
Commit message (Collapse)AuthorAge
* add annex-ignore-command and annex-sync-command configsGravatar Joey Hess2017-08-17
| | | | | | | | | | | | | | | | Added remote configuration settings annex-ignore-command and annex-sync-command, which are dynamic equivilants of the annex-ignore and annex-sync configurations. For this I needed a new DynamicConfig infrastructure. Its implementation should be as fast as before when there is no dynamic config, and it caches so shell commands are only run once. Note that annex-ignore-command exits nonzero when the remote should be ignored. While that may seem backwards, it allows using the same command for it as for annex-sync-command when you want to disable both. This commit was sponsored by Trenton Cronholm on Patreon.
* Added remote.<name>.annex-push and remote.<name>.annex-pullGravatar Joey Hess2017-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The former can be useful to make remotes that don't get fully synced with local changes, which comes up in a lot of situations. The latter was mostly added for symmetry, but could be useful (though less likely to be). Implementing `remote.<name>.annex-pull` was a bit tricky, as there's no one place where git-annex pulls/fetches from remotes. I audited all instances of "fetch" and "pull". A few cases were left not checking this config: * Git.Repair can try to pull missing refs from a remote, and if the local repo is corrupted, that seems a reasonable thing to do even though the config would normally prevent it. * Assistant.WebApp.Gpg and Remote.Gcrypt and Remote.Git do fetches as part of the setup process of a remote. The config would probably not be set then, and having the setup fail seems worse than honoring it if it is already set. I have not prevented all the code that does a "merge" from merging branches from remotes with remote.<name>.annex-pull=false. That could perhaps be done, but it would need a way to map from branch name to remote name, and the way refspecs work makes that hard to get really correct. So if the user fetches manually, the git-annex branch will get merged, for example. Anther way of looking at/justifying this is that the setting is called "annex-pull", not "annex-merge". This commit was supported by the NSF-funded DataLad project.
* Run ssh with -n whenever input is not being piped into itGravatar Joey Hess2017-02-15
| | | | | | | | | | | | | | | | | | | | ... to avoid it consuming stdin that it shouldn't. This fixes git-annex-checkpresentkey --batch remote, which didn't output results for all keys passed into it. Other git-annex commands that communicate with a remote over ssh may also have been consuming stdin that they shouldn't have, which could have impacted using them in eg, shell scripts. For example, a shell script reading files from stdin and passing them to git annex drop would be impacted by this bug, whenever git annex drop ran git-annex-shell checkpresent, it would consume part/all of the stdin that the shell script was supposed to consume. Fixed by adding a ConsumeStdin parameter to Annex.Ssh.sshOptions, which is used throughout git-annex to run ssh (in order for ssh connection caching to work). Every call site was checked to see if it used CreatePipe for stdin, and if not was marked NoConsumeStdin.
* refactorGravatar Joey Hess2016-12-30
|
* remotedaemon: notice on RELOAD when tor hidden service has been enabledGravatar Joey Hess2016-12-28
| | | | | | and start serving it. This makes the webapp wormhole tor pairing work 100%! This commit was sponsored by Andrea Rota.
* refactorGravatar Joey Hess2016-12-24
|
* Revert "close"Gravatar Joey Hess2016-12-24
| | | | | | This reverts commit 6c089cff615bc44ca94cc4ca77dc69f281dd2ab8. Commit contained incomplete work.
* closeGravatar Joey Hess2016-12-22
|
* include tor-annex in hidden service directory namesGravatar Joey Hess2016-12-21
| | | | | | To make it easier to manage/delete them etc. Backwards compatablity is preserved for existing tor configs.
* relocate tor socket out of /etcGravatar Joey Hess2016-12-20
| | | | | | | | | | | | | weasel explained that apparmor limits on what files tor can read do not apply to sockets (because they're not files). And apparently the problems I was seeing with hidden services not being accessible had to do with onion address propigation and not the location of the socket file. remotedaemon looks up the HiddenServicePort in torrc, so if it was previously configured with the socket in /etc, that will still work. This commit was sponsored by Denis Dzyubenko on Patreon.
* fix build with old stmGravatar Joey Hess2016-12-10
| | | | | | | Old stm lacks isFullTMQueue. To avoid needing to update stm on the Android autobuilder, I switched to a TBMQueue. It never needs to be closed, but the overhead is minimal.
* fix uuid comparisonGravatar Joey Hess2016-12-09
|
* make tor hidden service work when directory watching is not availableGravatar Joey Hess2016-12-09
| | | | Avoid crashing when built w/o inotify..
* bump maxConnections to 100Gravatar Joey Hess2016-12-09
| | | | | | | | | | | 10 seemed too low because more than 10 friends could be linked to a repo over tor, and if all were running the remotedaemon, which makes a persistent connection for change notification, then the 11th friend would not be able to access that repo. 100 might be too low, but it's a much larger group of people. And at that size group, it probably makes sense to structure the network so that 100 peers are not all trying to access one central node.
* remotedaemon: git change detection over tor hidden serviceGravatar Joey Hess2016-12-09
|
* only start ref change watcher thread once per P2P connectionGravatar Joey Hess2016-12-09
| | | | | | This is more efficient. Note that the peer will get CHANGED messages for all refs changed since the connection opened, even if those changes happened before it sent NOTIFYCHANGE.
* refactor ref change watchingGravatar Joey Hess2016-12-09
| | | | | | | | | | | | | | | | | | Added to change notification to P2P protocol. Switched to a TBChan so that a single long-running thread can be started, and serve perhaps intermittent requests for change notifications, without buffering all changes in memory. The P2P runner currently starts up a new thread each times it waits for a change, but that should allow later reusing a thread. Although each connection from a peer will still need a new watcher thread to run. The dependency on stm-chans is more or less free; some stuff in yesod uses it, so it was already indirectly pulled in when building with the webapp. This commit was sponsored by Francois Marier on Patreon.
* git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks.Gravatar Joey Hess2016-12-09
| | | | | | | | | | | | | | | | | | | | | The attacker could just send a very lot of data, with no \n and it would all be buffered in memory until the kernel killed git-annex or perhaps OOM killed some other more valuable process. This is a low impact security hole, only affecting communication between local git-annex and git-annex-shell on the remote system. (With either able to be the attacker). Only those with the right ssh key can do it. And, there are probably lots of ways to construct git repositories that make git use a lot of memory in various ways, which would have similar impact as this attack. The fix in P2P/IO.hs would have been higher impact, if it had made it to a released version, since it would have allowed DOSing the tor hidden service without needing to authenticate. (The LockContent and NotifyChanges instances may not be really exploitable; since the line is read and ignored, it probably gets read lazily and does not end up staying buffered in memory.)
* debug on error serving peerGravatar Joey Hess2016-12-09
|
* avoid remotedaemon outputting misc Messages when runningGravatar Joey Hess2016-12-08
| | | | | | It's a daemon or is communictaing with the assistant over stdio, so should not display checksum messages etc while serving the P2P protocol etc.
* consistent capsGravatar Joey Hess2016-12-08
|
* move to debugGravatar Joey Hess2016-12-08
|
* convert P2P runners from Maybe to Either StringGravatar Joey Hess2016-12-08
| | | | | | So we get some useful error messages when things fail. This commit was sponsored by Peter Hogg on Patreon.
* refactorGravatar Joey Hess2016-12-06
|
* plumb peer uuid through to runLocalGravatar Joey Hess2016-12-02
| | | | This will allow updating transfer logs with the uuid.
* make remote-daemon able to send and receive objects over torGravatar Joey Hess2016-12-02
| | | | | | | | Each worker thread needs to run in the Annex monad, but the remote-daemon's liftAnnex can only run 1 action at a time. Used Annex.Concurrent to deal with that. P2P.Annex is incomplete as of yet.
* cleanupsGravatar Joey Hess2016-12-01
|
* actually check p2p authtokens for tor connectionsGravatar Joey Hess2016-11-30
| | | | This commit was sponsored by Ethan Aubin.
* fixGravatar Joey Hess2016-11-29
|
* fix buildGravatar Joey Hess2016-11-24
|
* avoid serving more than 10 tor connections at a timeGravatar Joey Hess2016-11-21
| | | | | | | Another 10 clients can be accepted and waiting their turn. After that, start dropping connections. This is to avoid DOS attacks..
* detect EOF on socket and cleanly shutdown the service processGravatar Joey Hess2016-11-21
|
* stop cleanly when there's a IO error accessing the HandleGravatar Joey Hess2016-11-21
| | | | | All other exceptions are let through, but IO errors accessing the handle are to be expected, so quietly ignore.
* Added git-remote-tor-annex, which allows git pull and push to the tor hidden ↵Gravatar Joey Hess2016-11-21
| | | | | | | | | | | service. Almost working, but there's a bug in the relaying. Also, made tor hidden service setup pick a random port, to make it harder to port scan. This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
* improve p2p protocol implementationGravatar Joey Hess2016-11-20
| | | | Tested it in ghci a little now.
* remotedaemon: serve tor hidden serviceGravatar Joey Hess2016-11-20
|
* remotedaemon: Fork to background by default. Added --foreground switch to ↵Gravatar Joey Hess2016-11-20
| | | | | | enable old behavior. Groundwork for tor hidden services, which the remotedaemon will serve.
* implementation of peer-to-peer protocolGravatar Joey Hess2016-11-17
| | | | | | | | | | | | | | | | For use with tor hidden services, and perhaps other transports later. Based on Utility.SimpleProtocol, it's a line-based protocol, interspersed with transfers of bytestrings of a specified size. Implementation of the local and remote sides of the protocol is done using a free monad. This lets monadic code be included here, without tying it to any particular way to get bytes peer-to-peer. This adds a dependency on the haskell package "free", although that was probably pulled in transitively from other dependencies already. This commit was sponsored by Jeff Goeke-Smith on Patreon.
* make LocalRepo a newtypeGravatar Joey Hess2016-06-02
|
* remotedaemon: Fixed support for notifications of changes to gcrypt remotes, ↵Gravatar Joey Hess2016-06-02
| | | | which was never tested and didn't quite work before.
* remove 163 lines of code without changing anything except importsGravatar Joey Hess2016-01-20
|
* rename bothHandles -> ioHandlesGravatar Joey Hess2015-04-03
|
* remotedaemon: Fixed support for notifications of changes to gcrypt remotes, ↵Gravatar Joey Hess2015-03-16
| | | | which was never tested and didn't quite work before.
* propigate ssh-options everywhere ssh caching is usedGravatar Joey Hess2015-02-12
| | | | | | | | | * sync: Use the ssh-options git config when doing git pull and push. * remotedaemon: Use the ssh-options git config. Note that the rename env var means that if a new git-annex calls an old one for git-annex ssh, or a new calls an old, nothing much will go wrong; just ssh caching won't happen.
* update my email address and homepage urlGravatar Joey Hess2015-01-21
|
* remotedaemon: Fix problem that could prevent ssh connections being made ↵Gravatar Joey Hess2015-01-15
| | | | | | | | after two LOSTNET messages were received in a row Perhaps due to two different network interfaces being brought down. Since there is no reliable way to drain a Chan, I switched to STM TChan.
* indent with tabs not spacesGravatar Joey Hess2014-10-09
| | | | | | | | | | | Found these with: git grep "^ " $(find -type f -name \*.hs) |grep -v ': where' Unfortunately there is some inline hamlet that cannot use tabs for indentation. Also, Assistant/WebApp/Bootstrap3.hs is a copy of a module and so I'm leaving it as-is.
* fix some mixed space+tab indentationGravatar Joey Hess2014-10-09
| | | | | | | | | This fixes all instances of " \t" in the code base. Most common case seems to be after a "where" line; probably vim copied the two space layout of that line. Done as a background task while listening to episode 2 of the Type Theory podcast.
* unify exception handling into Utility.ExceptionGravatar Joey Hess2014-08-07
| | | | | | | | | | | | | | | | | | | | Removed old extensible-exceptions, only needed for very old ghc. Made webdav use Utility.Exception, to work after some changes in DAV's exception handling. Removed Annex.Exception. Mostly this was trivial, but note that tryAnnex is replaced with tryNonAsync and catchAnnex replaced with catchNonAsync. In theory that could be a behavior change, since the former caught all exceptions, and the latter don't catch async exceptions. However, in practice, nothing in the Annex monad uses async exceptions. Grepping for throwTo and killThread only find stuff in the assistant, which does not seem related. Command.Add.undo is changed to accept a SomeException, and things that use it for rollback now catch non-async exceptions, rather than only IOExceptions.
* export CreateProcess fields from Utility.ProcessGravatar Joey Hess2014-06-10
| | | | update code to avoid cwd and env redefinition warnings