summaryrefslogtreecommitdiff
path: root/debian
Commit message (Collapse)AuthorAge
* vicfg: Deleting configurations now resets to the default, where before it ↵Gravatar Joey Hess2014-10-14
| | | | | | | | | has no effect. Added a Default instance for TrustLevel, and was able to use that to clear up several other parts of the code too. This commit was sponsored by Stephan Schulz
* prep release5.20141013Gravatar Joey Hess2014-10-13
|
* repair: Prevent auto gc from happening when fetching from a remote.Gravatar Joey Hess2014-10-12
|
* map: Handle .git prefixed remote repos. Closes: #614759Gravatar Joey Hess2014-10-12
|
* S3: Fix embedcreds=yes handling for the Internet Archive.Gravatar Joey Hess2014-10-12
| | | | | Before, embedcreds=yes did not cause the creds to be stored in remote.log, but also prevented them being locally cached.
* Support building with yesod 1.4.Gravatar Joey Hess2014-10-09
| | | | | | | | The new yesod needs the ViewPatterns extension. Also, a TH splice in Assistant/Threads/WebApp.hs failed to work without OverLoadedStrings. This commit was sponsored by Brock Spratlen.
* add copyright of code copied from yesodGravatar Joey Hess2014-10-09
|
* rewrote and expanded package descriptionGravatar Joey Hess2014-10-03
|
* Adjust cabal file to support building w/o assistant on the hurd.Gravatar Joey Hess2014-09-29
| | | | | I used to have this and hackage rejected the os(gnu), so I am going to see if the new hackage still rejects it.
* prep release5.20140927Gravatar Joey Hess2014-09-27
|
* Add temporary workaround for bug #763078 which broke building on armel and ↵Gravatar Joey Hess2014-09-27
| | | | armhf.
* Really depend (not just build-depend) on new enough git for --no-gpg-sign to ↵Gravatar Joey Hess2014-09-27
| | | | work. Closes: #763057
* prep releaseGravatar Joey Hess2014-09-26
|
* Work around failure to build on mips by using cabal, not Setup, to build in ↵Gravatar Joey Hess2014-09-26
| | | | debian/rules.
* Depend on new enough git for --no-gpg-sign to work. Closes: #762446Gravatar Joey Hess2014-09-22
|
* prep release5.20140919Gravatar Joey Hess2014-09-19
|
* CVE id assignedGravatar Joey Hess2014-09-19
|
* deal with old repositories with non-encrypted credsGravatar Joey Hess2014-09-18
| | | | | | | | | | | | | | | | | See 2fb7ad68637cc4e1092f835055a974f141808ca0 for backstory about how a repo could be in this state. When decryption fails, the repo must be using non-encrypted creds. Note that creds are encrypted/decrypted using the encryption cipher which is stored in the repo, so the decryption cannot fail due to missing gpg keys etc. (For !shared encryptiom, the cipher is iteself encrypted using some gpg key(s), and the decryption of the cipher happens earlier, so not affected by this change. Print a warning message for !shared repos, and continue on using the cipher. Wrote a page explaining what users hit by this bug should do. This commit was sponsored by Samuel Tardieu.
* glacier, S3: Fix bug that caused embedded creds to not be encypted using the ↵Gravatar Joey Hess2014-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remote's key. encryptionSetup must be called before setRemoteCredPair. Otherwise, the RemoteConfig doesn't have the cipher in it, and so no cipher is used to encrypt the embedded creds. This is a security fix for non-shared encryption methods! For encryption=shared, there's no security problem, just an inconsistentency in whether the embedded creds are encrypted. This is very important to get right, so used some types to help ensure that setRemoteCredPair is only run after encryptionSetup. Note that the external special remote bypasses the type safety, since creds can be set after the initial remote config, if the external special remote program requests it. Also note that IA remotes never use encryption, so encryptionSetup is not run for them at all, and again the type safety is bypassed. This leaves two open questions: 1. What to do about S3 and glacier remotes that were set up using encryption=pubkey/hybrid with embedcreds? Such a git repo has a security hole embedded in it, and this needs to be communicated to the user. Is the changelog enough? 2. enableremote won't work in such a repo, because git-annex will try to decrypt the embedded creds, which are not encrypted, so fails. This needs to be dealt with, especially for ecryption=shared repos, which are not really broken, just inconsistently configured. Noticing that problem for encryption=shared is what led to commit cc54ff9e49260cd94f938e69e926a273e231ef4e, which tried to fix the problem by not decrypting the embedded creds. This commit was sponsored by Josh Taylor.
* Revert "S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when ↵Gravatar Joey Hess2014-09-18
| | | | | | | | | | the repository was configured with encryption=shared embedcreds=yes." This reverts commit cc54ff9e49260cd94f938e69e926a273e231ef4e. I can find no basis for that commit and think that I made it in error. setRemoteCredPair always encrypts using the cipher from remoteCipher, even when the cipher is shared.
* add: In direct mode, adding an annex symlink will check it into git, as was ↵Gravatar Joey Hess2014-09-18
| | | | already done in indirect mode.
* WebDav: Fix enableremote crash when the remote already exists. (Bug ↵Gravatar Joey Hess2014-09-17
| | | | introduced in version 5.20140817.)
* Windows: Avoid crashing trying to list gpg secret keys, for gcrypt which is ↵Gravatar Joey Hess2014-09-16
| | | | not yet supported on Windows.
* assistant: Detect when repository has been deleted or moved, and ↵Gravatar Joey Hess2014-09-15
| | | | automatically shut down the assistant. Closes: #761261
* prep5.20140915Gravatar Joey Hess2014-09-15
|
* Fix build with optparse-applicative 0.10. Closes: #761484Gravatar Joey Hess2014-09-14
| | | | This also works with 0.9, and probably 0.8.
* Rather than crashing when there's a problem with the requested bloomfilter ↵Gravatar Joey Hess2014-09-12
| | | | capacity/accuracy, fall back to a reasonable default bloom filter size.
* WORM backend: Switched to include the relative path to the file inside the ↵Gravatar Joey Hess2014-09-11
| | | | repository, rather than just the file's base name. Note that if you're relying on such things to keep files separate with WORM, you should really be using a better backend.
* sync: Ensure that pending changes to git-annex branch are committed when in ↵Gravatar Joey Hess2014-09-11
| | | | direct mode. (Fixing a very minor reversion.)
* Fix transfer lock file FD leak that could occur when two separate git-annex ↵Gravatar Joey Hess2014-09-11
| | | | processes were both working to perform the same set of transfers.
* Promote file not found warning message to an error.Gravatar Joey Hess2014-09-11
|
* The annex-rsync-transport configuration is now also used when checking if a ↵Gravatar Joey Hess2014-09-11
| | | | key is present on a rsync remote, and when dropping a key from the remote.
* Fix parsing of ipv6 address in git remote address when it was not formatted ↵Gravatar Joey Hess2014-09-10
| | | | as an url.
* New annex.hardlink setting. Closes: #758593Gravatar Joey Hess2014-09-05
| | | | | | | | | | * New annex.hardlink setting. Closes: #758593 * init: Automatically detect when a repository was cloned with --shared, and set annex.hardlink=true, as well as marking the repository as untrusted. Had to reorganize Logs.Trust a bit to avoid a cycle between it and Annex.Init.
* webapp: Fixed visual glitch in xmpp pairing.Gravatar Joey Hess2014-09-04
| | | | | | | It seems that all other uses of <div .col-sm-9> occur outside of <div .content-box>. This one occurred inside it, when xmpp pairing. This was introduced in the bootstrap 3 conversion.
* prep release5.20140831Gravatar Joey Hess2014-08-31
|
* update arch depsGravatar Joey Hess2014-08-30
| | | | | | | sparc no longer supports yesod (and is probably not going to be a release arch anyway) tasty is now built on mipsel.
* Do not preserve permissions and acls when copying files from one local git ↵Gravatar Joey Hess2014-08-26
| | | | | | | | | | | | | | | | | repository to another. Timestamps are still preserved as long as cp --preserve=timestamps is supported. This avoids cp -a overriding the default mode acls that the user might have set in a git repository. With GNU cp, this behavior change should not be a breaking change, because git-anex also uses rsync sometimes in the same situation, and has only ever preserved timestamps when using rsync. Systems without GNU cp will no longer use cp -a, but instead just cp. So, timestamps will no longer be preserved. Preserving timestamps when copying between repos is not guaranteed anyway. Closes: #729757
* no lsof build-dep on hurdGravatar Joey Hess2014-08-23
| | | | No assistant there
* Fix stub git-annex test support when built without tasty.Gravatar Joey Hess2014-08-23
|
* Fix handing of autocorrection when running outside a git repository.Gravatar Joey Hess2014-08-23
| | | | | | Old behavior was to take the first fuzzy match. Now, it checks the globa git config, and runs the normal fuzzy handling, including failing to run a semi-random command by default.
* When accessing a local remote, shut down git-cat-file processes afterwards, ↵Gravatar Joey Hess2014-08-20
| | | | | | | | | | | | | | | to ensure that remotes on removable media can be unmounted. Closes: #758630 This does mean that eg, copying multiple files to a local remote will become slightly slower, since it now restarts git-cat-file after each copy. Should not be significant slowdown. The reason git-cat-file is run on the remote at all is to update its location log. In order to add an item to it, it needs to get the current content of the log. Finding a way to avoid needing to do that would be a good path to avoiding this slowdown if it does become a problem somehow. This commit was sponsored by Evan Deaubl.
* Ensure that all lock fds are close-on-exec, fixing various problems with ↵Gravatar Joey Hess2014-08-20
| | | | | | | | | | | | | | | | | | them being inherited by child processes such as git commands. (With the exception of daemon pid locking.) This fixes at part of #758630. I reproduced the assistant locking eg, a removable drive's annex journal lock file and forking a long-running git-cat-file process that inherited that lock. This did not affect Windows. Considered doing a portable Utility.LockFile layer, but git-annex uses posix locks in several special ways that have no direct Windows equivilant, and it seems like it would mostly be a complication. This commit was sponsored by Protonet.
* Make --help work when not in a git repository. Closes: #758592Gravatar Joey Hess2014-08-19
| | | | | | | | | | | | Note that this means getopt parsing is done even when not in a git repository, even though currently cmdnorepo is not passed the results of it. I'd like to move to cmdnorepo not doing its own ad-hoc option parsing, so this is really a good thing. (But as long as eg, getOptionFlag needs an Annex monad, it cannot be used in cmdnorepo handling.) There is a potential for problems if any cmdnorepo branch of a command handles options that are not in its regular getopt, but that would be a bug anyway.
* fix lower bounds on version of exceptionsGravatar Joey Hess2014-08-17
| | | | | | This is needed only because of the new MonadMask needed for bracket in the new version. Ifdefing it everywhere is not practical, since the Setup.hs uses it.
* prep release5.20140817Gravatar Joey Hess2014-08-17
|
* Switched from the old haskell HTTP library to http-conduit.Gravatar Joey Hess2014-08-15
| | | | | | | | | | | | | | | | | | The hoary old HTTP library was only used when checking if an url exists, when curl was not available. It had many problems, including not supporting https at all. Now, this is done using http-conduit for all urls that it supports. Falls back to curl for any url that http-conduit doesn't like (probably ftp etc, but could also be an url that its parser chokes on for whatever reason). This adds a new dependency on http-conduit, but webdav support already indirectly depended on that, and the s3-aws branch also uses it. This opens up the possibility of using http-conduit for large file downloads, but for now I've left it using wget/curl. This commit was sponsored by Paul Tötterman.
* git-annex-shell sendkey: Don't fail if a remote asks for a key to be sent ↵Gravatar Joey Hess2014-08-15
| | | | that already has a transfer lock file indicating it's being sent to that remote. The remote may have moved between networks, or reconnected.
* direct: Avoid leaving file content in misctemp if interrupted.Gravatar Joey Hess2014-08-15
|
* S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when the ↵Gravatar Joey Hess2014-08-12
| | | | | | | | | | | repository was configured with encryption=shared embedcreds=yes. Since encryption=shared, the encryption key is stored in the git repo, so there is no point at all in encrypting the creds, also stored in the git repo with that key. So `initremote` doesn't. The creds are simply stored base-64 encoded. However, it then tried to always decrypt creds when encryption was used..