From b87811c4b55d66b1edb26c73e6578ca9f2994a65 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 24 Jan 2014 12:58:52 -0400 Subject: added annex.secure-erase-command config option. --- Annex/Content.hs | 12 ++++++++++++ Types/GitConfig.hs | 2 ++ debian/changelog | 1 + doc/git-annex.mdwn | 12 ++++++++++-- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/Annex/Content.hs b/Annex/Content.hs index 316f05be0..7cd2fb561 100644 --- a/Annex/Content.hs +++ b/Annex/Content.hs @@ -377,6 +377,7 @@ removeAnnex :: Key -> Annex () removeAnnex key = withObjectLoc key remove removedirect where remove file = cleanObjectLoc key $ do + secureErase file liftIO $ nukeFile file removeInodeCache key removedirect fs = do @@ -389,8 +390,19 @@ removeAnnex key = withObjectLoc key remove removedirect cwd <- liftIO getCurrentDirectory let top' = fromMaybe top $ absNormPath cwd top let l' = relPathDirToFile top' (fromMaybe l $ absNormPath top' l) + secureErase f replaceFile f $ makeAnnexLink l' +{- Runs the secure erase command if set, otherwise does nothing. + - File may or may not be deleted at the end; caller is responsible for + - making sure it's deleted. -} +secureErase :: FilePath -> Annex () +secureErase file = maybe noop go =<< annexSecureEraseCommand <$> Annex.getGitConfig + where + go basecmd = void $ liftIO $ + boolSystem "sh" [Param "-c", Param $ gencmd basecmd] + gencmd = massReplace [ ("%file", shellEscape file) ] + {- Moves a key's file out of .git/annex/objects/ -} fromAnnex :: Key -> FilePath -> Annex () fromAnnex key dest = cleanObjectLoc key $ do diff --git a/Types/GitConfig.hs b/Types/GitConfig.hs index 148d73b93..fa0fdc65a 100644 --- a/Types/GitConfig.hs +++ b/Types/GitConfig.hs @@ -48,6 +48,7 @@ data GitConfig = GitConfig , annexFsckNudge :: Bool , annexAutoUpgrade :: AutoUpgrade , annexExpireUnused :: Maybe (Maybe Duration) + , annexSecureEraseCommand :: Maybe String , coreSymlinks :: Bool , gcryptId :: Maybe String } @@ -79,6 +80,7 @@ extractGitConfig r = GitConfig , annexAutoUpgrade = toAutoUpgrade $ getmaybe (annex "autoupgrade") , annexExpireUnused = maybe Nothing Just . parseDuration <$> getmaybe (annex "expireunused") + , annexSecureEraseCommand = getmaybe (annex "secure-erase-command") , coreSymlinks = getbool "core.symlinks" True , gcryptId = getmaybe "core.gcrypt-id" } diff --git a/debian/changelog b/debian/changelog index 02624414f..f5a460545 100644 --- a/debian/changelog +++ b/debian/changelog @@ -29,6 +29,7 @@ git-annex (5.20140118) UNRELEASED; urgency=medium contents when a lot of them seem to be piling up in the repository. * repair: Check git version at run time. * assistant: Run the periodic git gc in batch mode. + * added annex.secure-erase-command config option. * test suite: Use tasty-rerun, and expose tasty command-line options. -- Joey Hess Sat, 18 Jan 2014 11:54:17 -0400 diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index 3e239f7d6..59a322e38 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -1427,8 +1427,16 @@ Here are all the supported configuration settings. In the command line, %url is replaced with the url to download, and %file is replaced with the file that it should be saved to. - Note that both these values will automatically be quoted, since - the command is run in a shell. + +* `annex.secure-erase-command` + + This can be set to a command that should be run whenever git-annex + removes the content of a file from the repository. + + In the command line, %file is replaced with the file that should be + erased. + + For example, to use the wipe command, set it to `wipe -f %file` * `remote..rsyncurl` -- cgit v1.2.3