From 5d80db62434058c18a0677d3d81b2fef44a1c3ec Mon Sep 17 00:00:00 2001 From: anarcat Date: Tue, 16 Jun 2015 20:10:50 +0000 Subject: Added a comment --- .../comment_2_7a1ce64d362b8f75adf22709771a7787._comment | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 doc/todo/S3_fsck_support/comment_2_7a1ce64d362b8f75adf22709771a7787._comment (limited to 'doc/todo') diff --git a/doc/todo/S3_fsck_support/comment_2_7a1ce64d362b8f75adf22709771a7787._comment b/doc/todo/S3_fsck_support/comment_2_7a1ce64d362b8f75adf22709771a7787._comment new file mode 100644 index 000000000..a27ed8e56 --- /dev/null +++ b/doc/todo/S3_fsck_support/comment_2_7a1ce64d362b8f75adf22709771a7787._comment @@ -0,0 +1,11 @@ +[[!comment format=mdwn + username="anarcat" + subject="comment 2" + date="2015-06-16T20:10:50Z" + content=""" +understood: i thought `-f` was `--from`... hence my confusion. + +as for `remoteFsck`, i guess what i am saying is exactly that: there *does* seem to be a way to do a remote checksum of the file *without* downloading it. it seems to be a critical advantage over having to download the whole repository to check it... maybe `--fast` could use that technique and `non--fast` would download? + +as for the on-wire MD5 stuff, that does seem to be overkill... +"""]] -- cgit v1.2.3 From 8e9feaacdf1603ca40113d5f3e39d0b0f84686eb Mon Sep 17 00:00:00 2001 From: anarcat Date: Tue, 16 Jun 2015 21:03:48 +0000 Subject: first python implementation of this --- doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/todo') diff --git a/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn b/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn index 2297c4aca..d41ad3318 100644 --- a/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn +++ b/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn @@ -8,11 +8,11 @@ hook to do this. --[[Joey]] There are two levels of checking it seems such a command could do: -1. Only allow certian files to be changed. For example, maye clients are only +1. Only allow certain files to be changed. For example, maybe clients are only expected to change location tracking files, and the activity.log file, but not others like trust.log. -2. Only allow moidiciations of data about a specific UUID. The UUID +2. Only allow modifications of data about a specific UUID. The UUID would be provided to the command (and could be determined based on a per-client ssh key or etc). @@ -34,3 +34,5 @@ This might be too limiting for some situations: changes to remote.log, which the first level of checking would not allow. And, it would add another UUID, which the second level of checking would need to be configured to allow. + +I started doing an implementation of this in Python here. For technical reasons the git repo is not publicly available, but here's a [dump](http://paste.debian.net/232563/) of the code. I went through what seems to be a rather convoluted process with libgit there because I wanted to have some proper unit tests and generating git commands by hand in a shell script is rather painful.Also, it currently adopts a "blocking" approach, ie. it blocks known problems, but maybe it should be based on an "allow" approach, that is: only allow certain things to go through. So far it only forbids removals and changes to trust.log. A bunch of stuff is still missing like parameters (to allow changing the list of protected files) and checking the log tracking info. Feedback welcome. -- cgit v1.2.3 From 4254d0a175db2f65a65cf5bbc7d7926f79ca73aa Mon Sep 17 00:00:00 2001 From: anarcat Date: Tue, 16 Jun 2015 21:06:14 +0000 Subject: sign and split out --- doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'doc/todo') diff --git a/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn b/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn index d41ad3318..7eb02c3ff 100644 --- a/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn +++ b/doc/todo/git-hook_to_sanity-check_git-annex_branch_pushes.mdwn @@ -35,4 +35,7 @@ This might be too limiting for some situations: And, it would add another UUID, which the second level of checking would need to be configured to allow. -I started doing an implementation of this in Python here. For technical reasons the git repo is not publicly available, but here's a [dump](http://paste.debian.net/232563/) of the code. I went through what seems to be a rather convoluted process with libgit there because I wanted to have some proper unit tests and generating git commands by hand in a shell script is rather painful.Also, it currently adopts a "blocking" approach, ie. it blocks known problems, but maybe it should be based on an "allow" approach, that is: only allow certain things to go through. So far it only forbids removals and changes to trust.log. A bunch of stuff is still missing like parameters (to allow changing the list of protected files) and checking the log tracking info. Feedback welcome. +Python implementation +--------------------- + +I started doing an implementation of this in Python here. For technical reasons the git repo is not publicly available, but here's a [dump](http://paste.debian.net/232563/) of the code. I went through what seems to be a rather convoluted process with libgit there because I wanted to have some proper unit tests and generating git commands by hand in a shell script is rather painful.Also, it currently adopts a "blocking" approach, ie. it blocks known problems, but maybe it should be based on an "allow" approach, that is: only allow certain things to go through. So far it only forbids removals and changes to trust.log. A bunch of stuff is still missing like parameters (to allow changing the list of protected files) and checking the log tracking info. Feedback welcome. --[[anarcat]] -- cgit v1.2.3