And require for enable as well as autoenable.
It seemed asking for trouble for `git-annex enable foo` to use whatever
compute program is stored in the git config, without verifying that the
user wants that program to be used.
Note that it would be good to allow `git-annex enable foo program=...`
to be used without the program being in the git config. Not implemented yet
though.
setupInstance :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
setupInstance ss mu _ c _ = do
ComputeProgram program <- either giveup return $ getComputeProgram' c
+ allowedprograms <- maybe [] words . annexAllowedComputePrograms
+ <$> Annex.getGitConfig
case ss of
- AutoEnable _ -> do
- l <- maybe [] words
- . annexAutoEnableComputePrograms
- <$> Annex.getGitConfig
- unless (program `elem` l) $ do
- let remotename = fromMaybe "(unknown)" (lookupName c)
- giveup $ unwords
- [ "Not auto-enabling compute special remote"
- , remotename
- , "because its compute program"
- , program
- , " is not listed in annex.security.autoenable-compute-programs"
- ]
- _ -> noop
+ Init -> noop
+ _ -> unless (program `elem` allowedprograms) $ do
+ let remotename = fromMaybe "(unknown)" (lookupName c)
+ giveup $ unwords
+ [ "Not enabling compute special remote"
+ , remotename
+ , "because its compute program"
+ , program
+ , "is not listed in annex.security-allowed-compute-programs"
+ ]
unlessM (liftIO $ inSearchPath program) $
giveup $ "Cannot find " ++ program ++ " in PATH"
u <- maybe (liftIO genUUID) return mu
+* allow git-annex enableremote with program= explicitly specified,
+ without checking annex.security.allowed-compute-programs
+
* need progress bars for computations and implement PROGRESS message
* get input files for a computation (so `git-annex get .` gets every file,
, annexAllowedUrlSchemes :: S.Set Scheme
, annexAllowedIPAddresses :: String
, annexAllowUnverifiedDownloads :: Bool
- , annexAutoEnableComputePrograms :: Maybe String
+ , annexAllowedComputePrograms :: Maybe String
, annexMaxExtensionLength :: Maybe Int
, annexMaxExtensions :: Maybe Int
, annexJobs :: Concurrency
getmaybe (annexConfig "security.allowed-http-addresses") -- old name
, annexAllowUnverifiedDownloads = (== Just "ACKTHPPT") $
getmaybe (annexConfig "security.allow-unverified-downloads")
- , annexAutoEnableComputePrograms =
- getmaybe (annexConfig "security.autoenable-compute-programs")
+ , annexAllowedComputePrograms =
+ getmaybe (annexConfig "security.allowed-compute-programs")
, annexMaxExtensionLength = getmayberead (annexConfig "maxextensionlength")
, annexMaxExtensions = getmayberead (annexConfig "maxextensions")
, annexJobs = fromMaybe NonConcurrent $
Per-remote configuration of annex.security.allow-unverified-downloads.
-* `annex.security.autoenable-compute-programs`
+* `annex.security.allowed-compute-programs`
This is a space separated list of compute programs eg
"git-annex-compute-foo git-annex-compute-bar". Listing a compute
program here allows compute special remotes that use that program to be
- autoenabled.
+ enabled by `git-annex enableremote` or autoenabled.
# CONFIGURATION OF ASSISTANT
"git-annex-compute-". The program needs to be installed somewhere in the
`PATH`.
-The `autoenable` parameter can be set to "true" like with other special
-remotes to make git-annex automatically enable this special remote when
-run in a new clone of the repository. However, for security, autoenabling
-is only done when the git config `annex.security.autoenable-compute-programs`
-includes the name of the compute program.
+Any program can be passed to `git-annex initremote`. However, when enabling
+a compute special remote later with `git-annex enableremote` or due to
+"autoenable=true", the program must be listed in the git config
+`annex.security.allowed-compute-programs`.
All other "field=value" parameters passed to `initremote` will be passed
to the program when running [[git-annex-addcomputed]]. Note that when the
projects / git-annex.git / commitdiff