) where
import Annex.Common
+import qualified Annex
import Types.Remote
import Types.ProposedAccepted
import Types.MetaData
}
setupInstance :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
-setupInstance _ mu _ c _ = do
+setupInstance ss mu _ c _ = do
ComputeProgram program <- either giveup return $ getComputeProgram' c
+ case ss of
+ AutoEnable _ -> do
+ l <- maybe [] words
+ . annexAutoEnableComputePrograms
+ <$> Annex.getGitConfig
+ unless (program `elem` l) $ do
+ let remotename = fromMaybe "(unknown)" (lookupName c)
+ giveup $ unwords
+ [ "Not auto-enabling compute special remote"
+ , remotename
+ , "because its compute program"
+ , program
+ , " is not listed in annex.security.autoenable-compute-programs"
+ ]
+ _ -> noop
unlessM (liftIO $ inSearchPath program) $
giveup $ "Cannot find " ++ program ++ " in PATH"
u <- maybe (liftIO genUUID) return mu
* get input files for a computation (so `git-annex get .` gets every file,
even when input files in a directory are processed after computed files)
-* autoinit security
-
* addcomputed should honor annex.addunlocked.
* Perhaps recompute should write a new version of a file as an unlocked
, annexAllowedUrlSchemes :: S.Set Scheme
, annexAllowedIPAddresses :: String
, annexAllowUnverifiedDownloads :: Bool
+ , annexAutoEnableComputePrograms :: Maybe String
, annexMaxExtensionLength :: Maybe Int
, annexMaxExtensions :: Maybe Int
, annexJobs :: Concurrency
getmaybe (annexConfig "security.allowed-http-addresses") -- old name
, annexAllowUnverifiedDownloads = (== Just "ACKTHPPT") $
getmaybe (annexConfig "security.allow-unverified-downloads")
+ , annexAutoEnableComputePrograms =
+ getmaybe (annexConfig "security.autoenable-compute-programs")
, annexMaxExtensionLength = getmayberead (annexConfig "maxextensionlength")
, annexMaxExtensions = getmayberead (annexConfig "maxextensions")
, annexJobs = fromMaybe NonConcurrent $
unprotected, or otherwise executing it.
The program is run in a temporary directory, which will be cleaned up after
-it exits. Note that it may be run in a subdirectory of its temporary
+it exits. Note that it may be run in a subdirectory of a temporary
directory. This is done when `git-annex addcomputed` was run in a subdirectory
of the git repository.
-The content of any annexed file in the repository can be an input
-to the computation. The program requests an input by writing a line to
-stdout:
+The content of any file in the repository can be an input to the
+computation. The program requests an input by writing a line to stdout:
INPUT file.raw
Per-remote configuration of annex.security.allow-unverified-downloads.
+* `annex.security.autoenable-compute-programs`
+
+ This is a space separated list of compute programs eg
+ "git-annex-compute-foo git-annex-compute-bar". Listing a compute
+ program here allows compute special remotes that use that program to be
+ autoenabled.
+
# CONFIGURATION OF ASSISTANT
* `annex.delayadd`
"git-annex-compute-". The program needs to be installed somewhere in the
`PATH`.
+The `autoenable` parameter can be set to "true" like with other special
+remotes to make git-annex automatically enable this special remote when
+run in a new clone of the repository. However, for security, autoenabling
+is only done when the git config `annex.security.autoenable-compute-programs`
+includes the name of the compute program.
+
All other "field=value" parameters passed to `initremote` will be passed
to the program when running [[git-annex-addcomputed]]. Note that when the
program takes a dashed option, it can be provided after "--":
projects / git-annex.git / commitdiff