fix specialRemote confusion with tahoe

tahoe: Fix bug that made initremote require an encryption= parameter,
despite git-annex encryption not being used with this special remote,
since tahoe handles encryption itself.

The chunking parameters were also accepted and won't be any longer either.
They were also not actually used.

c4ea3ca40ae6ba973287ca94e892e93973a8376e was the commit. At that point
specialRemote was being added to most remotes and I forgot tahoe doesn't
need these parameters.

Turns out that, when embedcreds=yes was used, it did *not* cause the
introducer-furl and shared-convergence-secret to be encrypted, even
though encryption= was specified. Which is only not a security hole
because encryption= was not documented to work with the tahoe special
remote at all!

It might be nice to support onlyencryptcreds=yes with tahoe, and it
would make sense to accept the encryption= parameter then, and only use
it for encrypting the creds. That would take some work, since the
encryption= parameter would need to be optional, and the usual encrypted
special remote code couldn't be used.

Sponsored-by: unqueued

diff --git a/CHANGELOG b/CHANGELOG
index 9a478550fe89660aea5b0998550b59bee8b9e814..1e43b9638f0b82f9e140927a093632875c1cfd07 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,6 +27,9 @@ git-annex (10.20250722) UNRELEASED; urgency=medium
   * Don't allow the type of encryption of an existing special remote to be
     changed. Fixes reversion introduced in version 7.20191230.
   * tahoe: Support tahoe-lafs command versions newer than 1.16.
+  * tahoe: Fix bug that made initremote require an encryption= parameter,
+    despite git-annex encryption not being used with this special remote.
+    Fixes reversion introduced in version 7.20191230.
   * Removed support for git versions older than 2.22.
   * Bump aws build dependency to 0.24.1.
   * stack.yaml: Update to lts-24.2.

diff --git a/Remote/Tahoe.hs b/Remote/Tahoe.hs
index e51ccf953138811d79e49def99726ba4fff6774d..2f0cebf188e91bee94b9c9dfe76a6e6a6e32eb53 100644 (file)
--- a/Remote/Tahoe.hs
+++ b/Remote/Tahoe.hs
@@ -58,7 +58,7 @@ type IntroducerFurl = String
 type Capability = String
 
 remote :: RemoteType
-remote = specialRemoteType $ RemoteType
+remote = RemoteType
        { typename = "tahoe"
        , enumerate = const (findSpecialRemotes "tahoe")
        , generate = gen

diff --git a/doc/special_remotes/tahoe.mdwn b/doc/special_remotes/tahoe.mdwn
index 80f176d73c2d5a4276c8d3e8ea3a18da5e1bd3b7..281151182d2ddc291766f52e69d34af20c6bf3ab 100644 (file)
--- a/doc/special_remotes/tahoe.mdwn
+++ b/doc/special_remotes/tahoe.mdwn
@@ -35,10 +35,6 @@ the tahoe remote.
   whether you want to give them access to your tahoe system before
   using embedcreds!
 
-* `onlyencryptcreds` - Optional. Set to "yes" to make the `encryption`
-  only be used for the embedded tahoe credentials, but not used to encrypt
-  the content stored on the special remote.
-
 Setup example:
 
        # TAHOE_FURL=... git annex initremote tahoe type=tahoe embedcreds=yes