File: Mask.hs

package info (click to toggle)
git-annex 10.20251029-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 75,300 kB
  • sloc: haskell: 91,492; javascript: 9,103; sh: 1,593; makefile: 216; perl: 137; ansic: 44
file content (257 lines) | stat: -rw-r--r-- 8,320 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
 
{- Mask another remote with added encryption
 -
 - Copyright 2025 Joey Hess <id@joeyh.name>
 -
 - Licensed under the GNU AGPL version 3 or higher.
 -}

{-# LANGUAGE RankNTypes #-}

module Remote.Mask (remote) where

import Annex.Common
import Types.Remote
import Types.Creds
import Types.Crypto
import qualified Git
import qualified Annex
import Remote.Helper.Special
import Remote.Helper.ExportImport
import Config
import Config.Cost
import Annex.UUID
import Types.ProposedAccepted
import Annex.SpecialRemote.Config
import Logs.UUID
import Utility.Metered
import qualified Remote.Git

import Control.Concurrent.STM
import qualified Data.Map as M

remote :: RemoteType
remote = specialRemoteType $ RemoteType
	{ typename = "mask"
	, enumerate = const (findSpecialRemotes "mask")
	, generate = gen
	, configParser = mkRemoteConfigParser
		[ optionalStringParser remoteField
			(FieldDesc "remote to mask")
		]
	, setup = maskSetup
	, exportSupported = exportUnsupported
	, importSupported = importUnsupported
	, thirdPartyPopulated = False
	}

gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> RemoteStateHandle -> Annex (Maybe Remote)
gen r u rc gc rs = do
	maskedremote <- mkMaskedRemote rc gc u
	c <- parsedRemoteConfig remote rc
	cst <- remoteCost gc c $ encryptedRemoteCostAdj + semiExpensiveRemoteCost
	let this = Remote
		{ uuid = u
		, cost = cst
		, name = Git.repoDescribe r
		, storeKey = storeKeyDummy
		, retrieveKeyFile = retrieveKeyFileDummy
		, retrieveKeyFileInOrder = pure True
		, retrieveKeyFileCheap = Nothing
		, retrievalSecurityPolicy = RetrievalVerifiableKeysSecure
		, removeKey = removeKeyDummy
		, lockContent = Nothing
		, checkPresent = checkPresentDummy
		, checkPresentCheap = False
		, exportActions = exportUnsupported
		, importActions = importUnsupported
		, whereisKey = Nothing
		, remoteFsck = Nothing
		, repairRepo = Nothing
		, config = c
		, getRepo = return r
		, gitconfig = gc
		, localpath = Nothing
		, remotetype = remote
		, availability = pure LocallyAvailable
		, readonly = False
		, appendonly = False
		, untrustworthy = False
		, mkUnavailable = return Nothing
		, getInfo = getInfo =<< getMaskedRemote maskedremote
		, claimUrl = Nothing
		, checkUrl = Nothing
		, remoteStateHandle = rs
		}
	return $ Just $ specialRemote c
		(store maskedremote)
		(retrieve maskedremote)
		(remove maskedremote)
		(checkKey maskedremote)
		this

maskSetup :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
maskSetup setupstage mu _ c gc = do
	remotelist <- Annex.getState Annex.remotes
	let findnamed maskremotename =
		case filter (\r -> name r == maskremotename) remotelist of
			(r:_) -> return r
			[] -> giveup $ "There is no remote named \"" ++ maskremotename ++ "\""
	case setupstage of
		Init -> do
			maskremotename <- maybe
				(giveup "Specify remote=")
				(pure . fromProposedAccepted)
				(M.lookup remoteField c)
			setupremote =<< findnamed maskremotename
		_ -> case M.lookup remoteField c of
			-- enableremote with remote= overrides the remote
			-- name that was used with initremote.
			Just (Proposed maskremotename) -> do
				r <- findnamed maskremotename
				unless (uuid r == maskremoteuuid) $
					giveup $ "Remote \"" ++ maskremotename ++ "\" does not have the expected uuid (" ++ fromUUID maskremoteuuid ++ ")" 
				setupremote r
			_ -> enableremote remotelist
  where
	setupremote r = do
		let c' = M.insert remoteUUIDField
			(Proposed (fromUUID (uuid r) :: String)) c
		(c'', encsetup) <- encryptionSetup setupstage c' gc
		verifyencryptionok encsetup r
		
		u <- maybe (liftIO genUUID) return mu
		gitConfigSpecialRemote u c'' [ ("mask", name r) ]
		return (c'', u)
		
	maskremoteuuid = fromMaybe NoUUID $ 
		toUUID . fromProposedAccepted
			<$> M.lookup remoteUUIDField c
				
	enableremote remotelist = do
		case filter (\r -> uuid r == maskremoteuuid) remotelist of
			(r:_) -> setupremote r
			[] -> case setupstage of
				Enable _ ->
					missingMaskedRemote maskremoteuuid
				-- When autoenabling, the masked remote may
				-- get autoenabled later, or need to be
				-- manually enabled.
				_ -> do
					(c', _) <- encryptionSetup setupstage c gc
					u <- maybe (liftIO genUUID) return mu
					gitConfigSpecialRemote u c' [ ("mask", "true") ]
					return (c', u)

	verifyencryptionok NoEncryption _ =
		giveup "Must use encryption with a mask special remote."
	verifyencryptionok EncryptionIsSetup r
		| remotetype r == Remote.Git.remote =
			verifyencryptionokgit
		| otherwise = noop
	
	verifyencryptionokgit = case parseEncryptionMethod c of
		Right SharedEncryption ->
			giveup "It's not secure to use encryption=shared with a git remote."
		_ -> noop

newtype MaskedRemote = MaskedRemote { getMaskedRemote :: Annex Remote }

-- findMaskedRemote won't work until the remote list has been populated,
-- so has to be done on the fly rather than at generation time.
-- This caches it for speed.
mkMaskedRemote :: RemoteConfig -> RemoteGitConfig -> UUID -> Annex MaskedRemote
mkMaskedRemote c gc u = do
	v <- liftIO $ newTMVarIO Nothing
	return $ MaskedRemote $ 
		liftIO (atomically (takeTMVar v)) >>= \case
			Just maskedremote -> return maskedremote
			Nothing -> do
				maskedremote <- findMaskedRemote c gc u
				liftIO $ atomically $ putTMVar v (Just maskedremote)
				return maskedremote

findMaskedRemote :: RemoteConfig -> RemoteGitConfig -> UUID -> Annex Remote
findMaskedRemote c gc myuuid = case remoteAnnexMask gc of
	-- This remote was autoenabled, so use any remote with the
	-- uuid of the masked remote, so that it can also be autoenabled.
	Just "true" -> 
		case getmaskedremoteuuid of
			Just maskremoteuuid -> 
				selectremote maskremoteuuid $ \r ->
					uuid r == maskremoteuuid
			Nothing -> missingMaskedRemote NoUUID
	Just maskremotename ->
		selectremote (fromMaybe NoUUID getmaskedremoteuuid) $ \r -> 
			name r == maskremotename 
				&& Just (uuid r) == getmaskedremoteuuid
	Nothing -> missingMaskedRemote NoUUID
  where
	getmaskedremoteuuid = toUUID . fromProposedAccepted
		<$> M.lookup remoteUUIDField c
	selectremote u f = do
		remotelist <- Annex.getState Annex.remotes
		case filter f remotelist of
			(r:_)
				| uuid r == myuuid -> giveup "Mask special remote is configured to mask itself. This is not a valid configuration."
				-- Avoid cycles, and there is no benefit
				-- to masking a mask special remote.
				| remotetype r == remote -> giveup "Mask special remote is configured to mask another mask special remote. This is not supported."
				| otherwise -> return r
			[] -> missingMaskedRemote u

missingMaskedRemote :: UUID -> Annex a
missingMaskedRemote maskremoteuuid = do
	descmap <- uuidDescMap
	let desc = case M.lookup maskremoteuuid descmap of
		Just (UUIDDesc d) -> decodeBS d
		Nothing -> ""
	giveup $ unlines
		[ "Before this mask special remote can be used, you must set up the remote it uses:"
		, "  " ++ fromUUID maskremoteuuid ++ " -- " ++ desc
		]

store :: MaskedRemote -> Storer
store maskedremote k src p = do
	r <- getMaskedRemote maskedremote 
	storeMasked r k src p

storeMasked :: Remote -> Storer
storeMasked maskedremote = 
	fileStorer $ \k f p -> storeKey maskedremote k af (Just f) p
  where
	af = AssociatedFile Nothing

retrieve :: MaskedRemote -> Retriever
retrieve maskedremote k p dest iv callback = do
	r <- getMaskedRemote maskedremote 
	fileRetriever (retrieveMasked r) k p dest iv callback

retrieveMasked :: Remote -> OsPath -> Key -> MeterUpdate -> Annex ()
retrieveMasked maskedremote dest k p = 
	-- The masked remote does not need to verify, because fileRetriever
	-- does its own verification.
	void $ retrieveKeyFile maskedremote k af dest p NoVerify
  where
	af = AssociatedFile Nothing

remove :: MaskedRemote -> Remover
remove maskedremote proof k = do
	r <- getMaskedRemote maskedremote 
	removeMasked r proof k

removeMasked :: Remote -> Remover
removeMasked maskedremote = removeKey maskedremote

checkKey :: MaskedRemote -> CheckPresent
checkKey maskedremote k = do
	r <- getMaskedRemote maskedremote 
	checkKeyMasked r k

checkKeyMasked :: Remote -> CheckPresent
checkKeyMasked maskedremote = checkPresent maskedremote

remoteField :: RemoteConfigField
remoteField = Accepted "remote"

remoteUUIDField :: RemoteConfigField
remoteUUIDField = Accepted "remoteuuid"