diff options
author | Joey Hess <joeyh@joeyh.name> | 2019-08-05 11:29:32 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2019-08-05 11:35:26 -0400 |
commit | 3f450f0f4a063d77c19e6ac95223073bc86cd849 (patch) | |
tree | 08707fca789cee36cfe007b0999cb96b7ad397c5 /Remote/GitLFS.hs | |
parent | ecf7f34c23107cfafa32600bade2d14fd9f398e9 (diff) |
add encryption warning
Diffstat (limited to 'Remote/GitLFS.hs')
-rw-r--r-- | Remote/GitLFS.hs | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/Remote/GitLFS.hs b/Remote/GitLFS.hs index bdacf59489..60b3567616 100644 --- a/Remote/GitLFS.hs +++ b/Remote/GitLFS.hs @@ -12,6 +12,7 @@ import Types.Remote import Annex.Url import Types.Key import Types.Creds +import qualified Annex import qualified Git import qualified Git.Types as Git import qualified Git.Url @@ -108,11 +109,21 @@ mySetup _ mu _ c gc = do let repo = fromMaybe (giveup "Specify url=") $ M.lookup "url" c - -- TODO: don't allow using encryption w/o the user indicating they - -- know it will only encrypt git-annex objects, not git pushes - -- TODO: don't allow using encryption=shared w/o the user - -- indicating that pushing to the git-lfs remote will expose the - -- encrypted data. + + when (isEncrypted c) $ + unlessM (Annex.getState Annex.force) $ + giveup $ unwords $ + [ "You asked that encryption be enabled for" + , "this remote, but only the files that" + , "git-annex stores on it would be encrypted;" + , "anything that git push sends to it would" + , "not be encrypted. Even encryption=shared" + , "encryption keys will be stored on the" + , "remote for anyone who can access it to" + , "see." + , "(Use --force if you want to use this" + , "likely insecure configuration.)" + ] (c', _encsetup) <- encryptionSetup c gc -- The repo is not stored in the remote log, because the same |