X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/969881fd1929a16b1aff0b493e88b92cf4b5a579..4729ff0812c1f3d06d98524e2fec232d3bf90513:/doc/todo/git-annex_support.mdwn?ds=sidebyside diff --git a/doc/todo/git-annex_support.mdwn b/doc/todo/git-annex_support.mdwn index 3c0b22869..c49cab4d2 100644 --- a/doc/todo/git-annex_support.mdwn +++ b/doc/todo/git-annex_support.mdwn @@ -178,7 +178,20 @@ index 9d6f636..e0b4cf8 100644 push @IkiWiki::underlayfiles, $f; -Now obviously this patch is incomplete: I am not sure we actually avoid the attack, ie. i am not sure the check in `srcdir()` is sufficient to remove completely the check in `find_src_files()`. It does work, however: the files get picked up from the underlay and properly hardlinked into the target `public_html` directory! So with the above patch, then the following hook in `source.git/hooks/post-receive`: +Now obviously this patch is incomplete: I am not sure we actually avoid the attack, ie. i am not sure the check in `srcdir()` is sufficient to remove completely the check in `find_src_files()`. + +After reviewing the code further, it seems that `find_src_files` in three places in ikiwiki: + +
+../IkiWiki/Render.pm:421:	find_src_files(1, \@files, \%pages);
+../IkiWiki/Render.pm:846:		($files, $pages)=find_src_files();
+../po/po2wiki:18:my ($files, $pages)=IkiWiki::find_src_files();
+
+ +The first occurence is in `IkiWiki::Render::process_changed_files`, where it is used mostly for populating `@IkiWiki::underlayfiles`, the only side effect of +`find_src_files`. The second occurence is in `IkiWiki::Render::refresh`. There things are a little more complicated (to say the least) and a lot of stuff happens. To put it in broad terms, first it does a `IkiWiki::Render::scan` and then a `IkiWiki::Render::render`. The last two call `srcfile()` appropriately (where i put an extra symlink check), except for `will_render()` in `scan`, which I can't figure out right now and that seems to have a lot of global side effects. It still looks fairly safe at first glance. The `rcs_get_current_rev`, `refresh`, `scan` and `rendered` hooks are also called in there, but I assume those to be safe, since they are called with sanitized values already. + +The patch does work: the files get picked up from the underlay and properly hardlinked into the target `public_html` directory! So with the above patch, then the following hook in `source.git/hooks/post-receive`:
 #!/bin/sh
@@ -209,8 +222,23 @@ And we need the following config:
 hardlink: 1
 add_underlays:
 - /home/w-anarcat/annex
+add_plugins:
+- underlay
 
... and the `ikiwiki-hosting` patch mentionned earlier to allow git-annex-shell to run at all. Also, the `--shared` option will [make git-annex use hardlinks itself between the two repos](https://git-annex.branchable.com/todo/wishlist:_use_hardlinks_for_local_clones/), so the files will be available for download as well. --[[anarcat]] -> ...aaaand this doesn't work anymore. :( i could have sworn this was working minutes ago, but for some reason the annexed files get skipped again now. :( --[[anarcat]] +> ...aaaand this doesn't work anymore. :( i could have sworn this was working minutes ago, but for some reason the annexed files get skipped again now. :( Sorry for the noise, the annex repo wasn't in direct mode - the above works! --[[anarcat]] + +This [[patch]] still applies - anything else I should be doing here to try to get this fixed? A summary maybe? --[[anarcat]] + +> Sorry, I don't have the mental bandwidth at the moment to work through the +> implications of this change. I know you want this feature, I know it's an +> attractive solution to several use cases, and git annex support is in the +> queue, but at right now I'm still trying to deal with mitigating +> CVE-2016-3714, and the last thing I want to do is merge new security +> risks. --[[smcv]] + +> > No problem at all, glad that you still have that in the queue, and I hope +> > my work was somewhat useful in pushing this forward! Thanks for taking +> > care of the Imagetragick situation... :/ --[[anarcat]]