Please describe the problem.
$> git annex version
git-annex version: 10.20230828+git6-g86c70833a1-1~ndall+1
...
$> git annex enableremote typhon
enableremote (normal) typhon
Unable to parse git config from typhon
Remote typhon does not have git-annex installed; setting annex-ignore
This could be a problem with the git-annex installation on the remote. Please make sure that git-annex-shell is available in PATH when you ssh into the remote. Once you have fixed the git-annex installation, run: git annex enableremote typhon
failed
enableremote: 1 failed
here git-annex hints on git-annex not being installed (totally not true), or inability to parse config (in effect it is true but not for the reason of config being wrong etc).
It is all because that folder on the ssh remote belongs to someone else and if I run shell command manually then I see the hint from git itself:
$> ssh typhon git-annex-shell configlist /mnt/DATA/data/studies/bep302/gin_BEP032-examples --debug
[2023-08-31 11:57:26.338523978] (Utility.Process) process [3594411] read: git ["--git-dir=/mnt/DATA/data/studies/bep302/gin_BEP032-examples/.git","--work-tree=/mnt/DATA/data/studies/bep302/gin_BEP032-examples","--literal-pathspecs","-c","annex.debug=true","show-ref","git-annex"]
[2023-08-31 11:57:26.339808748] (Utility.Process) process [3594411] done ExitSuccess
[2023-08-31 11:57:26.340366568] (Utility.Process) process [3594412] read: git ["config","--local","--list"]
[2023-08-31 11:57:26.342570264] (Utility.Process) process [3594412] done ExitFailure 128
[2023-08-31 11:57:26.342620672] (Git.Config) config output: fatal: --local can only be used inside a git repository
git-annex-shell: Git refuses to operate in this repository,
probably because it is owned by someone else.
To add an exception for this directory, call:
git config --global --add safe.directory /mnt/DATA/data/studies/bep302/gin_BEP032-examples
so, ideally git annex enableremote should provide a similar diagnostic output instead of incorrect reasons stated.
```
I wonder if it even makes sense for git-annex-shell to replicate this git security check, or would it be better for it to instruct git to trust the repository, so it can be used on it?
git's CVE-2022-24765 involves a malicious creation of a .git repository above the victim's cwd, with a .git/config that causes things like eg shell prompts that run git to execute attacker-controlled commands.
git-annex-shell commands all take the directory that the repository is in, and uses that repository. So it doesn't traverse above looking for other .git directories.
And,
git clonewill happily clone a remote repsository that's owned by another user, including over ssh. And pull and push etc work with such a remote. So git-annex-shell should too.(For that matter, other git-annex-shell commands do work, it's only the command that reads the git config that fails to work.)
Closely related, when a local repo is owned by someone else, cloning it and using it as a git-annex remote also fails, at the same config listing stage.
I think the same reasoning applies to that, the path to the repo is explicitly specified in the remote url, so it should treat it as a safe repo for the purposes of listing its config.
Basically the same fix works for both the ssh remote and the local remote cases.
Another related case is when git has been configured with safe.bareRepository=explicit and the remote (either ssh or local) is a bare repo. git-annex-shell will fail with the same misleading message, and for a local repo, git-annex will also display the same misleading message.
I think it also ought to override safe.bareRepository for such remotes, because eg git pull works with such remotes. The point of safe.bareRepository=explicit is not to prevent using bare remotes, but to prevent things like shell prompts to accidentially use bare repos that are eg, committed by a malicious attacker to a git repository, to avoid using git configs that allow running arbitrary code.