Spent about 5 hours the other night in XMPP hell. At every turn Google Talk exhibited behavior that may meet the letter of the XMPP spec (or not), but varies between highly annoying and insane.

By "insane", I mean this: If a presence message is directed from one client to another client belonging to that same user, randomly leaking that message out to other users who are subscribed is just a security hole waiting to happen.

Anyway, I came out of that with a collection of hacks that worked, but I didn't like. I was using directed presence for buddy-to-buddy pairing, and an IQ message hack for client-to-client pairing.

Today I got chat messages working instead, for both sorts of pairing. These chat messages have an empty body, which should prevent clients from displaying them, but they're sent directed to only git-annex clients anyway.


And XMPP pairing 100% works now! Of course, it doesn't know how to git pull over XMPP yet, but everything else works.

Here's a real .git/config generated by the assistant after XMPP pairing.

[remote "joey"]
        url = 
        fetch = +refs/heads/*:refs/remotes/joey/*
        annex-uuid = 14f5e93e-1ed0-11e2-aa1c-f7a45e662d39
        annex-xmppaddress = joey@kitenet.net 

Fixed a typo that led to an infinite loop when adding a ssh git repo with the assistant. Only occurred when an absolute directory was specified, which is why I didn't notice it before.


Security fix: Added a GIT_ANNEX_SHELL_DIRECTORY environment variable that locks down git-annex-shell to operating in only a single directory. The assistant sets that in ssh authorized_keys lines it creates. This prevents someone you pair with from being able to access any other git or git-annex repositories you may have.


Next up, more craziness. But tomorrow is Nov 6th, so you in the US already knew that..