Do verification of checksums of annex objects downloaded from remotes.
* When annex objects are received into git repositories, their checksums are verified then too. * To get the old, faster, behavior of not verifying checksums, set annex.verify=false, or remote.<name>.annex-verify=false. * setkey, rekey: These commands also now verify that the provided file matches the key, unless annex.verify=false. * reinject: Already verified content; this can now be disabled by setting annex.verify=false. recvkey and reinject already did verification, so removed now duplicate code from them. fsck still does its own verification, which is ok since it does not use getViaTmp, so verification doesn't happen twice when using fsck --from.
This commit is contained in:
Joey Hess
parent
b72d3fbeba
commit
2fb3722ce9
18 changed files with 137 additions and 99 deletions
|
|
@ -16,9 +16,6 @@ import Utility.Rsync
|
|||
import Logs.Transfer
|
||||
import Command.SendKey (fieldTransfer)
|
||||
import qualified CmdLine.GitAnnexShell.Fields as Fields
|
||||
import qualified Types.Key
|
||||
import qualified Types.Backend
|
||||
import qualified Backend
|
||||
|
||||
cmd :: Command
|
||||
cmd = noCommit $ command "recvkey" SectionPlumbing
|
||||
|
|
@ -29,8 +26,12 @@ seek :: CmdParams -> CommandSeek
|
|||
seek = withKeys start
|
||||
|
||||
start :: Key -> CommandStart
|
||||
start key = fieldTransfer Download key $ \_p ->
|
||||
ifM (getViaTmp key go)
|
||||
start key = fieldTransfer Download key $ \_p -> do
|
||||
-- Always verify content when a direct mode repo is sending a file,
|
||||
-- as the file could change while being transferred.
|
||||
fromdirect <- isJust <$> Fields.getField Fields.direct
|
||||
let verify = if fromdirect then AlwaysVerify else DefaultVerify
|
||||
ifM (getViaTmp verify key go)
|
||||
( do
|
||||
-- forcibly quit after receiving one key,
|
||||
-- and shutdown cleanly
|
||||
|
|
@ -42,43 +43,4 @@ start key = fieldTransfer Download key $ \_p ->
|
|||
go tmp = do
|
||||
opts <- filterRsyncSafeOptions . maybe [] words
|
||||
<$> getField "RsyncOptions"
|
||||
ok <- liftIO $ rsyncServerReceive (map Param opts) tmp
|
||||
|
||||
-- The file could have been received with permissions that
|
||||
-- do not allow reading it, so this is done before the
|
||||
-- directcheck.
|
||||
freezeContent tmp
|
||||
|
||||
if ok
|
||||
then ifM (isJust <$> Fields.getField Fields.direct)
|
||||
( directcheck tmp
|
||||
, return True
|
||||
)
|
||||
else return False
|
||||
{- If the sending repository uses direct mode, the file
|
||||
- it sends could be modified as it's sending it. So check
|
||||
- that the right size file was received, and that the key/value
|
||||
- Backend is happy with it. -}
|
||||
directcheck tmp = do
|
||||
oksize <- case Types.Key.keySize key of
|
||||
Nothing -> return True
|
||||
Just size -> do
|
||||
size' <- liftIO $ getFileSize tmp
|
||||
return $ size == size'
|
||||
if oksize
|
||||
then case Backend.maybeLookupBackendName (Types.Key.keyBackendName key) of
|
||||
Nothing -> do
|
||||
warning "recvkey: received key from direct mode repository using unknown backend; cannot check; discarding"
|
||||
return False
|
||||
Just backend -> maybe (return True) runverify
|
||||
(Types.Backend.verifyKeyContent backend)
|
||||
else do
|
||||
warning "recvkey: received key with wrong size; discarding"
|
||||
return False
|
||||
where
|
||||
runverify check = ifM (check key tmp)
|
||||
( return True
|
||||
, do
|
||||
warning "recvkey: received key from direct mode repository seems to have changed as it was transferred; discarding"
|
||||
return False
|
||||
)
|
||||
liftIO $ rsyncServerReceive (map Param opts) tmp
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue