Do verification of checksums of annex objects downloaded from remotes.
* When annex objects are received into git repositories, their checksums are verified then too. * To get the old, faster, behavior of not verifying checksums, set annex.verify=false, or remote.<name>.annex-verify=false. * setkey, rekey: These commands also now verify that the provided file matches the key, unless annex.verify=false. * reinject: Already verified content; this can now be disabled by setting annex.verify=false. recvkey and reinject already did verification, so removed now duplicate code from them. fsck still does its own verification, which is ok since it does not use getViaTmp, so verification doesn't happen twice when using fsck --from.
This commit is contained in:
parent
b72d3fbeba
commit
2fb3722ce9
18 changed files with 137 additions and 99 deletions
|
@ -159,7 +159,7 @@ test st r k =
|
|||
Just b -> case verifyKeyContent b of
|
||||
Nothing -> return True
|
||||
Just verifier -> verifier k (key2file k)
|
||||
get = getViaTmp k $ \dest ->
|
||||
get = getViaTmp (RemoteVerify r) k $ \dest ->
|
||||
Remote.retrieveKeyFile r k Nothing dest nullMeterUpdate
|
||||
store = Remote.storeKey r k Nothing nullMeterUpdate
|
||||
remove = Remote.removeKey r k
|
||||
|
@ -173,10 +173,10 @@ testUnavailable st r k =
|
|||
, check (`notElem` [Right True, Right False]) "checkPresent" $
|
||||
Remote.checkPresent r k
|
||||
, check (== Right False) "retrieveKeyFile" $
|
||||
getViaTmp k $ \dest ->
|
||||
getViaTmp (RemoteVerify r) k $ \dest ->
|
||||
Remote.retrieveKeyFile r k Nothing dest nullMeterUpdate
|
||||
, check (== Right False) "retrieveKeyFileCheap" $
|
||||
getViaTmp k $ \dest ->
|
||||
getViaTmp (RemoteVerify r) k $ \dest ->
|
||||
Remote.retrieveKeyFileCheap r k Nothing dest
|
||||
]
|
||||
where
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue