Do verification of checksums of annex objects downloaded from remotes.

* When annex objects are received into git repositories, their checksums are verified then too. * To get the old, faster, behavior of not verifying checksums, set annex.verify=false, or remote.<name>.annex-verify=false. * setkey, rekey: These commands also now verify that the provided file matches the key, unless annex.verify=false. * reinject: Already verified content; this can now be disabled by setting annex.verify=false. recvkey and reinject already did verification, so removed now duplicate code from them. fsck still does its own verification, which is ok since it does not use getViaTmp, so verification doesn't happen twice when using fsck --from.
2015-10-01 15:54:37 -04:00 · 2015-10-01 15:54:37 -04:00 · 2fb3722ce9
commit 2fb3722ce9
parent b72d3fbeba
18 changed files with 137 additions and 99 deletions
--- a/doc/git-annex-reinject.mdwn
+++ b/doc/git-annex-reinject.mdwn
@ -14,8 +14,8 @@ which should be an already annexed file whose content is not present.
 This can be useful if you have obtained the content of a file from
 elsewhere and want to put it in the local annex.

-Automatically runs fsck on dest to check that the expected content was
-provided.
+Verifies that the src file's content matches with the content that the dest
+file is expected to have, and refuses to reinject it otherwise.

 Example:

--- a/doc/git-annex-setkey.mdwn
+++ b/doc/git-annex-setkey.mdwn
@ -11,8 +11,7 @@ git annex setkey key file
 This plumbing-level command makes the content of the specified key
 be set to the specified file. The file is moved into the annex.

-No checking is done that the file contains the expected contents of the key.
-So it's generally a better idea to use [[git-annex-reinject]](1) instead of
+It's generally a better idea to use [[git-annex-reinject]](1) instead of
 this command.

 # SEE ALSO
--- a/doc/git-annex.mdwn
+++ b/doc/git-annex.mdwn
@ -1026,6 +1026,12 @@ Here are all the supported configuration settings.
  This both prevents git-annex sync from pushing changes, and prevents
  storing or removing files from read-only remote.

+* `remote.<name>.annex-verify`, `annex.verify`
+
+  By default, git-annex will verify the checksums of objects downloaded
+  from remotes. If you trust a remote and don't want the overhead
+  of these checksums, you can set this to `false`.
+
 * `remote.<name>.annexUrl`

  Can be used to specify a different url than the regular `remote.<name>.url`
--- a/doc/todo/checksum_verification_on_transfer/comment_3_2fa9445619032a378264de8b59958c60._comment
+++ b/doc/todo/checksum_verification_on_transfer/comment_3_2fa9445619032a378264de8b59958c60._comment
@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""status update"""
+ date="2015-10-01T19:17:38Z"
+ content="""
+Checksum verification is now done for all downloads, unless disabled via
+annex.verify=false.
+
+When an object is uploaded to a regular git remote, checksum verification
+also also done. (For a local directory, git-annex runs a download from the
+perspective of the remote, so we get it for free, and when git-annex-shell
+recvkey is used, it checksums the data it receives and compares it with the
+key.)
+
+For uploads to special remotes, no checksum verification is done yet.
+Leaving this todo item open because of that gap in the coverage.
+"""]]