Do verification of checksums of annex objects downloaded from remotes.

* When annex objects are received into git repositories, their checksums are
  verified then too.
* To get the old, faster, behavior of not verifying checksums, set
  annex.verify=false, or remote.<name>.annex-verify=false.
* setkey, rekey: These commands also now verify that the provided file
  matches the key, unless annex.verify=false.
* reinject: Already verified content; this can now be disabled by
  setting annex.verify=false.

recvkey and reinject already did verification, so removed now duplicate
code from them. fsck still does its own verification, which is ok since it
does not use getViaTmp, so verification doesn't happen twice when using fsck
--from.
This commit is contained in:
Joey Hess 2015-10-01 15:54:37 -04:00
parent b72d3fbeba
commit 2fb3722ce9
18 changed files with 137 additions and 99 deletions

View file

@ -0,0 +1,17 @@
[[!comment format=mdwn
username="joey"
subject="""status update"""
date="2015-10-01T19:17:38Z"
content="""
Checksum verification is now done for all downloads, unless disabled via
annex.verify=false.
When an object is uploaded to a regular git remote, checksum verification
also also done. (For a local directory, git-annex runs a download from the
perspective of the remote, so we get it for free, and when git-annex-shell
recvkey is used, it checksums the data it receives and compares it with the
key.)
For uploads to special remotes, no checksum verification is done yet.
Leaving this todo item open because of that gap in the coverage.
"""]]