diff --git a/Command/Migrate.hs b/Command/Migrate.hs index 732a0b1d46..65652a8c63 100644 --- a/Command/Migrate.hs +++ b/Command/Migrate.hs @@ -154,7 +154,7 @@ update oldkey newkey = Just f -> ActionItemAssociatedFile (AssociatedFile (Just f)) newkey Nothing -> ActionItemKey newkey starting "migrate" ai (SeekInput []) $ - ifM (Command.ReKey.linkKey' oldkey newkey) + ifM (Command.ReKey.linkKey' v oldkey newkey) ( do logStatus newkey InfoPresent next $ return True @@ -166,3 +166,9 @@ update oldkey newkey = g <- Annex.gitRepo firstM (\f -> (== Just newkey) <$> isAnnexLink f) $ map (\f -> simplifyPath (fromTopFilePath f g)) fs + + -- Always verify the content agains the newkey, even if + -- annex.verify is unset. This is done to prent bad migration + -- information maliciously injected into the git-annex branch + -- from populating files with the wrong content. + v = AlwaysVerify diff --git a/Command/ReKey.hs b/Command/ReKey.hs index 001ed2d130..6698ad1656 100644 --- a/Command/ReKey.hs +++ b/Command/ReKey.hs @@ -95,7 +95,7 @@ perform file oldkey newkey = do - to avoid wasting disk space. -} linkKey :: RawFilePath -> Key -> Key -> Annex Bool linkKey file oldkey newkey = ifM (isJust <$> isAnnexLink file) - ( linkKey' oldkey newkey + ( linkKey' DefaultVerify oldkey newkey , do {- The file being rekeyed is itself an unlocked file; if - it's hard linked to the old key, that link must be broken. -} @@ -126,9 +126,9 @@ linkKey file oldkey newkey = ifM (isJust <$> isAnnexLink file) - This avoids hard linking to content linked to an - unlocked file, which would leave the new key unlocked - and vulnerable to corruption. -} -linkKey' :: Key -> Key -> Annex Bool -linkKey' oldkey newkey = - getViaTmpFromDisk RetrievalAllKeysSecure DefaultVerify newkey (AssociatedFile Nothing) $ \tmp -> unVerified $ do +linkKey' :: VerifyConfig -> Key -> Key -> Annex Bool +linkKey' v oldkey newkey = + getViaTmpFromDisk RetrievalAllKeysSecure v newkey (AssociatedFile Nothing) $ \tmp -> unVerified $ do oldobj <- calcRepo (gitAnnexLocation oldkey) isJust <$> linkOrCopy' (return True) newkey oldobj tmp Nothing