Tahoe: Avoid verifying hash after download, since tahoe does sufficient verification itself
See my comment in the next commit for some details about why Verified needs a hash with preimage resistance. As far as tahoe goes, it's fully cryptographically secure. I think that bup could also return Verified. However, the Retriever interface does not currenly support that.
This commit is contained in:
Joey Hess
parent
cbe84b62b9
commit
fa3d71d924
4 changed files with 11 additions and 2 deletions
|
|
@ -22,6 +22,8 @@ git-annex (8.20210128) UNRELEASED; urgency=medium
|
|||
* Fix build on openbsd.
|
||||
Thanks, James Cook for the patch.
|
||||
* Include libkqueue.h file needed to build the assistant on BSDs.
|
||||
* Tahoe: Avoid verifying hash after download, since tahoe does sufficient
|
||||
verification itself.
|
||||
|
||||
-- Joey Hess <id@joeyh.name> Thu, 28 Jan 2021 12:34:32 -0400
|
||||
|
||||
|
|
|
|||
|
|
@ -99,6 +99,9 @@ gen r _ rc gc rs = do
|
|||
downloadKey :: Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification
|
||||
downloadKey key _file dest p = do
|
||||
get . map (torrentUrlNum . fst . getDownloader) =<< getBitTorrentUrls key
|
||||
-- While bittorrent verifies the hash in the torrent file,
|
||||
-- the torrent file itself is downloaded without verification,
|
||||
-- so the overall download is not verified.
|
||||
return UnVerified
|
||||
where
|
||||
get [] = giveup "could not download torrent"
|
||||
|
|
|
|||
|
|
@ -147,7 +147,9 @@ store rs hdl k _f _p = sendAnnex k noop $ \src ->
|
|||
retrieve :: RemoteStateHandle -> TahoeHandle -> Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification
|
||||
retrieve rs hdl k _f d _p = do
|
||||
go =<< getCapability rs k
|
||||
return UnVerified
|
||||
-- Tahoe verifies the content it retrieves using cryptographically
|
||||
-- secure methods.
|
||||
return Verified
|
||||
where
|
||||
go Nothing = giveup "tahoe capability is not known"
|
||||
go (Just cap) = unlessM (liftIO $ requestTahoe hdl "get" [Param cap, File d]) $
|
||||
|
|
|
|||
|
|
@ -197,7 +197,9 @@ data Verification
|
|||
-- ok, so if verification is disabled, don't verify it
|
||||
| Verified
|
||||
-- ^ Content was verified during transfer, so don't verify it
|
||||
-- again.
|
||||
-- again. The verification does not need to use a
|
||||
-- cryptographically secure hash, but the hash does need to
|
||||
-- have preimage resistance.
|
||||
| MustVerify
|
||||
-- ^ Content likely to have been altered during transfer,
|
||||
-- verify even if verification is normally disabled
|
||||
|
|
|
|||
Loading…
Reference in a new issue