mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Tahoe: Avoid verifying hash after download, since tahoe does sufficient verification itself

Browse source 
See my comment in the next commit for some details about why
Verified needs a hash with preimage resistance. As far as tahoe goes,
it's fully cryptographically secure.

I think that bup could also return Verified. However, the Retriever
interface does not currenly support that.
This commit is contained in:
Joey Hess 2021-02-09 13:42:16 -04:00
parent cbe84b62b9
commit fa3d71d924
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
4 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG
View file

@ -22,6 +22,8 @@ git-annex (8.20210128) UNRELEASED; urgency=medium
* Fix build on openbsd. * Fix build on openbsd.
Thanks, James Cook for the patch. Thanks, James Cook for the patch.
* Include libkqueue.h file needed to build the assistant on BSDs. * Include libkqueue.h file needed to build the assistant on BSDs.
* Tahoe: Avoid verifying hash after download, since tahoe does sufficient
verification itself.
-- Joey Hess <id@joeyh.name> Thu, 28 Jan 2021 12:34:32 -0400 -- Joey Hess <id@joeyh.name> Thu, 28 Jan 2021 12:34:32 -0400

3
Remote/BitTorrent.hs
View file

@ -99,6 +99,9 @@ gen r _ rc gc rs = do
downloadKey :: Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification downloadKey :: Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification
downloadKey key _file dest p = do downloadKey key _file dest p = do
get . map (torrentUrlNum . fst . getDownloader) =<< getBitTorrentUrls key get . map (torrentUrlNum . fst . getDownloader) =<< getBitTorrentUrls key
-- While bittorrent verifies the hash in the torrent file,
-- the torrent file itself is downloaded without verification,
-- so the overall download is not verified.
return UnVerified return UnVerified
where where
get [] = giveup "could not download torrent" get [] = giveup "could not download torrent"

4
Remote/Tahoe.hs
View file

@ -147,7 +147,9 @@ store rs hdl k _f _p = sendAnnex k noop $ \src ->
retrieve :: RemoteStateHandle -> TahoeHandle -> Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification retrieve :: RemoteStateHandle -> TahoeHandle -> Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification
retrieve rs hdl k _f d _p = do retrieve rs hdl k _f d _p = do
go =<< getCapability rs k go =<< getCapability rs k
return UnVerified -- Tahoe verifies the content it retrieves using cryptographically
-- secure methods.
return Verified
where where
go Nothing = giveup "tahoe capability is not known" go Nothing = giveup "tahoe capability is not known"
go (Just cap) = unlessM (liftIO $ requestTahoe hdl "get" [Param cap, File d]) $ go (Just cap) = unlessM (liftIO $ requestTahoe hdl "get" [Param cap, File d]) $

4
Types/Remote.hs
View file

@ -197,7 +197,9 @@ data Verification
-- ok, so if verification is disabled, don't verify it -- ok, so if verification is disabled, don't verify it
| Verified | Verified
-- ^ Content was verified during transfer, so don't verify it -- ^ Content was verified during transfer, so don't verify it
-- again. -- again. The verification does not need to use a
-- cryptographically secure hash, but the hash does need to
-- have preimage resistance.
| MustVerify | MustVerify
-- ^ Content likely to have been altered during transfer, -- ^ Content likely to have been altered during transfer,
-- verify even if verification is normally disabled -- verify even if verification is normally disabled