diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2015-10-01 15:54:37 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-10-01 15:56:39 -0400 |
| commit | b9fe55705f19fc39889da6157714039047aed4c9 (patch) | |
| tree | 107888b257bfcf370353bce2969897046be3af33 /Command/RecvKey.hs | |
| parent | 55d635e356ecae2dd90d8cea355656faf3b24db1 (diff) | |
Do verification of checksums of annex objects downloaded from remotes.
* When annex objects are received into git repositories, their checksums are
verified then too.
* To get the old, faster, behavior of not verifying checksums, set
annex.verify=false, or remote.<name>.annex-verify=false.
* setkey, rekey: These commands also now verify that the provided file
matches the key, unless annex.verify=false.
* reinject: Already verified content; this can now be disabled by
setting annex.verify=false.
recvkey and reinject already did verification, so removed now duplicate
code from them. fsck still does its own verification, which is ok since it
does not use getViaTmp, so verification doesn't happen twice when using fsck
--from.
Diffstat (limited to 'Command/RecvKey.hs')
| -rw-r--r-- | Command/RecvKey.hs | 52 |
1 files changed, 7 insertions, 45 deletions
diff --git a/Command/RecvKey.hs b/Command/RecvKey.hs index 7477bb879..3a8747534 100644 --- a/Command/RecvKey.hs +++ b/Command/RecvKey.hs @@ -16,9 +16,6 @@ import Utility.Rsync import Logs.Transfer import Command.SendKey (fieldTransfer) import qualified CmdLine.GitAnnexShell.Fields as Fields -import qualified Types.Key -import qualified Types.Backend -import qualified Backend cmd :: Command cmd = noCommit $ command "recvkey" SectionPlumbing @@ -29,8 +26,12 @@ seek :: CmdParams -> CommandSeek seek = withKeys start start :: Key -> CommandStart -start key = fieldTransfer Download key $ \_p -> - ifM (getViaTmp key go) +start key = fieldTransfer Download key $ \_p -> do + -- Always verify content when a direct mode repo is sending a file, + -- as the file could change while being transferred. + fromdirect <- isJust <$> Fields.getField Fields.direct + let verify = if fromdirect then AlwaysVerify else DefaultVerify + ifM (getViaTmp verify key go) ( do -- forcibly quit after receiving one key, -- and shutdown cleanly @@ -42,43 +43,4 @@ start key = fieldTransfer Download key $ \_p -> go tmp = do opts <- filterRsyncSafeOptions . maybe [] words <$> getField "RsyncOptions" - ok <- liftIO $ rsyncServerReceive (map Param opts) tmp - - -- The file could have been received with permissions that - -- do not allow reading it, so this is done before the - -- directcheck. - freezeContent tmp - - if ok - then ifM (isJust <$> Fields.getField Fields.direct) - ( directcheck tmp - , return True - ) - else return False - {- If the sending repository uses direct mode, the file - - it sends could be modified as it's sending it. So check - - that the right size file was received, and that the key/value - - Backend is happy with it. -} - directcheck tmp = do - oksize <- case Types.Key.keySize key of - Nothing -> return True - Just size -> do - size' <- liftIO $ getFileSize tmp - return $ size == size' - if oksize - then case Backend.maybeLookupBackendName (Types.Key.keyBackendName key) of - Nothing -> do - warning "recvkey: received key from direct mode repository using unknown backend; cannot check; discarding" - return False - Just backend -> maybe (return True) runverify - (Types.Backend.verifyKeyContent backend) - else do - warning "recvkey: received key with wrong size; discarding" - return False - where - runverify check = ifM (check key tmp) - ( return True - , do - warning "recvkey: received key from direct mode repository seems to have changed as it was transferred; discarding" - return False - ) + liftIO $ rsyncServerReceive (map Param opts) tmp |