diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2015-10-01 15:54:37 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-10-01 15:56:39 -0400 |
| commit | b9fe55705f19fc39889da6157714039047aed4c9 (patch) | |
| tree | 107888b257bfcf370353bce2969897046be3af33 /Command/Reinject.hs | |
| parent | 55d635e356ecae2dd90d8cea355656faf3b24db1 (diff) | |
Do verification of checksums of annex objects downloaded from remotes.
* When annex objects are received into git repositories, their checksums are
verified then too.
* To get the old, faster, behavior of not verifying checksums, set
annex.verify=false, or remote.<name>.annex-verify=false.
* setkey, rekey: These commands also now verify that the provided file
matches the key, unless annex.verify=false.
* reinject: Already verified content; this can now be disabled by
setting annex.verify=false.
recvkey and reinject already did verification, so removed now duplicate
code from them. fsck still does its own verification, which is ok since it
does not use getViaTmp, so verification doesn't happen twice when using fsck
--from.
Diffstat (limited to 'Command/Reinject.hs')
| -rw-r--r-- | Command/Reinject.hs | 28 |
1 files changed, 8 insertions, 20 deletions
diff --git a/Command/Reinject.hs b/Command/Reinject.hs index 76e1420ff..90ddc1c2a 100644 --- a/Command/Reinject.hs +++ b/Command/Reinject.hs @@ -11,8 +11,6 @@ import Common.Annex import Command import Logs.Location import Annex.Content -import qualified Command.Fsck -import qualified Backend cmd :: Command cmd = command "reinject" SectionUtility @@ -36,29 +34,19 @@ start (src:dest:[]) start _ = error "specify a src file and a dest file" perform :: FilePath -> FilePath -> Key -> CommandPerform -perform src dest key = do - {- Check the content before accepting it. -} - v <- Backend.getBackend dest key - case v of - Nothing -> stop - Just backend -> - ifM (Command.Fsck.checkKeySizeOr reject key src - <&&> Command.Fsck.checkBackendOr reject backend key src) - ( do - unlessM move $ error "mv failed!" - next $ cleanup key - , error "not reinjecting" - ) +perform src _dest key = ifM move + ( next $ cleanup key + , error "failed" + ) where - -- the file might be on a different filesystem, + -- The file might be on a different filesystem, -- so moveFile is used rather than simply calling - -- moveToObjectDir; disk space is also - -- checked this way. - move = getViaTmp key $ \tmp -> + -- moveToObjectDir; disk space is also checked this way, + -- and the file's content is verified to match the key. + move = getViaTmp DefaultVerify key $ \tmp -> liftIO $ catchBoolIO $ do moveFile src tmp return True - reject = const $ return "wrong file?" cleanup :: Key -> CommandCleanup cleanup key = do |