diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2015-10-02 13:56:42 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-10-02 14:35:12 -0400 |
| commit | 78be7e95266412a04aed31062fde7d19c6f9e117 (patch) | |
| tree | e3c73f5bef3c4d90cabeb32312ecaed562c5920f /Command | |
| parent | 1292c38a52e103ff49642968adf2e6c8d01f35ad (diff) | |
other 80% of avoding verification when hard linking to objects in shared repo
In c3b38fb2a075b4250e867ebd910324c65712c747, it actually only handled
uploading objects to a shared repository. To avoid verification when
downloading objects from a shared repository, was a lot harder.
On the plus side, if the process of downloading a file from a remote
is able to verify its content on the side, the remote can indicate this
now, and avoid the extra post-download verification.
As of yet, I don't have any remotes (except Git) using this ability.
Some more work would be needed to support it in special remotes.
It would make sense for tahoe to implicitly verify things downloaded from it;
as long as you trust your tahoe server (which typically runs locally),
there's cryptographic integrity. OTOH, despite bup being based on shas,
a bup repo under an attacker's control could have the git ref used for an
object changed, and so a bup repo shouldn't implicitly verify. Indeed,
tahoe seems unique in being trustworthy enough to implicitly verify.
Diffstat (limited to 'Command')
| -rw-r--r-- | Command/AddUrl.hs | 2 | ||||
| -rw-r--r-- | Command/Fsck.hs | 2 | ||||
| -rw-r--r-- | Command/ReKey.hs | 2 | ||||
| -rw-r--r-- | Command/RecvKey.hs | 2 | ||||
| -rw-r--r-- | Command/Reinject.hs | 2 | ||||
| -rw-r--r-- | Command/SetKey.hs | 2 | ||||
| -rw-r--r-- | Command/TestRemote.hs | 2 |
7 files changed, 7 insertions, 7 deletions
diff --git a/Command/AddUrl.hs b/Command/AddUrl.hs index 32e89d20f..4b34051e9 100644 --- a/Command/AddUrl.hs +++ b/Command/AddUrl.hs @@ -154,7 +154,7 @@ downloadRemoteFile r relaxed uri file sz = do -- so that the remote knows what url it -- should use to download it. setTempUrl urlkey loguri - let downloader = Remote.retrieveKeyFile r urlkey (Just file) + let downloader = \dest p -> fst <$> Remote.retrieveKeyFile r urlkey (Just file) dest p ret <- downloadWith downloader urlkey (Remote.uuid r) loguri file removeTempUrl urlkey return ret diff --git a/Command/Fsck.hs b/Command/Fsck.hs index f34b9b074..dbbb0e67f 100644 --- a/Command/Fsck.hs +++ b/Command/Fsck.hs @@ -161,7 +161,7 @@ performRemote key file backend numcopies remote = ( return (Just True) , ifM (Annex.getState Annex.fast) ( return Nothing - , Just <$> + , Just . fst <$> Remote.retrieveKeyFile remote key Nothing tmp dummymeter ) ) diff --git a/Command/ReKey.hs b/Command/ReKey.hs index 9084814fa..fe13d4dd4 100644 --- a/Command/ReKey.hs +++ b/Command/ReKey.hs @@ -52,7 +52,7 @@ perform file oldkey newkey = do {- Make a hard link to the old key content (when supported), - to avoid wasting disk space. -} linkKey :: Key -> Key -> Annex Bool -linkKey oldkey newkey = getViaTmp' DefaultVerify newkey $ \tmp -> do +linkKey oldkey newkey = getViaTmp' DefaultVerify newkey $ \tmp -> unVerified $ do src <- calcRepo $ gitAnnexLocation oldkey liftIO $ ifM (doesFileExist tmp) ( return True diff --git a/Command/RecvKey.hs b/Command/RecvKey.hs index 3a8747534..988c4f90e 100644 --- a/Command/RecvKey.hs +++ b/Command/RecvKey.hs @@ -40,7 +40,7 @@ start key = fieldTransfer Download key $ \_p -> do , return False ) where - go tmp = do + go tmp = unVerified $ do opts <- filterRsyncSafeOptions . maybe [] words <$> getField "RsyncOptions" liftIO $ rsyncServerReceive (map Param opts) tmp diff --git a/Command/Reinject.hs b/Command/Reinject.hs index 90ddc1c2a..1c21b4ae6 100644 --- a/Command/Reinject.hs +++ b/Command/Reinject.hs @@ -43,7 +43,7 @@ perform src _dest key = ifM move -- so moveFile is used rather than simply calling -- moveToObjectDir; disk space is also checked this way, -- and the file's content is verified to match the key. - move = getViaTmp DefaultVerify key $ \tmp -> + move = getViaTmp DefaultVerify key $ \tmp -> unVerified $ liftIO $ catchBoolIO $ do moveFile src tmp return True diff --git a/Command/SetKey.hs b/Command/SetKey.hs index 319229482..13715d3a7 100644 --- a/Command/SetKey.hs +++ b/Command/SetKey.hs @@ -35,7 +35,7 @@ perform file key = do -- the file might be on a different filesystem, so moveFile is used -- rather than simply calling moveAnnex; disk space is also -- checked this way. - ok <- getViaTmp DefaultVerify key $ \dest -> + ok <- getViaTmp DefaultVerify key $ \dest -> unVerified $ if dest /= file then liftIO $ catchBoolIO $ do moveFile file dest diff --git a/Command/TestRemote.hs b/Command/TestRemote.hs index e4a9eb829..7ee5f1359 100644 --- a/Command/TestRemote.hs +++ b/Command/TestRemote.hs @@ -176,7 +176,7 @@ testUnavailable st r k = getViaTmp (RemoteVerify r) k $ \dest -> Remote.retrieveKeyFile r k Nothing dest nullMeterUpdate , check (== Right False) "retrieveKeyFileCheap" $ - getViaTmp (RemoteVerify r) k $ \dest -> + getViaTmp (RemoteVerify r) k $ \dest -> unVerified $ Remote.retrieveKeyFileCheap r k Nothing dest ] where |