From cde3a924aec6bcd47ede650572bffa8c414243cf Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 27 Feb 2017 13:50:00 -0400 Subject: make fsck check annex.securehashesonly, and new tip for working around SHA1 collisions with git-annex This commit was sponsored by andrea rota. --- Command/Fsck.hs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'Command') diff --git a/Command/Fsck.hs b/Command/Fsck.hs index f1b0b78a6..f20059bd1 100644 --- a/Command/Fsck.hs +++ b/Command/Fsck.hs @@ -1,6 +1,6 @@ {- git-annex command - - - Copyright 2010-2016 Joey Hess + - Copyright 2010-2017 Joey Hess - - Licensed under the GNU GPL version 3 or higher. -} @@ -35,6 +35,7 @@ import Utility.PID import qualified Database.Keys import qualified Database.Fsck as FsckDb import Types.CleanupActions +import Types.Key import Data.Time.Clock.POSIX import System.Posix.Types (EpochTime) @@ -234,6 +235,14 @@ verifyLocationLog key keystatus desc = do whenM (liftIO $ doesDirectoryExist $ parentDir obj) $ freezeContentDir obj + {- Warn when annex.securehashesonly is set and content using an + - insecure hash is present. This should only be able to happen + - if the repository already contained the content before the + - config was set. -} + when (present && not (cryptographicallySecure (keyVariety key))) $ + whenM (annexSecureHashesOnly <$> Annex.getGitConfig) $ + warning $ "** Despite annex.securehashesonly being set, " ++ obj ++ " has content present in the annex using an insecure " ++ formatKeyVariety (keyVariety key) ++ " key" + {- In direct mode, modified files will show up as not present, - but that is expected and not something to do anything about. -} if direct && not present -- cgit v1.2.3