• Kirill Smelkov's avatar
    fsck incoming objects on pull · 7c0e3ff2
    Kirill Smelkov authored
    Since objects are shared between backed up repositories, it is important
    to make sure we do not pull a broken object once, thus programming
    future corruption of that object after restore in all repositories which
    use it.
    
    Object corruption could happen for two reasons:
    
        - plain storage corruption, or
        - someone intentionally pushing corrupted object with known sha1 to
          any repository.
    
    Second case is even more dangerous, as it potentially allows attacker to
    change data in not-available-to-him repositories.
    
    Now objects are checked on pull, and if corrupt, git-backup complains,
    e.g. this way:
    
        RuntimeError: git -c fetch.fsckObjects=true fetch --no-tags ../D/corrupt.git refs/*:refs/backup/20151014-1914/aaa/corrupt.git/*
        error: inflate: data stream error (incorrect data check)
        fatal: loose object 52baccfe8479b61c2a0d5447bc0a6bf7c6827c60 (stored in ./objects/52/baccfe8479b61c2a0d5447bc0a6bf7c6827c60) is corrupt
        fatal: The remote end hung up unexpectedly
    7c0e3ff2
git-backup 28.9 KB