-
Kirill Smelkov authoredSince objects are shared between backed up repositories, it is important to make sure we do not pull a broken object once, thus programming future corruption of that object after restore in all repositories which use it. Object corruption could happen for two reasons: - plain storage corruption, or - someone intentionally pushing corrupted object with known sha1 to any repository. Second case is even more dangerous, as it potentially allows attacker to change data in not-available-to-him repositories. Now objects are checked on pull, and if corrupt, git-backup complains, e.g. this way: RuntimeError: git -c fetch.fsckObjects=true fetch --no-tags ../D/corrupt.git refs/*:refs/backup/20151014-1914/aaa/corrupt.git/* error: inflate: data stream error (incorrect data check) fatal: loose object 52baccfe8479b61c2a0d5447bc0a6bf7c6827c60 (stored in ./objects/52/baccfe8479b61c2a0d5447bc0a6bf7c6827c60) is corrupt fatal: The remote end hung up unexpectedly7c0e3ff2