-
Patrick Steinhardt authored
Similar to the previous commit, enable object verification when fetching objects. This covers usecases where Gitaly is fetching objects into mirrors or updates object pools and stops corrupt or malign objects from being accepted into repositories. If mirroring a repository, then we'd now break if the remote repository has corrupt objects, and similar for object pools and their primary member. While this could be seen as a bug, git-fsck(1) nowadays also includes checks to detect malign objects which are known to allow for adverse behaviour. It is thus an important safety guard to protect against an adversary sneaking in corrupt objects into mirrors via their remote or into repository forks via the object pool. In case this is causing problems, the route to go would thus be to ignore some of the benign fsck checks like we already do for bad timezone checks. Changelog: security
692a0d34