forked from TrueCloudLab/restic
prune: Abort repacking when a pack contains a wrong blob
If a blob in a pack file can be decrypted successfully but contains data that results in a different hash than stated in the header pack, then abort repacking. As both the pack header and the blob are cryptographically verified this either means than a malicious entity tampered with the backup or indicates hardware problems on the client. prune should fail with an error in both cases.
This commit is contained in:
Michael Eischer
parent
744a15247d
commit
7042bafea5
1 changed files with 1 additions and 3 deletions
|
|
@ -2,8 +2,6 @@ package repository
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/restic/restic/internal/debug"
|
||||
"github.com/restic/restic/internal/errors"
|
||||
|
|
@ -85,7 +83,7 @@ func Repack(ctx context.Context, repo restic.Repository, packs restic.IDSet, kee
|
|||
if !id.Equal(entry.ID) {
|
||||
debug.Log("read blob %v/%v from %v: wrong data returned, hash is %v",
|
||||
h.Type, h.ID, tempfile.Name(), id)
|
||||
fmt.Fprintf(os.Stderr, "read blob %v from %v: wrong data returned, hash is %v",
|
||||
return nil, errors.Errorf("read blob %v from %v: wrong data returned, hash is %v",
|
||||
h, tempfile.Name(), id)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue