cjb
commented
9 years ago Ah, this PR isn't necessary. Git already performs the check for us. Just tested by sending the wrong packfile to a client:
λ git clone gittorrent://github.com/cjb/gittorrent
Cloning into 'gittorrent'...
Okay, we want to get: 3c29320fd5c9e9d4ea2b4936fead9046b6a96534
Adding swarm peer: 192.34.86.36:30000
Downloading git pack with infohash: b3daa83096a71524fd67367b10b6a33e08d6f69d
Receiving objects: 100% (158/158), 25.21 KiB | 0 bytes/s, done.
Resolving deltas: 100% (85/85), done.
Checking connectivity... fatal: bad object 3c29320fd5c9e9d4ea2b4936fead9046b6a96534
fatal: remote did not send all necessary objects
λ Closing the PR.
The reason we're okay with pulling objects from anonymous peers is that we have a trusted hash to compare against -- apply the object, see where we ended up. If it's the wrong sha1, we could retry from other peers until we get the right one, but for now let's just leave a big red noticeable error and exit.