Currently git-annex-fsck gives a warning for all my files stored with MD5 keys that they can be upgraded to the more secure SHA256: Can be upgraded to an improved key format. You can do so by running: git annex migrate. In my case the key choice is deliberate, so it would be good if this warning could be disabled, to prevent it from drowning out more serious ones.
git-annex fsck only displays that warning when annex.securehashesonly=true. That is not a default setting.
Seems to me, setting that when your repo legitimately uses insecure hashes will cause other problems, eg git-annex will refuse to transfer content using insecure hashes since it cannot verify it. So, you could just unset that.
I suppose, if you've migrated away from those hashes, but still have old objects using them present in the annex, and turned on annex.securehashesonly=true, fsck --all will warn about the objects. If that's the problem, it might make sense to disable the warning for --all and --key.
Hi, I'm trying to get rid of that warning by migrating my repo to SHA256E, as the messages during fsck suggest, but right after the migration I still get the warning. For example:
I've tried squashing the entire history on master to 1 commit, removing all remotes, running
git annex forgetand rerunnigmigrate, but it didn't help. Could you suggest where should I look for that old key that keeps this message popping up? I have the same situation with all my annex repos. I'm using version 8.20200226Actually, fsck never warns about upgrading MD5 to any SHA hash. The message you are seeing is about upgrading something already using SHA256E to an improved version. The
--backend=SHA256Edisplayed by git-annex fsck comes from the backend it sees the file is already using.The most likely reason a SHA256E file would need migration would be if it has non-alphanumeric characters in its extension. There are some other historical problems that it migrates to solve as well. A
git diffof the changes thatgit annex migratemade would tell what it did the migration for.I don't know why fsck then wants to migrate it again. It only looks at the file staged in git. When I stage that same symlink here, it does not want to migrate it.
Since your git-annex version is over a year out of date, upgrading to the current version and checking if it still has the problem is the first step.
(You also seem to have some unusual configuration of your repository, eg annex.tune.objecthash1=true and annex.tune.objecthashlower=true ... is that right?)