change!: migrate hash verification to the common interface

emilazy · emilazy · commit 1efbe1671b64 · 2025-03-31T04:10:48.000+01:00
This mostly just affects return types – using
`git_hash::verify::Error` instead of bespoke duplicated versions
thereof, and occasionally returning an `ObjectId` instead of `()`
for convenience.
diff --git a/gitoxide-core/src/pack/explode.rs b/gitoxide-core/src/pack/explode.rs
@@ -78,11 +78,11 @@ enum Error {
     },
     #[error("Object didn't verify after right after writing it")]
     Verify(#[from] objs::data::verify::Error),
-    #[error("{kind} object {expected} wasn't re-encoded without change - new hash is {actual}")]
+    #[error("{kind} object wasn't re-encoded without change")]
     ObjectEncodeMismatch {
+        #[source]
+        source: gix::hash::verify::Error,
         kind: object::Kind,
-        actual: ObjectId,
-        expected: ObjectId,
     },
     #[error("The recently written file for loose object {id} could not be found")]
     WrittenFileMissing { id: ObjectId },
@@ -201,17 +201,16 @@ pub fn pack_or_pack_index(
                         kind: object_kind,
                         id: index_entry.oid,
                     })?;
-                    if written_id != index_entry.oid {
+                    if let Err(err) = written_id.verify(&index_entry.oid) {
                         if let object::Kind::Tree = object_kind {
                             progress.info(format!(
                                 "The tree in pack named {} was written as {} due to modes 100664 and 100640 rewritten as 100644.",
                                 index_entry.oid, written_id
                             ));
                         } else {
                             return Err(Error::ObjectEncodeMismatch {
+                                source: err,
                                 kind: object_kind,
-                                actual: index_entry.oid,
-                                expected: written_id,
                             });
                         }
                     }
diff --git a/gix-commitgraph/src/file/verify.rs b/gix-commitgraph/src/file/verify.rs
@@ -28,11 +28,8 @@ pub enum Error<E: std::error::Error + 'static> {
     Filename(String),
     #[error("commit {id} has invalid generation {generation}")]
     Generation { generation: u32, id: gix_hash::ObjectId },
-    #[error("checksum mismatch: expected {expected}, got {actual}")]
-    Mismatch {
-        actual: gix_hash::ObjectId,
-        expected: gix_hash::ObjectId,
-    },
+    #[error(transparent)]
+    Checksum(#[from] checksum::Error),
     #[error("{0}")]
     Processor(#[source] E),
     #[error("commit {id} has invalid root tree ID {root_tree_id}")]
@@ -42,6 +39,17 @@ pub enum Error<E: std::error::Error + 'static> {
     },
 }
 
+///
+pub mod checksum {
+    /// The error used in [`super::File::verify_checksum()`].
+    #[derive(thiserror::Error, Debug)]
+    #[allow(missing_docs)]
+    pub enum Error {
+        #[error(transparent)]
+        Verify(#[from] gix_hash::verify::Error),
+    }
+}
+
 /// The positive result of [`File::traverse()`] providing some statistical information.
 #[derive(Clone, Debug, Eq, PartialEq)]
 #[cfg_attr(feature = "serde", derive(serde::Deserialize, serde::Serialize))]
@@ -73,8 +81,7 @@ impl File {
         E: std::error::Error + 'static,
         Processor: FnMut(&file::Commit<'a>) -> Result<(), E>,
     {
-        self.verify_checksum()
-            .map_err(|(actual, expected)| Error::Mismatch { actual, expected })?;
+        self.verify_checksum()?;
         verify_split_chain_filename_hash(&self.path, self.checksum()).map_err(Error::Filename)?;
 
         let null_id = self.object_hash().null_ref();
@@ -138,23 +145,17 @@ impl File {
     /// Assure the [`checksum`][File::checksum()] matches the actual checksum over all content of this file, excluding the trailing
     /// checksum itself.
     ///
-    /// Return the actual checksum on success or `(actual checksum, expected checksum)` if there is a mismatch.
-    pub fn verify_checksum(&self) -> Result<gix_hash::ObjectId, (gix_hash::ObjectId, gix_hash::ObjectId)> {
-        // Even though we could use gix_hash::bytes_of_file(…), this would require using our own
-        // Error type to support io::Error and Mismatch. As we only gain progress, there probably isn't much value
-        // as these files are usually small enough to process them in less than a second, even for the large ones.
+    /// Return the actual checksum on success or [`checksum::Error`] if there is a mismatch.
+    pub fn verify_checksum(&self) -> Result<gix_hash::ObjectId, checksum::Error> {
+        // Even though we could use gix_hash::bytes_of_file(…), this would require extending our
+        // Error type to support io::Error. As we only gain progress, there probably isn't much value        // as these files are usually small enough to process them in less than a second, even for the large ones.
         // But it's possible, once a progress instance is passed.
         let data_len_without_trailer = self.data.len() - self.hash_len;
         let mut hasher = gix_hash::hasher(self.object_hash());
         hasher.update(&self.data[..data_len_without_trailer]);
         let actual = hasher.digest();
-
-        let expected = self.checksum();
-        if actual == expected {
-            Ok(actual)
-        } else {
-            Err((actual, expected.into()))
-        }
+        actual.verify(self.checksum())?;
+        Ok(actual)
     }
 }
 
diff --git a/gix-commitgraph/src/verify.rs b/gix-commitgraph/src/verify.rs
@@ -164,9 +164,7 @@ impl Graph {
                         file::verify::Error::RootTreeId { id, root_tree_id } => {
                             file::verify::Error::RootTreeId { id, root_tree_id }
                         }
-                        file::verify::Error::Mismatch { actual, expected } => {
-                            file::verify::Error::Mismatch { actual, expected }
-                        }
+                        file::verify::Error::Checksum(err) => file::verify::Error::Checksum(err),
                         file::verify::Error::Generation { generation, id } => {
                             file::verify::Error::Generation { generation, id }
                         }
diff --git a/gix-index/src/decode/mod.rs b/gix-index/src/decode/mod.rs
@@ -22,11 +22,8 @@ mod error {
         Extension(#[from] extension::decode::Error),
         #[error("Index trailer should have been {expected} bytes long, but was {actual}")]
         UnexpectedTrailerLength { expected: usize, actual: usize },
-        #[error("Shared index checksum was {actual_checksum} but should have been {expected_checksum}")]
-        ChecksumMismatch {
-            actual_checksum: gix_hash::ObjectId,
-            expected_checksum: gix_hash::ObjectId,
-        },
+        #[error("Shared index checksum mismatch")]
+        Verify(#[from] gix_hash::verify::Error),
     }
 }
 pub use error::Error;
@@ -217,12 +214,7 @@ impl State {
         let checksum = gix_hash::ObjectId::from_bytes_or_panic(data);
         let checksum = (!checksum.is_null()).then_some(checksum);
         if let Some((expected_checksum, actual_checksum)) = expected_checksum.zip(checksum) {
-            if actual_checksum != expected_checksum {
-                return Err(Error::ChecksumMismatch {
-                    actual_checksum,
-                    expected_checksum,
-                });
-            }
+            actual_checksum.verify(&expected_checksum)?;
         }
         let EntriesOutcome {
             entries,
diff --git a/gix-index/src/extension/end_of_index_entry/decode.rs b/gix-index/src/extension/end_of_index_entry/decode.rs
@@ -29,7 +29,10 @@ pub fn decode(data: &[u8], object_hash: gix_hash::Kind) -> Option<usize> {
 
     let (offset, checksum) = ext_data.split_at(4);
     let offset = from_be_u32(offset) as usize;
-    if offset < header::SIZE || offset > start_of_eoie || checksum.len() != gix_hash::Kind::Sha1.len_in_bytes() {
+    let Ok(checksum) = gix_hash::oid::try_from_bytes(checksum) else {
+        return None;
+    };
+    if offset < header::SIZE || offset > start_of_eoie || checksum.kind() != gix_hash::Kind::Sha1 {
         return None;
     }
 
@@ -41,7 +44,7 @@ pub fn decode(data: &[u8], object_hash: gix_hash::Kind) -> Option<usize> {
         last_chunk = Some(chunk);
     }
 
-    if hasher.digest().as_slice() != checksum {
+    if hasher.digest().verify(checksum).is_err() {
         return None;
     }
     // The last-to-this chunk ends where ours starts
diff --git a/gix-index/src/file/init.rs b/gix-index/src/file/init.rs
@@ -75,20 +75,15 @@ impl File {
                     let _span = gix_features::trace::detail!("gix::open_index::hash_index", path = ?path);
                     let meta = file.metadata()?;
                     let num_bytes_to_hash = meta.len() - object_hash.len_in_bytes() as u64;
-                    let actual_hash = gix_hash::bytes(
+                    gix_hash::bytes(
                         &mut file,
                         num_bytes_to_hash,
                         object_hash,
                         &mut gix_features::progress::Discard,
                         &Default::default(),
-                    )?;
-
-                    if actual_hash != expected {
-                        return Err(Error::Decode(decode::Error::ChecksumMismatch {
-                            actual_checksum: actual_hash,
-                            expected_checksum: expected,
-                        }));
-                    }
+                    )?
+                    .verify(&expected)
+                    .map_err(decode::Error::from)?;
                 }
             }
 
diff --git a/gix-index/src/file/verify.rs b/gix-index/src/file/verify.rs
@@ -9,11 +9,8 @@ mod error {
     pub enum Error {
         #[error("Could not read index file to generate hash")]
         Io(#[from] std::io::Error),
-        #[error("Index checksum should have been {expected}, but was {actual}")]
-        ChecksumMismatch {
-            actual: gix_hash::ObjectId,
-            expected: gix_hash::ObjectId,
-        },
+        #[error("Index checksum mismatch")]
+        Verify(#[from] gix_hash::verify::Error),
     }
 }
 pub use error::Error;
@@ -25,19 +22,15 @@ impl File {
         if let Some(checksum) = self.checksum {
             let num_bytes_to_hash = self.path.metadata()?.len() - checksum.as_bytes().len() as u64;
             let should_interrupt = AtomicBool::new(false);
-            let actual = gix_hash::bytes_of_file(
+            gix_hash::bytes_of_file(
                 &self.path,
                 num_bytes_to_hash,
                 checksum.kind(),
                 &mut gix_features::progress::Discard,
                 &should_interrupt,
-            )?;
-            (actual == checksum).then_some(()).ok_or(Error::ChecksumMismatch {
-                actual,
-                expected: checksum,
-            })
-        } else {
-            Ok(())
+            )?
+            .verify(&checksum)?;
         }
+        Ok(())
     }
 }
diff --git a/gix-index/tests/index/file/read.rs b/gix-index/tests/index/file/read.rs
@@ -328,7 +328,7 @@ fn v2_split_index_recursion_is_handled_gracefully() {
     let err = try_file("v2_split_index_recursive").expect_err("recursion fails gracefully");
     assert!(matches!(
         err,
-        gix_index::file::init::Error::Decode(gix_index::decode::Error::ChecksumMismatch { .. })
+        gix_index::file::init::Error::Decode(gix_index::decode::Error::Verify(_))
     ));
 }
 
diff --git a/gix-object/src/data.rs b/gix-object/src/data.rs
@@ -51,31 +51,22 @@ impl<'a> Data<'a> {
 
 /// Types supporting object hash verification
 pub mod verify {
-
     /// Returned by [`crate::Data::verify_checksum()`]
     #[derive(Debug, thiserror::Error)]
     #[allow(missing_docs)]
     pub enum Error {
-        #[error("Object expected to have id {desired}, but actual id was {actual}")]
-        ChecksumMismatch {
-            desired: gix_hash::ObjectId,
-            actual: gix_hash::ObjectId,
-        },
+        #[error(transparent)]
+        Verify(#[from] gix_hash::verify::Error),
     }
 
     impl crate::Data<'_> {
-        /// Compute the checksum of `self` and compare it with the `desired` hash.
+        /// Compute the checksum of `self` and compare it with the `expected` hash.
         /// If the hashes do not match, an [`Error`] is returned, containing the actual
         /// hash of `self`.
-        pub fn verify_checksum(&self, desired: &gix_hash::oid) -> Result<(), Error> {
-            let actual_id = crate::compute_hash(desired.kind(), self.kind, self.data);
-            if desired != actual_id {
-                return Err(Error::ChecksumMismatch {
-                    desired: desired.into(),
-                    actual: actual_id,
-                });
-            }
-            Ok(())
+        pub fn verify_checksum(&self, expected: &gix_hash::oid) -> Result<gix_hash::ObjectId, Error> {
+            let actual = crate::compute_hash(expected.kind(), self.kind, self.data);
+            actual.verify(expected)?;
+            Ok(actual)
         }
     }
 }
diff --git a/gix-odb/src/store_impls/loose/verify.rs b/gix-odb/src/store_impls/loose/verify.rs
@@ -19,11 +19,11 @@ pub mod integrity {
             kind: gix_object::Kind,
             id: gix_hash::ObjectId,
         },
-        #[error("{kind} object {expected} wasn't re-encoded without change - new hash is {actual}")]
-        ObjectHashMismatch {
+        #[error("{kind} object wasn't re-encoded without change")]
+        ObjectEncodeMismatch {
+            #[source]
+            source: gix_hash::verify::Error,
             kind: gix_object::Kind,
-            actual: gix_hash::ObjectId,
-            expected: gix_hash::ObjectId,
         },
         #[error("Objects were deleted during iteration - try again")]
         Retry,
@@ -77,14 +77,13 @@ impl Store {
                 .try_find(&id, &mut buf)
                 .map_err(|_| integrity::Error::Retry)?
                 .ok_or(integrity::Error::Retry)?;
-            let actual_id = sink.write_buf(object.kind, object.data).expect("sink never fails");
-            if actual_id != id {
-                return Err(integrity::Error::ObjectHashMismatch {
+            sink.write_buf(object.kind, object.data)
+                .expect("sink never fails")
+                .verify(&id)
+                .map_err(|err| integrity::Error::ObjectEncodeMismatch {
+                    source: err,
                     kind: object.kind,
-                    actual: actual_id,
-                    expected: id,
-                });
-            }
+                })?;
             object.decode().map_err(|err| integrity::Error::ObjectDecode {
                 source: err,
                 kind: object.kind,
diff --git a/gix-pack/src/data/input/bytes_to_entries.rs b/gix-pack/src/data/input/bytes_to_entries.rs
@@ -180,12 +180,8 @@ where
                 let actual_id = hash.digest();
                 if self.mode == input::Mode::Restore {
                     id = actual_id;
-                }
-                if id != actual_id {
-                    return Err(input::Error::ChecksumMismatch {
-                        actual: actual_id,
-                        expected: id,
-                    });
+                } else {
+                    actual_id.verify(&id)?;
                 }
             }
             Some(id)
diff --git a/gix-pack/src/data/input/types.rs b/gix-pack/src/data/input/types.rs
@@ -9,11 +9,8 @@ pub enum Error {
     Io(#[from] io::Error),
     #[error(transparent)]
     PackParse(#[from] crate::data::header::decode::Error),
-    #[error("pack checksum in trailer was {expected}, but actual checksum was {actual}")]
-    ChecksumMismatch {
-        expected: gix_hash::ObjectId,
-        actual: gix_hash::ObjectId,
-    },
+    #[error("Failed to verify pack checksum in trailer")]
+    Verify(#[from] gix_hash::verify::Error),
     #[error("pack is incomplete: it was decompressed into {actual} bytes but {expected} bytes where expected.")]
     IncompletePack { actual: u64, expected: u64 },
     #[error("The object {object_id} could not be decoded or wasn't found")]
diff --git a/gix-pack/src/index/traverse/error.rs b/gix-pack/src/index/traverse/error.rs
@@ -20,19 +20,15 @@ pub enum Error<E: std::error::Error + Send + Sync + 'static> {
         offset: u64,
         source: crate::data::decode::Error,
     },
-    #[error("The packfiles checksum didn't match the index file checksum: expected {expected}, got {actual}")]
-    PackMismatch {
-        expected: gix_hash::ObjectId,
-        actual: gix_hash::ObjectId,
-    },
+    #[error("The packfiles checksum didn't match the index file checksum")]
+    PackMismatch(#[source] gix_hash::verify::Error),
     #[error("Failed to verify pack file checksum")]
     PackVerify(#[source] crate::verify::checksum::Error),
-    #[error("The hash of {kind} object at offset {offset} didn't match the checksum in the index file: expected {expected}, got {actual}")]
-    PackObjectMismatch {
-        expected: gix_hash::ObjectId,
-        actual: gix_hash::ObjectId,
+    #[error("Error verifying object at offset {offset} against checksum in the index file")]
+    PackObjectVerify {
         offset: u64,
-        kind: gix_object::Kind,
+        #[source]
+        source: gix_object::data::verify::Error,
     },
     #[error(
         "The CRC32 of {kind} object at offset {offset} didn't match the checksum in the index file: expected {expected}, got {actual}"
diff --git a/gix-pack/src/index/traverse/mod.rs b/gix-pack/src/index/traverse/mod.rs
diff --git a/gix-pack/src/multi_index/verify.rs b/gix-pack/src/multi_index/verify.rs
diff --git a/gix-pack/src/verify.rs b/gix-pack/src/verify.rs
diff --git a/tests/snapshots/plumbing/no-repo/pack/explode/broken-delete-pack-to-sink-failure b/tests/snapshots/plumbing/no-repo/pack/explode/broken-delete-pack-to-sink-failure
diff --git a/tests/snapshots/plumbing/no-repo/pack/verify/index-failure b/tests/snapshots/plumbing/no-repo/pack/verify/index-failure

Original file line number	Diff line number	Diff line change
`@@ -164,9 +164,7 @@ impl Graph {`
`164`	`164`	`file::verify::Error::RootTreeId { id, root_tree_id } => {`
`165`	`165`	`file::verify::Error::RootTreeId { id, root_tree_id }`
`166`	`166`	`}`
`167`		`- file::verify::Error::Mismatch { actual, expected } => {`
`168`		`- file::verify::Error::Mismatch { actual, expected }`
`169`		`- }`
	`167`	`+ file::verify::Error::Checksum(err) => file::verify::Error::Checksum(err),`
`170`	`168`	`file::verify::Error::Generation { generation, id } => {`
`171`	`169`	`file::verify::Error::Generation { generation, id }`
`172`	`170`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,10 @@ pub fn decode(data: &[u8], object_hash: gix_hash::Kind) -> Option<usize> {`
`29`	`29`
`30`	`30`	`let (offset, checksum) = ext_data.split_at(4);`
`31`	`31`	`let offset = from_be_u32(offset) as usize;`
`32`		`- if offset < header::SIZE \|\| offset > start_of_eoie \|\| checksum.len() != gix_hash::Kind::Sha1.len_in_bytes() {`
	`32`	`+ let Ok(checksum) = gix_hash::oid::try_from_bytes(checksum) else {`
	`33`	`+ return None;`
	`34`	`+ };`
	`35`	`+ if offset < header::SIZE \|\| offset > start_of_eoie \|\| checksum.kind() != gix_hash::Kind::Sha1 {`
`33`	`36`	`return None;`
`34`	`37`	`}`
`35`	`38`
`@@ -41,7 +44,7 @@ pub fn decode(data: &[u8], object_hash: gix_hash::Kind) -> Option<usize> {`
`41`	`44`	`last_chunk = Some(chunk);`
`42`	`45`	`}`
`43`	`46`
`44`		`- if hasher.digest().as_slice() != checksum {`
	`47`	`+ if hasher.digest().verify(checksum).is_err() {`
`45`	`48`	`return None;`
`46`	`49`	`}`
`47`	`50`	`// The last-to-this chunk ends where ours starts`
Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,7 @@ fn v2_split_index_recursion_is_handled_gracefully() {`
`328`	`328`	`let err = try_file("v2_split_index_recursive").expect_err("recursion fails gracefully");`
`329`	`329`	`assert!(matches!(`
`330`	`330`	`err,`
`331`		`- gix_index::file::init::Error::Decode(gix_index::decode::Error::ChecksumMismatch { .. })`
	`331`	`+ gix_index::file::init::Error::Decode(gix_index::decode::Error::Verify(_))`
`332`	`332`	`));`
`333`	`333`	`}`
`334`	`334`