index-pack: Avoid disk corruption yielding a valid pack footer checksum
When we are processing a thin pack and making it non-thin we need
to update the header with a new object count. That causes us to
recompute the footer checksum for the entire pack, and the only
way to do that is to re-read the data from disk.
If there was filesystem corruption in the process (e.g. a bad
disk sector, or a kernel bug) we don't want to produce a valid
pack at the end. Instead we need to fail-fast with the error
so the user is aware of the corruption.
We now keep track of where the end of the original data is and
run two SHA-1 computations during the header-footer fixup. If
the original data region doesn't match the original footer we
got over the network we know there was corruption and we just
cannot trust this pack file.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Robin Rosenberg <robin.rosenberg@dewire.com>