3bc019c736
put_file hashed the source path, then copied the source again — two reads. A source mutated in between would publish bytes whose digest != returned key, breaking the content-addressed invariant. Now copy the source once into a provisional staging file, derive the key from the SHA-256 of that staged file (the exact bytes published), then dedup/atomic-rename. Guarantees key == digest(published object) with a single source read. Extends the acceptance test: re-hashes the stored object and asserts it equals the returned key (and std.hash / shasum of the fixture), asserts cross-path dedup (put_file and put_bytes of identical content share one object), and asserts the staging temp is cleaned up on both the success and dedup paths.
8.2 KiB
8.2 KiB