Git repository is corrupt

[infinity0]

Hi, I have

[transfer]
    fsckObjects = true
[fetch]
    fsckObjects = true
[receive]
    fsckObjects = true

set in my ~/.gitconfig. When I try to git clone this repository, I get:

$ git clone  https://github.com/kangax/fabric.js.git
Cloning into 'fabric.js'...
remote: Counting objects: 28491, done.
remote: Compressing objects: 100% (154/154), done.
error: object 911e60caaa06435ddbd550527ca70db0ca6a7c87: zeroPaddedFilemode: contains zero-padded file modes
fatal: Error in object
fatal: index-pack failed
128

Could you look into this, please?

[asturur]

just trying to make a fresh clone and let you know.

[asturur]

either a temporary problem or a transfer problem
No problem detected.

[infinity0]

I can still reproduce this, it's definitely not temporary and I don't see how authenticated HTTPS could mean it's a "transfer problem". Did you set the config options I described? Git does not verify those hashes by default, it's a security problem. There are corrupt objects in the repository whose hashes don't match what is claimed.

[asturur]

ok you could be more specific. i just clone normally. i have no idea how this could happen, now how to help. does it says on which file?

[infinity0]

# clone without checks, succeeds
$ git clone "https://github.com/kangax/fabric.js/"
Cloning into 'fabric.js'...
remote: Counting objects: 28607, done.
remote: Compressing objects: 100% (269/269), done.
remote: Total 28607 (delta 191), reused 1 (delta 1), pack-reused 28337
Receiving objects: 100% (28607/28607), 103.41 MiB | 9.32 MiB/s, done.
Resolving deltas: 100% (21124/21124), done.
Checking connectivity... done.

# clone with checks, fails
$ git -c transfer.fsckObjects=true clone "https://github.com/kangax/fabric.js/"
fatal: destination path 'fabric.js' already exists and is not an empty directory.
128
$ git -c transfer.fsckObjects=true clone "https://github.com/kangax/fabric.js/" tmp
Cloning into 'tmp'...
remote: Counting objects: 28607, done.
remote: Compressing objects: 100% (269/269), done.
error: object 911e60caaa06435ddbd550527ca70db0ca6a7c87:contains zero-padded file modes
fatal: Error in object
fatal: index-pack failed
128

# check which object it is, using the corrupt repo we just cloned
$ cd fabric.js/
$ git show 911e60caaa06435ddbd550527ca70db0ca6a7c87         
tree 911e60caaa06435ddbd550527ca70db0ca6a7c87

README.md
dist/
lib/
src/
test/
$ git log --pretty="%H %T" --all --full-history | grep 911e60caaa06435ddbd550527ca70db0ca6a7c87
bbc63a5b4ef5a6497db33147703300d675128bdd 911e60caaa06435ddbd550527ca70db0ca6a7c87

$ git show bbc63a5b4ef5a6497db33147703300d675128bdd | head -n3
commit bbc63a5b4ef5a6497db33147703300d675128bdd
Author: Maxim Chernyak aka hakunin <max@bitsonnet.com>
Date:   Thu Jun 10 23:05:31 2010 -0700

Looks like another case of holman/dotfiles#231, see https://www.perforce.com/blog/150109/git-out-vulnerability-out-fire for more details. The good news is the repository is technically not "corrupt" as I originally feared, but you'll either need to rewrite most of your commits, or tell users to clone without fsckObjects (this is the default) then run git fsck manually if they want to check hashes.