As a user, I can verify blobs checksum during sync
When we sync a repo from some registry into Pulp, we do not perform any checks on blobs, so we cannot be sure that we downloaded what we wanted to. We need to introduce a checksum verification on downloaded blobs.
Obviously, eventually docker client will stumble across corrupted blobs during docker pull, because it does a checksum verification of blobs, but at this point we cannot call ourself trustful, we cannot afford ourselves to leave things like this.
Since some blobs can be couple of GB, we could introduce an incremental ( by chunks) checksum verification during the blob sync, to keep the current performance , so by the end of blob download, we would have full payload and already calculated checksum.
Please register to edit this issue