On 18/02/13 12:55, Dave Reisner wrote:
Avoids the segfault seen in FS#33911.
Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- This is sort of an easy cop-out, but also perhaps the right thing to do? If we blindly append .sig to the URL we have then we're just going to end up back at the problem which commit 27067b137286a4 attempted to solve, but without the aid of being able to know what the followed URL is (since we didn't download anything).
So... if you have "RemoteFileSigLevel = Required" and only have the package and not the signature in the cache, this will not download the signature and give a corrupt package warning. Is that situation fine to "ignore"? Or should we test both the file and the signature are present before skipping the step? I almost think it would make sense to always download the file when using a URL with "pacman -U". Allan
lib/libalpm/dload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 280eaaf..7513822 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -688,7 +688,7 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url) }
/* attempt to download the signature */ - if(ret == 0 && (handle->siglevel & ALPM_SIG_PACKAGE)) { + if(ret == 0 && final_pkg_url && (handle->siglevel & ALPM_SIG_PACKAGE)) { char *sig_filepath, *sig_final_file = NULL; size_t len;