[pacman-dev] Changing how repo dbs are updated

Allan McRae allan at archlinux.org
Wed Dec 1 06:12:13 CET 2010


This message is more of a sounding board for me to get the issues 
surrounding this sorted and point out what I am planning to do.  But any 
comments on this would also be appreciated.  Especially #3 below.

Issue I see currently and in the future with signed databases:

1) Currently the repo dbs are updated just like downloading a package 
file.  If the update is started and canceled part way though, you get a 
repo.db.part file which pacman attempts to continue downloading. 
However, unlike package files, this file is not static content and so we 
should never continue the download.   See 
https://bugs.archlinux.org/task/15657 . This can be handled by just 
deleting the repo.db.part file if present, but it might be better just 
never create .part files in the first place for repo dbs by downloading 
to a temporary location and moving/deleting based on successful 
completion.  That would mean having a different download function for 
repo dbs and packages.  See #2 for additional reasons to split this...

2) Database signing.   Currently the code downloads the database, 
deletes the old now invalid signature, then downloads the new signature. 
  If the signature is valid, then all is fine.   However, if it fails to 
download or is invalid, pacman issues an error about failing to update 
the database.  The database on your system is now not correctly signed 
(which is bad given its signature is only checked on update...).

I think that the old database and signature should only be overwritten 
if the new database download is successful _and_ its signature is valid. 
  This requires downloading the database and its signature to a 
temporary location and then moving the files only once they are 
confirmed valid.  That would require a different download interface for 
package and database downloads, but that is a good thing as we can get 
rid of the force crap from the one used for packages.

3) pacman -Syy behavior.  Instead of adding a "force" flag to overwrite 
the old database, would it be better to just delete the old database 
first?  Currently, if you use pacman -Syy and a database download fails, 
you are left with the old sync database you told pacman to get rid of. 
Is leaving pacman with no database for that repo a better solution?

I'm not sure about #3...   But to fix #1 and #2, I think we need to 
split the download handling for dbs and packages slightly unless someone 
has a better idea of how to deal with those?


More information about the pacman-dev mailing list