[pacman-dev] [PATCH] dload: don't download sig if package is found in cache

Allan McRae allan at archlinux.org
Mon Feb 18 23:04:18 EST 2013


On 19/02/13 06:40, Dave Reisner wrote:
> On Feb 17, 2013 11:12 PM, "Allan McRae" <allan at archlinux.org> wrote:
>>
>> On 18/02/13 12:55, Dave Reisner wrote:
>>> Avoids the segfault seen in FS#33911.
>>>
>>> Signed-off-by: Dave Reisner <dreisner at archlinux.org>
>>> ---
>>> This is sort of an easy cop-out, but also perhaps the right thing to
> do? If we
>>> blindly append .sig to the URL we have then we're just going to end up
> back at
>>> the problem which commit 27067b137286a4 attempted to solve, but without
> the aid
>>> of being able to know what the followed URL is (since we didn't download
>>> anything).
>>
>> So...  if you have "RemoteFileSigLevel = Required" and only have the
>> package and not the signature in the cache, this will not download the
>> signature and give a corrupt package warning.
>>
>> Is that situation fine to "ignore"?  Or should we test both the file and
>> the signature are present before skipping the step?   I almost think it
>> would make sense to always download the file when using a URL with
>> "pacman -U".
>>
>> Allan
> 
> I explicitly fixed the scenario where we look in the file cache for the
> package, but we can't always know beforehand because of redirects and usage
> of a temp filename.
> 
> That said, we can probably make this logic smarter than it currently is.
> 

OK - I will take the patch as is.  It fixes the segfault.

Then I will file a bug report about the case I pointed out above.

Allan




More information about the pacman-dev mailing list