[pacman-dev] [PATCH] libalpm: download sig files with -U when missing

Sun Jan 10 20:45:04 UTC 2021

Hi

The commit description sounds like a duplicate of
https://bugs.archlinux.org/task/33992

Isn't it fixed by commit f3dfba73d22b7eca3810a8114f2aab63da488b4c ?

On Sun, Jan 10, 2021 at 12:22 PM morganamilo <morganamilo at archlinux.org> wrote:
>
> ---
>
> Also, I think the way signature downloading is a bit weird. You can't
> just download a signature. You have to say you want to download the
> package then the downloader will download the sig after the package
> finishes downloading.

That's because the download URL can be redirected. And the final URL
of the package is not known until the download starts.

There is also a requirement that *.sig file should come from the same
server as the package itself, i.e. *.sig file URL is unknown until the
package download URL is resolved.

> I think it would make more sense for signatures to be their own
> payloads and then have a dlsigcb.
>
> This would go towards fixing FS#67813
>
> If totaldlcb reports 0 packages to download, then we can show the
> progress bars for the sigs instead of the packages.
> ---
>  lib/libalpm/dload.c | 21 ++++++++++++++++++++-
>  1 file changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
> index df5e8be7..66ebeae9 100644
> --- a/lib/libalpm/dload.c
> +++ b/lib/libalpm/dload.c
> @@ -863,8 +863,27 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
>                 char *url = i->data;
>
>                 /* attempt to find the file in our pkgcache */
> +
>                 char *filepath = filecache_find_url(handle, url);
> -               if(filepath) {
> +               int need_download = !filepath;
> +               /* even if the package file in the cache we need to check for
> +                * accompanion *.sig file as well.
> +                * If *.sig is not cached then force download the package + its signature file.
> +                */
> +               if(!need_download && (handle->siglevel & ALPM_SIG_PACKAGE)) {
> +                       char *sig_filename = NULL;
> +                       int len = strlen(filepath) + 5;
> +
> +                       MALLOC(sig_filename, len, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
> +                       snprintf(sig_filename, len, "%s.sig", filepath);
> +
> +                       need_download = !_alpm_filecache_exists(handle, sig_filename);
> +
> +                       FREE(sig_filename);
> +               }
> +
> +
> +               if(!need_download) {
>                         /* the file is locally cached so add it to the output right away */
>                         alpm_list_append(fetched, filepath);
>                 } else {
> --
> 2.30.0