[pacman-dev] [PATCH] libalpm: download sig files with -U when missing
Anatol Pomozov
anatol.pomozov at gmail.com
Sun Jan 10 20:59:16 UTC 2021
Hi
On Sun, Jan 10, 2021 at 12:45 PM Anatol Pomozov
<anatol.pomozov at gmail.com> wrote:
>
> Hi
>
> The commit description sounds like a duplicate of
> https://bugs.archlinux.org/task/33992
>
> Isn't it fixed by commit f3dfba73d22b7eca3810a8114f2aab63da488b4c ?
Current master works for me:
$ sudo rm /var/cache/pacman/pkg/zxing-cpp-1.1.1-1-x86_64.pkg.tar.zst.sig
$ sudo pacman -U https://archlinux.org/packages/extra/x86_64/zxing-cpp/download/
...
warning: zxing-cpp-1.1.1-1 is up to date -- reinstalling
...
$ ls -l /var/cache/pacman/pkg/zxing-cpp-1.1.1-1-x86_64.pkg.tar.zst.sig
-rw-r--r-- 1 root root 310 Sep 12 13:12
/var/cache/pacman/pkg/zxing-cpp-1.1.1-1-x86_64.pkg.tar.zst.sig
Could you please share a bit more information about the issue you are
trying to fix?
>
> On Sun, Jan 10, 2021 at 12:22 PM morganamilo <morganamilo at archlinux.org> wrote:
> >
> > ---
> >
> > Also, I think the way signature downloading is a bit weird. You can't
> > just download a signature. You have to say you want to download the
> > package then the downloader will download the sig after the package
> > finishes downloading.
>
> That's because the download URL can be redirected. And the final URL
> of the package is not known until the download starts.
>
> There is also a requirement that *.sig file should come from the same
> server as the package itself, i.e. *.sig file URL is unknown until the
> package download URL is resolved.
>
> > I think it would make more sense for signatures to be their own
> > payloads and then have a dlsigcb.
> >
> > This would go towards fixing FS#67813
> >
> > If totaldlcb reports 0 packages to download, then we can show the
> > progress bars for the sigs instead of the packages.
> > ---
> > lib/libalpm/dload.c | 21 ++++++++++++++++++++-
> > 1 file changed, 20 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
> > index df5e8be7..66ebeae9 100644
> > --- a/lib/libalpm/dload.c
> > +++ b/lib/libalpm/dload.c
> > @@ -863,8 +863,27 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
> > char *url = i->data;
> >
> > /* attempt to find the file in our pkgcache */
> > +
> > char *filepath = filecache_find_url(handle, url);
> > - if(filepath) {
> > + int need_download = !filepath;
> > + /* even if the package file in the cache we need to check for
> > + * accompanion *.sig file as well.
> > + * If *.sig is not cached then force download the package + its signature file.
> > + */
> > + if(!need_download && (handle->siglevel & ALPM_SIG_PACKAGE)) {
> > + char *sig_filename = NULL;
> > + int len = strlen(filepath) + 5;
> > +
> > + MALLOC(sig_filename, len, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
> > + snprintf(sig_filename, len, "%s.sig", filepath);
> > +
> > + need_download = !_alpm_filecache_exists(handle, sig_filename);
> > +
> > + FREE(sig_filename);
> > + }
> > +
> > +
> > + if(!need_download) {
> > /* the file is locally cached so add it to the output right away */
> > alpm_list_append(fetched, filepath);
> > } else {
> > --
> > 2.30.0
More information about the pacman-dev
mailing list