[pacman-dev] [PATCH 0/1] libalpm: fix resuming after HTTP error
Hung-I Wang
whygowe at gmail.com
Wed Jun 2 11:44:33 UTC 2021
Hi, there.
When downloading packages, the libalpm may save a body of a unsuccessful HTTP
response (e.g. 404). The saved part will then be treated as a partially
download package, from where the download will be resumed, resulting in a
corrupted package.
Steps to reproduce:
1. Prepend a invalid mirror to mirrorlist,
say http://example.com/$repo/os/$arch
2. Pick any package, say inkscape
3. (Re-)Install the chosen package with `pacman -S`
4. Pacman gets a HTTP 404 error when trying the newly added "mirror", saving
its body as the partially downloaded package
5. Pacman retries the subsequent real mirrors, resuming its download
6. At last, pacman complains with
"File ... corrupted (invalid or corrupted package (PGP signature))"
This patch fixs the problem by letting curl fails on HTTP error, preventing
it from accepting such an invalid HTTP body.
Regards,
Hung-I Wang
---
Hung-I Wang (1):
libalpm: fix resuming after HTTP error
lib/libalpm/dload.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--
2.31.1
More information about the pacman-dev
mailing list