You are not logged in.

#1 2012-01-20 04:25:26

cvillelk
Member
From: Lafayette, LA
Registered: 2011-01-01
Posts: 17

Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

While I was performing a system upgrade I noticed a nuance in the new PGP signing process.

If a package is corrupted during transmission, the following error is given.

error: libreoffice-common: signature from "Andreas Radke <andyrtr@archlinux.org>" is invalid
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

If I disable the new PGP signature checking (SigLevel = Optional TrustAll to SigLevel = Never) a much more informative and helpful error message is given.

:: File /var/cache/pacman/pkg/libreoffice-common-3.4.5-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (checksum))
Errors occurred, no packages were upgraded.

I spent a while troubleshooting the first error thinking i had an issue with my new package signing configuration. Would it not be possible to perform a checksum on the signed package to validate transmission like pacman did pre-PGP? I considered filing a feature request or bug report, but decided to start here.

Offline

#2 2012-01-20 05:48:59

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,126
Website

Re: Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

Huh?   The PGP check told you the package was corrupted.   There is no point in performing a checksum check if you have already done a PGP check...

Offline

#3 2012-01-20 06:00:21

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,303

Re: Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

cvillelk wrote:

(invalid or corrupted package (PGP signature))

I figure OP is asking that the error message be made more specific (an additional checksum check would confirm whether its a sig problem or a corrupted download problem).


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#4 2012-01-20 06:11:20

cvillelk
Member
From: Lafayette, LA
Registered: 2011-01-01
Posts: 17

Re: Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

Thank you both for the replies, and yes my question focuses more on the message than the functionality. (Though I'm still not 100% sure if PGP can tell the difference between a signing and corruption problem... ie, do i need to re-download or change mirrors)

My main concern regards the following message which appears after a failed checksum but not after a failed PGP check:

Do you want to delete it? [Y/n] y

Under the old system, I would select yes, then re-issue a pacman -Syu

Since pacman 4.x.x I need to perform the extra step of pacman -Sc.

Last edited by cvillelk (2012-01-20 06:12:37)

Offline

#5 2012-01-20 06:35:02

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,126
Website

Re: Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

Can you file a feature request for that?    It is probably a good idea to allow that deleting of corrupt packages found with signature checking too.

Offline

#6 2012-01-20 15:31:35

cvillelk
Member
From: Lafayette, LA
Registered: 2011-01-01
Posts: 17

Re: Corrupted Package Handling in pacman 4.0.1 - Feature Sacrafice or Bug?

I went ahead and filed a feature request https://bugs.archlinux.org/task/28014

I appreciate the input

Regards,

Offline

Board footer

Powered by FluxBB