You are not logged in.

#1 2015-11-07 15:24:09

Damacustas
Member
Registered: 2014-04-27
Posts: 5

pacman network cache personal project, database not valid or corrupt

Hey everyone,

For fun, I'm building a pacman network cache. My idea was to have a nodejs application running on an RPi acting a mirror which is to be added at the top of the mirrorlist file. (Note: this is just moving files, pacman is not used in any way on the RPi) When a request for a package arrives, either of two things happen:
1) the requested package is already in the cache, in which case it is directly served to pacman.
2) the requested package needs to be fetched, in which case the package is fetched from an ACTUAL mirror. The package contents are piped to a local file and to the connected client (pacman).

This is already working nicely but there is one problem. When refreshing the package databases (e.g. [core]), I get an GPGME error:
error: database 'core' is not valid (invalid or corrupted database (PGP signature))

I am not a pacman expert, but I suspect the .sig file that is downloaded in with the database file is some authentication/key to make sure the mirror is valid and is used to verify the database. Possibly, this mechanism is in place to prevent man-in-the-middle attacts (which my cache actually is). I have searched the wiki, but I haven't found much information about the subject.

My questsions are:
- What are .sig files exactly?
- What direction should I take to solve this problem?

Thanks in advance for any help!

Offline

#2 2015-11-07 23:12:18

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: pacman network cache personal project, database not valid or corrupt

Offline

#3 2015-11-08 08:18:26

mauritiusdadd
Member
From: Benevento, Italy
Registered: 2013-10-27
Posts: 776

Re: pacman network cache personal project, database not valid or corrupt

Damacustas wrote:

- What are .sig files exactly?

You already answered wink

Damacustas wrote:

[it] is some authentication/key to make sure the mirror is valid and is used to verify the database

For more information see:
https://www.gnupg.org/gph/en/manual/x135.html
https://wiki.archlinux.org/index.php/Pa … ge_signing
https://wiki.archlinux.org/index.php/De … ementation

Damacustas wrote:

- What direction should I take to solve this problem?

The actual problem is that, for what I know, databases are not signed yet (only packages are signed) so you should first of all find where that signature file comes from. Also, what happens if you try to delete it?

--edit: typo

Last edited by mauritiusdadd (2015-11-09 03:54:08)


About me - github

-- When you have eliminated the impossible, whatever remains, however improbable, must be the truth -- Spock | Sherlock Holmes

Offline

#4 2015-11-08 22:15:10

Damacustas
Member
Registered: 2014-04-27
Posts: 5

Re: pacman network cache personal project, database not valid or corrupt

@karol
Yes looked at that page, but I specifically want to use a Raspberry Pi to serve as the cache. Since the Raspberry Pi is armv7h instead of x86_64, using its pacman package cache is rather useless.

@mauritiusdadd
Thanks for the additional links about gnupg I'll look into them. I'm going on a search to the exact workings of pacman database syncing.

Last edited by Damacustas (2015-11-08 22:15:39)

Offline

#5 2015-11-08 23:20:24

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: pacman network cache personal project, database not valid or corrupt

Downloaded packages are stored somewhere in your network. Point pacman to that address.

Post your pacman.conf.

Offline

Board footer

Powered by FluxBB