Arch Linux

Teyras

Member

Registered: 2010-07-14

Posts: 56

[SOLVED] Detecting corrupt pacman package files

I have a caching proxy set up for pacman with nginx that runs on a Banana Pi. Sometimes it fails to download a package correctly and the computers that use the proxy fail to upgrade with a message like this one:

error: smbclient: signature from "Tobias Powalowski <tobias.powalowski@googlemail.com>" is invalid
:: File /var/cache/pacman/pkg/smbclient-4.5.0-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

When this happens, I have to ssh into the BPi, remove the corrupted package and re-run the upgrade (so that the proxy downloads the package again). Is it possible to check for corrupted packages on the proxy, so that I could set up a cron job to delete them?

Last edited by Teyras (2016-09-22 07:22:31)

JohnBobSmith

Member

From: Canada

Registered: 2014-11-29

Posts: 804

Re: [SOLVED] Detecting corrupt pacman package files

Unless I am mistaken Arch Linux only supports x86/x86_64 architectures and, seeing as the BPi is ARM, it's unsupported here. There is however Arch Linux Arm, you might have better luck over there.

---

I am diagnosed with bipolar disorder. As it turns out, what I thought was my greatest weakness is now my greatest strength.

Everyday, I make a conscious choice to overcome my challenges and my problems. It's not easy, but its better than the alternative...

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 20,641

Re: [SOLVED] Detecting corrupt pacman package files

I had seen this thread earlier and left it open as it appears that you are using the BPi as a cache.  I assume that the clients are x86/x86_64 flavors of Arch Linux.   
If not, JohnBobSmith is correct that the appropriate forums are the ArchArm forums.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way

Teyras

Member

Registered: 2010-07-14

Posts: 56

Re: [SOLVED] Detecting corrupt pacman package files

I had seen this thread earlier and left it open as it appears that you are using the BPi as a cache.  I assume that the clients are x86/x86_64 flavors of Arch Linux.   
If not, JohnBobSmith is correct that the appropriate forums are the ArchArm forums.

Yes, the question doesn't really depend on the architecture - the cache could be running on an x86 machine and I would be facing the same problem with x86_64 packages. I could solve this if I knew how to check if a package file is corrupted without trying to install it.

JohnBobSmith

Member

From: Canada

Registered: 2014-11-29

Posts: 804

Re: [SOLVED] Detecting corrupt pacman package files

What if you wrote a script or found a tool to automatically check MD5Sum? Store the MD5 in a text file, say, filecheckmd5.txt. Then, have your script grab the md5 from the potentially corrupted package and compare it to the known good md5. Very, very fake code for the purpose of example: if knownGoodMd5 == getMd5SumOf(testFile) then continue else echo "bad file". You could even automatically remove the corrupted files but thats risky. Then proceed from there

---

I am diagnosed with bipolar disorder. As it turns out, what I thought was my greatest weakness is now my greatest strength.

Everyday, I make a conscious choice to overcome my challenges and my problems. It's not easy, but its better than the alternative...

eschwartz

Fellow

Registered: 2014-08-08

Posts: 4,097

Re: [SOLVED] Detecting corrupt pacman package files

pacman is capable of checking the package integrity itself, you could run

pacman --config /etc/pacman-x64cache.conf -Syw $cachelist --noconfirm

and it will check the integrity of all the packages (and download them if needed), then delete anything that is corrupt.

Last edited by eschwartz (2016-09-21 01:53:19)

---

Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Teyras

Member

Registered: 2010-07-14

Posts: 56

Re: [SOLVED] Detecting corrupt pacman package files

What if you wrote a script or found a tool to automatically check MD5Sum? Store the MD5 in a text file, say, filecheckmd5.txt. Then, have your script grab the md5 from the potentially corrupted package and compare it to the known good md5. Very, very fake code for the purpose of example: if knownGoodMd5 == getMd5SumOf(testFile) then continue else echo "bad file". You could even automatically remove the corrupted files but thats risky. Then proceed from there

I see two problems with this - first, I'm not sure if a correct checksum means that the PGP error I'm getting won't happen. Second, I'm not sure how would I extract the expected checksum from the package file.

it will check the integrity of all the packages (and download them if needed), then delete anything that is corrupt

If I'm not mistaken, this works with a list of package names (not files) - to check the package files in the cache, I'd have to extract their names from the package files (which is rather easy though). Also, I could only check the integrity of the most recent version of the package in the cache (not much of a problem). Possibly the biggest drawback is that my nginx cache mirrors the structure of an arch mirror (separate folders for repositories and whatnot), while tha cache used by pacman is flat - overcoming this would require quite a lot of work.

eschwartz

Fellow

Registered: 2014-08-08

Posts: 4,097

Re: [SOLVED] Detecting corrupt pacman package files

If I'm not mistaken, this works with a list of package names (not files) - to check the package files in the cache, I'd have to extract their names from the package files (which is rather easy though).

As you say.

Also, I could only check the integrity of the most recent version of the package in the cache (not much of a problem).

True, but since the primary source for the integrity is the most recent version of the sync database, that was going to be true regardless.
Although technically, you could manually retrieve the original*.sig files for each package, assuming you know which repo to retrieve it from and they haven't deleted the package yet.

Possibly the biggest drawback is that my nginx cache mirrors the structure of an arch mirror (separate folders for repositories and whatnot), while tha cache used by pacman is flat - overcoming this would require quite a lot of work.

You could always use separate config files for each repository.

If not for the fact that pacman also supports multiple CacheDir's -- so claiming "tha cache used by pacman is flat" is not strictly true.

tl;dr
Not a problem, and not a lot of work.

---

Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Teyras

Member

Registered: 2010-07-14

Posts: 56

Re: [SOLVED] Detecting corrupt pacman package files

You could always use separate config files for each repository.

If not for the fact that pacman also supports multiple CacheDir's -- so claiming "tha cache used by pacman is flat" is not strictly true.

tl;dr
Not a problem, and not a lot of work.

Awesome, thank you!