FS#28014 : Corrupted Package Handling in pacman using PGP Signing

FS#28014 - Corrupted Package Handling in pacman using PGP Signing

Attached to Project: Pacman
Opened by Chad Shets (cvillelk) - Friday, 20 January 2012, 15:28 GMT
Last edited by Allan McRae (Allan) - Tuesday, 15 October 2013, 02:49 GMT

Task Type	Feature Request
Category	Backend/Core
Status	Closed
Assigned To	Dan McGee (toofishes) Allan McRae (Allan)
Architecture	All
Severity	Low
Priority	Normal
Reported Version	4.0.1
Due in Version	4.2.0
Due Date	Undecided
Percent Complete
Votes	20 Matthias Krüger (matthiaskrgr) (2014-09-28) Roman Beslik (beroal) (2013-06-14) ifaigios (ifaigios) (2013-04-03) Saurabh Kumar (sa1) (2013-01-04) Ray Rashif (schivmeister) (2012-11-20) Josh Cox (thoth) (2012-11-16) Olivier (litemotiv) (2012-11-04) Vinay S Shastry (shastry) (2012-10-08) Greg (dolby) (2012-08-27) Johannes Jordan (FoPref) (2012-08-27) Kirill Churin (reflexing) (2012-07-08) Zir0h (Zir0h) (2012-06-16) vicencb (vicencb) (2012-04-23) darkraven (darkraven) (2012-04-12) Keshav Amburay (the.ridikulus.rat) (2012-04-11) Anh Hai Trinh (chickamade) (2012-03-12) new user (new-user) (2012-02-19) Gero Müller (geromueller) (2012-02-18) Geraldo (geraldoav) (2012-01-30) Julian Gagnon (whitethorn) (2012-01-30)
Private	No

Details

Description:

pacman 4 makes no distinction between a signing issue and a transmission corruption issue. A post-download checksum applied to the signed package would be one remedy.

- - - - - - - - - - - - - - - - - -

When a package being handled by pacman 4 fails the PGP sig check an error similar to the following is reported:

| error: libreoffice-common: signature from "Andreas Radke <andyrtr@archlinux.org>" is invalid
| error: failed to commit transaction (invalid or corrupted package (PGP signature))
| Errors occurred, no packages were upgraded.

This is less intuitive and helpful than the old checksum method ( < pacman 4; shown below after a transmission corruption).

| :: File /var/cache/pacman/pkg/libreoffice-common-3.4.5-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (checksum)).
| Do you want to delete it? [Y/n] y
| error: failed to commit transaction (invalid or corrupted package (checksum))
| Errors occurred, no packages were upgraded.

The prompt offers to delete the corrupted file, which makes re-downloading the package easier (otherwise the user must manually delete the corrupted package). In it's current form, It is not readily apparent whether a PGP signing error occurred or a file corruption. I, for example, thought my PGP signing was incorrectly setup which had me scanning forums for a while.

Mentioned in the forum here: https://bbs.archlinux.org/viewtopic.php?id=133938

Additional info:
Pacman 4.0.1

Steps to reproduce:
To recieve the checksum message, I changed SigLevel = Optional TrustAll to SigLevel = Never

This task depends upon

Closed by Allan McRae (Allan)
Tuesday, 15 October 2013, 02:49 GMT
Reason for closing: Fixed
Additional comments about closing: commits 0d89c10f and ed511b14

Comment by Dan McGee (toofishes) - Saturday, 11 February 2012, 21:57 GMT

Field changed: Status (Unconfirmed → Assigned)
Field changed: Category (Packages: Core → Backend/Core)
Field changed: Reported Version ( → 4.0.1)
Field changed: Due in Version (Undecided → 4.0.3)
Field changed: Architecture (All → All)
Task assigned to Dan McGee (toofishes)

I think I agree here- we can probably run multiple checks if the first one fails, that way you get more feedback on what is potentially wrong.

Comment by Kerrick Staley (KerrickStaley) - Monday, 22 October 2012, 06:11 GMT

It should be enough to just emulate the old behavior--if the package doesn't pass the PGP check, offer to delete it. If the problem persists, the user will know that their PGP configuration is at fault, rather than it being a one-off issue with the download.

Comment by Allan McRae (Allan) - Saturday, 09 February 2013, 02:51 GMT

This is half implemented in commit 0d89c10f which offers to delete the package if signature checking fails. It would still be better to check the checksum after failing signature to more easily allow the user to determine the source of the error.

Comment by Jorge Villaseñor (salinasv) - Saturday, 20 April 2013, 02:32 GMT

It would be nice if the error shows the name of the package not passing the integrity check.

Comment by Allan McRae (Allan) - Saturday, 20 April 2013, 03:18 GMT

With pacman-4.1 it should be offering to delete the corrupt package - so that requires showing its name... Is that not happening?

Comment by Jorge Villaseñor (salinasv) - Wednesday, 24 April 2013, 04:06 GMT

Yep, it happens with 4.1.0

Comment by Jorge Villaseñor (salinasv) - Monday, 06 May 2013, 04:13 GMT

My bad, I have just seen the message and it says which package is corrupted. Maybe I saw the problem with previous version of pacman and it got updated in that -Syu.

Comment by Allan McRae (Allan) - Tuesday, 15 October 2013, 02:49 GMT

And commit ed511b14 should close this bug.

	Tasks related to this task (0)

Duplicate tasks of this task (8)
~~FS#28352 - Display the name of the packages failing the veification after d~~
~~FS#28525 - pacman 4: no information about defective packages~~
~~FS#29406 - [pacman] distinguish between bad signature and corrupted package~~
~~FS#29585 - [pacman] No information about package integrity failures~~
~~FS#31302 - pacman should handle key signature updates better~~
~~FS#32451 - Avoid invalid signatures~~
~~FS#32705 - pacman fails and does not specify the offending package~~
~~FS#35482 - [pacman] doesn't tell which packages are corrupted~~

Arch Linux

FS#28014 - Corrupted Package Handling in pacman using PGP Signing

Details

Loading...