FS#33402 - [archlinux-keyring] Package should be updated on its own before other packages
Attached to Project:
Arch Linux
Opened by Bill Seremetis (bserem) - Tuesday, 15 January 2013, 10:16 GMT
Last edited by Allan McRae (Allan) - Thursday, 24 January 2013, 23:43 GMT
Opened by Bill Seremetis (bserem) - Tuesday, 15 January 2013, 10:16 GMT
Last edited by Allan McRae (Allan) - Thursday, 24 January 2013, 23:43 GMT
|
Details
Description:
I believe that archlinux-keyring package should be updated on its own, before other packages on system upgrade. Just like pacman does. The reason for this is that the system update might break if a package isn't validated. This happened today to me, with the chromium package. I append the output of pacman for those who need it. I'm cutting out some lines to make it readable. Additional info: * config and/or log files etc. FIRST RUN: sudo pacman -Syu ... :: Starting full system upgrade... ... Proceed with installation? [Y/n] ... (6/6) checking package integrity [######################] 100% (6/6) loading package files [######################] 100% error: error while reading package /var/cache/pacman/pkg/chromium-24.0.1312.52-1-x86_64.pkg.tar.xz: Truncated input file (needed 179712 bytes, only 0 available) error: failed to commit transaction (libarchive error) Errors occurred, no packages were upgraded. SECOND RUN: sudo pacman -Syu --ignore chromium ... :: Starting full system upgrade... warning: chromium: ignoring package upgrade (23.0.1271.97-1 => 24.0.1312.52-1) ... Proceed with installation? [Y/n] (5/5) checking package integrity [######################] 100% (5/5) loading package files [######################] 100% (5/5) checking for file conflicts [######################] 100% (5/5) checking available disk space [######################] 100% (1/5) upgrading archlinux-keyring [######################] 100% ==> Appending keys from archlinux.gpg... ... Updating chromium now succeded. |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 24 January 2013, 23:43 GMT
Reason for closing: Won't implement
Thursday, 24 January 2013, 23:43 GMT
Reason for closing: Won't implement
error: error while reading package /var/cache/pacman/pkg/chromium-24.0.1312.52-1-x86_64.pkg.tar.xz: Truncated input file (needed 179712 bytes, only 0 available)
has nothing to do with the keyring...
However how does the idea of updating the keyring on its own sound ot you?
1) A new ID is added to a key. Pacman will see the new ID and fetch it - essentially updating the key.
2) A key has been added to the keyring without the needed signatures for it to be trusted by default. Pacman will reject the package with a signing error. This will not happen unless the user manually imports a key before it is signed.
Also, the key uses to sign the chromium package is old... So we need the actual error message to know what went wrong here. Given the error message, I'd say you had a download failure that was detected as a corrupt package via the signature.
Sadly the log doesn't have the required information.
I agree that the keyservers being down is a pain in the ass and that it happens way too often (such as today), but that was one of the motivators for the keyring package. In the meantime, I don't think it's a big deal if we rely on the code in pacman to import keys from the keyservers. In case there's a keyring waiting to be updated and keyservers are down, is it too much to ask for the users to recognize the keyring update could be pulled in first manually? There's absolutely no desire from the pacman developers to reimplement SyncFirst because of the relatively unsolvable problems that come with it.