FS#69608 - pacman -U <url> fails if package is already in cache but signature isn't
Attached to Project:
Pacman
Opened by Platon Pronko (Rogach) - Wednesday, 10 February 2021, 08:52 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 10 February 2021, 12:10 GMT
Opened by Platon Pronko (Rogach) - Wednesday, 10 February 2021, 08:52 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 10 February 2021, 12:10 GMT
|
Details
Description:
Stumbled upon this when trying to downgrade a package via ArchLinux Archive. When I called `pacman -U <url>` I got the error "package missing required signature". The package in question was already present in /var/cache/pacman/ (since it was installed previously) but signature wasn't. Apparently if pacman sees the package downloaded it proceeds to installation without checking if signature was downloaded as well. Additional info: * package version(s): Pacman v5.2.2 - libalpm v12.0.2 Steps to reproduce: 1. wget https://archive.archlinux.org/packages/p/python-openpyxl/python-openpyxl-3.0.5-3-any.pkg.tar.zst -O /var/cache/pacman/pkg/python-openpyxl-3.0.5-3-any.pkg.tar.zst # simulate a package being previously installed 2. rm -f /var/cache/pacman/pkg/python-openpyxl-3.0.5-3-any.pkg.tar.zst.sig # remove signature if it was present 3. pacman -U https://archive.archlinux.org/packages/p/python-openpyxl/python-openpyxl-3.0.5-3-any.pkg.tar.zst # try installing a package from url 4. Observe an error: error: '/var/cache/pacman/pkg/python-openpyxl-3.0.5-3-any.pkg.tar.zst': package missing required signature |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 10 February 2021, 12:10 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#33992
Wednesday, 10 February 2021, 12:10 GMT
Reason for closing: Duplicate
Additional comments about closing: