Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#71274 - [pacman] saves DB signature file to wrong filename when redirected to different filename
Attached to Project:
Pacman
Opened by Christoph Reiter (lazka) - Wednesday, 16 June 2021, 20:37 GMT
Last edited by Allan McRae (Allan) - Thursday, 01 July 2021, 00:59 GMT
Opened by Christoph Reiter (lazka) - Wednesday, 16 June 2021, 20:37 GMT
Last edited by Allan McRae (Allan) - Thursday, 01 July 2021, 00:59 GMT
|
DetailsThis worked with pacman 5, but fails with pacman 6
* Use the following DB in /etc/pacman.conf: ``` [mingw64] Server = https://mirror.msys2.org/mingw/mingw64/ ``` * Run `pacman -Syy` Expected: It works Actual: error: mingw64: missing required signature error: failed to synchronize all databases (invalid or corrupted database (PGP signature)) ---- The problem is that the mirror is a https://github.com/etix/mirrorbits instance which (1) redirects all URLs to a mirror and (2) de-refs symlinks before doing so. This means there will be redirects with a different filename for each DB related file. The first request gives: $ curl -I https://mirror.msys2.org/mingw/x86_64/mingw64.db HTTP/2 302 cache-control: private, no-cache content-type: text/html; charset=utf-8 date: Wed, 16 Jun 2021 20:21:05 GMT link: <https://repo.msys2.org/mingw/x86_64/mingw64.db.tar.gz>; rel=duplicate; pri=1; geo=de location: https://mirror.yandex.ru/mirrors/msys2/mingw/x86_64/mingw64.db.tar.gz server: Mirrorbits/v0.5.1-31-geeea0e0-dirty This results in pacman doing the following: debug: mingw64.db: url is https://mirror.msys2.org/mingw/x86_64/mingw64.db debug: mingw64.db: maxsize 134217728 debug: mingw64.db: opened tempfile for download: /var/lib/pacman/sync/mingw64.db.part (wb) debug: mingw64.db: curl returned result 0 from transfer debug: mingw64.db: response code 200 Then it tries to fetch the signature file: debug: mingw64.db.tar.gz.sig: url is https://repo.msys2.org/mingw/x86_64/mingw64.db.tar.gz.sig debug: mingw64.db.tar.gz.sig: maxsize 16384 debug: mingw64.db.tar.gz.sig: opened tempfile for download: /var/lib/pacman/sync/mingw64.db.tar.gz.sig.part (wb) debug: mingw64.db.tar.gz.sig: curl returned result 0 from transfer debug: mingw64.db.tar.gz.sig: response code 200 Then it fails to find the signature file on disk and fails: debug: "/var/lib/pacman/sync/mingw64.db.sig" is not readable: No such file or directory debug: sig path /var/lib/pacman/sync/mingw64.db.sig could not be opened debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 593) : missing PGP signature debug: missing required signature error: mingw64: missing required signature debug: failed to validate db: mingw64 The filesystem contains a /var/lib/pacman/sync/mingw64.db.tar.gz.sig though I know that this is a bit of a weird edge case, so if this is out of scope I understand. I'll try to teach(hack) mirrorbits to not de-reference symlinks instead. |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 01 July 2021, 00:59 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 0147de169a2abd193699957d4e76aec522901fd2
Thursday, 01 July 2021, 00:59 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 0147de169a2abd193699957d4e76aec522901fd2
Comment by Christoph Reiter (lazka) -
Wednesday, 16 June 2021, 23:40 GMT
I'll try to fix mirrorbits (my server) to not leak symlink de-reffing. Maybe this becomes all moot then.
Comment by morganamilo (morganamilo) -
Thursday, 17 June 2021, 01:01 GMT
It's a bug in alpm either way. Glad your server exposed it in time for a .1 release.
Comment by Christoph Reiter (lazka) -
Thursday, 17 June 2021, 08:34 GMT
Ah, the server URL was wrong, it's "https://mirror.msys2.org/mingw/x86_64/" (I can't find a way to edit the post)
Comment by Christoph Reiter (lazka) -
Friday, 18 June 2021, 10:08 GMT
I can confirm that https://lists.archlinux.org/pipermail/pacman-dev/2021-June/025231.html fixes the issue for me.