On 19/02/13 06:40, Dave Reisner wrote: > On Feb 17, 2013 11:12 PM, "Allan McRae" <[email protected]> wrote: >> >> On 18/02/13 12:55, Dave Reisner wrote: >>> Avoids the segfault seen in FS#33911. >>> >>> Signed-off-by: Dave Reisner <[email protected]> >>> --- >>> This is sort of an easy cop-out, but also perhaps the right thing to > do? If we >>> blindly append .sig to the URL we have then we're just going to end up > back at >>> the problem which commit 27067b137286a4 attempted to solve, but without > the aid >>> of being able to know what the followed URL is (since we didn't download >>> anything). >> >> So... if you have "RemoteFileSigLevel = Required" and only have the >> package and not the signature in the cache, this will not download the >> signature and give a corrupt package warning. >> >> Is that situation fine to "ignore"? Or should we test both the file and >> the signature are present before skipping the step? I almost think it >> would make sense to always download the file when using a URL with >> "pacman -U". >> >> Allan > > I explicitly fixed the scenario where we look in the file cache for the > package, but we can't always know beforehand because of redirects and usage > of a temp filename. > > That said, we can probably make this logic smarter than it currently is. >
OK - I will take the patch as is. It fixes the segfault. Then I will file a bug report about the case I pointed out above. Allan
