On 01/27/10 06:45 PM, [email protected] wrote:
I remain concerned as I previously indicated that there is a larger
issue that ultimately caused this, although I still believe
transport should check for the no signature data case just in case
there is a consistency issue between origins, etc.
I'm not trying to be insenstive to your concerns, but I don't have a lot
of options. If the transport successfully downloads the file, but it
can't get the signature data, the most conservative approach is to
conclude that this file was wanted. In the 14201, the stack trace
showed that this manifest was fetched out of get_manifest(), so the
manifest was requested as a necessary retrieval to perform the
installation. If the manifest still names valid files that exist on the
server, should we really abort the installation?
Actually, in 14201, get_manifest() was called as a result of a lazy-load
trigger from get_pkg_list() as the packagemanager was building its list
of packages. Because the package was from a v0 repository, the
lazy-loader got triggered.
The verify_manifest() function just needs to determine if it can verify
a manifest. If it can, it will and will throw an exception if the
manifest is invalid. If we can retrieve the manifest, and it references
existing content, that doesn't seem inherently invalid.
I'd be comfortable making this a permanent failure if we had a
per-publisher policy that states that all catalogs from a particular
publisher must have signatures, and the signatures must be valid. That
would also give us an opportunity to double-check this when the catalog
is retrieved. That wouldn't solve the absent package case, but we could
at least verify that when the catalog was downloaded it was self consistent.
Apologies; I have apparently mis-communicated (again). I was not asking
for any additional changes here. I was only trying to say that even
though there may be a larger issue, I believe that *some* change (the
one you have posted is perfectly fine) was still necessary to prevent a
traceback in the case that the signature data is completely absent (as
opposed to empty).
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
