Project

General

Profile

Bug #270

[pacman] misleading error message when cache contains a signed package of invalid checksum

mtjm - almost 7 years ago - . Updated almost 7 years ago.

Status:
open
Priority:
bug
Assignee:
-
% Done:

0%


Description

17:24 < fauno> ==> ERROR Package community/rxvt-unicode-9.15-3-mips64el.pkg.tar.xz already exists in another repository
[...]
17:27 < fauno> i'll get this behavior on pacman
17:27 < fauno> community.db will say rxvt-unicode needs to update, but it won't download your version because mine is cached
17:28 < fauno> then it will fail to upgrade because the signature doesn't verify the package
17:28 < fauno> instead of telling you the package is probably corrupt because the checksums don't match like before
17:29 < mtjm> easy to remove it from cache
[...]
17:31 < fauno> mtjm: yes, but the message is misleading
17:31 < fauno> it suggest having a security issue rather than a corrupt package

Expected behaviour: handle invalid signatures just like invalid checksums, i.e. remove the cached package and error.

Also available in: Atom PDF