Don't stop checking remote ini files after the first with a missing or
invalid signature.
This is important because part of the (accidental, not designed)
protection against a mirror having mismatched manifests and signatures
(because rsyncing them is not atomic) is to fall back to the next
compression type.
---
Notes:
This could probably use a bit of extra review.
If a mirror has setup.zst but no setup.zst.sig, setup immediately stops
with an error.
This caused a few reports recently, when exactly that situation occured
(presumbly due to the precise timing of the mirror update).
This can't be simply fixed by by making the update of those files on
sourceware locally atomic in calm, because a remote rsync fetches each
file at a different point in time.
(Even if we do the crazy, but apparently wanted dance of (i) remove
setup.zst, (ii) make setup.zst elsewhere, (iii) move setup.zst.sig into
place, (iv) move setup.zst into place, we still have the possibility of
a mirror ending up with mismatched file and signature, which is
still immediately fatal)
ini.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ini.cc b/ini.cc
index 006d710..371d267 100644
--- a/ini.cc
+++ b/ini.cc
@@ -242,8 +242,8 @@ do_remote_ini (Feedback &myFeedback)
ini_file = get_url_to_membuf (current_ini_name, myFeedback);
ini_file = check_ini_sig (ini_file, ini_sig_file, sig_fail,
n->url.c_str (), current_ini_sig_name.c_str
(), myFeedback);
- // stop searching as soon as we find a setup file
- if (ini_file)
+ // stop searching as soon as we find a ini file with a valid signature
+ if (ini_file && !sig_fail)
break;
}
if (ini_file)
--
2.51.0
