Jon Turney via Cygwin-apps writes: > If a mirror has setup.zst but no setup.zst.sig, setup immediately stops > with an error. > > This caused a few reports recently, when exactly that situation occured > (presumbly due to the precise timing of the mirror update).
Does that happen with specific mirrors only? I've never seen anything like that. > This can't be simply fixed by by making the update of those files on > sourceware locally atomic in calm, because a remote rsync fetches each > file at a different point in time. Not only that, it will commit them to visible state at thre remote end at different times as well. > (Even if we do the crazy, but apparently wanted dance of (i) remove > setup.zst, (ii) make setup.zst elsewhere, (iii) move setup.zst.sig into > place, (iv) move setup.zst into place, we still have the possibility of > a mirror ending up with mismatched file and signature, which is > still immediately fatal) Being atomic on sourceware doesn't solve the problem on the receiving site. We are in a bit of a pickle due to the fact that the "release" directory is contained at the same level as the setup.ini files. I think it should be possible to use LVM snapshots and/or bind mounts (for the release directory) to get around that and have only the stable state exposed at any time. Using bind mounts assumes that we can use the exch command to atomically swap the two directories after each update is complete. Each rsync mirror transfer must never see the swap, so it'll probably need to trigger an LVM snapshot at the start of the transfer. That still has the possibility of briefly having an incomplete set of files at the remote end, but at least one won't need to wait for the next sync to resolve. > ini.cc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/ini.cc b/ini.cc > index 006d710..371d267 100644 > --- a/ini.cc > +++ b/ini.cc > @@ -242,8 +242,8 @@ do_remote_ini (Feedback &myFeedback) > ini_file = get_url_to_membuf (current_ini_name, myFeedback); > ini_file = check_ini_sig (ini_file, ini_sig_file, sig_fail, > n->url.c_str (), current_ini_sig_name.c_str > (), myFeedback); > - // stop searching as soon as we find a setup file > - if (ini_file) > + // stop searching as soon as we find a ini file with a valid signature > + if (ini_file && !sig_fail) > break; > } > if (ini_file) LGTM. It may or may not solve the problem depending on which race was lost, but let's see. All things considered, the better route would be to embed a signature into the setup.ini (and keep the detached signature on the resulting file for backwards compatibility). So something like that perhaps: --8<---------------cut here---------------start------------->8--- signature: iJEEABEIADkWIQSyK0iQuJ5eWnlc4wW0C+x1MVKxwwUCaXUQ+RsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMSwyLDIACgkQtAvsdTFSscPLvQD9FBeNOWqs6mNnTNUy1bPEsvABzA9pWpm8Tit8UyAHAiAA/2ok4W7ONFAL4cYMthboc+xGW90WrdIhclje1N7VCKyA # This file was automatically generated at 2026-01-24 08:41:56 GMT. # # If you edit it, your edits will be discarded next time the file is # generated. # # See https://sourceware.org/cygwin-apps/setup.ini.html for a description # of the format. release: cygwin arch: x86_64 --8<---------------cut here---------------end--------------->8--- So if the first line is a signature, base64 decode it and then verify against the rest of the file. All our compressors support concatenation of compressed files, so the signature need not even be prepended before compression. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ DIY Stuff: http://Synth.Stromeko.net/DIY.html
