opkg upgrade fails when using check_pkg_signature and cached packages

[Bryan Evenson]

All,

I'm starting to use the check_pkg_signature option so opkg will verify the GPG signature for each package it downloads on upgrade.  I'm on opkg 0.4.2.  Since I don't trust my connection during upgrade, I download all the upgradable files first with 'opkg --download-only upgrade'.  If that succeeds, I call 'opkg upgrade' to complete the upgrade.  The upgrade process is failing when I enable check_pkg_signature.

I've confirmed the GPG key is setup correctly.  I initially had problems in which the packages wouldn't even download to cache because the GPG check failed.  I fixed these errors and then 'opkg --download-only upgrade' would download the packages and the signature files to my cache directory.  For testing, I have the package repository on a USB flash drive.  After opkg downloads the upgradable packages to cache, I remove the USB flash drive to confirm 'opkg upgrade' is then upgrading from the cached packages.

This method works when I have check_pkg_signature disabled.  If I have it enabled, I get the error message, "Removing corrupt package file" for every package.  I've been looking through the code and I haven't been able to confirm for sure, but I'm assuming that 'opkg upgrade' will always attempt to download the signature from the package repository instead of the cache location.  Is that correct, or is there something else going on?

Thanks,

Bryan

[Bryan Evenson]

All,

I've made some progress on tracking this problem down.

I think I see the order of operations to cause this problem.  opkg_download_pkg() gets called for each package during upgrade process.  It uses pkg_verify() to first check if there is a valid local copy of the package before attempting to download the package.  If the system is set to verify package signatures, pkg_verify() always calls pkg_download_signature() without checking if there is a cached copy of the signature.  So when I called 'opkg --download-only upgrade' the system downloaded all the packages and signatures to the cache directory, and then when I called 'opkg upgrade' it will then attempt to download the signatures again to the same cache location and fail if it can't re-download the signatures.

I would suggest the fix would either check in pkg_verify() or in pkg_download_signature() for a cached copy of the signature before attempting to download it.  Since opkg_download_pkg() checks if the package is cached or not, I'm assuming it'd make more sense to check if the signature is cached in pkg_download_signature().  I am planning on attempting to patch the code, but I'm open to suggestions from anyone who knows the code better than me.

Thanks,

Bryan

Thanks,

Bryan

--
You received this message because you are subscribed to a topic in the Google Groups "opkg-devel" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/opkg-devel/LaQzpu5cQh4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to opkg-devel+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/opkg-devel/5fbfe534-1f92-481f-b8c5-a09a989c7411n%40googlegroups.com.

[Bryan Evenson]

All,

On Thursday, January 13, 2022 at 8:57:37 AM UTC-5 Bryan Evenson wrote:

All,

I've made some progress on tracking this problem down.

On Wed, Jan 12, 2022 at 4:56 PM Bryan Evenson <evenso...@gmail.com> wrote:

All,

I'm starting to use the check_pkg_signature option so opkg will verify the GPG signature for each package it downloads on upgrade.  I'm on opkg 0.4.2.  Since I don't trust my connection during upgrade, I download all the upgradable files first with 'opkg --download-only upgrade'.  If that succeeds, I call 'opkg upgrade' to complete the upgrade.  The upgrade process is failing when I enable check_pkg_signature.

I've confirmed the GPG key is setup correctly.  I initially had problems in which the packages wouldn't even download to cache because the GPG check failed.  I fixed these errors and then 'opkg --download-only upgrade' would download the packages and the signature files to my cache directory.  For testing, I have the package repository on a USB flash drive.  After opkg downloads the upgradable packages to cache, I remove the USB flash drive to confirm 'opkg upgrade' is then upgrading from the cached packages.

This method works when I have check_pkg_signature disabled.  If I have it enabled, I get the error message, "Removing corrupt package file" for every package.  I've been looking through the code and I haven't been able to confirm for sure, but I'm assuming that 'opkg upgrade' will always attempt to download the signature from the package repository instead of the cache location.  Is that correct, or is there something else going on?

I think I see the order of operations to cause this problem.  opkg_download_pkg() gets called for each package during upgrade process.  It uses pkg_verify() to first check if there is a valid local copy of the package before attempting to download the package.  If the system is set to verify package signatures, pkg_verify() always calls pkg_download_signature() without checking if there is a cached copy of the signature.  So when I called 'opkg --download-only upgrade' the system downloaded all the packages and signatures to the cache directory, and then when I called 'opkg upgrade' it will then attempt to download the signatures again to the same cache location and fail if it can't re-download the signatures.

I would suggest the fix would either check in pkg_verify() or in pkg_download_signature() for a cached copy of the signature before attempting to download it.  Since opkg_download_pkg() checks if the package is cached or not, I'm assuming it'd make more sense to check if the signature is cached in pkg_download_signature().  I am planning on attempting to patch the code, but I'm open to suggestions from anyone who knows the code better than me.

I have a small change to pkg_download_signature in opkg_download.c that works for me.  I'll be submitting a patch shortly.