[PATCH] opkg_download: Check if package signature is already cached
4 views
Skip to first unread message
Bryan Evenson
Jan 14, 2022, 7:58:51 AM1/14/22
to opkg-devel
Checks if the signature already exists in cache before attempting the
download. Previously, every call to 'opkg upgrade' would download the
signature. This led to problems in the following scenario:
* Call 'opkg --download-only upgrade' to download any package upgrades.
* Disconnect the package repository (i.e. disconnect removable media)
* Call 'opkg upgrade'
Previously 'opkg upgrade' would fail because it could not download the
signature files. The upgrade now works in this scenario.
Signed-off-by: Bryan Evenson <beve...@cinci.rr.com>
---
libopkg/opkg_download.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 5c74f66..79b8435 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -25,6 +25,7 @@
#include <string.h>
#include <unistd.h>
#include <libgen.h>
+#include <sys/stat.h>
#include "opkg_download.h"
#include "opkg_message.h"
@@ -248,12 +249,20 @@ static char *get_pkg_url(pkg_t * pkg)
return url;
}
+/** \brief pkg_download_signature: download a package signature
+ * \details First checks if the signature has already been downloaded
+ *
+ * \param pkg the package associated with the signature
+ * \return The signature filename if success, NULL if error occurs
+ *
+ */
char *pkg_download_signature(pkg_t * pkg)
{
char *pkg_url;
char *sig_url;
char *sig_ext;
char *sig_file;
+ struct stat sig_stat;
pkg_url = get_pkg_url(pkg);
if (!pkg_url)
@@ -267,7 +276,11 @@ char *pkg_download_signature(pkg_t * pkg)
sprintf_alloc(&sig_url, "%s.%s", pkg_url, sig_ext);
free(pkg_url);
- sig_file = opkg_download_cache(sig_url, NULL, NULL);
+ sig_file = get_cache_location(sig_url);
+ if (stat(sig_file, &sig_stat)) {
+ free(sig_file);
+ sig_file = opkg_download_cache(sig_url, NULL, NULL);
+ }
free(sig_url);
return sig_file;
--
2.17.1
download. Previously, every call to 'opkg upgrade' would download the
signature. This led to problems in the following scenario:
* Call 'opkg --download-only upgrade' to download any package upgrades.
* Disconnect the package repository (i.e. disconnect removable media)
* Call 'opkg upgrade'
Previously 'opkg upgrade' would fail because it could not download the
signature files. The upgrade now works in this scenario.
Signed-off-by: Bryan Evenson <beve...@cinci.rr.com>
---
libopkg/opkg_download.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 5c74f66..79b8435 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -25,6 +25,7 @@
#include <string.h>
#include <unistd.h>
#include <libgen.h>
+#include <sys/stat.h>
#include "opkg_download.h"
#include "opkg_message.h"
@@ -248,12 +249,20 @@ static char *get_pkg_url(pkg_t * pkg)
return url;
}
+/** \brief pkg_download_signature: download a package signature
+ * \details First checks if the signature has already been downloaded
+ *
+ * \param pkg the package associated with the signature
+ * \return The signature filename if success, NULL if error occurs
+ *
+ */
char *pkg_download_signature(pkg_t * pkg)
{
char *pkg_url;
char *sig_url;
char *sig_ext;
char *sig_file;
+ struct stat sig_stat;
pkg_url = get_pkg_url(pkg);
if (!pkg_url)
@@ -267,7 +276,11 @@ char *pkg_download_signature(pkg_t * pkg)
sprintf_alloc(&sig_url, "%s.%s", pkg_url, sig_ext);
free(pkg_url);
- sig_file = opkg_download_cache(sig_url, NULL, NULL);
+ sig_file = get_cache_location(sig_url);
+ if (stat(sig_file, &sig_stat)) {
+ free(sig_file);
+ sig_file = opkg_download_cache(sig_url, NULL, NULL);
+ }
free(sig_url);
return sig_file;
--
2.17.1
Alex Stewart
Jan 14, 2022, 2:46:43 PM1/14/22
to opkg-...@googlegroups.com, Bryan Evenson, Brenda Streiff
Hey Bryan,
Thanks for the patch. I agree with your general mission; it seems
reasonable to use a cached signature file, if you also have a cached IPK
which is supposed to be authenticated by it.
But unless I'm mistaken, your patch below would prefer to use a cached
signature file whenever one is available, even if the upgrade operation
is downloading the IPK from a remote feed. Am I mistaken? I don't think
that's what you were going after.
As a secondary concern, between opkg_0.4.2 and the latest master, I
merged in commit da093f79f774b28c9417d82d5d68fd80711c0421 [1], which
uses PID suffixes to namespace the opkg *volatile* cache directories. I
don't *think* that should break your use-case, but its worthwhile to
check on opkg_0.5.0 that your USB-install workflow behaves as expected.
[1]
https://git.yoctoproject.org/opkg/commit/?id=da093f79f774b28c9417d82d5d68fd80711c0421
Thanks,
> --
> You received this message because you are subscribed to the Google
> Groups "opkg-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to opkg-devel+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/opkg-devel/CAOfHXQw%3DpYhMWUdxoAOvev3kyPYN97LA3QkJg%2BwQQ0eMm%3D20jw%40mail.gmail.com
> <https://urldefense.com/v3/__https://groups.google.com/d/msgid/opkg-devel/CAOfHXQw*3DpYhMWUdxoAOvev3kyPYN97LA3QkJg*2BwQQ0eMm*3D20jw*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSUlJQ!!FbZ0ZwI3Qg!7wZpuPVAWZ4r8YQ07JAM6S_GcSEeFVpQIXjA1euoZxoCQewR-f4V5gBY90bV41k$>.
--
Alex Stewart
Software Engineer - NI Real-Time OS
NI (National Instruments)
alex.s...@ni.com
Thanks for the patch. I agree with your general mission; it seems
reasonable to use a cached signature file, if you also have a cached IPK
which is supposed to be authenticated by it.
But unless I'm mistaken, your patch below would prefer to use a cached
signature file whenever one is available, even if the upgrade operation
is downloading the IPK from a remote feed. Am I mistaken? I don't think
that's what you were going after.
As a secondary concern, between opkg_0.4.2 and the latest master, I
merged in commit da093f79f774b28c9417d82d5d68fd80711c0421 [1], which
uses PID suffixes to namespace the opkg *volatile* cache directories. I
don't *think* that should break your use-case, but its worthwhile to
check on opkg_0.5.0 that your USB-install workflow behaves as expected.
[1]
https://git.yoctoproject.org/opkg/commit/?id=da093f79f774b28c9417d82d5d68fd80711c0421
Thanks,
> You received this message because you are subscribed to the Google
> Groups "opkg-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to opkg-devel+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/opkg-devel/CAOfHXQw%3DpYhMWUdxoAOvev3kyPYN97LA3QkJg%2BwQQ0eMm%3D20jw%40mail.gmail.com
> <https://urldefense.com/v3/__https://groups.google.com/d/msgid/opkg-devel/CAOfHXQw*3DpYhMWUdxoAOvev3kyPYN97LA3QkJg*2BwQQ0eMm*3D20jw*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSUlJQ!!FbZ0ZwI3Qg!7wZpuPVAWZ4r8YQ07JAM6S_GcSEeFVpQIXjA1euoZxoCQewR-f4V5gBY90bV41k$>.
--
Alex Stewart
Software Engineer - NI Real-Time OS
NI (National Instruments)
alex.s...@ni.com
Bryan Evenson
Jan 14, 2022, 4:23:12 PM1/14/22
to Alex Stewart, opkg-devel, Brenda Streiff
Alex,
Thanks for the feedback. You're right, this code doesn't check if the IPK needed to be downloaded or there was a cached copy. I would say it would make sense that if the IPK was downloaded that the signature ought to be at the same time. However, by the time pkg_download_signature() gets called in pkg_verify() the IPK is guaranteed to have already been downloaded. I think there might be a couple of failure cases in pkg_verify() where I can delete the signature file that would then guarantee a new signature would be downloaded with the IPK.
On your other point, I haven't used the volatile cache option yet. I have been using the cache_dir option and have been setting my cache directory location. I'll give that a try and make adjustments as needed for that case.
Thanks,
Bryan
Reply all
Reply to author
Forward
0 new messages