[PATCH setup] Query the user if a corrupt local file is found

Ken Brown kbrown@cornell.edu
Fri Jan 5 23:26:00 GMT 2018

On 1/5/2018 10:00 AM, Jon Turney wrote:
> On 16/12/2017 18:37, Ken Brown wrote:
>> If a corrupt file is found in one of the selected mirror site
>> directories, offer to delete it instead of making this a fatal error.
>> Do this only on the first call to check_for cached().  If the corrupt
>> file is still there on the second call, then the deletion failed, and
>> the user will have to fix the problem.
>> See https://cygwin.com/ml/cygwin/2017-12/msg00122.html for discussion.
> This is a nice idea.  But I think there are some structural problems 
> with this, though. e.g. validateCachedPackage() only checks the package 
> size, not hash (which happens in the install phase)
> I'm also concerned about masking problems with how we got into this 
> state in the first place: I think either (i) a corrupt download was 
> stored into the cache, (ii) the valid size was changed between runs, or 
> (iii) the files contents actually got corrupted somehow.
> (i) indicates another problem in setup
> Uploading replacement packages, which would cause (ii) was permitted 
> historically (but of course, didn't work well), but now should be 
> forbidden by calm.  This could, of course, still happen with a private 
> package repo, and should be handled sanely.
> (iii) seems unlikely, barring deliberate action.
> I guess the ideal solution looks something like:
> Download:
> - verify size/hash of cached packages, offer to remove corrupt ones
> - download packages, verifying size/hash
> Install:
> - verify size/hash of cached packages, skip corrupt ones
> - install packages
> with some memory so that we don't verify size/hash for the same package 
> file more than once...

I agree.  It's strange that the code for size checking is currently in 
download.cc, and the code for hash checking is currently in install.cc. 
All of this checking should probably be done in a 
packagesource::validate() function, which can be called during both the 
download and install stages.

I'll work on this and send a new patch.


More information about the Cygwin-apps mailing list