[Bug] Re3gression in setup handling of SHA512 checksum failures

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Thu Mar 22 00:35:00 GMT 2018

On 2018-03-21 12:14, Ken Brown wrote:
> On 3/20/2018 4:11 PM, Achim Gratz wrote:
>> Ken Brown writes:
>>> I'll look into both of these issues, unless Jon beats me to it.
>> Thanks.
>>> By the way, this only affects local installs.  For network installs,
>>> the hash gets checked at an earlier stage.
>> That's correct.  I forgot to mention that, but all my installs are from
>> a local mirror (necessary due to the way network access is restricted at
>> my workplace)
> I haven't been able to come up with a safe way to recover from a checksum error
> at this point, at least not without a lot of work.  I propose that we just bail
> out with an appropriate error message in this situation.
> Patch attached.

Skipping a single package install is likely to be /relatively/ safe, but if this
patch causes setup to exit sometime after upgrading a bunch of packages but
before upgrading another bunch of packages, it could leave Cygwin unusable,
especially if there are upgrade dependencies between the packages installed
prior and not installed after the problematic download.

It would be better in such cases to check all the hashes before proceeding with
any of the installs, or at least all packages in a dependency chain, before
installing any package in that dependency chain.

I don't believe there is currently a way in Cygwin setup for a user to easily
determine and rollback all packages in a dependency chain after such a failure,
or otherwise have Cygwin setup restore the packages to a consistent state.

Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

More information about the Cygwin-apps mailing list