Re: pkg-ugprade checksums
- In reply to: Sysadmin Lists : "pkg-ugprade checksums"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 05 Jun 2023 20:18:40 UTC
Top-posting a partial answer since I'm the OP. Finally had some time to compile `pkg' with full debug symbols and run it under gdb. # pkg info vim-x11 | grep Insta Installed on : Mon Apr 17 21:24:26 2023 PDT # stat -f %Sm tmpdir/pkg_project/All/vim-x11-9.0.1366.pkg May 27 02:17:07 2023 Which means the package was installed prior to the newest build. Checking the local repo database: # pkg shell sqlite> .open /var/db/pkg/repo-Poudriere-quarterly.sqlite sqlite> select name,version,cksum from packages where name is 'vim-x11'; name = vim-x11 version = 9.0.1366 cksum = ae560492c77e7629a4c7b8162b256acbd39e4656c55516afcb8729121afc94dd The cksum matches the sha256 fingerprint of the recently built package. Which means: 1. My local repo is up-to-date. 2. My local cache isn't. 3. pkg doesn't notice. pkg_checksum.c:pkg_checksum_generate() describes how the fingerprint is generated for `pkg query %X' (the "internal package checksum"): Thread 2.1 hit Breakpoint 2, pkg_checksum_calculate (pkg=0x801519800, db=0x0, inc_scripts=true, inc_version=false, inc_files=true) at /wrkdirs/usr/ports/ports-mgmt/pkg/work/pkg-1.19.1/libpkg/pkg_checksum.c:606 (gdb) c Continuing. Thread 2.1 hit Breakpoint 1, pkg_checksum_generate (pkg=0x801519800, dest=0x8014416f0 "h", destlen=112, type=PKG_HASH_TYPE_BLAKE2_BASE32, inc_scripts=true, inc_version=false, inc_files=true) at /wrkdirs/usr/ports/ports-mgmt/pkg/work/pkg-1.19.1/libpkg/pkg_checksum.c:189 (gdb) break pkg_checksum.c:553 Breakpoint 3 at 0x4b1b15: pkg_checksum.c:553. (2 locations) (gdb) c Continuing. Thread 2.1 hit Breakpoint 3.1, pkg_checksum_encode_base32 ( in=0x801516900 "\246n&_K5\031\322\025R\242\347\tt\265y`\234\251*\303a\t\\\2558\334`\345e\300&\301o:H\253ɚ\3460\220\351\205T\250", inlen=64, out=0x8014416f4 "gi5c1xpjijgr7kekn73uy4is3daa3wkfdqa1yqiiabzbs1zcysjnhzj8e4kucp4hobru6n1kefyhj8gobouo1w96xb3fjzqafc9b8f", outlen=108) at /wrkdirs/usr/ports/ports-mgmt/pkg/work/pkg-1.19.1/libpkg/pkg_checksum.c:553 These are the variables used to generate the checksum: /* * At the moment we use the following fields to calculate the unique checksum * of the following fields: * - name * - origin * - version * - arch * - options * - required_shlibs * - provided_shlibs * - users * - groups * - dependencies */ For vim-x11, it's "archfreebsd:13:x86:64namevim-x11origineditors/vim" And letting it run to completion, we get: 1: pkg->digest = 0x801441450 "2$2$bpgamyc8d17g7qm1orycj4qjq18xe9kbzhqctwuqugejakj7ppqoo7i7kokimc33h5ejb168nb13m7tgr1ggang4krgcsyicskzjs1y" 2: new_digest = 0x8014416f0 "2$2$gi5c1xpjijgr7kekn73uy4is3daa3wkfdqa1yqiiabzbs1zcysjnhzj8e4kucp4hobru6n1kefyhj8gobouo1w96xb3fjzqafc9b8fb" pkg->digest is the value found inside local.sqlite (named "manifestdigest"), and new_digest is the one generated during this run. There's a directive to update the database with the new digest value, but it doesn't get executed on '%X' queries. Now, to ask pkg@ what the intention behind that is. > ---------------------------------------- > From: Sysadmin Lists <sysadmin.lists@mailfence.com> > Date: May 30, 2023, 2:22:49 AM > To: <questions@freebsd.org> > Subject: pkg-ugprade checksums > > > How does pkg-upgrade check checksums? > > From man 8 pkg-upgrade: > > Packages are fetched from the repositories into the local package cache > if they are not already present, or if the checksum of the cached package > file differs from the one in the repository. > > But, the packagesite.yaml of my Poudriere repo has: > "name":"vim-x11" > "version":"9.0.1366" > "sum":"ae560492c77e7629a4c7b8162b256acbd39e4656c55516afcb8729121afc94dd" > > And the locally cached package has: > # sha256 -r /var/cache/pkg/vim-x11* > 3bbe31951bc5fd6b08c412fcb0c6f8b494cdb15eafdd4bbacdf1657fe567af43 /var/cache/pkg/vim-x11-9.0.1366.pkg > > Yet it doesn't get upgraded: > > # pkg update -fr Poudriere-quarterly > Updating Poudriere-quarterly repository catalogue... > Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 > Fetching packagesite.pkg: 100% 153 KiB 157.1kB/s 00:01 > Processing entries: 100% > Poudriere-quarterly repository update completed. 568 packages processed. > All repositories are up to date. > > # pkg upgrade -r Poudriere-quarterly vim-x11 > Updating Poudriere-quarterly repository catalogue... > Poudriere-quarterly repository is up to date. > All repositories are up to date. > Checking integrity... done (0 conflicting) > Your packages are up to date. > > # truss -fs 256 pkg update -fr Poudriere-quarterly > Shows packagesite.yaml.pkg downloaded to /tmp/, presumably runs its checks, > then deletes it. > > If I force re-installation, it downloads the new package and installs it. > # pkg install -fr Poudriere-quarterly vim-x11 > > So, why is pkg-upgrade's checksums check failing? And why isn't there a > persistent packagesite.pkg on the client for pkg-update to compare to (to see > if it needs updating) as implied by: > > Package repository catalogues will be automatically updated whenever pkg > upgrade is run by a user ID with write access to the package database > > I looked at pkghash.h and upgrade.c but don't see where the hash check is > failing. > > > -- > Sent with https://mailfence.com > Secure and private email > -- Sent with https://mailfence.com Secure and private email