[Yum-devel] downloading and checking

seth vidal skvidal at phy.duke.edu
Tue Jul 13 06:34:03 UTC 2004


Hey,
 in the past yum has done the following for downloading packages

1. download package 1
2. check the download
    a. if integrity error, retry download
    b. if gpg sig error, exit
3. go to next package

I was discussing this some and with the new metadata I have an md5sum
for the pkg immediately available.

maybe it would be worthwhile to:

1. download each package, md5sum check it for download validity
(retrying as needed)
2. once all packages are downloaded, run a gpg check on all of them.


problems with this approach - if you've got packages that have the wrong
key you just wasted a lot of time. However, in reality a lot of people
start an install/update w/o the right gpg keys installed and don't want
to have wait to see if they're missing any other keys on the next
download. So maybe this way we can check all the packages at once for
the gpg check and list out the failing ones and what keys we need.

Thoughts on this process? Any ordering someone thinks is wiser?

One advantage to doing this could be that it might be easier to thread
the gpg checking process to help expedite it.

-sv






More information about the Yum-devel mailing list