From: "Theo de Raadt" Subject: Re: sysupgrade/ftp: use a 'needle' to poke through caching layers To: Job Snijders , tech@openbsd.org Date: Fri, 03 May 2024 04:38:54 -0600 Stuart Henderson wrote: > On 2024/05/03 04:17, Theo de Raadt wrote: > > Stuart Henderson wrote: > > > > > SHA256.sig on the origin cannot be relied upon to be in sync with the > > > tgz files. Part of this was due to non-atomic syncs which AIUI have > > > now been improved, but another part AFAIK is an artefact of the way in > > > which builds are done and that's harder to change. > > > > Nope. > > > > The first few steps of pushing build pieces has always been correct. > > I only push directories that are complete and correct. > > > > The only weird thing is that base and x components are handled a bit > > seperately (so you can get older X, with newer base, for a small window > > of time until the new X build completes). architectures with install*.* > > files that is solved, because the signing specifically waits for those > > files, and then of course they are also correct in the hash. > > From memory, it usually is the X sets. I'll look at the mechanism again, but I believe the problem is in later phases.