Re: [PATCH setup] Query the user if a corrupt local file is found

[Jon Turney <jon.turney@dronecode.org.uk>]

On 16/12/2017 18:37, Ken Brown wrote:
> If a corrupt file is found in one of the selected mirror site
> directories, offer to delete it instead of making this a fatal error.
> Do this only on the first call to check_for cached().  If the corrupt
> file is still there on the second call, then the deletion failed, and
> the user will have to fix the problem.
> 
> See https://cygwin.com/ml/cygwin/2017-12/msg00122.html for discussion.

This is a nice idea.  But I think there are some structural problems 
with this, though. e.g. validateCachedPackage() only checks the package 
size, not hash (which happens in the install phase)

I'm also concerned about masking problems with how we got into this 
state in the first place: I think either (i) a corrupt download was 
stored into the cache, (ii) the valid size was changed between runs, or 
(iii) the files contents actually got corrupted somehow.

(i) indicates another problem in setup

Uploading replacement packages, which would cause (ii) was permitted 
historically (but of course, didn't work well), but now should be 
forbidden by calm.  This could, of course, still happen with a private 
package repo, and should be handled sanely.

(iii) seems unlikely, barring deliberate action.

I guess the ideal solution looks something like:

Download:
- verify size/hash of cached packages, offer to remove corrupt ones
- download packages, verifying size/hash

Install:
- verify size/hash of cached packages, skip corrupt ones
- install packages

with some memory so that we don't verify size/hash for the same package 
file more than once...

> ---
>   download.cc | 17 ++++++++++++-----
>   download.h  |  4 +++-
>   res.rc      |  3 ++-
>   resource.h  |  1 +
>   4 files changed, 18 insertions(+), 7 deletions(-)
> 
> diff --git a/download.cc b/download.cc
> index b606eb1..697f94a 100644
> --- a/download.cc
> +++ b/download.cc
> @@ -71,7 +71,7 @@ validateCachedPackage (const std::string& fullname, packagesource & pkgsource)
>   /* 0 on failure
>    */
>   int
> -check_for_cached (packagesource & pkgsource, bool mirror_mode)
> +check_for_cached (packagesource & pkgsource, bool mirror_mode, bool query_corrupt, HWND owner)
>   {
>     // Already found one.
>     if (pkgsource.Cached())
> @@ -114,6 +114,12 @@ check_for_cached (packagesource & pkgsource, bool mirror_mode)
>       {
>         if (validateCachedPackage (fullname, pkgsource)) >           pkgsource.set_cached (fullname);
> +      else if (query_corrupt && owner && !unattended_mode

I don't think you need to check for non-null owner here, as yesno() will 
still work in that case

I kind of incline to doing the 'yes' action in unattended_mode, rather 
than reporting a fatal error.