Store Release after Release.gpg

[hoffa]

I work for a fairly large company and we're storing our Debian repository in S3, using deb-s3 for uploads. There have been quite a few occasions the whole repository broke (causing widespread failure on scale-out) due to botched uploads.

Currently, deb-s3 uploads Release and only then Release.gpg. If, for example, the GPG key ID is wrong or the key doesn't exist, running deb-s3 will break production, since the signature won't match.

I haven't been able to test this PR yet, but was wondering what you'd think of something similar? Generating Release.gpg seems more prone to failure, so dealing with it first would allow failing early.

Thanks for the great project!

[hoffa]

Hmm. Seems that this specific fix wouldn't help much since there would be a checksum mismatch either way, and making sure Release.gpg is the first file uploaded would require some non-trivial work (although I'm no Ruby pro). Looks like it's simpler to just have a quick way of fixing manifests in case of error.