Closed hoffa closed 5 years ago
Hmm. Seems that this specific fix wouldn't help much since there would be a checksum mismatch either way, and making sure Release.gpg
is the first file uploaded would require some non-trivial work (although I'm no Ruby pro). Looks like it's simpler to just have a quick way of fixing manifests in case of error.
I work for a fairly large company and we're storing our Debian repository in S3, using
deb-s3
for uploads. There have been quite a few occasions the whole repository broke (causing widespread failure on scale-out) due to botched uploads.Currently,
deb-s3
uploadsRelease
and only thenRelease.gpg
. If, for example, the GPG key ID is wrong or the key doesn't exist, runningdeb-s3
will break production, since the signature won't match.I haven't been able to test this PR yet, but was wondering what you'd think of something similar? Generating
Release.gpg
seems more prone to failure, so dealing with it first would allow failing early.Thanks for the great project!