From 4e1d5b42ca6aac904016a3ddbf3c429783b68133 Mon Sep 17 00:00:00 2001
From: Stephan Kulow <coolo@suse.de>
Date: Fri, 4 Nov 2022 20:54:04 +0100
Subject: [PATCH] Only validate the MD5 if we downloaded - trust the file
 system

---
 lib/obs.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/obs.py b/lib/obs.py
index dbca9ea..94aae4f 100644
--- a/lib/obs.py
+++ b/lib/obs.py
@@ -168,14 +168,15 @@ class OBS:
         if not self.in_cache(name, cachedir, file_md5):
             with (dirpath / name).open("wb") as f:
                 f.write(self._download(project, package, name, revision).read())
+
             shutil.copy(dirpath / name, cached_file)
+
+            # Validate the MD5 of the downloaded file
+            if md5(cached_file) != file_md5:
+                raise Exception(f"Download error in {name}")
         else:
             shutil.copy(cached_file, dirpath / name)
 
-        # Validate the MD5 of the downloaded file
-        if md5(dirpath / name) != file_md5:
-            raise Exception(f"Download error in {name}")
-
     def list(self, project, package, srcmd5, linkrev):
         params = {"rev": srcmd5, "expand": "1"}
         if linkrev: