group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #12886
[Bug 1657440] Re: apt won't redownload Release.gpg after inconsistent cache updates made while UCA is being updated
This bug was fixed in the package apt - 1.3.5
---------------
apt (1.3.5) yakkety; urgency=medium
* Microrelease covering important fixes of 1.4~rc2 (LP: #1668280)
[ David Kalnischkies ]
* don't install new deps of candidates for kept back pkgs
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
(LP: #1657440)
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
* react to trig-pend only if we have nothing else to do
* correct cross & disappear progress detection
* improve arch-unqualified dpkg-progress parsing
* don't perform implicit crossgrades involving M-A:same
* do not configure unconfigured to be removed packages
* skip unconfigure for unconfigured to-be removed pkgs
* get pdiff files from the same mirror as the index
* let {dsc,tar,diff}-only implicitly enable download-only
* ensure generation of valid EDSP error stanzas
* fix minimum pkgs option for dpkg --recursive usage
* don't show update stats if cache generation is disabled
* don't lock dpkg in 'apt-get clean'
* don't lock dpkg in update commands
* avoid validate/delete/load race in cache generation
* fix 'install --no-download' mode
* remove 'old' FAILED files in the next acquire call (Closes: 846476)
* stop rred from leaking debug messages on recovered errors (Closes: #850759)
[ Edgar Fuß ]
* http: clear content before reporting the failure (Closes: #465572)
[ Paul Wise ]
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
[ John R. Lenton ]
* bash-completion: Only complete understood file paths for install
(LP: #1645815)
[ Lukasz Kawczynski ]
* Honour Acquire::ForceIPv4/6 in the https transport
[ Julian Andres Klode ]
* basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
* Only merge acquire items with the same meta key (Closes: #838441)
* Do not package names representing .dsc/.deb/... files (Closes: #854794)
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
Thanks to James Clarke for debugging these issues
* CMake: Install statvfs.h to include/sys, not just include/
-- Julian Andres Klode <juliank@xxxxxxxxxx> Mon, 27 Feb 2017 15:02:40
+0100
** Changed in: apt (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1657440
Title:
apt won't redownload Release.gpg after inconsistent cache updates made
while UCA is being updated
Status in APT:
Fix Released
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Fix Committed
Status in apt source package in Yakkety:
Fix Released
Bug description:
# apt --version
apt 1.2.18 (amd64)
xenial
I got myself into a situation where a repository has a Release and a
Release.gpg file, but apt is just ignoring the gpg one and won't
download it via apt update for some reason:
The repository in question is http://ubuntu-
cloud.archive.canonical.com/ubuntu/dists/xenial-updates/newton/. See
how locally I have just the Release file:
root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# l *Release*
-rw-r--r-- 1 root root 100K Jan 15 18:03 archive.ubuntu.com_ubuntu_dists_xenial-backports_InRelease
-rw-r--r-- 1 root root 242K Apr 21 2016 archive.ubuntu.com_ubuntu_dists_xenial_InRelease
-rw-r--r-- 1 root root 100K Jan 18 11:42 archive.ubuntu.com_ubuntu_dists_xenial-updates_InRelease
-rw-r--r-- 1 root root 100K Jan 18 11:42 security.ubuntu.com_ubuntu_dists_xenial-security_InRelease
-rw-r--r-- 1 root root 7.7K Jan 18 11:45 ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release
Now I try an update. See how the Release.gpg file gets a "Hit:" instead of a "Get:":
root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Ign:3 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton InRelease
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Hit:5 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release
Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release.gpg [543 B]
Hit:7 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Fetched 205 kB in 0s (395 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
8 packages can be upgraded. Run 'apt list --upgradable' to see them.
And I can't install packages:
root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
python3-setuptools
The following packages will be upgraded:
dh-python dnsmasq-base python-pkg-resources python-setuptools python3-cryptography python3-pkg-resources python3-requests python3-urllib3
8 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,193 kB of archives.
After this operation, 808 kB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
dh-python dnsmasq-base python-setuptools python-pkg-resources python3-pkg-resources python3-setuptools python3-cryptography python3-requests python3-urllib3
Install these packages without verification? [y/N] n
E: Some packages could not be authenticated
root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists#
Somehow apt is thinking it has the Release.gpg file, but it doesn't?
This server is behind a squid proxy.
[Impact]
An apt update of an apt repository that does not use InRelease during the time it is being updated can cause the gpg file to not be downloaded and updated. This makes the packages from the repository be unable to be authenticated.
The Ubuntu Cloud Archive is one of the archives that meets this
criteria.
The impact to downstream automation deployment code is that if they
are adding the UCA repo to a system and calling apt update during the
time the UCA is being updated by Canonical, the repo can get into a
state where the Release.gpg file is not there and all package installs
will fail due to "unauthenticated packages" error.
[Test Case]
A detailed python script was attached.
To reproduce this outside that script you would want to:
1. Add the UCA repo
2. Do the following in a loop starting at 43 minutes after the hour and run it until 55 minutes after the hour:
2.1 Remove these files to simulate the UCA repo being added the first time.
/var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release
/var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release.gpg
/var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_main_binary*Packages
2.2 apt-get update
3. Check the state of the 3 files you deleted. If you have the _Release file but not the _Release.gpg you have recreated the issue.
4. If you have not recreated the issue, continue GOTO 2 and continue to loop.
[Regression Potential]
Unknown
To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1657440/+subscriptions