touch-packages team mailing list archive

Thread
Date
[Bug 245219] Re: Ubuntu archive server returning incorrect content-encoding - content-header incorrect type

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Sun, 19 Apr 2015 05:12:31 -0000
Reply-to: Bug 245219 <245219@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Project changed: apache2 => ubuntu-archive-publishing

** Changed in: ubuntu-archive-publishing
   Importance: Unknown => Undecided

** Changed in: ubuntu-archive-publishing
 Remote watch: Debian Bug tracker #565626 => None

** Also affects: apache2 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565626
   Importance: Unknown
       Status: Unknown

** Package changed: ubuntu-meta (Ubuntu) => apache2 (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/245219

Title:
  Ubuntu archive server returning incorrect content-encoding - content-
  header incorrect type

Status in ubuntu-archive-publishing:
  New
Status in apache2 package in Ubuntu:
  Triaged
Status in apache2 package in Debian:
  Unknown

Bug description:
  This appears to be related to bug 215694, but I've identified Ubuntu's
  web server as the culprit.

  https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/215694

  When trying to do an upgrade from 7.10 to 8.04, do-release-upgrade
  attempts to download the file hardy.tar.gz.gpg. On a machine directly
  connected to the Internet, this appears to work. However, behind a
  proxy server, this fails because archive.ubuntu.com is miscoding the
  content-encoding of the gpg file as x-gzip.

  The error message from do-release-upgrade (run  from behind a proxy
  server) looks like this:

  -----------------------
  # do-release-upgrade
  Checking for a new ubuntu release
  Failed Upgrade tool signature
  Done Upgrade tool
  Done downloading            
  extracting '/tmp/tmpArwlWD/hardy.tar.gz'
  authenticate '/tmp/tmpArwlWD/hardy.tar.gz' against '/tmp/tmpArwlWD/hardy.tar.gz.gpg' 
  exception from gpg: GnuPG exited non-zero, with code 131072
  Debug information: 

  gpg: WARNING: unsafe permissions on homedir `/tmp/tmpArwlWD'

  gpg: can't open `/tmp/tmpArwlWD/hardy.tar.gz.gpg'
  gpg: verify signatures failed: file open error

  Authentication failed
  Authenticating the upgrade failed. There may be a problem with the network or with the server. 
  -----------------------

  Using wireshark to trace this conversation, I find that the utility is attempting to download two files, one of which is:
  http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg

  Doing a wget of this file (again via a proxy server) also fails:

  
  -----------------------
  # wget --no-cache http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
  --11:04:13--  http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
             => `hardy.tar.gz.gpg'
  Resolving <proxy server>
  Connecting to <proxy server>:8080... connected.
  Proxy request sent, awaiting response... 502 Bad Gateway
  11:04:13 ERROR 502: Bad Gateway.
  -----------------------

  However, if I run this wget from an external machine with a direct
  connection, it works correctly:

  -----------------------
  $ wget --no-cache http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
  --11:09:42--  http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
             => `hardy.tar.gz.gpg'
  Resolving archive.ubuntu.com... 91.189.88.45, 91.189.88.46, 91.189.88.31
  Connecting to archive.ubuntu.com|91.189.88.45|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 191 [application/x-tar]

  100%[================================================================================================================>]
  191           --.--K/s

  11:09:42 (5.30 MB/s) - `hardy.tar.gz.gpg' saved [191/191]
  -----------------------

  Using tcpdump to capture this conversation from the external system,
  and wireshark's "Follow TCP Stream" utility to interpret it, one sees
  that, in the successful direct connection, the server
  archive.ubuntu.com is identifying the download as having content-
  encoding of x-gzip, while the packet itself contains a text gpg
  signature:

  -----------------------
  GET /ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg HTTP/1.0
  Pragma: no-cache
  User-Agent: Wget/1.10.2
  Accept: */*
  Host: archive.ubuntu.com
  Connection: Keep-Alive

  HTTP/1.1 200 OK
  Date: Thu, 03 Jul 2008 14:29:48 GMT
  Server: Apache/2.0.55 (Ubuntu)
  Last-Modified: Fri, 09 May 2008 16:46:50 GMT
  ETag: "4074034-bf-44ccef1c47280"
  Accept-Ranges: bytes
  Content-Length: 191
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: application/x-tar
  Content-Encoding: x-gzip

  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.2.2 (GNU/Linux)

  iD8DBQBIJH/6QJdur0N9BbURAgyxAJ4mn9rGKONYm5J4OiKvDvhGB8ypLQCgrSyh
  0ZUEkk2K32jQ47tO32hN2Uo=
  =jJYy
  -----END PGP SIGNATURE-----
  -----------------------

  Looking at the detailed response from the proxy server to the internal
  system confirms that this is the problem; the proxy server reports:

  -----------------------
  Server response could not be decoded using encoding type returned by server. This is typically caused by a Web Site presenting a content encoding header of one type, and then encoding the data differently.
  -----------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-archive-publishing/+bug/245219/+subscriptions