Bug#439031: Reproducing #439031

2013-10-23 Thread David Kalnischkies 
Hi Devendra Gera,

On Wed, Oct 9, 2013 at 1:17 PM, Devendra Gera dg...@deviantart.com wrote:
 Apologies for the long report, but I've tried to be rather precise.

No problem, well appreciated in fact. :)

I usually hate saying that, but could you try with a more recent version?
I shuffled quiet a bit of code around and fixed stuff in https in 0.9.12,
so it might as well be fixed.

In my testcase I at least couldn't preproduce your problem, I just saw some
minor display annoyances (files were mentioned as Err and Hit or not at all
 while they were successfully downloaded). My testing setup is a bit
different through.


 To test and reproduce the issue, I've set up a couple of simple
 repositories on a (xubuntu, but it shouldn't matter) laptop, which are
 served over HTTP via the python SimpleHTTPServer module. This is the
 directory structure:

I am preparing a similar setup for our testcases, with the difference that
we have implement our own webserver to test more advanced features/bugs¹ and
stunnel, but its only partly working at the moment so I will refrain from
attaching the testcase for now.

(¹ not [only] NIH-Syndrom; most socalled simple implementations don't support
 more advanced request headers like If-Range and co – and even if they do,
 they usually don't allow a user to get consistently a buggy behavior)


Best regards

David Kalnischkies


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#439031: Reproducing #439031

2013-10-09 Thread Devendra Gera 
Hi,

Apologies for the long report, but I've tried to be rather precise.

I've run into what I believe is this bug, although there's a
possibility of my case being slight different (more on that later).

To test and reproduce the issue, I've set up a couple of simple
repositories on a (xubuntu, but it shouldn't matter) laptop, which are
served over HTTP via the python SimpleHTTPServer module. This is the
directory structure:

gera@gera-tp:/tmp/repos$ tree
.
├── debian-squeeze
│   └── squeeze
│   ├── InRelease
│   ├── Packages
│   ├── Packages.bz2
│   ├── Packages.gz
│   ├── Release
│   ├── Release.gpg
│   ├── Sources
│   ├── Sources.bz2
│   └── Sources.gz
└── debian-wheezy
└── wheezy
├── InRelease
├── Packages
├── Packages.bz2
├── Packages.gz
├── Release
├── Release.gpg
├── Sources
├── Sources.bz2
└── Sources.gz

4 directories, 18 files
gera@gera-tp:/tmp/repos$

This is served over HTTP via:

gera@gera-tp:/tmp/repos$ sudo python -mSimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...

And over HTTPS via:

gera@gera-tp:/tmp/repos$ sudo socat
OPENSSL-LISTEN:443,reuseaddr,fork,certificate=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cersnakeoil.key,verify=0
TCP4:localhost:80

[ Note that I'm using the snakeoil certs that come with xubuntu and
have the CN set to 'xubuntu' ]

A freshly installed, updated VM is set to consume from these
repositories. To narrow down on a minimal test case, I've removed all
other repositories. The 'apt', 'apt-transport-https' and 'apt-utils'
packages seem up-to-date:

root@vm-dgera:~# apt-cache policy apt apt-transport-https apt-utils
apt:
  Installed: 0.9.7.9
  Candidate: 0.9.7.9
  Version table:
 *** 0.9.7.9 0
100 /var/lib/dpkg/status
apt-transport-https:
  Installed: 0.9.7.9
  Candidate: 0.9.7.9
  Version table:
 *** 0.9.7.9 0
100 /var/lib/dpkg/status
apt-utils:
  Installed: 0.9.7.9
  Candidate: 0.9.7.9
  Version table:
 *** 0.9.7.9 0
100 /var/lib/dpkg/status

The VM is set up to trust the snakeoil certificate and has an entry in
/etc/hosts for the name 'xubuntu', to match the CN in the cert.

root@vm-dgera:~# wget -nv 'https://xubuntu/'
2013-10-09 03:56:27 URL:https://xubuntu/ [276/276] - index.html [1]
root@vm-dgera:~# wget -nv 'https://192.168.122.1/'
The certificate's owner does not match hostname `192.168.122.1'
root@vm-dgera:~#


Now, here are a couple of scenarios:

SCENARIO I.
-

The repositories are set up via https. That is,

root@vm-dgera:~# apt-cache policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 900 https://xubuntu/debian-wheezy/ wheezy/ Packages
 release o=deviantART,a=wheezy,n=wheezy,l=deviantART wheezy,c=
 origin xubuntu
 500 https://xubuntu/debian-squeeze/ squeeze/ Packages
 release o=deviantART,a=squeeze,n=squeeze,l=deviantART squeeze,c=
 origin xubuntu
Pinned packages:
root@vm-dgera:~#


An apt-get update works fine:

root@vm-dgera:~# apt-get -o Acquire::Languages=none  update
Get:1 https://xubuntu squeeze/ Release.gpg [287 B]
Hit https://xubuntu squeeze/ Release.gpg [287 B]
Get:2 https://xubuntu wheezy/ Release.gpg [287 B]
Hit https://xubuntu wheezy/ Release.gpg [287 B]
Get:3 https://xubuntu squeeze/ Release [1,544 B]
Hit https://xubuntu squeeze/ Release [1,544 B]
Get:4 https://xubuntu wheezy/ Release [1,540 B]
Hit https://xubuntu wheezy/ Release [1,540 B]
Get:5 https://xubuntu squeeze/ Packages [31.2 kB]
Hit https://xubuntu squeeze/ Packages [31.2 kB]
Get:6 https://xubuntu wheezy/ Packages [38.0 kB]
Hit https://xubuntu wheezy/ Packages [38.0 kB]
Reading package lists... Done
root@vm-dgera:~#

It still works fine, if I delete all the repository files from
/var/lib/apt/lists/:

root@vm-dgera:~# rm /var/lib/apt/lists/xubuntu_debian-*
root@vm-dgera:~# apt-get -o Acquire::Languages=none  update
Get:1 https://xubuntu squeeze/ Release.gpg [287 B]
Get:2 https://xubuntu wheezy/ Release.gpg [287 B]
Get:3 https://xubuntu squeeze/ Release [1,544 B]
Get:4 https://xubuntu wheezy/ Release [1,540 B]
Get:5 https://xubuntu squeeze/ Packages [31.2 kB]
Get:6 https://xubuntu wheezy/ Packages [38.0 kB]
Fetched 72.8 kB in 0s (103 kB/s)
Reading package lists... Done
root@vm-dgera:~#

HOWEVER - if I delete only a single repository's files (squeeze here,
but it doesn't matter), it fails:

root@vm-dgera:~# rm /var/lib/apt/lists/xubuntu_debian-squeeze_squeeze_*
root@vm-dgera:~# ls /var/lib/apt/lists/
lock  partial  xubuntu_debian-wheezy_wheezy_Packages
xubuntu_debian-wheezy_wheezy_Release
xubuntu_debian-wheezy_wheezy_Release.gpg
root@vm-dgera:~# apt-get -o Acquire::Languages=none  update
Get:1 https://xubuntu squeeze/ Release.gpg [287 B]
Get:2 https://xubuntu wheezy/ Release.gpg [287 B]
Hit https://xubuntu wheezy/ Release.gpg [287 B]
Get:3 https://xubuntu squeeze/ Release [1,544 B]
Hit https://xubuntu squeeze/ Release [1,544 B]
Ign https://xubuntu squeeze/ Release
Get:4