Bug#762160: apt: [regression] 406 Not acceptable errors
On Fri, Sep 19, 2014 at 01:31:04PM +0800, Paul Wise wrote: Package: apt Version: 0.9.7.9+deb7u4 Severity: important Thanks for your bugreport and sorry for the trouble this is causing you. The recent apt security updates broke the Debian derivatives census scripts, various sites now return 406 Not acceptable errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. I debugged this issue and it turns out apt does no longer deal well with the relative path for Dir (in the new ReverifyAfterIMSHit step). Thats a regression and need fixing, I look into this. In the meantime you can set: Dir $(pwd)/apt; to unblock your script. Cheers, Michael I also note that if I use the same sources.list with chdist from devscripts I do *not* get the same errors. Looking at the wireshark log, the difference is that chdist only gets 304 and 404 HTTP codes but plain apt gets 304, 404, 416 and 406 codes. These sources.list files exhibit the issue: https://dex.alioth.debian.org/census/Aptosid/sources.list https://dex.alioth.debian.org/census/ArcheOS/sources.list https://dex.alioth.debian.org/census/AstraLinux/sources.list https://dex.alioth.debian.org/census/BCCD/sources.list https://dex.alioth.debian.org/census/HandyLinux/sources.list https://dex.alioth.debian.org/census/Ordissimo/sources.list https://dex.alioth.debian.org/census/SteamOS/sources.list https://dex.alioth.debian.org/census/Tucunare/sources.list https://dex.alioth.debian.org/census/sources.list https://dex.alioth.debian.org/census/sources.list rm -rf sources.list apt.conf apt cat EOF sources.list deb [arch=i386,amd64] http://aptosid.com/debian/ sid main fix.main deb-src http://aptosid.com/debian/ sid main fix.main EOF cat EOF apt.conf Dir apt; Dir::State::status ./apt/var/lib/dpkg/status; Dir::Etc::sourcelist ./sources.list; EOF mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg export APT_CONFIG=`pwd`/apt.conf apt-get update apt-get update -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-7+deb7u6 ii libapt-pkg4.12 0.9.7.9+deb7u4 ii libc6 2.13-38+deb7u4 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 apt recommends no packages. Versions of packages apt suggests: pn apt-doc none ii aptitude0.6.8.2-1 ii dpkg-dev1.16.15 pn python-apt none ii xz-utils5.1.1alpha+20120614-2 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762160: apt: [regression] 406 Not acceptable errors
On Fri, 2014-09-19 at 09:57 +0200, Michael Vogt wrote: I debugged this issue and it turns out apt does no longer deal well with the relative path for Dir (in the new ReverifyAfterIMSHit step). Thats a regression and need fixing, I look into this. I see, thanks for the analysis. In the meantime you can set: Dir $(pwd)/apt; to unblock your script. Unfortunately that isn't workable for the derivatives census because each derivative uses the same apt.conf. I could change that but I would prefer to keep it as-is. I'll just ignore the cron mails for now. https://anonscm.debian.org/cgit/dex/census.git/tree/etc/apt.conf https://anonscm.debian.org/cgit/dex/census.git/tree/Makefile.deriv https://anonscm.debian.org/cgit/dex/census.git/tree/bin/get-package-lists -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#762160: apt: [regression] 406 Not acceptable errors
On Fri, Sep 19, 2014 at 01:31:04PM +0800, Paul Wise wrote: The recent apt security updates broke the Debian derivatives census scripts, various sites now return 406 Not acceptable errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. This patch should fix it, if you could double check, that would be great. I'm also curious if your second bugreport is fixed with this too: diff --git a/methods/copy.cc b/methods/copy.cc index 5570f31..b78053d 100644 --- a/methods/copy.cc +++ b/methods/copy.cc @@ -55,8 +55,8 @@ void CopyMethod::CalculateHashes(FetchResult Res) /* */ bool CopyMethod::Fetch(FetchItem *Itm) { - URI Get = Itm-Uri; - std::string File = Get.Path; + // this ensures that relative paths work in copy + std::string File = Itm-Uri.substr(Itm-Uri.find(':')+1); // Stat the file and send a start message struct stat Buf; Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762160: apt: [regression] 406 Not acceptable errors
Control: forcemerge 762160 762161 Control: retitle -1 apt: [regression] relative paths for Dir are broken Control: tags -1 + patch On Fri, 2014-09-19 at 16:34 +0200, Michael Vogt wrote: This patch should fix it, if you could double check, that would be great. I'm also curious if your second bugreport is fixed with this too: The patch works here and also fixes the other issue I reported, merging. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#762160: apt: [regression] 406 Not acceptable errors
Package: apt Version: 0.9.7.9+deb7u4 Severity: important The recent apt security updates broke the Debian derivatives census scripts, various sites now return 406 Not acceptable errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. I also note that if I use the same sources.list with chdist from devscripts I do *not* get the same errors. Looking at the wireshark log, the difference is that chdist only gets 304 and 404 HTTP codes but plain apt gets 304, 404, 416 and 406 codes. These sources.list files exhibit the issue: https://dex.alioth.debian.org/census/Aptosid/sources.list https://dex.alioth.debian.org/census/ArcheOS/sources.list https://dex.alioth.debian.org/census/AstraLinux/sources.list https://dex.alioth.debian.org/census/BCCD/sources.list https://dex.alioth.debian.org/census/HandyLinux/sources.list https://dex.alioth.debian.org/census/Ordissimo/sources.list https://dex.alioth.debian.org/census/SteamOS/sources.list https://dex.alioth.debian.org/census/Tucunare/sources.list https://dex.alioth.debian.org/census/sources.list https://dex.alioth.debian.org/census/sources.list rm -rf sources.list apt.conf apt cat EOF sources.list deb [arch=i386,amd64] http://aptosid.com/debian/ sid main fix.main deb-src http://aptosid.com/debian/ sid main fix.main EOF cat EOF apt.conf Dir apt; Dir::State::status ./apt/var/lib/dpkg/status; Dir::Etc::sourcelist ./sources.list; EOF mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg export APT_CONFIG=`pwd`/apt.conf apt-get update apt-get update -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-7+deb7u6 ii libapt-pkg4.12 0.9.7.9+deb7u4 ii libc6 2.13-38+deb7u4 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 apt recommends no packages. Versions of packages apt suggests: pn apt-doc none ii aptitude0.6.8.2-1 ii dpkg-dev1.16.15 pn python-apt none ii xz-utils5.1.1alpha+20120614-2 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part