Unauthenticated packages check seems odd
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubuntu-release-upgrader (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
The upgrade path from 14.04 to 15.04 was broken as documented in bug 1534374 (due to an SRU of gcc in Trusty that created a greater version than the one in Vivid), however some systems received the following message in /var/log/
2016-01-26 12:41:55,222 DEBUG Marking 'ubuntu-desktop' for upgrade
2016-01-26 12:41:55,674 WARNING Can't mark 'ubuntu-desktop' for upgrade (E:Unable to correct problems, you have held broken packages.)
2016-01-26 12:41:55,859 ERROR Unauthenticated packages found: 'gettext libatomic1 libfftw3-single3 libgomp1 libitm1 libquadmath0 libstdc++6 libtsan0 onboard'
Digging into the release upgrade code in DistUpgradeCache.py we can see the following:
674 # check the trust of the packages that are going to change
675 untrusted = []
676 for pkg in self.get_changes():
677 if pkg.marked_delete:
678 continue
679 # special case because of a bug in pkg.candidate.
680 if pkg.marked_
682 for ver in pkg._pkg.
683 # version is lower than installed one
684 if apt_pkg.
685 ver.ver_str, pkg.installed.
686 for (verFileIter, index) in ver.file_list:
687 indexfile = pkg._pcache.
688 if indexfile and not indexfile.
689 untrusted.
690 break
691 continue
It seems odd to me that we only check if packages are trusted when downgrading them and that we don't log that the packages are being downgraded. Examples of this issue can be found in bug 1535407 and bug 1531333. Additionally, its strange that the packages (from the official archive) would be considered untrusted.
| Changed in ubuntu-release-upgrader (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
