2008-07-01 08:32:03 |
Rehan Khan |
bug |
|
|
added bug |
2008-07-01 08:32:03 |
Rehan Khan |
bug |
|
|
added attachment 'smart-0.50-pycurl-failonerror.patch' (smart-0.50-pycurl-failonerror.patch) |
2010-03-07 11:49:24 |
Anders F Björklund |
smart: milestone |
|
1.3.1 |
|
2010-03-07 22:23:58 |
Anders F Björklund |
smart: status |
New |
Fix Committed |
|
2010-05-03 21:47:56 |
Anders F Björklund |
smart: status |
Fix Committed |
Fix Released |
|
2011-09-07 15:00:40 |
Andreas Hasenack |
attachment added |
|
smart-244453-lucid.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367582/+files/smart-244453-lucid.debdiff |
|
2011-09-07 15:03:19 |
Andreas Hasenack |
attachment removed |
smart-244453-lucid.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367582/+files/smart-244453-lucid.debdiff |
|
|
2011-09-07 15:03:46 |
Andreas Hasenack |
attachment added |
|
smart-244453-lucid.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367583/+files/smart-244453-lucid.debdiff |
|
2011-09-07 15:06:23 |
Andreas Hasenack |
attachment added |
|
smart-244453-maverick.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367589/+files/smart-244453-maverick.debdiff |
|
2011-09-07 15:08:03 |
Andreas Hasenack |
attachment added |
|
smart-244453-natty.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367591/+files/smart-244453-natty.debdiff |
|
2011-09-07 15:08:41 |
Andreas Hasenack |
bug task added |
|
smart (Ubuntu) |
|
2011-09-07 15:26:44 |
Andreas Hasenack |
description |
Imported: http://tracker.labix.org/issue310
Reason for Import: Patch Review
further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration
msg1153 (view) Author: peter-endian Date: 2007-06-21.13:35:42
When you use python-curl, curl downloads the error message if authentication
fails and stores it as the respective xml file, with which smart is not very
happy of course.
The attached patch (against 0.50) sets the curl configuration option which
causes curl to fail if an authentication error occurrs, which then causes smart
to print out the error and consider the download not to be ok instead of writing
the errormessage down to the file. |
Request for SRU
===============
1. Statement explaining the impact
Smart doesn't catch 401 (and other 40x) errors when trying to download files from a repository. As a result, the html error page presented by the server is downloaded as if it were the requested file.
This usually leads to a weird error about the GPG signature being incorrect or being made with an unknown key:
"""
-> https://ahasenack:*@private-ppa.launchpad.net/landscape/lds-stable/ubuntu/dists/lucid/Release
Release
################################################################# [ 7%]
error: Channel 'lucid - main' signed with unknown key
"""
And these are the contents of the downloaded file:
"""
root@amra:/var/lib/smart/channels# cat aptsync-c57be5d14aae4fbf00383bbe1479fbb9%%https:__ahasenack:wrongpassword@private-ppa.launchpad.net_landscape_lds-stable_ubuntu_dists_lucid_Release.gpg
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at private-ppa.launchpad.net Port 443</address>
</body></html>
root@amra:/var/lib/smart/channels#
"""
2. How has the bug been addressed
A patch was taken from trunk to make pycurl fail on http errors and then catch this error:
bzr diff -r 947..948 lp:smart
3. Patch
That patch was applied to the source package and a debdiff was generated for each ubuntu release.
4. How to reproduce
- install smartpm-core
- add this line to your sources.list:
deb https://foo:bar@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu lucid main
- run smart update as root
- with the broken package, you will get a gpg signature error when that repository is fetched:
"""
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release ########################################################################################## [ 74%]
error: Channel 'lucid - main' signed with unknown key
"""
- with the fixed package, you will get a proper 401 error:
"""
# smart update
(...)
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release [ 66%]
error: Download of Release failed for channel 'lucid - main': The requested URL returned error: 401
"""
5. Regression potential
- In both cases, before and after the patch, smart update would fail. With the patch, it fails with the correct error message.
- Without the patch, if the repository's signature isn't checked, the error is even more cryptic:
"""
warning: Component 'main' is not in Release file for channel 'lucid - main'
"""
That's because the release file that was downloaded is actually the 401 html error page.
- the patch has a test
- I don't know of any other side effects of setting handle.setopt(pycurl.FAILONERROR, 1), which is the main fix here.
Original bug description follows
================================
Imported: http://tracker.labix.org/issue310
Reason for Import: Patch Review
further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration
msg1153 (view) Author: peter-endian Date: 2007-06-21.13:35:42
When you use python-curl, curl downloads the error message if authentication
fails and stores it as the respective xml file, with which smart is not very
happy of course.
The attached patch (against 0.50) sets the curl configuration option which
causes curl to fail if an authentication error occurrs, which then causes smart
to print out the error and consider the download not to be ok instead of writing
the errormessage down to the file. |
|
2011-09-07 15:28:16 |
Stéphane Graber |
nominated for series |
|
Ubuntu Lucid |
|
2011-09-07 15:28:16 |
Stéphane Graber |
bug task added |
|
smart (Ubuntu Lucid) |
|
2011-09-07 15:28:16 |
Stéphane Graber |
nominated for series |
|
Ubuntu Maverick |
|
2011-09-07 15:28:16 |
Stéphane Graber |
bug task added |
|
smart (Ubuntu Maverick) |
|
2011-09-07 15:28:16 |
Stéphane Graber |
nominated for series |
|
Ubuntu Natty |
|
2011-09-07 15:28:16 |
Stéphane Graber |
bug task added |
|
smart (Ubuntu Natty) |
|
2011-09-07 15:29:40 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2011-09-07 15:43:06 |
Andreas Hasenack |
smart (Ubuntu): status |
New |
Fix Released |
|
2011-09-07 15:43:28 |
Andreas Hasenack |
description |
Request for SRU
===============
1. Statement explaining the impact
Smart doesn't catch 401 (and other 40x) errors when trying to download files from a repository. As a result, the html error page presented by the server is downloaded as if it were the requested file.
This usually leads to a weird error about the GPG signature being incorrect or being made with an unknown key:
"""
-> https://ahasenack:*@private-ppa.launchpad.net/landscape/lds-stable/ubuntu/dists/lucid/Release
Release
################################################################# [ 7%]
error: Channel 'lucid - main' signed with unknown key
"""
And these are the contents of the downloaded file:
"""
root@amra:/var/lib/smart/channels# cat aptsync-c57be5d14aae4fbf00383bbe1479fbb9%%https:__ahasenack:wrongpassword@private-ppa.launchpad.net_landscape_lds-stable_ubuntu_dists_lucid_Release.gpg
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at private-ppa.launchpad.net Port 443</address>
</body></html>
root@amra:/var/lib/smart/channels#
"""
2. How has the bug been addressed
A patch was taken from trunk to make pycurl fail on http errors and then catch this error:
bzr diff -r 947..948 lp:smart
3. Patch
That patch was applied to the source package and a debdiff was generated for each ubuntu release.
4. How to reproduce
- install smartpm-core
- add this line to your sources.list:
deb https://foo:bar@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu lucid main
- run smart update as root
- with the broken package, you will get a gpg signature error when that repository is fetched:
"""
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release ########################################################################################## [ 74%]
error: Channel 'lucid - main' signed with unknown key
"""
- with the fixed package, you will get a proper 401 error:
"""
# smart update
(...)
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release [ 66%]
error: Download of Release failed for channel 'lucid - main': The requested URL returned error: 401
"""
5. Regression potential
- In both cases, before and after the patch, smart update would fail. With the patch, it fails with the correct error message.
- Without the patch, if the repository's signature isn't checked, the error is even more cryptic:
"""
warning: Component 'main' is not in Release file for channel 'lucid - main'
"""
That's because the release file that was downloaded is actually the 401 html error page.
- the patch has a test
- I don't know of any other side effects of setting handle.setopt(pycurl.FAILONERROR, 1), which is the main fix here.
Original bug description follows
================================
Imported: http://tracker.labix.org/issue310
Reason for Import: Patch Review
further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration
msg1153 (view) Author: peter-endian Date: 2007-06-21.13:35:42
When you use python-curl, curl downloads the error message if authentication
fails and stores it as the respective xml file, with which smart is not very
happy of course.
The attached patch (against 0.50) sets the curl configuration option which
causes curl to fail if an authentication error occurrs, which then causes smart
to print out the error and consider the download not to be ok instead of writing
the errormessage down to the file. |
Request for SRU
===============
0. This is fixed in oneiric with smart 1.4 (the fix was released in 1.3.1 upstream)
1. Statement explaining the impact
Smart doesn't catch 401 (and other 40x) errors when trying to download files from a repository. As a result, the html error page presented by the server is downloaded as if it were the requested file.
This usually leads to a weird error about the GPG signature being incorrect or being made with an unknown key:
"""
-> https://ahasenack:*@private-ppa.launchpad.net/landscape/lds-stable/ubuntu/dists/lucid/Release
Release
################################################################# [ 7%]
error: Channel 'lucid - main' signed with unknown key
"""
And these are the contents of the downloaded file:
"""
root@amra:/var/lib/smart/channels# cat aptsync-c57be5d14aae4fbf00383bbe1479fbb9%%https:__ahasenack:wrongpassword@private-ppa.launchpad.net_landscape_lds-stable_ubuntu_dists_lucid_Release.gpg
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at private-ppa.launchpad.net Port 443</address>
</body></html>
root@amra:/var/lib/smart/channels#
"""
2. How has the bug been addressed
A patch was taken from trunk to make pycurl fail on http errors and then catch this error:
bzr diff -r 947..948 lp:smart
3. Patch
That patch was applied to the source package and a debdiff was generated for each ubuntu release.
4. How to reproduce
- install smartpm-core
- add this line to your sources.list:
deb https://foo:bar@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu lucid main
- run smart update as root
- with the broken package, you will get a gpg signature error when that repository is fetched:
"""
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release ########################################################################################## [ 74%]
error: Channel 'lucid - main' signed with unknown key
"""
- with the fixed package, you will get a proper 401 error:
"""
# smart update
(...)
-> https://foo:*@private-ppa.launchpad.net/landscape/lds-trunk/ubuntu/dists/lucid/Release
Release [ 66%]
error: Download of Release failed for channel 'lucid - main': The requested URL returned error: 401
"""
5. Regression potential
- In both cases, before and after the patch, smart update would fail. With the patch, it fails with the correct error message.
- Without the patch, if the repository's signature isn't checked, the error is even more cryptic:
"""
warning: Component 'main' is not in Release file for channel 'lucid - main'
"""
That's because the release file that was downloaded is actually the 401 html error page.
- the patch has a test
- I don't know of any other side effects of setting handle.setopt(pycurl.FAILONERROR, 1), which is the main fix here.
Original bug description follows
================================
Imported: http://tracker.labix.org/issue310
Reason for Import: Patch Review
further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration
msg1153 (view) Author: peter-endian Date: 2007-06-21.13:35:42
When you use python-curl, curl downloads the error message if authentication
fails and stores it as the respective xml file, with which smart is not very
happy of course.
The attached patch (against 0.50) sets the curl configuration option which
causes curl to fail if an authentication error occurrs, which then causes smart
to print out the error and consider the download not to be ok instead of writing
the errormessage down to the file. |
|
2011-09-08 13:05:46 |
Dave Walker |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2011-09-08 13:35:55 |
Andreas Hasenack |
attachment removed |
smart-244453-natty.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367591/+files/smart-244453-natty.debdiff |
|
|
2011-09-08 13:36:28 |
Andreas Hasenack |
attachment added |
|
smart-244453-natty.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2372366/+files/smart-244453-natty.debdiff |
|
2011-09-10 22:44:37 |
Andreas Hasenack |
attachment removed |
smart-244453-maverick.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2367589/+files/smart-244453-maverick.debdiff |
|
|
2011-09-10 22:44:41 |
Andreas Hasenack |
attachment removed |
smart-244453-natty.debdiff https://bugs.launchpad.net/smart/+bug/244453/+attachment/2372366/+files/smart-244453-natty.debdiff |
|
|
2011-09-10 22:47:54 |
Andreas Hasenack |
attachment added |
|
Really fixed debdiff for natty https://bugs.launchpad.net/smart/+bug/244453/+attachment/2383367/+files/smart-244453-natty.debdiff |
|
2011-09-10 22:48:20 |
Andreas Hasenack |
attachment added |
|
Really fixed debdiff for maverick https://bugs.launchpad.net/smart/+bug/244453/+attachment/2383368/+files/smart-244453-maverick.debdiff |
|
2011-09-20 22:40:47 |
Clint Byrum |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2011-09-20 22:41:39 |
Clint Byrum |
smart (Ubuntu Natty): status |
New |
Fix Committed |
|
2011-09-20 22:41:42 |
Clint Byrum |
bug |
|
|
added subscriber SRU Verification |
2011-09-20 22:41:48 |
Clint Byrum |
tags |
|
verification-needed |
|
2011-09-20 22:46:00 |
Clint Byrum |
smart (Ubuntu Maverick): status |
New |
Fix Committed |
|
2011-09-20 22:46:19 |
Clint Byrum |
smart (Ubuntu Lucid): status |
New |
Fix Committed |
|
2011-09-22 04:49:33 |
Martin Pitt |
tags |
verification-needed |
verification-done |
|
2011-09-29 08:45:22 |
Launchpad Janitor |
smart (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-09-29 08:45:26 |
Launchpad Janitor |
smart (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2011-09-29 08:47:42 |
Launchpad Janitor |
smart (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2011-09-30 03:00:02 |
Reed Loden |
bug |
|
|
added subscriber Reed Loden |