Activity log for bug #1657440

Date Who What changed Old value New value Message
2017-01-18 12:27:29 Andreas Hasenack bug added bug
2017-01-18 23:02:51 David Kalnischkies apt (Ubuntu): status New Fix Committed
2017-02-07 16:22:43 Samuel Matzek attachment added Recreation script https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1657440/+attachment/4814822/+files/recreate.py
2017-02-07 16:22:57 Samuel Matzek apt (Ubuntu): status Fix Committed Confirmed
2017-02-07 19:46:02 Kyle L. Henderson bug added subscriber Kyle L. Henderson
2017-02-08 17:37:53 Ravi Gummadi bug added subscriber Ravi Gummadi
2017-02-09 21:19:55 Vej summary apt won't redownload Release.gpg apt won't redownload Release.gpg after inconsistent cache updates made while UCA is being updated
2017-02-09 21:33:48 Vej bug watch added http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838779
2017-02-09 21:33:48 Vej bug task added apt
2017-02-09 21:46:38 Julian Andres Klode apt (Ubuntu): status Confirmed Fix Released
2017-02-09 21:47:26 Julian Andres Klode nominated for series Ubuntu Yakkety
2017-02-09 21:47:26 Julian Andres Klode bug task added apt (Ubuntu Yakkety)
2017-02-09 21:47:26 Julian Andres Klode nominated for series Ubuntu Xenial
2017-02-09 21:47:26 Julian Andres Klode bug task added apt (Ubuntu Xenial)
2017-02-09 21:48:14 Julian Andres Klode apt (Ubuntu Xenial): status New Triaged
2017-02-09 21:48:17 Julian Andres Klode apt (Ubuntu Yakkety): status New Triaged
2017-02-09 21:57:22 Bug Watch Updater apt: status Unknown Fix Released
2017-02-09 22:00:00 Vej bug added subscriber Vej
2017-02-13 16:56:19 Alberto Salvia Novella apt (Ubuntu): importance Undecided Medium
2017-02-13 16:56:21 Alberto Salvia Novella apt (Ubuntu Xenial): importance Undecided Medium
2017-02-13 16:56:23 Alberto Salvia Novella apt (Ubuntu Yakkety): importance Undecided Medium
2017-02-13 19:05:46 Vej tags xenial yakkety
2017-02-28 13:27:18 Julian Andres Klode apt (Ubuntu Xenial): status Triaged In Progress
2017-02-28 13:27:23 Julian Andres Klode apt (Ubuntu Yakkety): status Triaged In Progress
2017-03-02 13:46:36 Vej description # apt --version apt 1.2.18 (amd64) xenial I got myself into a situation where a repository has a Release and a Release.gpg file, but apt is just ignoring the gpg one and won't download it via apt update for some reason: The repository in question is http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/xenial-updates/newton/. See how locally I have just the Release file: root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# l *Release* -rw-r--r-- 1 root root 100K Jan 15 18:03 archive.ubuntu.com_ubuntu_dists_xenial-backports_InRelease -rw-r--r-- 1 root root 242K Apr 21 2016 archive.ubuntu.com_ubuntu_dists_xenial_InRelease -rw-r--r-- 1 root root 100K Jan 18 11:42 archive.ubuntu.com_ubuntu_dists_xenial-updates_InRelease -rw-r--r-- 1 root root 100K Jan 18 11:42 security.ubuntu.com_ubuntu_dists_xenial-security_InRelease -rw-r--r-- 1 root root 7.7K Jan 18 11:45 ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release Now I try an update. See how the Release.gpg file gets a "Hit:" instead of a "Get:": root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease Ign:3 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton InRelease Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Hit:5 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release.gpg [543 B] Hit:7 http://archive.ubuntu.com/ubuntu xenial-backports InRelease Fetched 205 kB in 0s (395 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 8 packages can be upgraded. Run 'apt list --upgradable' to see them. And I can't install packages: root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: python3-setuptools The following packages will be upgraded: dh-python dnsmasq-base python-pkg-resources python-setuptools python3-cryptography python3-pkg-resources python3-requests python3-urllib3 8 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 1,193 kB of archives. After this operation, 808 kB of additional disk space will be used. Do you want to continue? [Y/n] WARNING: The following packages cannot be authenticated! dh-python dnsmasq-base python-setuptools python-pkg-resources python3-pkg-resources python3-setuptools python3-cryptography python3-requests python3-urllib3 Install these packages without verification? [y/N] n E: Some packages could not be authenticated root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# Somehow apt is thinking it has the Release.gpg file, but it doesn't? This server is behind a squid proxy. # apt --version apt 1.2.18 (amd64) xenial I got myself into a situation where a repository has a Release and a Release.gpg file, but apt is just ignoring the gpg one and won't download it via apt update for some reason: The repository in question is http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/xenial-updates/newton/. See how locally I have just the Release file: root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# l *Release* -rw-r--r-- 1 root root 100K Jan 15 18:03 archive.ubuntu.com_ubuntu_dists_xenial-backports_InRelease -rw-r--r-- 1 root root 242K Apr 21 2016 archive.ubuntu.com_ubuntu_dists_xenial_InRelease -rw-r--r-- 1 root root 100K Jan 18 11:42 archive.ubuntu.com_ubuntu_dists_xenial-updates_InRelease -rw-r--r-- 1 root root 100K Jan 18 11:42 security.ubuntu.com_ubuntu_dists_xenial-security_InRelease -rw-r--r-- 1 root root 7.7K Jan 18 11:45 ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release Now I try an update. See how the Release.gpg file gets a "Hit:" instead of a "Get:": root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease Ign:3 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton InRelease Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Hit:5 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release.gpg [543 B] Hit:7 http://archive.ubuntu.com/ubuntu xenial-backports InRelease Fetched 205 kB in 0s (395 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 8 packages can be upgraded. Run 'apt list --upgradable' to see them. And I can't install packages: root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# apt dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed:   python3-setuptools The following packages will be upgraded:   dh-python dnsmasq-base python-pkg-resources python-setuptools python3-cryptography python3-pkg-resources python3-requests python3-urllib3 8 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 1,193 kB of archives. After this operation, 808 kB of additional disk space will be used. Do you want to continue? [Y/n] WARNING: The following packages cannot be authenticated!   dh-python dnsmasq-base python-setuptools python-pkg-resources python3-pkg-resources python3-setuptools python3-cryptography python3-requests python3-urllib3 Install these packages without verification? [y/N] n E: Some packages could not be authenticated root@juju-cb14ed-0-lxd-3:/var/lib/apt/lists# Somehow apt is thinking it has the Release.gpg file, but it doesn't? This server is behind a squid proxy. [Impact] An apt update of an apt repository that does not use InRelease during the time it is being updated can cause the gpg file to not be downloaded and updated. This makes the packages from the repository be unable to be authenticated. The Ubuntu Cloud Archive is one of the archives that meets this criteria. The impact to downstream automation deployment code is that if they are adding the UCA repo to a system and calling apt update during the time the UCA is being updated by Canonical, the repo can get into a state where the Release.gpg file is not there and all package installs will fail due to "unauthenticated packages" error. [Test Case] A detailed python script was attached. To reproduce this outside that script you would want to: 1. Add the UCA repo 2. Do the following in a loop starting at 43 minutes after the hour and run it until 55 minutes after the hour: 2.1 Remove these files to simulate the UCA repo being added the first time. /var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release /var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_Release.gpg /var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_xenial-updates_newton_main_binary*Packages 2.2 apt-get update 3. Check the state of the 3 files you deleted. If you have the _Release file but not the _Release.gpg you have recreated the issue. 4. If you have not recreated the issue, continue GOTO 2 and continue to loop. [Regression Potential] Unknown
2017-03-08 13:43:55 Chris J Arges apt (Ubuntu Xenial): status In Progress Fix Committed
2017-03-08 13:43:58 Chris J Arges bug added subscriber Ubuntu Stable Release Updates Team
2017-03-08 13:43:59 Chris J Arges bug added subscriber SRU Verification
2017-03-08 13:44:06 Chris J Arges tags xenial yakkety verification-needed xenial yakkety
2017-03-14 20:22:51 Vej tags verification-needed xenial yakkety verification-done-xenial verification-needed-yakkety xenial yakkety
2017-03-22 12:24:03 Chris J Arges apt (Ubuntu Yakkety): status In Progress Fix Committed
2017-03-22 12:24:10 Chris J Arges tags verification-done-xenial verification-needed-yakkety xenial yakkety verification-done-xenial verification-needed verification-needed-yakkety xenial yakkety
2017-03-27 15:15:17 Jon Grimm tags verification-done-xenial verification-needed verification-needed-yakkety xenial yakkety verification-done-xenial verification-needed-yakkety xenial yakkety
2017-04-21 09:42:27 Julian Andres Klode tags verification-done-xenial verification-needed-yakkety xenial yakkety verification-done-xenial verification-done-yakkety xenial yakkety
2017-04-25 17:56:25 Launchpad Janitor apt (Ubuntu Yakkety): status Fix Committed Fix Released
2017-04-25 17:56:44 Steve Langasek removed subscriber Ubuntu Stable Release Updates Team
2017-04-25 18:12:02 Launchpad Janitor apt (Ubuntu Xenial): status Fix Committed Fix Released