apt fails to properly handle server-side connection closure

Bug #1801338 reported by Julian Andres Klode
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

[Impact]
In some cases, apt does not correctly handle server-side connection closure after a pipeline, and aborts the file being downloaded with an "Undetermined Error" when the connection has been closed.

[Test case]
This could be seen by running apt build-dep evince on cosmic with a recent apt with the pipelining fix (such as 1.6.6) against a local mirror running apache from trusty. It remains to be seen whether this is easily reproducible for anyone.

[Regression potential]
N/A yet.

Revision history for this message
Julian Andres Klode (juliank) wrote :

It's unclear if xenial's apt is affected or not, we did not get to testing that yet.

tags: added: regression-update
Changed in apt (Ubuntu Bionic):
status: New → Triaged
Changed in apt (Ubuntu Xenial):
status: New → Triaged
Changed in apt (Ubuntu):
status: New → Triaged
Changed in apt (Ubuntu Xenial):
status: Triaged → New
Changed in apt (Ubuntu Cosmic):
status: New → Triaged
tags: added: id-5bdb63ea912f3607fa876c2d
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.8.0~alpha2ubuntu1

---------------
apt (1.8.0~alpha2ubuntu1) disco; urgency=medium

  * Adjust libapt-pkg Breaks aptitude to << 0.8.9

 -- Julian Andres Klode <email address hidden> Wed, 14 Nov 2018 12:07:59 +0100

Changed in apt (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Julian Andres Klode (juliank) wrote :

It actually did not fix the issue.

Changed in apt (Ubuntu):
status: Fix Released → Triaged
Revision history for this message
John Paul Adrian Glaubitz (glaubitz) wrote :

And it made multiple buildds hang for days :-(. I just only noticed it now.

Revision history for this message
Julian Andres Klode (juliank) wrote :

Yes, exactly, that's why it was removed from disco-proposed and I quickly reverted it in the followup upload. Though, the problem only seems to happen with apache based servers, if you put a squid in front of them, you're fine.

Revision history for this message
Ian Childress (ianchildress) wrote :

This can be reproduced by hosting a mirror on S3. S3 has built in functionality that closes a connection after 100 requests. We were able to add comments to apt source that output every time a new connection was made and we confirmed every 100 requests that S3 did close the connection. Intermittently, we would get the Undetermined Error during one of the connection close events. Debug output confirmed there is a connection: close header. We also confirmed apt identified a 102 connection reset by peer event by printing the error.

So this isn't apache specific, I believe apache is just more prone to sending connection: close. Because of S3's behavior of closing connections every 100 requests, it became very noticeable to us.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu Xenial):
status: New → Confirmed
Revision history for this message
Robert Sachunsky (bertsky) wrote :

Affects me on Bionic, too.

Does anyone know a workaround already? Downgrading apt, or adding some apt.conf `Acquire::http` settings?

Revision history for this message
MDE (mde-bs) wrote :

Yes, it seems to have something with pipelining, so I disabled it with the following configuration:

    Acquire {
       http::Pipeline-Depth "0";
   };

I have some machines updating with this setting for 2 days without errors now. The performance impact seems insignificant (I have low RTT connections).
I also had the error occur on official mirrors, local mirrors with apache, and local mirrors with lighty before this.

I hope this helps fixing the issue.

Revision history for this message
Julian Andres Klode (juliank) wrote :

FWIW, I've not seen this bug in over a year, I totally forgot about it.

Revision history for this message
Julian Andres Klode (juliank) wrote :

I don't even know how I setup the reproducer last year. I think I mirrored main in a trusty container and put an apache in front of it, but not sure

no longer affects: apt (Ubuntu Cosmic)
tags: added: id-5e4fb2b7ce3e637d085a94bb
Revision history for this message
Robert Liu (robertliu) wrote :

I met the issue when installing packages from a private PPA of Launchpad. Hope this would be helpful to reproduce the issue.

Revision history for this message
Julian Andres Klode (juliank) wrote :

I can't reproduce this anymore, so closing it.

Changed in apt (Ubuntu):
status: Triaged → Invalid
status: Invalid → Incomplete
status: Incomplete → Invalid
Changed in apt (Ubuntu Xenial):
status: Confirmed → Invalid
Changed in apt (Ubuntu Bionic):
status: Triaged → Invalid
Revision history for this message
Julian Andres Klode (juliank) wrote :

This may be fixed now even.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers