Unexpected file size of one package interrupts update process for all packages and leaves system vulnerable
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apt (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
An unexpected file size error of *one* package interrupts the whole update process for *all* packages and this can leave the system in a vulnerable state - this is not a constructed situation, but very real right now, look at the following console output - sublime has some problems with its package size, but then important ssh updates are not executed. Bad.
The following packages will be upgraded:
brave-browser git git-man libpython2.
13 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 4.548 kB/199 MB of archives.
After this operation, 1.744 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 https:/
Err:1 https:/
File has unexpected size (4542548 != 4548032). Mirror sync in progress? [IP: 104.236.0.104 443]
Hashes of expected file:
- SHA512:
- SHA256:
- SHA1:7fe54a9f7e
- MD5Sum:
- Filesize:4548032 [weak]
E: Failed to fetch https:/
Hashes of expected file:
- SHA512:
- SHA256:
- SHA1:7fe54a9f7e
- MD5Sum:
- Filesize:4548032 [weak]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Note: This issue is not about the package size error in a third party repo - I do not blame Ubuntu for problems with that. This is about breaking the whole process of updating the system because one single sub-task fails.
Why not make the basic tools really robust and reliable?
BTW - here are soooo many free pixels on this screen - why not add two or three small sentences about text formatting syntax available in this extremely primitive text input box? Is there any text formatting at all? Why not put just a little bit of love to the user perspective and experience? Just two little senteces about formatting would make it so much more user friendly to type here. It feels so quick-and-dirty, it hurts. Very sad.
| David Kalnischkies (donkult) wrote | #1 |
| Changed in apt (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Low |
APT can't know how "critical" the other packages are compared to the packages which failed to download (which really shouldn't happen to begin with). I mean, if you don't (normally) use an SSH server, but hard-depend on a sublime text-editor experience…
Have you tried the --fix-missing option the error message points to? It will make it so that apt still shows the errors, but it will continue on and install all packages it could successfully acquire. That is still a failure for the whole process though (if that would be silent it would be too easy for an attacker to fail these downloads and make you believe you are up-to-date while nothing was installed – especially in unattended processes).
Perhaps we should make that an interactive question in "apt" to have it more easily discoverable for an interactive user?
(not commenting on the LP things, you may want to talk to them directly about this rather than venting in an unrelated bugreport)