Checking security repository in Updates adds deb line to Third-Party Software

Bug #244093 reported by Maiku on 2008-06-30
80
Affects Status Importance Assigned to Milestone
Software Properties
Invalid
Undecided
Unassigned
python-apt (Ubuntu)
High
Michael Vogt
Declined for Intrepid by Michael Vogt
Hardy
Medium
Michael Vogt
software-properties (Ubuntu)
High
Unassigned
Declined for Intrepid by Michael Vogt
Hardy
Undecided
Unassigned

Bug Description

Binary package hint: software-properties-gtk

Confirmed on:
1) Ubuntu Intrepid Ibex (development branch) 8.10
software-properties-gtk:
  Installed: 0.63ubuntu1
  Candidate: 0.63ubuntu1
  Version table:
 *** 0.63ubuntu1 0
        500 http://archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

2) Ubuntu Hardy Heron 8.04.1
software-properties-gtk:
  Installed: 0.63ubuntu1
  Candidate: 0.63ubuntu1
  Version table:
 *** 0.63ubuntu1 0
        500 http://archive.ubuntu.com hardy/main Packages
        100 /var/lib/dpkg/status

Remarks:
- Clicking the intrepid-security / hardy-security checkbox in the "Updates" tab adds the intrepid-security deb line to the list of Third-Party Software
- The above action doesn't actually show a check mark in the checkbox.
- Unchecking/checking the checkbox in Updates tab does not have an effect on /etc/apt/sources.list file (i.e. it doesn't remove the hardy-security line)
- It appears to add the source just fine, it's just displayed in the "Third-Party Software" tab instead of checking the checkbox.

Detected problem:
1) The checkbox of Updates > hardy-security sets its status searching for "archive.ubuntu.com"
2) Checking/unchecking looks for and adds/removes "security.ubuntu.com", and the program thinks it's third-party software

Temporary fix:
1) sudo sed -e 's/security\.ubuntu\.com/archive\.ubuntu\.com/g' /etc/apt/sources.list > /etc/apt/sources.list.tmp
sudo mv /etc/apt/sources.list.tmp /etc/apt/sources.list
sudo apt-get update

2) Don't uncheck/check the hardy-security in Software Sources until it's fixed.

Kiwinote (kiwinote) on 2008-07-01
Changed in software-properties:
status: New → Confirmed
Sebastian Bengtsson (5ebastian) wrote :

This also affects Hardy (see my duplicate bug report).

goodhabit (goodhabit) wrote :

Yep, some annoying think. Is there a way to fix it?

Savvas Radevic (medigeek) wrote :

Confirming too on hardy heron 8.04 amd64 64-bit
I'll edit the bug report appropriately

Savvas Radevic (medigeek) wrote :

assigning to desktop bugs (?)

Changed in software-properties:
assignee: nobody → desktop-bugs
description: updated
Savvas Radevic (medigeek) wrote :

$ cat /etc/apt/sources.list
deb http://security.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted
deb http://archive.ubuntu.com/ubuntu/ hardy-updates universe main multiverse restricted
deb http://archive.ubuntu.com/ubuntu/ hardy-proposed universe main multiverse restricted
deb http://archive.ubuntu.com/ubuntu/ hardy main universe restricted multiverse

Attaching:
1) Debug info without removing the sources.list file: software-properties-gtk -d
File 1.txt
2) Debug info after removing the sources.list file (and checking each repository): rm /etc/apt/sources.list; software-properties-gtk -m
File 2.txt

Savvas Radevic (medigeek) wrote :

I couldn't reproduce it on a virtual machine (ubuntu hardy heron 8.04 i386).
I'll try later as amd64 live cd and post back with the results

description: updated

I have Ubuntu 8.04 NOT .1 32-bit i386 X86 AMD K8 Processor and same problem. what in the world is going on? Did somebody hack into the ubuntu servers and mess it up?

I chose like 3 different servers that weren't even official ubuntu servers and here is the junk I got. Attachment please download! I used software-properties-gtk -m
File 2.txt PLEASE HELP!

I can confirm this bug on Hardy 8.04.1 32-bit since recent updates.

All three of my Ubuntu installs are demonstrating the same problem - I go to System>Administration>Software Sources>Updates tab, and I am unable to check the tick-box for "Important security updates (hardy-security)".

Savvas Radevic (medigeek) wrote :

I've detected the problems:
1) the checkbox for its status (checked/unchecked) looks for "http://archive.ubuntu.com" instead of "http://security.ubuntu.com"
2) if again you uncheck and check the hardy-security after switching back to "archive.ubuntu.com", it will add the hardy-security with "http://security.ubuntu.com", which will show as non-canonical third-party software repository

Execute in terminal: gksu /etc/apt/sources.list

Change any occurence security.ubuntu.com to archive.ubuntu.com

For example, I changed:
deb http://security.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted
deb-src http://security.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted

..to:
deb http://archive.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted
deb-src http://archive.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted

..things will be back to normal:

Don't uncheck and check the checkbox in Software Sources > Updates again, it will cause the same problem

Savvas Radevic (medigeek) wrote :

sorry:
* Execute in terminal: gksu gedit /etc/apt/sources.list

:)

description: updated
description: updated
Connor Imes (ckimes) wrote :

Thank you for reporting this, everybody. I am marking this bug as Triaged and setting Importance to High (has a moderate impact on a large portion of Ubuntu users). Hopefully a developer can start working on this very soon.

Changed in software-properties:
importance: Undecided → High
status: Confirmed → Triaged
Savvas Radevic (medigeek) wrote :

Well... I have a hunch that it has something to do with python-apt package
specifically the newest BaseURI vs. BaseURI-architecture implementation

I changed the file /usr/share/python-apt/templates/Ubuntu.info and modified the following section as listed below:

Suite: hardy-security
ParentSuite: hardy
RepositoryType: deb
BaseURI-amd64: http://security.ubuntu.com/ubuntu
MatchURI-amd64: archive.ubuntu.com/ubuntu|security.ubuntu.com
BaseURI-powerpc: http://ports.ubuntu.com/
MatchURI-powerpc: ports.ubuntu.com/ubuntu
Description: Important security updates

Basically, I changed BaseURI to BaseURI-amd64 (my Ubuntu architecture), now it works.
Looks like BaseURI-arch is working better than BaseURI :)

Savvas Radevic (medigeek) wrote :

I've added a regular expression check the value if it contains "security.ubuntu.com"
re.search('security\.ubuntu\.com',value)

It could be marked as messy, but I tried it and it works, attached a debdiff.

Otherwise, to fix this you must change BaseURI and MatchURI as mentioned in the previous comment

Savvas Radevic (medigeek) wrote :

( it's my first patch attempt :) )

Savvas Radevic (medigeek) wrote :

the problematic package seems to be python-apt

Changed in software-properties:
status: New → Invalid
assignee: desktop-bugs → nobody
status: Triaged → Invalid
Savvas Radevic (medigeek) wrote :

fixed the /tmp/ path in debdiff and re-attached

Changed in python-apt:
status: New → In Progress
Kees Cook (kees) wrote :

Assigning this to mvo, who should have some background in this bit of code. :)

Changed in python-apt:
assignee: nobody → mvo
Savvas Radevic (medigeek) wrote :

Adding debdiff option no.2:
Replaced MatchURI with arch-specific MatchURI-i386 and MatchURI-amd64 for security repositories, bypasses the "MatchURI: archive.ubuntu.com/ubuntu" of the ParentSuite

Savvas Radevic (medigeek) wrote :

I gave two options/debdiffs for fixing the bug above.

For the common people, here's a temporary, but quick and painless way to fix it:
1) Close Software Sources
2) Download the file attached here (Ubuntu.info)
3) Replace the file in: /usr/share/python-apt/templates/Ubuntu.info
4) Open Software Sources now

The fix you sugest does not work for me.
When i try to copy paste the Ubuntu.info text in the Ubuntu.info folder in /usr/share/python-apt/templates/Ubuntu.info it say that i don't have permission to do that. I have full access on the computer.

HA! It worked when i changed the http://security.ubuntu.com/ubuntu/ to http://archive.ubuntu.com/ubuntu/ in gksu gedit /etc/apt/sources.list
Now things look normal.

> HA! It worked when i changed the http://security.ubuntu.com/ubuntu/ to http://archive.ubuntu.com/ubuntu/ in gksu gedit /etc/apt/sources.list
They look normal, but if you uncheck the -security in software sources
> updates and check it again, you're back to square 1!

$ ls -l /usr/share/python-apt/templates/Ubuntu.info
-rw-r--r-- 1 root root 10684 2008-07-11 09:53
/usr/share/python-apt/templates/Ubuntu.info
$ lsattr /usr/share/python-apt/templates/Ubuntu.info
------------------ /usr/share/python-apt/templates/Ubuntu.info

I don't know what's wrong with your file or folder structure, mine is
copied fine, but do try this:
sudo chattr -uia /usr/share/python-apt/templates/Ubuntu.info
sudo chown root:root /usr/share/python-apt/templates/Ubuntu.info
sudo chmod +rw /usr/share/python-apt/templates/Ubuntu.info

Now you should be able to replate it:
sudo wget http://launchpadlibrarian.net/15945141/Ubuntu.info -O
/usr/share/python-apt/templates/Ubuntu.info
ls -l /usr/share/python-apt/templates/Ubuntu.info

Make sure the file permissions are the same as: -rw-r--r--

alienexplorers (dfsjr47) wrote :

Had the same error. Changed the http://security.ubuntu.com/ubuntu/ to http://archive.ubuntu.com/ubuntu/. Closed and restarted software sources and the problem was corrected.

>I don't know what's wrong with your file or folder structure, mine is
copied fine, but do try this:
sudo chattr -uia /usr/share/python-apt/templates/Ubuntu.info
sudo chown root:root /usr/share/python-apt/templates/Ubuntu.info
sudo chmod +rw /usr/share/python-apt/templates/Ubuntu.info

Now you should be able to replate it:
sudo wget http://launchpadlibrarian.net/15945141/Ubuntu.info -O
/usr/share/python-apt/templates/Ubuntu.info
ls -l /usr/share/python-apt/templates/Ubuntu.info

It does not help:

kim@kim-desktop:~$ sudo chattr -uia /usr/share/python-apt/templates/Ubuntu.info
[sudo] password for kim:
kim@kim-desktop:~$ sudo wget http://launchpadlibrarian.net/15945141/Ubuntu.info -O
wget: option requires an argument -- O
Brug: wget [FLAG]... [URL]...

Prøv 'wget --help' for flere flag.
kim@kim-desktop:~$ /usr/share/python-apt/templates/Ubuntu.info
bash: /usr/share/python-apt/templates/Ubuntu.info: Permission denied
kim@kim-desktop:~$ ls -l /usr/share/python-apt/templates/Ubuntu.info

But is it necesary to do all this? Whon't there be an update anytime soon that will fix all this?
I can't check the hardy-security box in updates, but the security boxes are marked in Third-party software, so i must get the security updates anyway?

Savvas Radevic (medigeek) wrote :

True, no need for that, but security updates in third party software
can be a bit confusing.
It'll be fixed eventually :)

I desided to use my 32bit computer and i unticked hardy-proposed and everything is normal.

So is everything fixed now?

Behavior stills appears here.

Michael Vogt (mvo) on 2008-07-24
Changed in python-apt:
importance: Undecided → High
Michael Vogt (mvo) wrote :
Michael Vogt (mvo) wrote :

It looks like this is breakage from the fix in hardy-proposed for https://bugs.edge.launchpad.net/ubuntu/hardy/+source/python-apt/+bug/220890

I upload a new intrepid version of python-apt that should fix the issue.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-apt - 0.7.7ubuntu2

---------------
python-apt (0.7.7ubuntu2) intrepid; urgency=low

  * data/templates/Debian.info.in:
    - add 'lenny' template info
  * aptsources/distinfo.py:
    - fix template matching for arch specific code (LP: #244093)

 -- Michael Vogt <email address hidden> Fri, 25 Jul 2008 18:34:28 +0200

Changed in python-apt:
status: In Progress → Fix Released
Savvas Radevic (medigeek) wrote :

> I upload a new intrepid version of python-apt that should fix the issue.

It affects Ubuntu hardy heron 8.04 too.. shouldn't it be updated in
hardy as well?

Michael Vogt (mvo) wrote :

Yes, it needs to be fixed for hardy as well. Fortunately it does "only" affect hardy-proposed, so only a subset of the hardy users.

Changed in python-apt:
assignee: nobody → mvo
importance: Undecided → Medium
status: New → In Progress
Changed in software-properties:
status: New → Invalid
Michael Vogt (mvo) wrote :

The fix is merged and got uploaded to hardy-proposed.

Steve Beattie (sbeattie) wrote :

I was able to reproduce this error in the version of python-apt that had been uploaded to hardy-proposed, 0.7.4ubuntu7.1, and can confirm that the current version of python-apt in hardy-proposed, 0.7.4ubuntu7.3, does indeed correct this issue. I did some limited testing of software-properties-gtk and noticed no regressions.

Thanks!

Matt Neilson (ichthyoboy) wrote :

Second confirmation. Security updates no longer show up in Third party software tab.

I was getting pretty much the same warning saying this...

Reading package lists... Done
W: Duplicate sources.list entry http://security.ubuntu.com hardy-security/restricted Packages (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_hardy-security_restricted_binary-amd64_Packages)
W: Duplicate sources.list entry http://security.ubuntu.com hardy-security/main Packages (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_hardy-security_main_binary-amd64_Packages)
W: You may want to run apt-get update to correct these problems

I was having the same issue on my work network. I noticed the protocol being used is http and we have a web proxy/caching device (Blue Coat) on the network. I added security.ubuntu.com to a bypass of my cache and this fixed my issue. I wonder if any other users having the issue might be behind a web proxy/cache (maybe even squid). Just tossing that out there.

Martin Pitt (pitti) wrote :

python-apt hardy-proposed copied to hardy-updates.

Changed in python-apt:
status: In Progress → Fix Released

No I don't have a proxy.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers