Bug#685192: apt: redirection handling changes in 0.9.4 may break aptitude

To: submit@bugs.debian.org
Subject: Bug#685192: apt: redirection handling changes in 0.9.4 may break aptitude
From: Raphael Geissert <geissert@debian.org>
Date: Fri, 17 Aug 2012 19:53:08 -0500
Message-id: <[🔎] 201208171953.09991.geissert@debian.org>
Reply-to: Raphael Geissert <geissert@debian.org>, 685192@bugs.debian.org

Package: apt
Version: 0.9.4
Severity: grave
Control: affects -1 aptitude
X-Debbugs-CC: mika@debian.org, debian-release@lists.debian.org

Hi,

Michael Prokop noticed that in some cases an aptitude update would fail with 
a "E: Method gave invalid 200 URI Start message" when using http.debian.net.

After a lot of confusion and attempts to debug the problem, in a chroot 
where the issue could be reproduced, I eventually noticed that the versions 
of apt and libapt-pkg4.12 didn't match:

apt: 0.8.15.9 (old version)
libapt-pkg4.12: 0.9.7.2 (wheezy)
aptitude: 0.6.8-1 (wheezy)

The problem:
When aptitude uses libapt-pkg to download a file, it starts an instance of 
the http method that doesn't include the changes made in #668111. This means 
that it sends the 103 redirection message as usual, but it handles it 
internally. Given that aptitude uses libapt-pkg4.12, it handles the 103 
message in the new fashion and starts a new http process to handle the 
redirection.
Since the first http process is handling the request internally, it 
eventually sends a 200 "URI Start" message with the original URI (the one of 
http.debian.net). By then, libapt-pkg4.12 has already marked such URI as 
done, removed it from the http:http.debian.net queue, and more importantly: 
changed the URI of the Itm (pkgAcquire::Queue::QItem). So, when it receives 
the 200 message it can't even match the URI of the message to a QItem, 
therefore aborting with the "E: Method gave invalid 200 URI Start message" 
error.

Why APT still works:
The old apt version works just fine because it uses libapt-pkg4.10, which 
means it handles the redirection internally. According to dpkg -S the 
libapt-pkg4.10 used by apt is provided by the apt package itself. I.e. it is 
not a separate package.

Note: if it is not obvious enough, this isn't restricted to http.debian.net. 
Any mirror that sends a redirection could trigger this bug.


Now, the easiest way to prevent this kind of conflict would be by adding a 
Depends: apt >= 0.9.4 to libapt-pkg4.12. Not sure how much trouble it would 
cause to a squeeze->wheezy upgrade, as it would force apt to also be 
upgraded when upgrading aptitude (upgrading apt already requires upgrading 
aptitude.) It also introduces a soft dependency loop, but it seems harmless.
The alternative way to express it would be by adding a Breaks: apt (<< 
0.9.4) to libapt-pkg4.12. I think this last form would cause more noise 
during the upgrade.

Introducing a new redirection code (104?) would probably cause more trouble 
at this point than handling the problem via the dependencies system.

Toughts?

Sorry for not noticing it before. Somehow I knew I should have bumped the 
redirection code :-/

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Follow-Ups:
- Processed: apt: redirection handling changes in 0.9.4 may break aptitude
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#685192: apt: redirection handling changes in 0.9.4 may break aptitude
  - From: David Kalnischkies <kalnischkies+debian@gmail.com>

Prev by Date: Processed: apt: redirection handling changes in 0.9.4 may break aptitude
Next by Date: Processed: Re: xz-utils: package dependency for xz-lzma
Previous by thread: Bug#685171: apt-cudf: Wrong translation of multi-arch conflicts
Next by thread: Processed: apt: redirection handling changes in 0.9.4 may break aptitude
Index(es):
- Date
- Thread