[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#788865: apt: "apt-get update" when network down: pinning fails

Package: apt
Version: 1.0.9.8.1
Followup-For: Bug #788865

Dear Maintainer,

apologies for the incomplete first report, I accidentally hit "continue" too
early.
Here's the missing part:

When apt-get update is called while the network connection is temporarily down,
pinning is no longer respected.
This leads to a situation, where a subsequent apt-get dist-upgrade tries (and
actually does, in case the network connection was re-established in the
meantime) to perform unwanted upgrades.

This may be a serious problem on systems where apt-get update is run from
within a cron job without user interaction, this can easily lead to installing
unwanted packages from backports, or even worse testing or experimental if
these are in the sources.list.

The session I inserted below shows the problem by the difference in the output
of apt-cache policy for the "stress" package:

# apt-cache policy stress
stress:
  Installed: 1.0.1-1
  Candidate: 1.0.1-1
  Version table:
     1.0.4-1~bpo8+1 0
        100 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
 *** 1.0.1-1 0
        500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status
# ifdown eth0
Killed old client process
(...)
DHCPRELEASE on eth0 to 192.168.178.1 port 67
# apt-get update
Err http://ftp.de.debian.org jessie InRelease
(...)
W: Some index files failed to download. They have been ignored, or old ones
used instead.
# apt-cache policy stress
stress:
  Installed: 1.0.1-1
  Candidate: 1.0.4-1~bpo8+1
  Version table:
     1.0.4-1~bpo8+1 0
        500 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
 *** 1.0.1-1 0
        500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status
# ifup eth0
Internet Systems Consortium DHCP Client 4.3.1
(...)
bound to 192.168.178.30 -- renewal in 431273 seconds.
# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
(...)
Reading package lists... Done
# apt-cache policy stress
stress:
  Installed: 1.0.1-1
  Candidate: 1.0.1-1
  Version table:
     1.0.4-1~bpo8+1 0
        100 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
 *** 1.0.1-1 0
        500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status

The following shows the difference with dist-upgrade:

# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
  crda dns-root-data dnsmasq-base gdebi-core iw libjansson4 libjim0.75 libmbim-
glib4 libmbim-proxy libndp0 libqmi-glib1 libqmi-proxy libteamdctl0 libxnvctrl0
  usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be upgraded:
  libpq5 p7zip p7zip-full
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1364 kB of archives.
After this operation, 135 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
# ifdown eth0
Killed old client process
(...)
# apt-get update
Err http://ftp.de.debian.org jessie InRelease
W: Some index files failed to download. They have been ignored, or old ones
used instead.
# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
  crda dns-root-data dnsmasq-base gdebi-core iw libcmis-0.4-4 libjansson4
libjim0.75 libmbim-glib4 libmbim-proxy libmwaw-0.3-3 libndp0 libqmi-glib1
libqmi-proxy
  libteamdctl0 libxnvctrl0 usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be REMOVED:
  python-uno
The following NEW packages will be installed:
  libpagemaker-0.0-0 python-enum34 python3-uno
The following packages will be upgraded:
  fonts-opensymbol libnet-dbus-perl libpq5 libreoffice-avmedia-backend-
gstreamer libreoffice-base libreoffice-base-core libreoffice-base-drivers
  libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw
libreoffice-help-de libreoffice-impress libreoffice-java-common libreoffice-
l10n-de
  libreoffice-math libreoffice-script-provider-js libreoffice-sdbc-firebird
libreoffice-sdbc-hsqldb libreoffice-style-crystal libreoffice-style-galaxy
  libreoffice-style-oxygen libreoffice-style-tango libreoffice-writer lintian
p7zip p7zip-full python-cryptography python-six python3-six stress
  supertuxkart-data uno-libs3 ure
34 upgraded, 3 newly installed, 1 to remove and 0 not upgraded.
Need to get 479 MB of archives.
After this operation, 216 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
# ifup eth0
Internet Systems Consortium DHCP Client 4.3.1
(...)
bound to 192.168.178.30 -- renewal in 385940 seconds.
# apt-get update
Hit http://debian.mxchange.org stable InRelease
(...)
Reading package lists... Done
# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
  crda dns-root-data dnsmasq-base gdebi-core iw libjansson4 libjim0.75 libmbim-
glib4 libmbim-proxy libndp0 libqmi-glib1 libqmi-proxy libteamdctl0 libxnvctrl0
  usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be upgraded:
  libpq5 p7zip p7zip-full
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1364 kB of archives.
After this operation, 135 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.




-- Package-specific info:

-- (/etc/apt/preferences present, but not submitted) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.3
ii  gnupg                   1.4.18-7
ii  libapt-pkg4.12          1.0.9.8.1
ii  libc6                   2.19-18
ii  libgcc1                 1:4.9.2-10
ii  libstdc++6              4.9.2-10

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.11-1+b1
ii  dpkg-dev    1.17.25
ii  python-apt  0.9.3.11
ii  synaptic    0.81.2

-- no debconf information
Reply to: