3rd party sources block OS updates.
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apt (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Google appear to have started doing GeoLocation on IPv6, and hence I discovered that some failure modes of 3rd party software sources which are automatically added by google when using Google Talk can cause updates to cease completely.
The graphical update tool reports that there are no updates available,.. infact there were more than 30.... I get this at the command line:-
root@trinity:/# apt-get update
Ign http://
---- SNIP ---
Get:2 http://
Get:3 http://
15% [3 InRelease gpgv 1,540 B] [Connecting to gb.archive.
E: GPG error: http://
root@trinity:/#
The content of the file in question can be seen below:-
root@trinity:/# more /var/lib/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head><title>Google - Product Unavailable</title>
<meta http-equiv=
<style type="text/css">
body {
font-family: arial,sans-serif;
color: #333333;
margin:10px;
margin-right:20px;
}
table#header {
margin-
}
h1 {
margin-top:8px;
font-size:16px;
border-bottom:1px solid #999;
padding-
}
td#content, td#content td {
font-size:13px;
}
#footer {
font-size:13px;
color:#666;
border-top:1px solid #ccc;
padding-top:12px;
margin-top:20px;
}
</style>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0" width="100%" id="header">
<tr>
<td style="
t="Google"
<td width="100%">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
<tr>
<td bgcolor=
</tr>
</table>
</td>
</tr>
<tr>
<td> </td>
<td id="content" valign="top">
<p style="padding:10px 0px;">Thanks for your interest, but the product that you're trying to download is not available in your country.</p>
<div id="footer">©2006 Google - <a href="http://
</td>
</tr>
</table>
</body>
</html>
root@trinity:/#
I imagine a great number of people have installed Google Talk plugins and if this results in them never again getting software/security updates due to an error in Google's geo-location then that should be considered a serious issue, obviously other 3rd party sources could cause this issue.
It seems that failed 3rd party sources should be handled gracefully.... BTW, I am in England.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apt 1.0.1ubuntu2
ProcVersionSign
Uname: Linux 3.13.0-24-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Mon May 5 19:27:19 2014
InstallationDate: Installed on 2014-02-07 (87 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140207)
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
| James Lewis (james-fsck) wrote | #1 |
| information type: | Private Security → Public Security |
| information type: | Public Security → Public |
| Seth Arnold (seth-arnold) wrote | #2 |
| James Lewis (james-fsck) wrote | #3 |
| James Lewis (james-fsck) wrote | #4 |
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in apt (Ubuntu): | |
| status: | New → Confirmed |
Does this prevent updates from other sources from being installed correctly? If so it'd be nice to at least get that fixed up.
It should be noted that the remote sources are in complete control of your computer -- they can provide packages that run scripts as root and they can replace any package on the system. Limiting the scope of what package repositories can do on your computer with AppArmor or SELinux is a seriously daunting challenge. In the same way that you need to be careful who gets sudo access on your computers you also need to be careful to whom you give apt sources access.
Thanks