Ubuntu
apt package

Bug #1693900
Comment #12

Comment 12 for bug 1693900

Revision history for this message

Ryan Jaeb (ryanjaeb) wrote on 2020-05-31:

#12

@Julian Andres Klode Is this something you'd be willing to reassess? I saw your old message [1] on the Debian list that says:

> The question what a successful update is is complicated and depends
on the expections of the person using APT.

With that in mind, I'd say there are situations where it's reasonable for the expectation to be that `apt-get update` fails on any error. I completely understand the reasoning for the default behavior and don't expect that to change, but a `--strict` switch (or similar) like the one suggested in the mailing list would be extremely useful to some of us.

Even an advanced option like (note this is not real) `-o=APT::Get::Strict-Mode=1` would be useful if that's easier than a full blown command line switch. I'm not sure I got the syntax right, but I'm sure you get the idea.

With containerization gaining popularity, I think there could be a lot of people who have automated build systems set up where they pull a container, (try to) apply security updates, and so on... In those cases, the warnings are really hard to notice since the build system claims everything is OK. Automated build systems that use Docker tend to surface the problem a bit more because of the way they handle DNS [2][3]. The TLDR of those issues is that Docker tries to be smart and sometimes falls back to Google DNS:

> level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"

For anyone using an internal APT mirror, a bunch of assumptions get broken, but nothing throws an error to surface the break down. I bet there's a subset of developers that don't realize their automated builds could be failing to apply updates.

I spent several hours today trying to find a reasonable workaround, but all I could find were people trying to parse apt-get's output in a variety of creative ways. AFAIK, there aren't any good workarounds. I even tried fumbling my way through the source code to see if there were any existing options to control the behavior, but didn't have much luck (I don't know C++ though).

So, I guess I have two questions. First, is there _any_ way to make `apt-get update` fail on any error? Second, if the answer to my first question is no, would you consider adding an option that lets us control it?

1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152#15
2) https://github.com/moby/moby/issues/23910
3) https://github.com/moby/libnetwork/issues/1654

@Julian Andres Klode Is this something you'd be willing to reassess?  I saw your old message [1] on the Debian list that says:

> The question what a successful update is is complicated and depends
on the expections of the person using APT.

With that in mind, I'd say there are situations where it's reasonable for the expectation to be that `apt-get update` fails on any error.  I completely understand the reasoning for the default behavior and don't expect that to change, but a `--strict` switch (or similar) like the one suggested in the mailing list would be extremely useful to some of us.

Even an advanced option like (note this is not real) `-o=APT::Get::Strict-Mode=1` would be useful if that's easier than a full blown command line switch.  I'm not sure I got the syntax right, but I'm sure you get the idea.

With containerization gaining popularity, I think there could be a lot of people who have automated build systems set up where they pull a container, (try to) apply security updates, and so on...  In those cases, the warnings are really hard to notice since the build system claims everything is OK.  Automated build systems that use Docker tend to surface the problem a bit more because of the way they handle DNS [2][3].  The TLDR of those issues is that Docker tries to be smart and sometimes falls back to Google DNS:

> level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"

For anyone using an internal APT mirror, a bunch of assumptions get broken, but nothing throws an error to surface the break down.  I bet there's a subset of developers that don't realize their automated builds could be failing to apply updates.

I spent several hours today trying to find a reasonable workaround, but all I could find were people trying to parse apt-get's output in a variety of creative ways.  AFAIK, there aren't any good workarounds.  I even tried fumbling my way through the source code to see if there were any existing options to control the behavior, but didn't have much luck (I don't know C++ though).

So, I guess I have two questions.  First, is there _any_ way to make `apt-get update` fail on any error?  Second, if the answer to my first question is no, would you consider adding an option that lets us control it?

1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152#15
2) https://github.com/moby/moby/issues/23910
3) https://github.com/moby/libnetwork/issues/1654

Ubuntuapt package

Comment 12 for bug 1693900

Ubuntu
apt package