squid-deb-proxy needs special handling of Release, Packages, Source

Bug #971820 reported by Scott Moser
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)
In Progress
Undecided
Unassigned

Bug Description

Due to problems in apt, squid-deb-proxy needs special handling of Release, Packages, Sources.

Even the stock ubuntu /etc/squid3/squid3.conf has:
   refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880

In orchestra-provisioning-server, we had:
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0

I'm suggesting somethin glike:
  refresh_pattern \/(Release|Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0

If you dont have this, you can easily end up with a Packages or Sources file that is cached and invalid when compared to Release.

Related bugs:
 * bug 972077: apt repository disk format has race conditions

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: squid-deb-proxy 0.6.1
ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
Uname: Linux 3.2.0-20-generic x86_64
ApportVersion: 2.0-0ubuntu2
Architecture: amd64
Date: Mon Apr 2 20:10:37 2012
PackageArchitecture: all
SourcePackage: squid-deb-proxy
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.init.squid.deb.proxy.conf: 2012-04-02T19:38:05.591083
mtime.conffile..etc.squid.deb.proxy.squid.deb.proxy.conf: 2012-04-02T19:41:37.218980

Related branches

Revision history for this message
Scott Moser (smoser) wrote :
Michael Vogt (mvo)
Changed in squid-deb-proxy (Ubuntu):
status: New → In Progress
Revision history for this message
Dave Walker (davewalker) wrote :

I'm not convinced this fixes the issue. :(

I am still seeing failure with this patch applied.

Revision history for this message
Scott Moser (smoser) wrote :

I had some conversation with Robert Collins in #ubuntu-devel, and came to the point where I'm suggesting:

acl PACKAGES url_regex \/Packages(|\.bz2|\.gz)$
cache deny PACKAGES
acl SOURCES url_regex \/Sources(|\.bz2|\.gz)$
cache deny SOURCES
acl RELEASE url_regex \/Release(|\.gpg)$
cache deny RELEASE

That is going to be more safe, as it basically says dont ever cache these things.

We should at very least add a comment in the config, somethin glike this:

## If you are having issues with mismatched hashes, using the above 'refresh_pattern'
## configuration, then you can use the following, which is more wasteful of network
## bandwidth but will result in higher reliability
#acl PACKAGES url_regex \/Packages(|\.bz2|\.gz)$
#cache deny PACKAGES
#acl SOURCES url_regex \/Sources(|\.bz2|\.gz)$
#cache deny SOURCES
#acl RELEASE url_regex \/Release(|\.gpg)$
#cache deny RELEASE

Scott Moser (smoser)
description: updated
Revision history for this message
Stanislav German-Evtushenko (giner) wrote :

This type of files should be also excluded but I'm not sure what would be the best way to do:
http://archive.ubuntu.com/ubuntu/dists/precise-updates/main/dist-upgrader-all/current/precise.tar.gz
http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/dist-upgrader-all/current/trusty.tar.gz
and so on

Otherwise we often get to the following problem:

---------------------------------------------------------
Checking for a new ubuntu release
Done Upgrade tool signature
Done Upgrade tool
Done downloading
authenticate 'precise.tar.gz' against 'precise.tar.gz.gpg'
exception from gpg: GnuPG exited non-zero, with code 1
Debug information:

gpg: Signature made Mon 13 Aug 2012 04:23:33 PM EDT using DSA key ID 437D05B5
gpg: /tmp/tmpH92lpk/trustdb.gpg: trustdb created
gpg: BAD signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"

Authentication failed
Authenticating the upgrade failed. There may be a problem with the network or with the server.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.