Browse Source

fail InRelease on non-404 HTTP errorcodes

There are very many HTTP errorcodes which indicate that the repository
isn't available at the moment or the connection has some kind of
problem. Given that we do not require Release files the result was that
these errors were ignored and the user presented with a message like
"Repository is no longer signed" which sends the user in the wrong

Instead of trying to figure out which http errorcodes indicate a global
problem we accept only 404 for ignoring and consider all the rest as
hard errors now causing us to stop instantly after the InRelease file
and print the errorcode (with short description from server) received.
David Kalnischkies 4 years ago
2 changed files with 14 additions and 1 deletions
  1. +5
  2. +9

+ 5
- 1
apt-pkg/ View File

@@ -1717,7 +1717,11 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c

if (AuthPass == false)
if (Status == StatAuthError || Status == StatTransientNetworkError)
auto const failreason = LookupTag(Message, "FailReason");
auto const httperror = "HttpError";
if (Status == StatAuthError || Status == StatTransientNetworkError ||
(strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
failreason != "HttpError404"))
// if we expected a ClearTextSignature (InRelease) but got a network
// error or got a file, but it wasn't valid, we end up here (see VerifyDone).

+ 9
- 0
test/integration/test-ubuntu-bug-346386-apt-get-update-paywall View File

@@ -70,3 +70,12 @@ partial' ls "$LISTS"
runtests '^E:.*Clearsigned file .*NOSPLIT.*'
webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
runtests '^E:.*Signed file .*NODATA.*'

webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
rm -rf rootdir/var/lib/apt/lists
testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
511 Network Authentication Required
Reading package lists...
E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required
E: Some index files failed to download. They have been ignored, or old ones used instead." apt update