[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#784548: apt-get update race condition in candidate & dependency resolution

Subject: apt: apt-get update race condition in candidate & dependency resolution
Package: apt
Version: 0.9.7.9+deb7u7
Justification: could cause unwanted versions to be installed without notice
Severity: grave

Running apt-get update on a system at the same time with other apt commands,
causes apt to resolve package dependencies and policies inconsistently.

Behavior causes race conditions during package cache update, resulting in altered
candidate versions and you will end up with unwanted versions being installed (eg.
when running 'apt-get upgrade -y’ or working with unattended-upgrades).

Current stable version in Jessie - 1.0.9.8 is also affected.

IMO, this should either be an atomic file/directory move, once package files where
downloaded successfully, or apt-get update should make use of locking as well.

We saw this issue affecting multiple apt commands and actions:

- apt-get upgrade
- apt-get dist-upgrade
- apt-cache policy
- aptitude update
- apt-get update

APT bug #717679 is probably related.

Reproduce:

Make sure your package is available in more than one APT repository (eg. dotdeb,
backports) and run apt-cache policy in a loop:

 while [ true ] ; do apt-cache policy augeas-lenses ; sleep .5 ; done

Now, while the above is running, update your package cache:

 apt-get update

You will see dependencies changing back and forth, depending on the current cache
state. Output:

augeas-lenses:
 Installed: 0.10.0-1
 Candidate: 0.10.0-1
 Version table:
    1.2.0-0.2~bpo70+2 0
       100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
       500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
       100 /var/lib/dpkg/status
augeas-lenses:
 Installed: 0.10.0-1
 Candidate: 1.2.0-0.2~bpo70+2
 Version table:
    1.2.0-0.2~bpo70+2 0
       100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
       100 /var/lib/dpkg/status
augeas-lenses:
 Installed: 0.10.0-1
 Candidate: 0.10.0-1
 Version table:
    1.2.0-0.2~bpo70+2 0
       100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
       500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
       100 /var/lib/dpkg/status
E: Problem renaming the file /var/cache/apt/pkgcache.bin.BCQoX0 to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)
W: You may want to run apt-get update to correct these problems
augeas-lenses:
 Installed: 0.10.0-1
 Candidate: 0.10.0-1
 Version table:
    1.2.0-0.2~bpo70+2 0
       100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
       500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
       100 /var/lib/dpkg/status

Same thing while running 'apt-get upgrade -s' in a loop, and starting 'apt-get update' at the same time, results in:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
 haproxy
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
 iproute libaugeas-ruby1.8 nagios-plugins-basic nagios-plugins-common nagios-plugins-standard openssh-client
 openssh-server python-debian vim-common vim-nox vim-runtime vim-tiny
The following packages will be upgraded:
 augeas-lenses dmidecode git git-core git-man haproxy libaugeas0 libgeoip1 libgpg-error0 libp11-kit0 libxapian22
 tar tmux
13 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
Inst tar [1.26+dfsg-0.1] (1.27.1-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf tar (1.27.1-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst libgpg-error0 [1.10-3.1] (1.12-0.2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst libp11-kit0 [0.12-3] (0.20.7-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst augeas-lenses [0.10.0-1] (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [all])
Inst libaugeas0 [0.10.0-1] (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [amd64])
Inst libgeoip1 [1.4.8+dfsg-3] (1.6.2-4~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst tmux [1.6-2] (1.9-6~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst dmidecode [2.11-9] (2.12-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst git [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [amd64]) []
Inst git-man [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Inst git-core [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst libxapian22 [1.2.12-2] (1.2.16-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf libgpg-error0 (1.12-0.2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf libp11-kit0 (0.20.7-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf augeas-lenses (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf libaugeas0 (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [amd64])
Conf libgeoip1 (1.6.2-4~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf tmux (1.9-6~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf dmidecode (2.12-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf git-man (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf git (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [amd64])
Conf git-core (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf libxapian22 (1.2.16-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Reading package lists... Error!
E: Problem renaming the file /var/cache/apt/pkgcache.bin.9Ibnqk to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)
W: You may want to run apt-get update to correct these problems
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
 haproxy
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])


-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::NeverAutoRemove:: "^gnumach$";
APT::NeverAutoRemove:: "^gnumach-image.*";
APT::NeverAutoRemove:: "^postgresql-";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Enable "1";
APT::Periodic::Verbose "0";
APT::Periodic::RandomSleep "250";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "1";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "2";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-9n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "false";
APT::Compressor::bzip2::Cost "3";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "4";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "5";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-9";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
APT::Compressor::::Name "";
APT::Compressor::::Extension ".";
APT::Compressor::::Binary "";
APT::Compressor::::Cost "100";
APT::Compressor::::CompressArg "";
APT::Compressor::::CompressArg:: "-9";
APT::Compressor::::UncompressArg "";
APT::Compressor::::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Acquire "";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Unattended-Upgrade "";
Unattended-Upgrade::Origins-Pattern "";
Unattended-Upgrade::Origins-Pattern:: "origin=Debian,archive=stable,label=Debian-Security";
Unattended-Upgrade::Origins-Pattern:: "origin=Debian,archive=oldstable,label=Debian-Security";
Unattended-Upgrade::Origins-Pattern:: "archive=stable";
Unattended-Upgrade::Origins-Pattern:: "site=mirror.ono.at";
Unattended-Upgrade::Origins-Pattern:: "site=apt.ono.at";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
CommandLine "";
CommandLine::AsString "apt-config dump";

-- (no /etc/apt/preferences present) --


-- /etc/apt/sources.list --

deb http://mirror.ono.at/debian wheezy main contrib non-free
deb http://mirror.ono.at/debian-security wheezy/updates main contrib non-free

-- System Information:
Debian Release: 7.8
 APT prefers oldstable
 APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-openvz-042stab106.4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.3~deb7u1
ii  gnupg                   1.4.12-7+deb7u7
ii  libapt-pkg4.12          0.9.7.9+deb7u7
ii  libc6                   2.13-38+deb7u8
ii  libgcc1                 1:4.7.2-5
ii  libstdc++6              4.7.2-5

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.8.2-1
pn  dpkg-dev    <none>
ii  python-apt  0.8.8.2
ii  xz-utils    5.1.1alpha+20120614-2

-- Configuration Files:
/etc/apt/apt.conf.d/01autoremove changed:
// this file is managed by puppet module apt
APT
{
 NeverAutoRemove
 {
       "^firmware-linux.*";
       "^linux-firmware$";
       "^linux-image.*";
       "^kfreebsd-image.*";
       "^linux-restricted-modules.*";
       "^linux-ubuntu-modules-.*";
       "^gnumach$";
       "^gnumach-image.*";
 };
 Never-MarkAuto-Sections
 {
       "metapackages";
       "restricted/metapackages";
       "universe/metapackages";
       "multiverse/metapackages";
       "oldlibs";
       "restricted/oldlibs";
       "universe/oldlibs";
       "multiverse/oldlibs";
 };
};


-- no debconf information
Reply to: