Bug#657561: apt-get chokes on bad files, needs manual intervention to fix the situation

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#657561: apt-get chokes on bad files, needs manual intervention to fix the situation
From: Evgeni Golov <evgeni@debian.org>
Date: Fri, 27 Jan 2012 01:10:11 +0100
Message-id: <[🔎] 20120127001011.12680.61834.reportbug@nana>
Reply-to: Evgeni Golov <evgeni@debian.org>, 657561@bugs.debian.org

Package: apt
Version: 0.8.15.9
Severity: important

Heya,

I am currently sitting on a kinda crappy line (hotel WiFi, who guess)
and had some fun while trying to run my usual apt-get update tonight.

The WiFi seems to run a Squid in a sort of transparent setup.
Sort of because it forbids me access to dl.google.com and resolves
ftp.de.debian.org to a wrong IP (82.98.86.171). The funny thing
about that machine is, it returns the same page to any request, no 404,
no 502, no kitten.

Now the page ends up served as 'Packages', 'InRelease', the signatures etc.
Apt of course refuses to work, as it cannot check the signature.
But the problem is that apt never clears the bad signature file.
Every next run of apt-get will end up with a
W: GPG error: http://ftp.de.debian.org squeeze Release: The following signatures were invalid: BADSIG AED4B06F473041FA Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
as the signature file is still borked and of course cannot be verified.

Only the killing of the files in /var/lib/apt/lists/ brings apt back
to life.
This might have two outcomings for the user (as far I can think of,
you could for sure come up with more):
1. unexperienced user, uses some apt frontend → no way to get updates
2. MITM a machine updating the files and you prolly stop it from fetching
updates via cron

I hope there is some way to fix that.

Regards
Evgeni

-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28
ii gnupg 1.4.11-3
ii libc6 2.13-24
ii libgcc1 1:4.6.2-12
ii libstdc++6 4.6.2-12
ii zlib1g 1:1.2.3.4.dfsg-3

apt recommends no packages.

Versions of packages apt suggests:
ii apt-doc <none>
ii aptitude 0.6.4-1.2
ii bzip2 1.0.6-1
ii dpkg-dev 1.16.1.2
ii python-apt 0.8.3
ii synaptic 0.75.4
ii xz-lzma [lzma] 5.1.1alpha+20110809-3

-- no debconf information

Reply to:

Follow-Ups:
- Bug#657561: apt-get chokes on bad files, needs manual intervention to fix the situation
  - From: Julian Andres Klode <jak@debian.org>

Prev by Date: Bug#657560: apt: ...i18n_Translation-en Encountered a section with no Package: header
Next by Date: Bug#657560: apt: ...i18n_Translation-en Encountered a section with no Package: header)
Previous by thread: Bug#657560: apt: ...i18n_Translation-en Encountered a section with no Package: header
Next by thread: Bug#657561: apt-get chokes on bad files, needs manual intervention to fix the situation
Index(es):
- Date
- Thread