[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#770388: marked as done (apt-cache as a non-root user if a APT .list file is not readable)

Your message dated Sun, 23 Nov 2014 15:20:26 +0100
with message-id <20141123142026.GB1490@crossbow>
and subject line Re: Bug#770388: apt-cache as a non-root user if a APT .list file is not readable
has caused the Debian Bug report #770388,
regarding apt-cache as a non-root user if a APT .list file is not readable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770388
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 1.0.9.3
Severity: normal

Dear Maintainer,

running apt-cache or apt-search as a non-root user is (was) very slow on
my machine:

    $ time apt-cache show gmpc
    ...
    apt-cache show gmpc  4.95s user 0.59s system 83% cpu 6.601 total
    $ time sudo apt-cache show gmpc
    ...
    apt-cache show gmpc  0.06s user 0.04s system 62% cpu 0.172 total

I tracked down the problem using strace and it seems that if a APT .list
file is not readable by a non-root user, apt-cache (in this case) goes
much, much slower:

    $ time apt-cache show gmpc
    ...
    apt-cache show gmpc  0.06s user 0.05s system 74% cpu 0.139 total

    $ sudo touch /etc/apt/sources.list.d/foo.list
    $ sudo chmod 600 /etc/apt/sources.list.d/foo.list

    $ time apt-cache show gmpc
    E: Opening /etc/apt/sources.list.d/foo.list - ifstream::ifstream (13: Permission denied)
    E: The list of sources could not be read.
    E: The package lists or status file could not be parsed or opened.
    E: No packages found
    apt-cache show gmpc  0.05s user 0.04s system 73% cpu 0.120 total

    $ sudo apt-get update
    ...
    $ time apt-cache show gmpc
    ...
    apt-cache show gmpc  4.95s user 0.59s system 83% cpu 6.601 total

    $ sudo chmod 644 /etc/apt/sources.list.d/foo.list
    $ time apt-cache show gmpc
    ...
    apt-cache show gmpc  0.06s user 0.04s system 62% cpu 0.172 total


strace shows that, when it's fast, apt-cache open the Packages file in
/var/lib/apt/lists/ and jumps directly using fseek() to the right
position to read the information about the package.

But when it's slow, it does the following:

 * it opens the same Package file
 * it reads the whole file, 32kB per 32kB
 * it opens a temporary file in /tmp
 * it opens the related _InRelease file
 * it writes into the temporary file... stuff (checksums it seems, from
   the _InRelease file I guess?)
 * after reading the while _InRelease file, it closes it, seek to the
   beginning of the temporary file and reads everything, then closes it.
 * then, it starts again with the next Package file


So, yeah, it's much slower in the end.

 Jonathan




-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.1
ii  gnupg                   1.4.18-4
ii  libapt-pkg4.12          1.0.9.3
ii  libc6                   2.19-13
ii  libgcc1                 1:4.9.2-1
ii  libstdc++6              4.9.2-1

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.11-1+b1
ii  dpkg-dev    1.17.21
ii  python-apt  0.9.3.11
ii  synaptic    0.81.2

-- debconf-show failed

--- End Message ---
--- Begin Message --- 
Hi Jonathan,

On Thu, Nov 20, 2014 at 10:35:40PM +0100, Jonathan Ballet wrote:
> I tracked down the problem using strace and it seems that if a APT .list
> file is not readable by a non-root user, apt-cache (in this case) goes
> much, much slower:

Yes, but this isn't a bug. The sources.list tells us which repositories
to get data from and by extension which files on disk contain this data.
If the current user can't read the sources.list files, apt will not know
which files are to be used and which ones are "stale". The binary cache
it deploys to avoid reparsing all these files all the time will be
considered invalid as it contains data from sources which (might or
might not) be still in the unreadable sources.list file. The only reason
we can be fast by using a binary cache is that we know that it is
current – otherwise we would need to be a lot more careful while working
with the data files which means we are a lot slower (as you
experienced). So, this is all by design…


In other words: If you want to use apt, the user you run it with needs
read access to sources.list files. There is no point in forbidding read
access here anyway as you /can/ force apt to consider the binary cache
as valid and hence extract the data or lookup the filenames in the lists
directory or or or.

If your counterargument is that you have username and/or passwords
witten down in it, I strongly recommend using /etc/apt/auth.conf
instead (netrc like file) which can have any accessmode you like as it
is (obviously) only needed while accessing the repositories.


So, as there is no bug here, I am closing this report. Still, thanks
taking the time to report it & I hope my response to it helps.
If not feel free to ask.


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: