Your message dated Sun, 23 Nov 2014 15:20:26 +0100 with message-id <20141123142026.GB1490@crossbow> and subject line Re: Bug#770388: apt-cache as a non-root user if a APT .list file is not readable has caused the Debian Bug report #770388, regarding apt-cache as a non-root user if a APT .list file is not readable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 770388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770388 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt-cache as a non-root user if a APT .list file is not readable
- From: Jonathan Ballet <jon@multani.info>
- Date: Thu, 20 Nov 2014 22:35:40 +0100
- Message-id: <[🔎] 20141120213540.9726.78971.reportbug@gourami.lan>
Package: apt Version: 1.0.9.3 Severity: normal Dear Maintainer, running apt-cache or apt-search as a non-root user is (was) very slow on my machine: $ time apt-cache show gmpc ... apt-cache show gmpc 4.95s user 0.59s system 83% cpu 6.601 total $ time sudo apt-cache show gmpc ... apt-cache show gmpc 0.06s user 0.04s system 62% cpu 0.172 total I tracked down the problem using strace and it seems that if a APT .list file is not readable by a non-root user, apt-cache (in this case) goes much, much slower: $ time apt-cache show gmpc ... apt-cache show gmpc 0.06s user 0.05s system 74% cpu 0.139 total $ sudo touch /etc/apt/sources.list.d/foo.list $ sudo chmod 600 /etc/apt/sources.list.d/foo.list $ time apt-cache show gmpc E: Opening /etc/apt/sources.list.d/foo.list - ifstream::ifstream (13: Permission denied) E: The list of sources could not be read. E: The package lists or status file could not be parsed or opened. E: No packages found apt-cache show gmpc 0.05s user 0.04s system 73% cpu 0.120 total $ sudo apt-get update ... $ time apt-cache show gmpc ... apt-cache show gmpc 4.95s user 0.59s system 83% cpu 6.601 total $ sudo chmod 644 /etc/apt/sources.list.d/foo.list $ time apt-cache show gmpc ... apt-cache show gmpc 0.06s user 0.04s system 62% cpu 0.172 total strace shows that, when it's fast, apt-cache open the Packages file in /var/lib/apt/lists/ and jumps directly using fseek() to the right position to read the information about the package. But when it's slow, it does the following: * it opens the same Package file * it reads the whole file, 32kB per 32kB * it opens a temporary file in /tmp * it opens the related _InRelease file * it writes into the temporary file... stuff (checksums it seems, from the _InRelease file I guess?) * after reading the while _InRelease file, it closes it, seek to the beginning of the temporary file and reads everything, then closes it. * then, it starts again with the next Package file So, yeah, it's much slower in the end. Jonathan -- Package-specific info: -- (no /etc/apt/preferences present) -- -- (/etc/apt/sources.list present, but not submitted) -- -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2014.1 ii gnupg 1.4.18-4 ii libapt-pkg4.12 1.0.9.3 ii libc6 2.19-13 ii libgcc1 1:4.9.2-1 ii libstdc++6 4.9.2-1 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.6.11-1+b1 ii dpkg-dev 1.17.21 ii python-apt 0.9.3.11 ii synaptic 0.81.2 -- debconf-show failed
--- End Message ---
--- Begin Message ---
- To: Jonathan Ballet <jon@multani.info>, 770388-done@bugs.debian.org
- Subject: Re: Bug#770388: apt-cache as a non-root user if a APT .list file is not readable
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sun, 23 Nov 2014 15:20:26 +0100
- Message-id: <20141123142026.GB1490@crossbow>
- In-reply-to: <[🔎] 20141120213540.9726.78971.reportbug@gourami.lan>
- References: <[🔎] 20141120213540.9726.78971.reportbug@gourami.lan>
Hi Jonathan, On Thu, Nov 20, 2014 at 10:35:40PM +0100, Jonathan Ballet wrote: > I tracked down the problem using strace and it seems that if a APT .list > file is not readable by a non-root user, apt-cache (in this case) goes > much, much slower: Yes, but this isn't a bug. The sources.list tells us which repositories to get data from and by extension which files on disk contain this data. If the current user can't read the sources.list files, apt will not know which files are to be used and which ones are "stale". The binary cache it deploys to avoid reparsing all these files all the time will be considered invalid as it contains data from sources which (might or might not) be still in the unreadable sources.list file. The only reason we can be fast by using a binary cache is that we know that it is current – otherwise we would need to be a lot more careful while working with the data files which means we are a lot slower (as you experienced). So, this is all by design… In other words: If you want to use apt, the user you run it with needs read access to sources.list files. There is no point in forbidding read access here anyway as you /can/ force apt to consider the binary cache as valid and hence extract the data or lookup the filenames in the lists directory or or or. If your counterargument is that you have username and/or passwords witten down in it, I strongly recommend using /etc/apt/auth.conf instead (netrc like file) which can have any accessmode you like as it is (obviously) only needed while accessing the repositories. So, as there is no bug here, I am closing this report. Still, thanks taking the time to report it & I hope my response to it helps. If not feel free to ask. Best regards David KalnischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---