Bug#1110470: marked as done (apt: Apt downloads InRelease but does not request Package.gz, reports no error)
Your message dated Wed, 6 Aug 2025 09:29:30 +0200
with message-id <20250806092819.GA897645@debian.org>
and subject line Re: Bug#1110470: apt: Apt downloads InRelease but does not request Package.gz, reports no error
has caused the Debian Bug report #1110470,
regarding apt: Apt downloads InRelease but does not request Package.gz, reports no error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1110470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110470
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Version: 2.6.1
Severity: important
X-Debbugs-Cc: pascal.fb.martin@gmail.com
Dear Maintainer,
I created my own private apt repository: apt downloads the InRelease file but it never downloads the Packages.gz file and there is no error reported:
$ sudo apt update
Get:1 http://nasdev/debian bookworm InRelease [750 B]
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://deb.debian.org/debian bookworm-backports InRelease
Hit:5 http://security.debian.org bookworm-security InRelease
Hit:7 https://github.armbian.com/configng stable InRelease
Hit:6 http://armbian.lv.auroradev.org/beta bookworm InRelease
Fetched 750 B in 3s (216 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
6 packages can be upgraded. Run 'apt list --upgradable' to see them.
Because I created the repository and wrote the web server, I believe that something is wrong (or missing) either in the header attributes returned by the web server or in the content of the InRelease file.
I would have expected apt to generate an error if it decides to not accept the InRelease file.
I signed the InRelease file, and copied the public key exported (using gpg --armor --export) to /etc/apt/trusted.gpg.d on the client side. I checked the signature of the InRelease file using "gpg --verify" and it reports "Good signature".
I tried deleting the downloaded InRelease (in /var/lib/apt/lists): no improvement.
I made a change to one package, which changed the SHA256 checksum of the Packages.gz file, and ran "sudo apt update" again: no improvement.
Below is a capture of a complete exchange between apt and the web server:
GET /debian/dists/bookworm/InRelease HTTP/1.1
Host: nasdev
Cache-Control: max-age=0
Accept: text/*
If-Modified-Since: Wed, 06 Aug 2025 03:09:30 GMT
User-Agent: Debian APT-HTTP/1.3 (2.6.1)
HTTP/1.1 200 OK
Content-Length: 750
Last-Modified: Wed, 06 Aug 2025 05:32:33 GMT
Content-Type: text/plain
Date: Wed, 06 Aug 2025 05:33:53 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Origin: House
Label: House
Suite: stable
Version: 12.11
Codename: bookworm
Date: Wed, 06 Aug 2025 05:32:27 +0000
Architectures: all armhf
Components: main
Description: The House software suite repository
MD5Sum:
e3d6d343691931a1732d4a06255d0ee5 1996 main/binary-armhf/Packages.gz
SHA1:
52e598660bab00a4cfe9dd60439c947db126c8e5 1996 main/binary-armhf/Packages.gz
SHA256:
a9171fbbb7b49c56050b11f1746b470b3de6527989dba506a59461f35439b10a 1996 main/binary-armhf/Packages.gz
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQSnY4oaVzPFG5d7rCkH+pWbk/eRrAUCaJLo6wAKCRAH+pWbk/eR
rKDrAP47zO/r86AnWKur9Y9UZmD/CKxDuc1GlCRhIX/G1nB0IQD/RSCLraOLo2uw
pqyYYCGGNRdXv91q2OB3RU1EmGMw6x8=
=nOBc
-----END PGP SIGNATURE-----
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "armhf";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*$";
APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*-[a-z0-9]*$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-.*";
APT::VersionedKernelPackages:: "kfreebsd-.*";
APT::VersionedKernelPackages:: "gnumach-.*";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "tasks";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::zstd "";
APT::Compressor::zstd::Name "zstd";
APT::Compressor::zstd::Extension ".zst";
APT::Compressor::zstd::Binary "false";
APT::Compressor::zstd::Cost "60";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "10";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "200";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "300";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-6";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "400";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-6";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
APT::Periodic "";
APT::Periodic::Enable "0";
APT::Periodic::Update-Package-Lists "21";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::Unattended-Upgrade "7";
APT::Periodic::AutocleanInterval "120";
APT::Architectures "";
APT::Architectures:: "armhf";
Dir "/";
Dir::State "var/lib/apt";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::netrcparts "auth.conf.d";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::planners "";
Dir::Bin::planners:: "/usr/lib/apt/planners";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::gzip "/bin/gzip";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Bin::lz4 "/usr/bin/lz4";
Dir::Bin::zstd "/usr/bin/zstd";
Dir::Bin::lzma "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Log::Planner "eipp.log.xz";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.ucf-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::AllowInsecureRepositories "0";
Acquire::AllowWeakRepositories "0";
Acquire::AllowDowngradeToInsecureRepositories "0";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::IndexTargets "";
Acquire::IndexTargets::deb "";
Acquire::IndexTargets::deb::Packages "";
Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages";
Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages";
Acquire::IndexTargets::deb::Packages::ShortDescription "Packages";
Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages";
Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages";
Acquire::IndexTargets::deb::Packages::Optional "0";
Acquire::IndexTargets::deb::Translations "";
Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb-src "";
Acquire::IndexTargets::deb-src::Sources "";
Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources";
Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources";
Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources";
Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources";
Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources";
Acquire::IndexTargets::deb-src::Sources::Optional "0";
Acquire::Changelogs "";
Acquire::Changelogs::URI "";
Acquire::Changelogs::URI::Origin "";
Acquire::Changelogs::URI::Origin::Debian "https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Ubuntu "https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";;
Acquire::Changelogs::AlwaysOnline "";
Acquire::Changelogs::AlwaysOnline::Origin "";
Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1";
Acquire::GzipIndexes "false";
Acquire::CompressionTypes "";
Acquire::CompressionTypes::Order "";
Acquire::CompressionTypes::Order:: "gz";
Acquire::CompressionTypes::xz "xz";
Acquire::CompressionTypes::bz2 "bzip2";
Acquire::CompressionTypes::lzma "lzma";
Acquire::CompressionTypes::gz "gzip";
Acquire::CompressionTypes::lz4 "lz4";
Acquire::CompressionTypes::zst "zstd";
Acquire::Languages "";
Acquire::Languages:: "none";
DPkg "";
DPkg::Path "/usr/sbin:/usr/bin:/sbin:/bin";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "test -x /usr/lib/armbian/armbian-apt-updates && /usr/lib/armbian/armbian-apt-updates || true";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
Unattended-Upgrade "";
Unattended-Upgrade::Origins-Pattern "";
Unattended-Upgrade::Origins-Pattern:: "origin=${distro_id},codename=${distro_codename}";
Unattended-Upgrade::Origins-Pattern:: "origin=Armbian";
Binary "apt-config";
Binary::apt "";
Binary::apt::APT "";
Binary::apt::APT::Color "1";
Binary::apt::APT::Cache "";
Binary::apt::APT::Cache::Show "";
Binary::apt::APT::Cache::Show::Version "2";
Binary::apt::APT::Cache::AllVersions "0";
Binary::apt::APT::Cache::ShowVirtuals "1";
Binary::apt::APT::Cache::Search "";
Binary::apt::APT::Cache::Search::Version "2";
Binary::apt::APT::Cache::ShowDependencyType "1";
Binary::apt::APT::Cache::ShowVersion "1";
Binary::apt::APT::Get "";
Binary::apt::APT::Get::Upgrade-Allow-New "1";
Binary::apt::APT::Get::Update "";
Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1";
Binary::apt::APT::Cmd "";
Binary::apt::APT::Cmd::Show-Update-Stats "1";
Binary::apt::APT::Cmd::Pattern-Only "1";
Binary::apt::APT::Keep-Downloaded-Packages "0";
Binary::apt::DPkg "";
Binary::apt::DPkg::Progress-Fancy "1";
Binary::apt::DPkg::Lock "";
Binary::apt::DPkg::Lock::Timeout "-1";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- (no /etc/apt/preferences present) --
-- /etc/apt/preferences.d/armbian --
#Explanation: Uninstall or do not install chromium, thunderbird, firefox Ubuntu-originated
#Explanation: package versions other than those in the Armbian distro
#Package: chromium thunderbird firefox
#Pin: release o=armbian
#Pin-Priority: 990
#
#Package: chromium thunderbird firefox
#Pin: release o=Ubuntu
#Pin-Priority: 50
-- /etc/apt/preferences.d/frozen-armbian --
-- (no /etc/apt/sources.list present) --
-- /etc/apt/sources.list.d/armbian-config.sources --
Types: deb
URIs: https://github.armbian.com/configng
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/armbian.gpg
-- /etc/apt/sources.list.d/armbian.sources --
Types: deb
URIs: http://beta.armbian.com
Suites: bookworm
Components: main bookworm-utils bookworm-desktop
Signed-By: /usr/share/keyrings/armbian-archive-keyring.gpg
-- /etc/apt/sources.list.d/debian.sources --
Types: deb
URIs: http://deb.debian.org/debian
Suites: bookworm bookworm-updates bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: http://security.debian.org/
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-- /etc/apt/sources.list.d/house.list --
deb http://nasdev/debian bookworm main
-- System Information:
Debian Release: 12.11
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 6.12.35-current-sunxi (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.134
ii debian-archive-keyring 2023.3+deb12u2
ii gpgv 2.2.40-1.1
ii libapt-pkg6.0 2.6.1
ii libc6 2.36-9+deb12u10
ii libgcc-s1 12.2.0-14+deb12u1
ii libgnutls30 3.7.9-2+deb12u5
ii libseccomp2 2.5.4-1+deb12u1
ii libstdc++6 12.2.0-14+deb12u1
ii libsystemd0 252.38-1~deb12u1
Versions of packages apt recommends:
ii ca-certificates 20230311+deb12u1
Versions of packages apt suggests:
pn apt-doc <none>
pn aptitude | synaptic | wajig <none>
ii dpkg-dev 1.21.22
ii gnupg 2.2.40-1.1
ii gnupg2 2.2.40-1.1
pn powermgmt-base <none>
-- Configuration Files:
/etc/logrotate.d/apt changed:
/var/log.hdd/apt/term.log {
rotate 12
monthly
compress
missingok
notifempty
}
/var/log.hdd/apt/history.log {
rotate 12
monthly
compress
missingok
notifempty
}
-- no debconf information
--- End Message ---
--- Begin Message ---
On Tue, Aug 05, 2025 at 11:39:31PM -0700, Pascal Martin wrote:
> Package: apt
> Version: 2.6.1
> Severity: important
> X-Debbugs-Cc: pascal.fb.martin@gmail.com
>
> Dear Maintainer,
>
> I created my own private apt repository: apt downloads the InRelease file but it never downloads the Packages.gz file and there is no error reported:
>
> $ sudo apt update
> Get:1 http://nasdev/debian bookworm InRelease [750 B]
> Hit:2 http://deb.debian.org/debian bookworm InRelease
> Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
> Hit:4 http://deb.debian.org/debian bookworm-backports InRelease
> Hit:5 http://security.debian.org bookworm-security InRelease
> Hit:7 https://github.armbian.com/configng stable InRelease
> Hit:6 http://armbian.lv.auroradev.org/beta bookworm InRelease
> Fetched 750 B in 3s (216 B/s)
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> 6 packages can be upgraded. Run 'apt list --upgradable' to see them.
>
> Because I created the repository and wrote the web server, I believe that something is wrong (or missing) either in the header attributes returned by the web server or in the content of the InRelease file.
>
> I would have expected apt to generate an error if it decides to not accept the InRelease file.
>
> I signed the InRelease file, and copied the public key exported (using gpg --armor --export) to /etc/apt/trusted.gpg.d on the client side. I checked the signature of the InRelease file using "gpg --verify" and it reports "Good signature".
>
> I tried deleting the downloaded InRelease (in /var/lib/apt/lists): no improvement.
>
> I made a change to one package, which changed the SHA256 checksum of the Packages.gz file, and ran "sudo apt update" again: no improvement.
>
> Below is a capture of a complete exchange between apt and the web server:
>
> GET /debian/dists/bookworm/InRelease HTTP/1.1
> Host: nasdev
> Cache-Control: max-age=0
> Accept: text/*
> If-Modified-Since: Wed, 06 Aug 2025 03:09:30 GMT
> User-Agent: Debian APT-HTTP/1.3 (2.6.1)
>
> HTTP/1.1 200 OK
> Content-Length: 750
> Last-Modified: Wed, 06 Aug 2025 05:32:33 GMT
> Content-Type: text/plain
> Date: Wed, 06 Aug 2025 05:33:53 GMT
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Origin: House
> Label: House
> Suite: stable
> Version: 12.11
> Codename: bookworm
> Date: Wed, 06 Aug 2025 05:32:27 +0000
> Architectures: all armhf
> Components: main
> Description: The House software suite repository
> MD5Sum:
> e3d6d343691931a1732d4a06255d0ee5 1996 main/binary-armhf/Packages.gz
> SHA1:
> 52e598660bab00a4cfe9dd60439c947db126c8e5 1996 main/binary-armhf/Packages.gz
> SHA256:
> a9171fbbb7b49c56050b11f1746b470b3de6527989dba506a59461f35439b10a 1996 main/binary-armhf/Packages.gz
The repository does not declare hashes for the decompressed files which
are mandatory and hence the files are "not found".
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
--- End Message ---
Reply to: