From 27a4fb3a9ac67a13ed516c75feefdc1fd426520a Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 9 Apr 2021 18:11:02 +0200 Subject: Fix downloads of unsized files that are largest in pipeline The maximum request size is accidentally set to any sized file, so if an unsized file is present, and it turns out to be larger than the maximum size we set, we'd error out when checking if its size is smaller than the maximum request size. LP: #1921626 --- methods/basehttp.cc | 4 +++ .../test-ubuntu-bug-1921626-unsized-packages | 38 ++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100755 test/integration/test-ubuntu-bug-1921626-unsized-packages diff --git a/methods/basehttp.cc b/methods/basehttp.cc index 3786e2e6c..f2c4156e1 100644 --- a/methods/basehttp.cc +++ b/methods/basehttp.cc @@ -882,7 +882,11 @@ unsigned long long BaseHttpMethod::FindMaximumObjectSizeInQueue() const /*{{{*/ { unsigned long long MaxSizeInQueue = 0; for (FetchItem *I = Queue; I != 0 && I != QueueBack; I = I->Next) + { + if (I->MaximumSize == 0) + return 0; MaxSizeInQueue = std::max(MaxSizeInQueue, I->MaximumSize); + } return MaxSizeInQueue; } /*}}}*/ diff --git a/test/integration/test-ubuntu-bug-1921626-unsized-packages b/test/integration/test-ubuntu-bug-1921626-unsized-packages new file mode 100755 index 000000000..5442124aa --- /dev/null +++ b/test/integration/test-ubuntu-bug-1921626-unsized-packages @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" +confighashes 'SHA512' + +mkdir tree +head -c $((5*1024)) /dev/urandom > tree/data-file + +buildsimplenativepackage 'a' 'all' '1.0' 'stable' +buildsimplenativepackage 'b' 'all' '1.0' 'stable' '' '' '' '' "$PWD/tree" +buildsimplenativepackage 'c' 'all' '1.0' 'stable' + +setupaptarchive +changetowebserver + +# Disable sandbox +echo 'APT::Sandbox::User "root";' > rootdir/etc/apt/apt.conf.d/no-acquire-sandbox + +testsuccess apt update + +for file in rootdir/var/lib/apt/lists/*Packages; do + awk '!(/^Size/ && ++cnt==2)' $file > $file.new + mv $file.new $file +done + + +size_a=$(wc -c aptarchive/pool/a_1.0_all.deb | awk '{print $1}') +size_b=$(wc -c aptarchive/pool/b_1.0_all.deb | awk '{print $1}') +size_c=$(wc -c aptarchive/pool/c_1.0_all.deb | awk '{print $1}') + +testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable/main all a all 1.0 [$size_a B] +Get:2 http://localhost:${APTHTTPPORT} stable/main all b all 1.0 [$size_b B] +Get:3 http://localhost:${APTHTTPPORT} stable/main all c all 1.0 [$size_c B]" apt download a b c -o Acquire::AllowUnsizedPackages=true -- cgit v1.2.3-70-g09d2 From 1412cf51403286e9c040f9f86fd4d8306e62aff2 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 9 Apr 2021 18:16:10 +0200 Subject: Error on packages without a Size field (option Acquire::AllowUnsizedPackages) Repositories without Size information for packages are not proper and need fixing. This ensures people see an error in CI, and get notifications and hence the ability to fix it. It can be turned off by setting Acquire::AllowUnsizedPackages to true. --- apt-pkg/acquire-item.cc | 7 +++++++ doc/examples/configure-index | 1 + test/integration/framework | 4 ++++ test/integration/test-ubuntu-bug-1921626-unsized-packages | 5 +++++ 4 files changed, 17 insertions(+) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index ab4306aac..2bab7d5c0 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -3469,6 +3469,13 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc Version.VerStr(), Version.ParentPkg().FullName(false).c_str()); return; } + if (FileSize == 0 && not _config->FindB("Acquire::AllowUnsizedPackages", false)) + { + _error->Error("Repository is broken: %s (= %s) has no Size information", + Version.ParentPkg().FullName(false).c_str(), + Version.VerStr()); + return; + } // Check if we already downloaded the file struct stat Buf; diff --git a/doc/examples/configure-index b/doc/examples/configure-index index ecd54b6ba..593cde9a3 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -257,6 +257,7 @@ Acquire AllowInsecureRepositories ""; AllowWeakRepositories ""; AllowDowngradeToInsecureRepositories ""; + AllowUnsizedPackages ""; // defaults to true. // allow repositories to change information potentially breaking user config like pinning AllowReleaseInfoChange "" { diff --git a/test/integration/framework b/test/integration/framework index cfde80329..412a96577 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -486,6 +486,10 @@ EOF echo 'APT::Machine-ID "912e43bd1c1d4ba481f9f8ccab25f9ee";' > rootdir/etc/apt/apt.conf.d/machine-id + # XXX: We really ought to make the packages in the test suite all have Size fields. + # But this needs a lot more changes, so let's keep it simple for stable updates. + echo 'Acquire::AllowUnsizedPackages "true";' >> rootdir/etc/apt/apt.conf.d/temporary-allow-unsized-packages + configcompression '.' 'gz' #'bz2' 'lzma' 'xz' confighashes 'SHA256' # these are tests, not security best-practices diff --git a/test/integration/test-ubuntu-bug-1921626-unsized-packages b/test/integration/test-ubuntu-bug-1921626-unsized-packages index 5442124aa..361cccd2e 100755 --- a/test/integration/test-ubuntu-bug-1921626-unsized-packages +++ b/test/integration/test-ubuntu-bug-1921626-unsized-packages @@ -20,6 +20,8 @@ changetowebserver # Disable sandbox echo 'APT::Sandbox::User "root";' > rootdir/etc/apt/apt.conf.d/no-acquire-sandbox +# XXX: Remove temporary hack +rm rootdir/etc/apt/apt.conf.d/temporary-allow-unsized-packages testsuccess apt update @@ -36,3 +38,6 @@ size_c=$(wc -c aptarchive/pool/c_1.0_all.deb | awk '{print $1}') testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable/main all a all 1.0 [$size_a B] Get:2 http://localhost:${APTHTTPPORT} stable/main all b all 1.0 [$size_b B] Get:3 http://localhost:${APTHTTPPORT} stable/main all c all 1.0 [$size_c B]" apt download a b c -o Acquire::AllowUnsizedPackages=true + +rm *.deb +testfailureequal "E: Repository is broken: b:i386 (= 1.0) has no Size information" apt download a b c -- cgit v1.2.3-70-g09d2