@Julian Andres Klode Is this something you'd be willing to reassess?  I
saw your old message [1] on the Debian list that says:

> The question what a successful update is is complicated and depends
on the expections of the person using APT.

With that in mind, I'd say there are situations where it's reasonable
for the expectation to be that `apt-get update` fails on any error.  I
completely understand the reasoning for the default behavior and don't
expect that to change, but a `--strict` switch (or similar) like the one
suggested in the mailing list would be extremely useful to some of us.

Even an advanced option like (note this is not real) `-o=APT::Get
::Strict-Mode=1` would be useful if that's easier than a full blown
command line switch.  I'm not sure I got the syntax right, but I'm sure
you get the idea.

With containerization gaining popularity, I think there could be a lot
of people who have automated build systems set up where they pull a
container, (try to) apply security updates, and so on...  In those
cases, the warnings are really hard to notice since the build system
claims everything is OK.  Automated build systems that use Docker tend
to surface the problem a bit more because of the way they handle DNS
[2][3].  The TLDR of those issues is that Docker tries to be smart and
sometimes falls back to Google DNS:

> level=info msg="No non-localhost DNS nameservers are left in
resolv.conf. Using default external servers: [nameserver 8.8.8.8
nameserver 8.8.4.4]"

For anyone using an internal APT mirror, a bunch of assumptions get
broken, but nothing throws an error to surface the break down.  I bet
there's a subset of developers that don't realize their automated builds
could be failing to apply updates.

I spent several hours today trying to find a reasonable workaround, but
all I could find were people trying to parse apt-get's output in a
variety of creative ways.  AFAIK, there aren't any good workarounds.  I
even tried fumbling my way through the source code to see if there were
any existing options to control the behavior, but didn't have much luck
(I don't know C++ though).

So, I guess I have two questions.  First, is there _any_ way to make
`apt-get update` fail on any error?  Second, if the answer to my first
question is no, would you consider adding an option that lets us control
it?

1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152#15
2) https://github.com/moby/moby/issues/23910
3) https://github.com/moby/libnetwork/issues/1654

** Bug watch added: Debian Bug tracker #776152
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152

** Bug watch added: github.com/moby/moby/issues #23910
   https://github.com/moby/moby/issues/23910

** Bug watch added: github.com/moby/libnetwork/issues #1654
   https://github.com/moby/libnetwork/issues/1654

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1693900

Title:
  apt-get update should return exit code != 0 on error

Status in apt package in Ubuntu:
  Triaged

Bug description:
  When running 'apt-get update' (e.g. on a container install post-
  install script), apt-get return with exit code 0, even so it wasn't
  able to "update" properly. E.g.:

  + apt-get update
  Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease
    Temporary failure resolving 'de.archive.ubuntu.com'
  Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
    Temporary failure resolving 'security.ubuntu.com'
  Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease
    Temporary failure resolving 'de.archive.ubuntu.com'
  Reading package lists... Done
  W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease 
 Temporary failure resolving 'de.archive.ubuntu.com'
  W: Failed to fetch 
http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  Temporary 
failure resolving 'de.archive.ubuntu.com'
  W: Failed to fetch 
http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  Temporary 
failure resolving 'security.ubuntu.com'
  W: Some index files failed to download. They have been ignored, or old ones 
used instead.

  It should be corrected to return useful exit code, so that scripts can
  take the appropriate actions ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to