[Bug 1538299] [NEW] Unauthenticated packages check seems odd

Tue, 26 Jan 2016 13:35:44 -0800 

Public bug reported:

The upgrade path from 14.04 to 15.04 was broken as documented in bug
1534374 (due to an SRU of gcc in Trusty that created a greater version
than the one in Vivid), however some systems received the following
message in /var/log/dist-upgrade/main.log:

2016-01-26 12:41:55,222 DEBUG Marking 'ubuntu-desktop' for upgrade
2016-01-26 12:41:55,674 WARNING Can't mark 'ubuntu-desktop' for upgrade 
(E:Unable to correct problems, you have held broken packages.)
2016-01-26 12:41:55,859 ERROR Unauthenticated packages found: 'gettext 
libatomic1 libfftw3-single3 libgomp1 libitm1 libquadmath0 libstdc++6 libtsan0 
onboard'

Digging into the release upgrade code in DistUpgradeCache.py we can see
the following:

 674         # check the trust of the packages that are going to change
 675         untrusted = []
 676         for pkg in self.get_changes():
 677             if pkg.marked_delete:
 678                 continue
 679             # special case because of a bug in pkg.candidate.origins
 680             if pkg.marked_downgrade:
 682                 for ver in pkg._pkg.version_list:
 683                     # version is lower than installed one
 684                     if apt_pkg.version_compare(
 685                         ver.ver_str, pkg.installed.version) < 0:
 686                         for (verFileIter, index) in ver.file_list:
 687                             indexfile = 
pkg._pcache._list.find_index(verFileIter)
 688                             if indexfile and not indexfile.is_trusted:
 689                                 untrusted.append(pkg.name)
 690                                 break
 691                 continue

It seems odd to me that we only check if packages are trusted when
downgrading them and that we don't log that the packages are being
downgraded.  Examples of this issue can be found in bug 1535407 and bug
1531333. Additionally, its strange that the packages (from the official
archive) would be considered untrusted.

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1538299

Title:
  Unauthenticated packages check seems odd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1538299/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to