Univention Bugzilla – Full Text Bug Listing |
Summary: | Despite update/secure_apt=no apt-get update refuses to pull packages files if system clock is behind | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | univention-base-files | Assignee: | UCS maintainers <ucs-maintainers> |
Status: | NEW --- | QA Contact: | UCS maintainers <ucs-maintainers> |
Severity: | normal | ||
Priority: | P5 | CC: | best, hahn |
Version: | UCS 5.0 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975903 | ||
What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 51498 | ||
Bug Blocks: | |||
Attachments: | extend-Max-FutureTime.patch |
Description
Arvid Requate
2020-06-15 10:30:47 CEST
FYI: At first the "Release" file is downloaded and validated; as it is from the future, validation fails and the (updated) "Package" file is NOT downloaded - it would not be trusted anyway and as such the old file is kept. Even if the local time of the VM is corrected later on, APT does not fetch the "Release" file again if it was not updated in between - APT uses HTTPs "If-Modified-Since" with the original time stamp (from the future) as previously returned by our EXTERNAL repository server in the initial fetch. As the "Release" file is not updated, the "Package" update is skipped again. My advise is: Fix your ONE underlying time problem instead of fixing the TEN followup and other obscure and hard-to-debug issues like - gpg might complain too for {pre,post}up.sh.php - wget https:// - ... Workaround: rm -f /var/lib/apt/lists/omar* && apt update I filed an Upstream Debian APT bug for this: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975903> As a temporary work-around during UCS 5.0-0 development: [5.0-0] 842f138ab0 Bug #51493 base: Temporary work-around for time skew. base/univention-base-files/conffiles/etc/apt/apt.conf.d/20secureapt | 1 + base/univention-base-files/debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+) |