Package: apt Severity: important When "apt-get update" fails the program exits with a 0 status. It would be useful if it exited with a non-zero status in that case (or if there were a switch to tell it to do so).
This is similar to bug 41053 [1] from 1999, that says it's fixed, but it doesn't say how it was fixed and it's apparently unfixed. See output (shortened that a little). > sudo apt-get update > Could not resolve 'ecurity.debian.org' > Hit http://ftp.us.debian.org wheezy Release > Reading package lists... Done > W: Failed to fetch http://ecurity.debian.org/dists/wheezy/updates/Release.gpg Could not resolve 'ecurity.debian.org' > > W: Some index files failed to download. They have been ignored, or old ones used instead. > ~ $ echo $? > 0 (For demonstration purposes, I just added a defunct deb line deb http://ecurity.debian.org wheezy/updates main contrib non-free) Detecting such situations in scripts is important. At least if you really care if some extra repository gets used during a build script or if you care an image to be build as verifiable / reproducible as possible. Otherwise and adversary could just prevent one from connecting to a repository one cares to received upgrades from (such as security.debian.org), which would effectively render apt-get's security check for expired release files (valid-until field) [2] [3] ineffective. There is also another issue related to exit codes. [4] Cheers, Patrick [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=41053 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499897 [3] http://blog.ganneff.de/blog/2008/09/23/valid-until-field-in-release-f.html [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745735 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
