Subject: apt: apt-get update race condition in candidate & dependency resolution
Package: apt
Version: 0.9.7.9+deb7u7
Justification: could cause unwanted versions to be installed without notice
Severity: grave
Running apt-get update on a system at the same time with other apt commands,
causes apt to resolve package dependencies and policies inconsistently.
Behavior causes race conditions during package cache update, resulting in
altered
candidate versions and you will end up with unwanted versions being installed
(eg.
when running 'apt-get upgrade -y’ or working with unattended-upgrades).
Current stable version in Jessie - 1.0.9.8 is also affected.
IMO, this should either be an atomic file/directory move, once package files
where
downloaded successfully, or apt-get update should make use of locking as well.
We saw this issue affecting multiple apt commands and actions:
- apt-get upgrade
- apt-get dist-upgrade
- apt-cache policy
- aptitude update
- apt-get update
APT bug #717679 is probably related.
Reproduce:
Make sure your package is available in more than one APT repository (eg. dotdeb,
backports) and run apt-cache policy in a loop:
while [ true ] ; do apt-cache policy augeas-lenses ; sleep .5 ; done
Now, while the above is running, update your package cache:
apt-get update
You will see dependencies changing back and forth, depending on the current
cache
state. Output:
augeas-lenses:
Installed: 0.10.0-1
Candidate: 0.10.0-1
Version table:
1.2.0-0.2~bpo70+2 0
100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status
augeas-lenses:
Installed: 0.10.0-1
Candidate: 1.2.0-0.2~bpo70+2
Version table:
1.2.0-0.2~bpo70+2 0
100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
100 /var/lib/dpkg/status
augeas-lenses:
Installed: 0.10.0-1
Candidate: 0.10.0-1
Version table:
1.2.0-0.2~bpo70+2 0
100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status
E: Problem renaming the file /var/cache/apt/pkgcache.bin.BCQoX0 to
/var/cache/apt/pkgcache.bin - rename (2: No such file or directory)
W: You may want to run apt-get update to correct these problems
augeas-lenses:
Installed: 0.10.0-1
Candidate: 0.10.0-1
Version table:
1.2.0-0.2~bpo70+2 0
100 http://mirror.ono.at/debian/ wheezy-backports/main amd64 Packages
*** 0.10.0-1 0
500 http://mirror.ono.at/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status
Same thing while running 'apt-get upgrade -s' in a loop, and starting 'apt-get
update' at the same time, results in:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
haproxy
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
iproute libaugeas-ruby1.8 nagios-plugins-basic nagios-plugins-common
nagios-plugins-standard openssh-client
openssh-server python-debian vim-common vim-nox vim-runtime vim-tiny
The following packages will be upgraded:
augeas-lenses dmidecode git git-core git-man haproxy libaugeas0 libgeoip1
libgpg-error0 libp11-kit0 libxapian22
tar tmux
13 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
Inst tar [1.26+dfsg-0.1] (1.27.1-1~bpo70+1 Debian Backports:/wheezy-backports
[amd64])
Conf tar (1.27.1-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst libgpg-error0 [1.10-3.1] (1.12-0.2~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Inst libp11-kit0 [0.12-3] (0.20.7-1~bpo70+1 Debian Backports:/wheezy-backports
[amd64])
Inst augeas-lenses [0.10.0-1] (1.2.0-0.2~bpo70+2 Debian
Backports:/wheezy-backports [all])
Inst libaugeas0 [0.10.0-1] (1.2.0-0.2~bpo70+2 Debian
Backports:/wheezy-backports [amd64])
Inst libgeoip1 [1.4.8+dfsg-3] (1.6.2-4~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Inst tmux [1.6-2] (1.9-6~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Inst dmidecode [2.11-9] (2.12-2~bpo70+1 Debian Backports:/wheezy-backports
[amd64])
Inst git [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian
Backports:/wheezy-backports [amd64]) []
Inst git-man [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian
Backports:/wheezy-backports [all])
Inst git-core [1:1.7.10.4-1+wheezy1] (1:1.9.1-1~bpo70+2 Debian
Backports:/wheezy-backports [all])
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Inst libxapian22 [1.2.12-2] (1.2.16-2~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Conf libgpg-error0 (1.12-0.2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf libp11-kit0 (0.20.7-1~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf augeas-lenses (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf libaugeas0 (1.2.0-0.2~bpo70+2 Debian Backports:/wheezy-backports [amd64])
Conf libgeoip1 (1.6.2-4~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf tmux (1.9-6~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf dmidecode (2.12-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf git-man (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf git (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [amd64])
Conf git-core (1:1.9.1-1~bpo70+2 Debian Backports:/wheezy-backports [all])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Conf libxapian22 (1.2.16-2~bpo70+1 Debian Backports:/wheezy-backports [amd64])
Reading package lists... Error!
E: Problem renaming the file /var/cache/apt/pkgcache.bin.9Ibnqk to
/var/cache/apt/pkgcache.bin - rename (2: No such file or directory)
W: You may want to run apt-get update to correct these problems
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
haproxy
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst haproxy [1.5.8-2~bpo70+1] (1.5.8-3~bpo70+1 Debian
Backports:/wheezy-backports [amd64])
Conf haproxy (1.5.8-3~bpo70+1 Debian Backports:/wheezy-backports [amd64])
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::NeverAutoRemove:: "^gnumach$";
APT::NeverAutoRemove:: "^gnumach-image.*";
APT::NeverAutoRemove:: "^postgresql-";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Enable "1";
APT::Periodic::Verbose "0";
APT::Periodic::RandomSleep "250";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "1";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "2";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-9n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "false";
APT::Compressor::bzip2::Cost "3";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "4";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "5";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-9";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
APT::Compressor::::Name "";
APT::Compressor::::Extension ".";
APT::Compressor::::Binary "";
APT::Compressor::::Cost "100";
APT::Compressor::::CompressArg "";
APT::Compressor::::CompressArg:: "-9";
APT::Compressor::::UncompressArg "";
APT::Compressor::::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Acquire "";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Unattended-Upgrade "";
Unattended-Upgrade::Origins-Pattern "";
Unattended-Upgrade::Origins-Pattern::
"origin=Debian,archive=stable,label=Debian-Security";
Unattended-Upgrade::Origins-Pattern::
"origin=Debian,archive=oldstable,label=Debian-Security";
Unattended-Upgrade::Origins-Pattern:: "archive=stable";
Unattended-Upgrade::Origins-Pattern:: "site=mirror.ono.at";
Unattended-Upgrade::Origins-Pattern:: "site=apt.ono.at";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- (no /etc/apt/preferences present) --
-- /etc/apt/sources.list --
deb http://mirror.ono.at/debian wheezy main contrib non-free
deb http://mirror.ono.at/debian-security wheezy/updates main contrib non-free
-- System Information:
Debian Release: 7.8
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-openvz-042stab106.4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2014.3~deb7u1
ii gnupg 1.4.12-7+deb7u7
ii libapt-pkg4.12 0.9.7.9+deb7u7
ii libc6 2.13-38+deb7u8
ii libgcc1 1:4.7.2-5
ii libstdc++6 4.7.2-5
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.6.8.2-1
pn dpkg-dev <none>
ii python-apt 0.8.8.2
ii xz-utils 5.1.1alpha+20120614-2
-- Configuration Files:
/etc/apt/apt.conf.d/01autoremove changed:
// this file is managed by puppet module apt
APT
{
NeverAutoRemove
{
"^firmware-linux.*";
"^linux-firmware$";
"^linux-image.*";
"^kfreebsd-image.*";
"^linux-restricted-modules.*";
"^linux-ubuntu-modules-.*";
"^gnumach$";
"^gnumach-image.*";
};
Never-MarkAuto-Sections
{
"metapackages";
"restricted/metapackages";
"universe/metapackages";
"multiverse/metapackages";
"oldlibs";
"restricted/oldlibs";
"universe/oldlibs";
"multiverse/oldlibs";
};
};
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
