Bug#385577: apt: indicate the ip address of the server used when fetching operations fail

Sun, 09 Mar 2025 04:58:43 -0700 

Hi,

On one hand, apt still doesn't display IP address of servers, for which
some errors occurred. See the two scenarios below for examples:




Scenario 1:

root@debian:~# cat /etc/os-release | grep CODENAME
VERSION_CODENAME=trixie
root@debian:~#
root@debian:~# apt --version
apt 2.9.29 (amd64)
root@debian:~#
root@debian:~# cat /etc/apt/sources.list
deb     http://deb.debian.org/debian/ sid main
deb-src http://deb.debian.org/debian/ sid main
root@debian:~#
root@debian:~#
root@debian:~# apt update
Get:1 http://deb.debian.org/debian sid InRelease [205 kB]
Get:2 http://deb.debian.org/debian sid/main Sources.diff/Index [63.6 kB]
Err:2 http://deb.debian.org/debian sid/main Sources.diff/Index
  Couldn't find the start of the patch series
Get:3 http://deb.debian.org/debian sid/main amd64 Packages.diff/Index [63.6 kB] 
Err:3 http://deb.debian.org/debian sid/main amd64 Packages.diff/Index
  Couldn't find the start of the patch series
Get:4 http://deb.debian.org/debian sid/main Translation-en.diff/Index [63.6 kB] Get:4 http://deb.debian.org/debian sid/main Translation-en.diff/Index [63.6 kB] 
Ign:2 http://deb.debian.org/debian sid/main Sources.diff/Index
Get:4 http://deb.debian.org/debian sid/main Translation-en.diff/Index [63.6 kB] 
Ign:3 http://deb.debian.org/debian sid/main amd64 Packages.diff/Index
Err:4 http://deb.debian.org/debian sid/main Translation-en.diff/Index
  Couldn't find the start of the patch series
Get:5 http://deb.debian.org/debian sid/main amd64 Components [5,131 kB]
Get:6 http://deb.debian.org/debian sid/main Sources [11.0 MB]
Get:6 http://deb.debian.org/debian sid/main Sources [11.0 MB]
Ign:4 http://deb.debian.org/debian sid/main Translation-en.diff/Index
Get:7 http://deb.debian.org/debian sid/main amd64 Packages [10.1 MB]
Get:8 http://deb.debian.org/debian sid/main Translation-en [7,382 kB]
Fetched 34.0 MB in 44s (765 kB/s)





Scenario 2 (verbose messages removed for clarity):

root@debian:~# cat /etc/os-release | grep CODENAME
VERSION_CODENAME=trixie
root@debian:~#
root@debian:~# apt --version
apt 2.9.29 (amd64)
root@debian:~#
root@debian:~# cat /etc/apt/sources.list
deb [trusted=yes] http://server.local.net/12 ./
root@debian:~#
root@debian:~# apt update
Ign:1 http://server.local.net/12 ./ InRelease
Get:2 http://server.local.net/12 ./ Release [1,204 B]
Ign:3 http://server.local.net/12 ./ Release.gpg
Get:4 http://server.local.net/12 ./ Packages [135 kB]
Err:4 http://server.local.net/12 ./ Packages
  Hash Sum mismatch
  [...]
Fetched 136 kB in 0s (1,287 kB/s)
Error: Failed to fetch http://server.local.net/12/./Packages.gz Hash Sum mismatch 
   [...]
Error: Some index files failed to download. They have been ignored, or old ones used instead. Notice: Some sources can be modernized. Run 'apt modernize-sources' to do so. 




On the other hand there are two apt options that can aid in recognizing
which servers are being used.

1. Debug::Acquire::SrvRecs=true

root@debian:~# apt -o "Debug::Acquire::SrvRecs=true" update
0% [Working]SrvRecs: got debian.map.fastlydns.net prio: 10 weight: 1
PopFromSrvRecs: selecting debian.map.fastlydns.net
Hit:1 http://deb.debian.org/debian sid InRelease
214 packages can be upgraded. Run 'apt list --upgradable' to see them.

This of course still doesn't help with finding out which IP was used,
and the selected server has multiple IPs:

root@debian:~# host debian.map.fastlydns.net
debian.map.fastlydns.net has address 151.101.2.132
debian.map.fastlydns.net has address 151.101.130.132
debian.map.fastlydns.net has address 151.101.194.132
debian.map.fastlydns.net has address 151.101.66.132
debian.map.fastlydns.net has IPv6 address 2a04:4e42:600::644
debian.map.fastlydns.net has IPv6 address 2a04:4e42:200::644
debian.map.fastlydns.net has IPv6 address 2a04:4e42::644
debian.map.fastlydns.net has IPv6 address 2a04:4e42:400::644

2. Debug::pkgAcquire::Worker=true (verbose messages removed for
clarity):

root@debian:~# apt -o "Debug::pkgAcquire::Worker=true" update
Starting method '/usr/lib/apt/methods/http'
[...]
Configured access method http
[...]
-> http:600%20URI%20Acquire%0aURI:%20http://server.local.net/12/./InRelease [...] 0% [Working] <- http:102%20Status%0aMessage:%20Connecting%20to%20server.local.net%0aURI:%20http://server.local.net/12/./InRelease <- http:102%20Status%0aMessage:%20Connecting%20to%20server.local.net%20(192.168.0.50)%0aURI:%20http://server.local.net/12/./InRelease <- http:102%20Status%0aMessage:%20Connected%20to%20server.local.net%20(192.168.0.50)%0aURI:%20http://server.local.net/12/./InRelease 
[...]

As you can see, these debugs include the hostname (server.local.net) and
IP of server (192.168.0.50).

The "Connecting to" message that includes IP address has been added long
time ago, even before https://salsa.debian.org/apt-team/apt/-/commit/dc738e7ae6. 

The "Connected to" message that includes IP address has been added in
https://salsa.debian.org/apt-team/apt/-/commit/3bbd328396.




To summarize my findings:

1. by default, IP addresses of servers aren't being printed by default
(at least not in all fault scenarios)

2. Adding "-o Debug::pkgAcquire::Worker=true" results in IP addresses
being printed as part of verbose debugs for http method.

3. finding the address in the debug messages is not quick, but is
possible.




I may have missed some debug options. I don't know if using
"-o Debug::pkgAcquire::Worker=true" would be a solution acceptable to
reporter of the ticket. I didn't test all methods or scenarios (e.g.
connecting through proxies). Therefore I can't decide myself if this
ticket can be closed or not.

Also the gmane mailing list post mentioned by author of this ticket
seems to be this one:
https://groups.google.com/g/linux.debian.security/c/iqy29IB3RrQ/m/zcltRDSyIl0J

Kamil

Reply via email to