-3

When I try to run an update using APT, if there is an issue with a single repository, APT will not continue and the update fails... Shouldn't APT just skip that repo and continue? Especially when it is a separate file under /etc/sources.list.d/? And not connected to any of the Ubuntu repos?

Isn't this a bit of a security flaw? If a bad repo list could be written, it would stop important security repos from updating through unnattended updates, wouldn't it? Luckily, it updated the security repo second... maybe that is by design.

This is what I get after apt update. The update of repos doesn't continue after the broken one.

Hit:1 http://archive.ubuntu.com/ubuntu - InRelease
Hit:2 http://security.ubuntu.com/ubuntu --security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu --updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu --backports InRelease
Ign:5 http://apt.keepsolid.com/ubuntu - InRelease
Err:6 http://apt.keepsolid.com/ubuntu - Release
  404  Not Found [IP: 144.217.71.199 80]
Reading package lists... Done
E: The repository 'http://apt.keepsolid.com/ubuntu - Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Zanna
  • 70,465
alchemy
  • 762
  • The flaw as you put it, was the user who added an inappropriate 3rd party repository onto your system. I'd suggest you evaluate your procedures on to whom you give sudo rights to, and only give them to users who'll perform the required security checks on adding 3rd party repositories to your system - as all checks are on the person whom adds it. The person whom added that PPA obviously didn't perform such checks, and maybe needs a talking to if they're to continue with having sudo rights. Comment copied from prior now-deleted question – guiverc Apr 12 '22 at 07:04

1 Answers1

7

This is by design. Looking at the source code for apt, there are just three possible response codes:

0 — No errors
1 — No arguments passed
100 — Something important isn’t right

Because apt is responsible for installing software on the machine, there is an overabundance of caution regarding when something can continue and when something should fail outright. When there are problems that can be ignored, a W (warning) message is sent up to notify you of an error, but any E (error) will force apt to stop in its tracks.

For the vast majority of people, it is better to have a working system running older versions of software than a broken system with half-installed recent versions of software.

Why doesn’t apt say something like “Oh, this one repo does not have a release file for this system version, so let’s just silently skip it?” Because it’s not apt’s job to manage sources. The responsibility of source management falls on the system administrator. If the administrator does not wish to administrate, then apt will do as much as it can and no more.

If this is something you think that apt should manage on its own, perhaps you could write up a proposal for the Debian team and have them consider it for a future release

matigo
  • 22,138
  • 7
  • 45
  • 75
  • Thanks for the response. I think there could easily be a flag to ignore fails like grub does "nofail" that administers could use that dont want to sacrifice automatically updating security repos because for any reason. Thanks for the link to the Apt team. I dont see a place to write up a proposal. – alchemy Oct 06 '22 at 03:51
  • I tried to register to submit a merge request here using Google auth, but was not allowed. https://salsa.debian.org/users/sign_up – alchemy Oct 06 '22 at 03:58
  • Turns out the site for Debian bug reports is: https://www.debian.org/Bugs/Reporting ..there is a mailing list for limited discussion. – alchemy Oct 09 '22 at 19:53