[Bug 245219] [NEW] Ubuntu archive server returning incorrect content-encoding

Launchpad Bug Tracker 245219 at bugs.launchpad.net
Thu Jul 3 19:48:49 BST 2008 

You have been subscribed to a public bug:

This appears to be related to bug 215694, but I've identified Ubuntu's
web server as the culprit.

https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/215694

When trying to do an upgrade from 7.10 to 8.04, do-release-upgrade
attempts to download the file hardy.tar.gz.gpg. On a machine directly
connected to the Internet, this appears to work. However, behind a proxy
server, this fails because archive.ubuntu.com is miscoding the content-
encoding of the gpg file as x-gzip.

The error message from do-release-upgrade (run  from behind a proxy
server) looks like this:

-----------------------
# do-release-upgrade
Checking for a new ubuntu release
Failed Upgrade tool signature
Done Upgrade tool
Done downloading            
extracting '/tmp/tmpArwlWD/hardy.tar.gz'
authenticate '/tmp/tmpArwlWD/hardy.tar.gz' against '/tmp/tmpArwlWD/hardy.tar.gz.gpg' 
exception from gpg: GnuPG exited non-zero, with code 131072
Debug information: 

gpg: WARNING: unsafe permissions on homedir `/tmp/tmpArwlWD'

gpg: can't open `/tmp/tmpArwlWD/hardy.tar.gz.gpg'
gpg: verify signatures failed: file open error

Authentication failed
Authenticating the upgrade failed. There may be a problem with the network or with the server. 
-----------------------

Using wireshark to trace this conversation, I find that the utility is attempting to download two files, one of which is:
http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg

Doing a wget of this file (again via a proxy server) also fails:


-----------------------
# wget --no-cache http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
--11:04:13--  http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
           => `hardy.tar.gz.gpg'
Resolving <proxy server>
Connecting to <proxy server>:8080... connected.
Proxy request sent, awaiting response... 502 Bad Gateway
11:04:13 ERROR 502: Bad Gateway.
-----------------------

However, if I run this wget from an external machine with a direct
connection, it works correctly:

-----------------------
$ wget --no-cache http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
--11:09:42--  http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg
           => `hardy.tar.gz.gpg'
Resolving archive.ubuntu.com... 91.189.88.45, 91.189.88.46, 91.189.88.31
Connecting to archive.ubuntu.com|91.189.88.45|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 191 [application/x-tar]

100%[================================================================================================================>]
191           --.--K/s

11:09:42 (5.30 MB/s) - `hardy.tar.gz.gpg' saved [191/191]
-----------------------

Using tcpdump to capture this conversation from the external system, and
wireshark's "Follow TCP Stream" utility to interpret it, one sees that,
in the successful direct connection, the server archive.ubuntu.com is
identifying the download as having content-encoding of x-gzip, while the
packet itself contains a text gpg signature:

-----------------------
GET /ubuntu/dists/hardy-proposed/main/dist-upgrader-all/0.87.27/hardy.tar.gz.gpg HTTP/1.0
Pragma: no-cache
User-Agent: Wget/1.10.2
Accept: */*
Host: archive.ubuntu.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Thu, 03 Jul 2008 14:29:48 GMT
Server: Apache/2.0.55 (Ubuntu)
Last-Modified: Fri, 09 May 2008 16:46:50 GMT
ETag: "4074034-bf-44ccef1c47280"
Accept-Ranges: bytes
Content-Length: 191
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-tar
Content-Encoding: x-gzip

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBIJH/6QJdur0N9BbURAgyxAJ4mn9rGKONYm5J4OiKvDvhGB8ypLQCgrSyh
0ZUEkk2K32jQ47tO32hN2Uo=
=jJYy
-----END PGP SIGNATURE-----
-----------------------

Looking at the detailed response from the proxy server to the internal
system confirms that this is the problem; the proxy server reports:

-----------------------
Server response could not be decoded using encoding type returned by server. This is typically caused by a Web Site presenting a content encoding header of one type, and then encoding the data differently.
-----------------------

** Affects: ubuntu
     Importance: Undecided
     Assignee: Ubuntu Package Archive Administrators (ubuntu-archive)
         Status: New

-- 
Ubuntu archive server returning incorrect content-encoding
https://bugs.launchpad.net/bugs/245219
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a bug assignee.

More information about the ubuntu-archive mailing list