[Bug 1693900] Re: apt-get update should return exit code != 0 on error

Ryan Jaeb 1693900 at bugs.launchpad.net
Sun May 31 03:13:05 UTC 2020 

@Julian Andres Klode Is this something you'd be willing to reassess?  I
saw your old message [1] on the Debian list that says:

> The question what a successful update is is complicated and depends
on the expections of the person using APT.

With that in mind, I'd say there are situations where it's reasonable
for the expectation to be that `apt-get update` fails on any error.  I
completely understand the reasoning for the default behavior and don't
expect that to change, but a `--strict` switch (or similar) like the one
suggested in the mailing list would be extremely useful to some of us.

Even an advanced option like (note this is not real) `-o=APT::Get
::Strict-Mode=1` would be useful if that's easier than a full blown
command line switch.  I'm not sure I got the syntax right, but I'm sure
you get the idea.

With containerization gaining popularity, I think there could be a lot
of people who have automated build systems set up where they pull a
container, (try to) apply security updates, and so on...  In those
cases, the warnings are really hard to notice since the build system
claims everything is OK.  Automated build systems that use Docker tend
to surface the problem a bit more because of the way they handle DNS
[2][3].  The TLDR of those issues is that Docker tries to be smart and
sometimes falls back to Google DNS:

> level=info msg="No non-localhost DNS nameservers are left in
resolv.conf. Using default external servers: [nameserver 8.8.8.8
nameserver 8.8.4.4]"

For anyone using an internal APT mirror, a bunch of assumptions get
broken, but nothing throws an error to surface the break down.  I bet
there's a subset of developers that don't realize their automated builds
could be failing to apply updates.

I spent several hours today trying to find a reasonable workaround, but
all I could find were people trying to parse apt-get's output in a
variety of creative ways.  AFAIK, there aren't any good workarounds.  I
even tried fumbling my way through the source code to see if there were
any existing options to control the behavior, but didn't have much luck
(I don't know C++ though).

So, I guess I have two questions.  First, is there _any_ way to make
`apt-get update` fail on any error?  Second, if the answer to my first
question is no, would you consider adding an option that lets us control
it?

1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152#15
2) https://github.com/moby/moby/issues/23910
3) https://github.com/moby/libnetwork/issues/1654

** Bug watch added: Debian Bug tracker #776152
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152

** Bug watch added: github.com/moby/moby/issues #23910
   https://github.com/moby/moby/issues/23910

** Bug watch added: github.com/moby/libnetwork/issues #1654
   https://github.com/moby/libnetwork/issues/1654

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1693900

Title:
  apt-get update should return exit code != 0 on error

Status in apt package in Ubuntu:
  Triaged

Bug description:
  When running 'apt-get update' (e.g. on a container install post-
  install script), apt-get return with exit code 0, even so it wasn't
  able to "update" properly. E.g.:

  + apt-get update
  Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease
    Temporary failure resolving 'de.archive.ubuntu.com'
  Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
    Temporary failure resolving 'security.ubuntu.com'
  Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease
    Temporary failure resolving 'de.archive.ubuntu.com'
  Reading package lists... Done
  W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease  Temporary failure resolving 'de.archive.ubuntu.com'
  W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  Temporary failure resolving 'de.archive.ubuntu.com'
  W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
  W: Some index files failed to download. They have been ignored, or old ones used instead.

  It should be corrected to return useful exit code, so that scripts can
  take the appropriate actions ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions

More information about the foundations-bugs mailing list