[Apt-cacher-ng-users] Client-side pipelining borks the cache
Gabriel de Perthuis
g2p.code at gmail.com
Sat Oct 19 17:24:52 UTC 2013
Hello,
If I enable pipelining from apt:
Acquire::http { Pipeline-Depth "200"; }
without enabling it in acng.conf,
the client causes the cache to become corrupt after a while.
Being client-initiated, that's a denial of service.
The corruption looks like this:
Failed to fetch
http://fr.archive.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-data_2.38.1-0ubuntu1_all.deb
Size mismatch
(for many files in a row).
The package contents seem to be off by one:
one package has the data of the next corrupted package, until the last
one which has the data of a successfully downloaded package.
The backends_ubuntu.default file contains a single mirror:
http://ftp.free.org/mirrors/archive.ubuntu.com/ubuntu/
The basic scan at http://localhost:3142/acng-report.html (without any of
the "not recommended" options that do extra validation) fails to detect
the corruption. The header files acng keeps are consistent with the
file sizes, but both are mismatched wrt the size in the package index.
This is acng 0.7.18-1 (latest release).
By the way, a public git or similar repository would be appreciated.
I would try to use dgit but it's only available to debian developers.
More information about the Apt-cacher-ng-users
mailing list