Upgrade to 16.04 blocked by firewall due to HTTP violation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-manager (Ubuntu) |
Fix Released
|
Medium
|
Brian Murray | ||
Xenial |
Fix Released
|
Medium
|
Brian Murray |
Bug Description
Upgrading from 15.10 to 16.04 may fail e.g. in corporate environments where firewall or IDS/IPS equipment enforce strict HTTP protocol usage. The failure occurs right in the beginning of the upgrade, as the upgrader fails to retrieve the release announcement that would be shown to the user. The problem is the URI in the HTTP request, which contains the version string '16.04 LTS' without proper encoding. Spaces should be encoded as '%20' in an URI, but method _get_release_
# get the version to upgrade to
q += "ver=%s" % dist.version
I think it would be necessary to use something like urllib.
Below is the problematic HTTP request. It is dropped by the firewalls in the corporation where I work. At home the upgrade works without problem.
HEAD /ubuntu/
Accept-Encoding: identity
User-Agent: Python-urllib/3.4
Connection: close
Host: archive.ubuntu.com
Release and package info:
Description: Ubuntu 15.10
Release: 15.10
python3-
Installed: 1:15.10.3
Candidate: 1:15.10.3
Version table:
*** 1:15.10.3 0
500 http://
100 /var/lib/
Related branches
tags: | added: kubuntu xenial |
Changed in ubuntu-release-upgrader (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in update-manager (Ubuntu Xenial): | |
status: | Triaged → In Progress |
This problem only seems to affect Kubuntu upgrades, where the graphical frontend 'DistUpgradeVie wKDE' is used.
If the text mode upgrade is used (e.g. 'do-release-upgrade -d') the release notes are not shown at all. Also if the GTK graphical frontend is used (e.g. 'do-release-upgrade -d --frontend= DistUpgradeView Gtk3') there is no problem, the release notes are correctly downloaded and shown. But with the KDE frontend ('do-release- upgrade -d --frontend= DistUpgradeView KDE' or 'kubuntu- devel-release- upgrade' ), the HTTP request is made with an illegal URI containing a space. In presence of a strict firewall that request may be dropped, and the upgrade doesn't proceed.
The reason why the GTK frontend works is that the invalid URI is passed to WebKit, which "fixes" the URI, i.e. encodes the space in the URI as %20 before sending the HTTP request to the server. With the KDE frontend, however, the URI is passed to python's urllib. request. urlopen( ) function, which doesn't "fix" the URI, i.e. the HTTP request is made with the illegal URI containing a space (coming from the version string '16.04 LTS', i.e. this problem only affects upgrades to LTS releases).
I believe this is a bug in MetaRelease.py which produces the 'dist.releaseNo tesHtmlUri' but doesn't encode it properly for use as an URI.