V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
raysonx
V2EX  ›  宽带症候群

联通的緩存劫持会导致 APT 和 YUM 更新软件源时校验失败

  •  
  •   raysonx · 2016-11-20 15:16:48 +08:00 · 3552 次点击
    这是一个创建于 2917 天前的主题,其中的信息可能已经有所发展或是发生改变。

    看到有人给这种劫持洗地,忍不住来发一帖。 比如用 APT 更新软件源时,联通的缓存会导致校验失败:

    # apt update
    Ign http://archive.ubuntu.com trusty InRelease
    Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
    Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB]            
    Get:3 http://archive.ubuntu.com trusty Release.gpg [933 B]                     
    Get:4 http://archive.ubuntu.com trusty-updates/main Sources [476 kB]           
    Get:5 http://archive.ubuntu.com trusty-updates/restricted Sources [476 kB]     
    Get:6 http://archive.ubuntu.com trusty-updates/universe Sources [214 kB]       
    Get:7 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1145 kB]   
    Get:8 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [1145 kB]
    Get:9 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [502 kB]
    Get:10 http://archive.ubuntu.com trusty-security/main Sources [40 B]           
    Get:11 http://archive.ubuntu.com trusty-security/restricted Sources [476 kB]   
    Get:12 http://archive.ubuntu.com trusty-security/universe Sources [40 B]       
    Get:13 http://archive.ubuntu.com trusty-security/main amd64 Packages [681 kB]  
    99% [13 Packages 629 kB/681 kB 92%]                                3565 B/s 14s^C
    root@09b8e74b8f93:/# apt update
    Ign http://archive.ubuntu.com trusty InRelease
    Hit http://archive.ubuntu.com trusty-updates InRelease
    Hit http://archive.ubuntu.com trusty-security InRelease
    Get:1 http://archive.ubuntu.com trusty Release.gpg [933 B]
    Get:2 http://archive.ubuntu.com trusty-updates/main Sources [476 kB]
    Get:3 http://archive.ubuntu.com trusty-updates/restricted Sources [476 kB]     
    Get:4 http://archive.ubuntu.com trusty-updates/universe Sources [9183 B]       
    Get:5 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1145 kB]   
    Get:6 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [1145 kB]
    Get:7 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [1145 kB]
    Get:8 http://archive.ubuntu.com trusty-security/main Sources [1335 kB]         
    Get:9 http://archive.ubuntu.com trusty-security/restricted Sources [476 kB]    
    Get:10 http://archive.ubuntu.com trusty-security/universe Sources [1335 kB]    
    Get:11 http://archive.ubuntu.com trusty-security/main amd64 Packages [1145 kB] 
    Get:12 http://archive.ubuntu.com trusty-security/restricted amd64 Packages [17.0 kB]
    Get:13 http://archive.ubuntu.com trusty-security/universe amd64 Packages [1145 kB]
    Get:14 http://archive.ubuntu.com trusty Release [58.5 kB]                      
    Get:15 http://archive.ubuntu.com trusty/main Sources [40 B]                    
    Get:16 http://archive.ubuntu.com trusty/restricted Sources [5335 B]            
    Get:17 http://archive.ubuntu.com trusty/universe Sources [214 kB]              
    Get:18 http://archive.ubuntu.com trusty/main amd64 Packages [19.6 kB]          
    Get:19 http://archive.ubuntu.com trusty/restricted amd64 Packages [1640 kB]    
    Get:20 http://archive.ubuntu.com trusty/universe amd64 Packages [17.0 kB]      
    Fetched 11.8 MB in 8s (1337 kB/s)                                              
    W: Size of file /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_source_Sources.gz is not what the server reported 9183 213537
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/restricted/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/universe/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/restricted/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/universe/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/main/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/restricted/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/universe/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/universe/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/universe/source/Sources  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/restricted/binary-amd64/Packages  Hash Sum mismatch
    
    W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/universe/binary-amd64/Packages  Hash Sum mismatch
    
    E: Some index files failed to download. They have been ignored, or old ones used instead.
    
    

    不明真相的新手用户肯定会因为这种问题受阻。

     $ curl -v http://archive.ubuntu.com/ubuntu/dists/trusty/universe/binary-amd64/Packages.gz
    *   Trying 91.189.88.161...
    * Connected to archive.ubuntu.com (91.189.88.161) port 80 (#0)
    > GET /ubuntu/dists/trusty/universe/binary-amd64/Packages.gz HTTP/1.1
    > Host: archive.ubuntu.com
    > User-Agent: curl/7.47.1
    > Accept: */*
    > 
    < HTTP/1.1 302 Found
    < Content-Length: 0
    < Cache-Control: no-cache
    < Connection: close
    < Location: http://120.52.72.23:80/archive.ubuntu.com/c3pr90ntc0td/ubuntu/dists/trusty/universe/binary-amd64/Packages.gz
    < 
    * Closing connection 0
    
    7 条回复    2017-01-28 10:28:00 +08:00
    akw2312
        1
    akw2312  
       2016-11-20 15:18:01 +08:00 via Android
    聯通的有緩存 電信的可能只是反代
    不過這個 iptables 應該能幹掉吧..
    話說聯通直接用首都在線的 mirror 就好 速度挺快的
    aihimmel
        2
    aihimmel  
       2016-11-20 15:28:17 +08:00 via Android
    SSL
    dangge
        3
    dangge  
       2016-11-20 15:50:01 +08:00
    安利一波
    https://mirrors.zzu.edu.cn/
    带宽不大,但是好歹有 SSL 保证不被劫持
    PS:其实 USTC 啊 TUNA 这些大学的镜像站也是有 SSL 的~
    zstack
        4
    zstack  
       2016-11-20 16:03:02 +08:00
    用阿里云的 mirror 应该速度质量都比较有保障
    Cu635
        5
    Cu635  
       2016-11-20 16:16:32 +08:00
    解决方法是用 https 链接源,这时候需要安装 apt-transport-https 这个包。

    联通的还算好,那些小运营商的缓存那更可恶。
    blindlf
        6
    blindlf  
       2017-01-02 22:35:07 +08:00
    http://archive.ubuntu.com
    http://ppa.launchpad.net
    apt-get update 时总是 Hash Sum Mismatch ,搞了 2 天,一直没法安装软件。今天才发现 TMD 联通搞鬼。 archive.ubuntu.com 有镜像还好点, ppa 没有镜像。日了狗的联通。
    hbq007
        7
    hbq007  
       2017-01-28 10:28:00 +08:00
    帝都实测,昨天还没有今天就被劫持了 日了 U •ェ•*U 服了。。。

    真怀疑 到底有没有底线。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5345 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 07:28 · PVG 15:28 · LAX 23:28 · JFK 02:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.