Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 767301 - https://packages.gentoo.org/packages/media-libs/libmediainfo throws 502
Summary: https://packages.gentoo.org/packages/media-libs/libmediainfo throws 502
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Packages Website
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-26 17:02 UTC by Alec Warner (RETIRED)
Modified: 2021-08-25 23:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-26 17:02:07 UTC 
http-serving_1  | 2021/01/26 16:58:17 http: panic serving 172.18.0.1:58314: runtime error: index out of range [0] with length 0
http-serving_1  | goroutine 2775462 [running]:
http-serving_1  | net/http.(*conn).serve.func1(0xc0003ce640)
http-serving_1  |       /usr/local/go/src/net/http/server.go:1772 +0x139
http-serving_1  | panic(0xe9b7c0, 0xc000ec96e0)
http-serving_1  |       /usr/local/go/src/runtime/panic.go:973 +0x396
http-serving_1  | soko/pkg/app/handler/packages.getPackageUseflags(0xc00191e300, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001348960, 0x10)
http-serving_1  |       /go/src/soko/pkg/app/handler/packages/utils.go:270 +0xece
http-serving_1  | soko/pkg/app/handler/packages.Show(0x1084da0, 0xc00016aa80, 0xc00137ce00)
http-serving_1  |       /go/src/soko/pkg/app/handler/packages/show.go:85 +0x831
http-serving_1  | soko/pkg/app.mw.func1(0x1084da0, 0xc00016aa80, 0xc00137ce00)
http-serving_1  |       /go/src/soko/pkg/app/serve.go:132 +0x65
http-serving_1  | net/http.HandlerFunc.ServeHTTP(0xc00049ead0, 0x1084da0, 0xc00016aa80, 0xc00137ce00)
http-serving_1  |       /usr/local/go/src/net/http/server.go:2012 +0x44
http-serving_1  | net/http.(*ServeMux).ServeHTTP(0x17335e0, 0x1084da0, 0xc00016aa80, 0xc00137ce00)
http-serving_1  |       /usr/local/go/src/net/http/server.go:2387 +0x1a5
http-serving_1  | net/http.serverHandler.ServeHTTP(0xc0004142a0, 0x1084da0, 0xc00016aa80, 0xc00137ce00)
http-serving_1  |       /usr/local/go/src/net/http/server.go:2807 +0xa3
http-serving_1  | net/http.(*conn).serve(0xc0003ce640, 0x1087960, 0xc00172ca40)
http-serving_1  |       /usr/local/go/src/net/http/server.go:1895 +0x86c
http-serving_1  | created by net/http.(*Server).Serve
http-serving_1  |       /usr/local/go/src/net/http/server.go:2933 +0x35c


TL;DR, we fetch a Package model (with a bunch of relations) and for some reason the "Versions" relation returns a *Versions slice that is nil instead of full, then we 0 index the version slice.

WHen you pass a slice, you gotta check that its not-nil.
Comment 1 Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-27 06:28:51 UTC 
The underlying bug is that:

06:13 < antarus> or we can debug why the versions are not there?
06:23 < antarus> soko=# select * from versions where atom = 'media-libs/libmediainfo'; id | category | package | atom | version | slot | subslot | eapi | keywords | useflags | restricts | 
                 properties | homepage | license | description 
06:23 < antarus> ----+----------+---------+------+---------+------+---------+------+----------+----------+-----------+------------+----------+---------+-------------
06:23 < antarus> (0 rows)
06:23 < antarus> so this is of course the problem
06:23 < antarus> arzano: so the next tool might be "run an update for a given CPV and see the log..."
06:23 < antarus> lets see if /var/log/soko has stuff
06:25 < antarus> sam_: so seemingly the probelm is someone removed 3 versions and added $NEW_VERSION-r1
06:25 < antarus> sam_: we removed the 3 removals from the DB
06:25 < antarus> but didn't add the remaining one
06:25 < antarus> so the versions list is empty..
06:26 < antarus> https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/libmediainfo?id=99603099258b56c694f7668bfa33a1a8fe532995 drops 03 and 08
06:26 < antarus> https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/libmediainfo?id=dcc505f81c1070e7d1838c78902fd55d9c358412 adds 09-r1
06:26 < antarus> https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/libmediainfo?id=f30397e6f9705bb5104d9273fc9dc22e06b14cbf drops 09-r0
06:27 < antarus> so ...why don't we have 09-r1 in the db?

Basically we should have 09-r1 in the db, but we don't because of a bug.

-A
Comment 2 Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-30 01:15:03 UTC 
We root caused this this evening.

To detect changes in git, we use things like git ls-tree or git diff. These rely on us tracking the right git branch. Something happened that put the source tree into a rebase which meant that a subset of files were not accounted for properly. (Often new files would not work, but changed files would....)

I reset the git repo to track master (with no rebase active) and the code started working again.

We should consider how to detect if the git repo is 'tainted' in this way and export a metric for so we can build an alert and playbook for it.

-A
Comment 3 Alec Warner (RETIRED) archtester gentoo-dev Security 2021-01-30 01:15:46 UTC 
I also ran a full update, so a bunch of missing paackages and versions should appear now.

-A