How does the update manager verify the update sites?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
RobertoR
Level 1
Level 1
Posts: 16
Joined: Tue Jul 17, 2018 12:35 pm

How does the update manager verify the update sites?

Post by RobertoR » Tue Jul 17, 2018 9:19 pm

I have been wondering about this for years, specially because most update sites are http and no https.
From the base package they are all http.

How does the update manager verify if the update sites are who they are?

gm10
Level 7
Level 7
Posts: 1675
Joined: Thu Jun 21, 2018 5:11 pm

Re: How does the update manager verify the update sites?

Post by gm10 » Tue Jul 17, 2018 9:51 pm

Signature check on the repository manifest which contains the package checksums. man apt-secure or google for further reading. ;)

RobertoR
Level 1
Level 1
Posts: 16
Joined: Tue Jul 17, 2018 12:35 pm

Re: How does the update manager verify the update sites?

Post by RobertoR » Wed Jul 18, 2018 8:41 am

I have been looking many times to find some information about that. If I search for apt-secure there is way more information to find.

It would not been me, if I do not some testing to see how things work... so I restart my computer and when there was no traffic flowing in or out I did:
sudo apt-get update

While in a other terminal.
sudo tcpdump -i tun0

all the traffic did look normal,... but 1 line got my attention...

Code: Select all

04:07:26.476296 IP android-216ec9391e7c483b.56218 > mx.sygnow.net.http: Flags [P.], seq 152:351, ack 455, win 237, options [nop,nop,TS val 1188012375 ecr 1534082673], length 199: HTTP: GET /dists/tara/Release HTTP/1.1
That much be: http://packages.linuxmint.com/dists/tara/Release
ping mx.sygnow.net ping: mx.sygnow.net: Name or service not known
traceroute mx.sygnow.net
mx.sygnow.net: Name or service not known
Cannot handle "host" cmdline arg `mx.sygnow.net' on position 1 (argc 1)

traceroute mx.sygnow.net
I think I got a DROP on the end, what I also do on my computer...
28 * * *
29 * * *
30 * * *

OK,.. I am getting curious...
whois sygnow.net

I am wondering, can anyone verify that mx.sygnow.net is really packages.linuxmint.com

User avatar
smurphos
Level 6
Level 6
Posts: 1166
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: How does the update manager verify the update sites?

Post by smurphos » Wed Jul 18, 2018 9:00 am

mx.sygnow.net = http://208.77.20.11/ = Image

Yes it's the main mirror....

gm10
Level 7
Level 7
Posts: 1675
Joined: Thu Jun 21, 2018 5:11 pm

Re: How does the update manager verify the update sites?

Post by gm10 » Wed Jul 18, 2018 9:06 am

Just run tcpdump with -n parameter so it doesn't try to resolve names but gives you the actual IP that was used instead. Even better, enable verbose output. sudo tcpdump ip -nvvvS produces:

Code: Select all

> 68.235.39.11.80: Flags [P.], cksum 0x2ea9 (correct), seq 2668598991:2668599190, ack 3714741436, win 237, options [nop,nop,TS val 3006985730 ecr 4080025099], length 199: HTTP, length: 199
	GET /dists/tara/Release HTTP/1.1
	Host: packages.linuxmint.com
	Cache-Control: max-age=0
	Accept: text/*
	If-Modified-Since: Tue, 17 Jul 2018 10:03:57 GMT
	User-Agent: Debian APT-HTTP/1.3 (1.6.3)
To confirm:

Code: Select all

$ host packages.linuxmint.com
packages.linuxmint.com has address 68.235.39.11
packages.linuxmint.com has address 208.77.20.11

Post Reply

Return to “Newbie Questions”