Your message dated Mon, 18 Oct 2021 14:48:28 +0000 with message-id <[email protected]> and subject line Bug#990555: fixed in apt 2.3.10 has caused the Debian Bug report #990555, regarding When using an HTTPS proxy for HTTP repositories, APT ignores CaInfo (and possibly other Acquire::https options) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 990555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990555 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: apt Version: 1.8.2.3 When using an HTTPS proxy for plain-HTTP repositories, it seems that CaInfo is ignored. Typically: apt-get -o Acquire::https::CaInfo=/cafile.crt -o Acquire::http::Proxy= ["https://apt-cache.local";](https://apt-cache.local) update will fail with: Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. I did verify that my certificate and configuration are valid, in two different ways: 1. if I add my certificate into /etc/ssl/certs, things will work as expected 2. when accessing the proxy as if it was a repository itself, directly, using -o Acquire::https::CaInfo works as expected My intuition is that because the repository is plain http, apt drops out any Acquire::https configuration before attempting to connect to the proxy. To validate that, I tried to add on a hunch: -o Acquire::http::CaInfo=/cafile ... it makes it work... though this doesn't seem to be documented (and does not make much sense?). What are your thoughts? Thanks.
--- End Message ---
--- Begin Message ---Source: apt Source-Version: 2.3.10 Done: Julian Andres Klode <[email protected]> We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Andres Klode <[email protected]> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Oct 2021 16:35:21 +0200 Source: apt Architecture: source Version: 2.3.10 Distribution: unstable Urgency: medium Maintainer: APT Development Team <[email protected]> Changed-By: Julian Andres Klode <[email protected]> Closes: 989558 990281 990555 Changes: apt (2.3.10) unstable; urgency=medium . [ Julian Andres Klode ] * basehttp: Turn HaveContent into a TriState * Set haveContent to FALSE on `Content-Length: 0` (Closes: #990281) * Add support for embedding PGP keys into Signed-By in deb822 sources . [ David Kalnischkies ] * All pkgCaches are MultiArch caches * Do not strip M-A for native build-dep resolution * Do not make provides of M-A:allowed implicit M-A:foreign * Barbarian M-A:allowed don't satisfy :any deps of other archs * Streamline access to barbarian architecture functionality * Read and work with canonical file-URIs from sources.lists * Use https config on https proxies for http servers (Closes: #990555) * Add AllowRange option to disable HTTP Range usage * Disable HTTP Range usage if varnish < 6.4 is involved * Use exact If-Range match in our test webserver . [ Johannes Schauer Marin Rodrigues ] * add pattern to select packages by priority (closes: #989558) Checksums-Sha1: ff394f947012a3cbdb48cf300e984217ec6dab95 2801 apt_2.3.10.dsc c8f4eb4bc07561c0b3cde3ab545a66755196ae82 2210032 apt_2.3.10.tar.xz 28b58837dfa8ae367c501638fa1e50c088926f0d 7439 apt_2.3.10_source.buildinfo Checksums-Sha256: 2e9d0653225719d65892256b823e251c855100e83e6231b2bd4977e7dd6f7b45 2801 apt_2.3.10.dsc 145c02b998c52b11a49d2cf845c7d4fd85201c4c182c3779502c8e05602d4935 2210032 apt_2.3.10.tar.xz 4c917abf7cc58d2af7503f0d320c08da085ddad552a573e9abd22f57ba15ceba 7439 apt_2.3.10_source.buildinfo Files: dfc5280a1f8c03fa606227c2c7cdff01 2801 admin important apt_2.3.10.dsc 48357ffef0f3adfb29fba983438bfea0 2210032 admin important apt_2.3.10.tar.xz 33b32eb7d1221f9438c63b55ead4fd35 7439 admin important apt_2.3.10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmFthrcPHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xCJAQAKSW3p0q+vo4yXcafD9ruxDUeS1o0OeruYd6 7mSZM413cjsXP2SgInG/QKX1Q6g2vd/t11/AQ9y6tM3L3Vc5hCB46VXa3vofTy/X NE7bPi+ISr06TjzgkWtpADC+cfAaeW35C2wFGFqx4kv9OTExJyWH0tl1kHZVNZ5I j5+9m+rDlLsaLW/6YPme1aVkwyfhVmjpazROzVH6IptxqGvsTVl4YIkEZypwW7F6 v3B6NfLvSzm1fPrvjQsNiTRnfZ23tiTyu0INTSROkGtl7kAEHE98d3qjmKnvYPfc K8aG0rxKBBs5d/2MLF0HF5ns+0FWFQMYTCy+9jwP+C1ftGLvvg891BTzwLbaTp0E nab3DW2ezXWQEuoQdj75jddGPRGoplKFPZMsHc0P2yHsWJYPRpoA8ncZtpJMkOEM JeMa97TmV/u9IbSC5yjI8yOBW61DmQujbLC2TnCyIDGY8+F9ZzPPBdAtdFP1wEk3 E7qH6oWhMDjpZg+PXEKpL3KeUrYvjE5jnO8/F2t/MW76vI5x4RsSAcfRMWyPr/iJ 0QudPCiF694+IIUUnX1kxnmVGlzPHCRCMMWcqM0gaB/cZth8KqcUlCFM26aKuxms MKRAMjCvMaSxsSuu2B7g7/NpfFn2rVT8lmwXg1Wmgtd0b7BasyUsSo9C0UGRnDbW BVTRhwLc =OWNc -----END PGP SIGNATURE-----
--- End Message ---
