Bug#1058566: auto-apt-proxy: "approx" should not be given https URLs
Hello, Am Fri, 6 Sep 2024 18:17:50 -0300 schrieb Antonio Terceiro : > Control: tag -1 + wontfix agreed. Thank you for your consideration! Cheers, Lars
Bug#1058566: auto-apt-proxy: "approx" should not be given https URLs
Control: tag -1 + wontfix Control: retitle -1 auto-apt-proxy: https mirror URLs might not work depending on the proxy configuration Hi, On Fri, Sep 06, 2024 at 03:49:47PM +0200, Lars Kruse wrote: > Hello, > > > Am Wed, 4 Sep 2024 19:48:27 -0300 > schrieb Antonio Terceiro : > > > Can you please clarify how exactly are you hitting this issue? Can you > > provide an example of how I can reproduce this? > > yes, sorry for omitting these details in my initial bug report. > > I just created a fresh image for testing and ran the following procedure: > > 1. `apt install auto-apt-proxy ca-certificates` >(certificates are necessary for https connections) > 1. change the URL in `/etc/apt/sources.list` to > http://deb.debian.org/debian > 1. run `apt update` -> success > 1. change the URL in `/etc/apt/sources.list` to > https://deb.debian.org/debian > 1. run `apt update` -> failure (see below) > 1. `apt purge auto-apt-proxy` > 1. run `apt update` -> success > > > Here `auto-apt-proxy` detected the presence of approx via the DNS SRV entry > (_apt_proxy._tcp). > > The above example illustrates, that auto-apt-proxy will send the request for > an https ressource to approx, even though approx cannot handle such requests. > > Of course, the use case behind the above switch to "https" can be questioned, > since the default settings for apt servers usually use http URLs. > > In my use case we stumbled upon the problem, since our internal apt repository > server is usually accessed via https (for no specific reasons). > This turned out to be problematic as soon as approx was indirectly used via > auto-apt-proxy. > > I hope, this clarifies my use case. It does. However, HTTP proxy servers and HTTPS is usually problematic regardless of auto-apt-proxy being in use or not. apt-cacher-ng needs a specific line in the config file to make it work, and approx seems to not support HTTPS at all based on what you are saying. Whether HTTPS will work or not will always depend on the proxy configuration, and there is not much I can do on auto-apt-proxy to detect that. For you case, as a workaround you could put the following in a file under /etc/apt/apt.conf.d/: Acquire::https::Proxy "DIRECT"; or even Acquire::https::Proxy::mirror.hostname "DIRECT"; signature.asc Description: PGP signature
Bug#1058566: auto-apt-proxy: "approx" should not be given https URLs
Hello, Am Wed, 4 Sep 2024 19:48:27 -0300 schrieb Antonio Terceiro : > Can you please clarify how exactly are you hitting this issue? Can you > provide an example of how I can reproduce this? yes, sorry for omitting these details in my initial bug report. I just created a fresh image for testing and ran the following procedure: 1. `apt install auto-apt-proxy ca-certificates` (certificates are necessary for https connections) 1. change the URL in `/etc/apt/sources.list` to http://deb.debian.org/debian 1. run `apt update` -> success 1. change the URL in `/etc/apt/sources.list` to https://deb.debian.org/debian 1. run `apt update` -> failure (see below) 1. `apt purge auto-apt-proxy` 1. run `apt update` -> success Here `auto-apt-proxy` detected the presence of approx via the DNS SRV entry (_apt_proxy._tcp). The above example illustrates, that auto-apt-proxy will send the request for an https ressource to approx, even though approx cannot handle such requests. Of course, the use case behind the above switch to "https" can be questioned, since the default settings for apt servers usually use http URLs. In my use case we stumbled upon the problem, since our internal apt repository server is usually accessed via https (for no specific reasons). This turned out to be problematic as soon as approx was indirectly used via auto-apt-proxy. I hope, this clarifies my use case. Cheers, Lars Error message during "apt update" for HTTPS URL via approx: Err:2 https://deb.debian.org/debian bookworm InRelease Invalid response from proxy: HTTP/1.1 403 Forbidden Content-type: text/html Content-Length: 76 Date: Fri, 06 Sep 2024 02:12:16 GMT Server: approx/5.12 Ocamlnet/ [IP: fdb5:576b:c643:100:216:3eff:fe27:86ee ] Err:3 https://deb.debian.org/debian bookworm-updates InRelease Invalid response from proxy: HTTP/1.1 403 Forbidden Content-type: text/html Content-Length: 76 Date: Fri, 06 Sep 2024 02:12:17 GMT Server: approx/5.12 Ocamlnet/ [IP: fdb5:576b:c643:100:216:3eff:fe27:86ee ] Reading package lists... Done Building dependency tree... Done Reading state information... Done All packages are up to date. W: Failed to fetch https://deb.debian.org/debian/dists/bookworm/InRelease Invalid response from proxy: HTTP/1.1 403 Forbidden Content-type: text/html Content-Length: 76 Date: Fri, 06 Sep 2024 02:12:16 GMT Server: approx/5.12 Ocamlnet/ [IP: fdb5:576b:c643:100:216:3eff:fe27:86ee ] W: Failed to fetch https://deb.debian.org/debian/dists/bookworm-updates/InRelease Invalid response from proxy: HTTP/1.1 403 Forbidden Content-type: text/html Content-Length: 76 Date: Fri, 06 Sep 2024 02:12:17 GMT Server: approx/5.12 Ocamlnet/ [IP: fdb5:576b:c643:100:216:3eff:fe27:86ee ]
Bug#1058566: auto-apt-proxy: "approx" should not be given https URLs
Control: tag -1 + moreinfo Hi, thanks for your bug report. On Wed, Dec 13, 2023 at 12:42:24AM +0100, Lars Kruse wrote: > Package: auto-apt-proxy > Version: 14.1 > Severity: normal > > Dear Maintainer, > > according to d#756656 [1] https-URLs cannot be given to `approx`. > Thus, the `approx` check should be skipped when an https URL is > requested. Can you please clarify how exactly are you hitting this issue? Can you provide an example of how I can reproduce this? signature.asc Description: PGP signature
Bug#1058566: auto-apt-proxy: "approx" should not be given https URLs
Package: auto-apt-proxy Version: 14.1 Severity: normal Dear Maintainer, according to d#756656 [1] https-URLs cannot be given to `approx`. Thus, the `approx` check should be skipped when an https URL is requested. Cheers, Lars [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756656