Public bug reported: apt uses proxy in order to access local resources. This leads to errors when the proxy is configured to allow only access to the resources that apt is actually expected to be trying to reach.
Steps to reproduce: - In VirtualBox install Ubuntu 21.10, Minimal installation. - In Terminal run: sudo apt install squid-deb-proxy squid-deb-proxy-client sudo apt update After the last step, apt is trying to use the installed squid-deb-proxy, but it fails, because the proxy is configured to allow access only to the mirrors, but apt is trying to use it also to access the locally available keys. As a workaround, the proxy configuration can be changed to accept any connection: in /etc/squid-deb-proxy/squid-deb-proxy.conf replace the line: 'http_access deny !to_archive_mirrors' with 'http_access allow all' run 'sudo systemctl restart squid-deb-proxy' Now, 'sudo apt update' will succeed. While what I managed to "correct" the issue by amending squid-deb-proxy configuration, I believe that it is a bug in apt that uses the proxy when not appropriate. The output of the failing sudo apt update (with IP addresses "anonymized"; the address 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 is supposed to be the IP assigned to the machine where the apt client is running): Err:1 http://lu.archive.ubuntu.com/ubuntu impish InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] Err:2 http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] Err:3 http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease Err:4 http://security.ubuntu.com/ubuntu impish-security InRelease Connection failed [IP: 127.0.0.1 8000] Reading package lists... Done N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish InRelease' is no longer signed. E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-updates/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-backports/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000] E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. ** Affects: apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952720 Title: apt uses proxy in order to access local resources To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1952720/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
