Bug#1042378: marked as done (apt ignores proxy configured in apt-conf if proxy is part of no_proxy env)
Your message dated Thu, 27 Jul 2023 11:18:58 +0200
with message-id <20230727111002.GA1573539@debian.org>
and subject line Re: Bug#1042378: apt ignores proxy configured in apt-conf if proxy is part of no_proxy env
has caused the Debian Bug report #1042378,
regarding apt ignores proxy configured in apt-conf if proxy is part of no_proxy env
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1042378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042378
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Version: 2.2.4
Severity: normal
Dear Maintainer,
* What led up to the situation?
We have a special configuration in a separeted network. There are two
proxies, the "internal proxy" needed zu access the "internal repos" and an
"external proxy" to access "external repos".
The apt config looks like this:
Acquire::http::Proxy::repo.intern.domain.de "http://proxy.intern.domain.de:3142";;
Acquire::https:Proxy::repo.intern.domain.de "http://proxy.intern.domain.de:3142";;
Acquire::http::Proxy "http://IP-OF-PROXY-EXTERN:8080";;
Acquire::https::Proxy "http://IP-OF-PROXY-EXTERN:8080";;
To reach other external and internal services we have to provide
environment variables like this:
http_proxy="http://IP-OF-PROXY-EXTERN:8080";
https_proxy="http://IP-OF-PROXY-EXTERN:8080";
no_proxy="localhost,domain.de"
Now apt ignores the two first lines in its own configuration because the
internal repo is part of domain.de which is part of no_proxy. The internal repo
is not reachable anymore.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Removing domain.de from no_proxy solves the problem for apt, which can
now acces internal and external repos over the defined proxies. But other
services now fail because they try to reach their internal counterparts over the
external proxy.
* What outcome did you expect instead?
I would expect that the apt own configuration gets priority over the
environment variable no_proxy.
Regards,
Matthias
-- System Information:
Debian Release: 11.7
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-23-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt depends on:
ii adduser 3.118
ii debian-archive-keyring 2021.1.1+deb11u1
ii gpgv 2.2.27-2+deb11u2
ii libapt-pkg6.0 2.2.4
ii libc6 2.31-13+deb11u6
ii libgcc-s1 10.2.1-6
ii libgnutls30 3.7.1-5+deb11u3
ii libseccomp2 2.5.1-1+deb11u1
ii libstdc++6 10.2.1-6
ii libsystemd0 247.3-7+deb11u2
Versions of packages apt recommends:
ii ca-certificates 20210119
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.8.13-3
pn dpkg-dev <none>
ii gnupg 2.2.27-2+deb11u2
pn powermgmt-base <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
On Thu, Jul 27, 2023 at 10:36:06AM +0200, entver@nurfuerspam.de wrote:
> Package: apt
> Version: 2.2.4
> Severity: normal
>
> Dear Maintainer,
>
> * What led up to the situation?
>
> We have a special configuration in a separeted network. There are two
> proxies, the "internal proxy" needed zu access the "internal repos" and an
> "external proxy" to access "external repos".
> The apt config looks like this:
>
> Acquire::http::Proxy::repo.intern.domain.de "http://proxy.intern.domain.de:3142";;
> Acquire::https:Proxy::repo.intern.domain.de "http://proxy.intern.domain.de:3142";;
> Acquire::http::Proxy "http://IP-OF-PROXY-EXTERN:8080";;
> Acquire::https::Proxy "http://IP-OF-PROXY-EXTERN:8080";;
>
> To reach other external and internal services we have to provide
> environment variables like this:
>
> http_proxy="http://IP-OF-PROXY-EXTERN:8080";
> https_proxy="http://IP-OF-PROXY-EXTERN:8080";
> no_proxy="localhost,domain.de"
>
> Now apt ignores the two first lines in its own configuration because the
> internal repo is part of domain.de which is part of no_proxy. The internal repo
> is not reachable anymore.
>
> * What exactly did you do (or not do) that was effective (or
> ineffective)?
>
> Removing domain.de from no_proxy solves the problem for apt, which can
> now acces internal and external repos over the defined proxies. But other
> services now fail because they try to reach their internal counterparts over the
> external proxy.
>
> * What outcome did you expect instead?
>
> I would expect that the apt own configuration gets priority over the
> environment variable no_proxy.
Well it's not and other stuff depends on it working that way. There
is a bit of a misalignment in that no_proxy overrides specific proxy
entries, but http_proxy do not, but it is the way it is.
Consider using a different top-level domain for your proxy, or
change your no_proxy to the subdomains you don't want to
proxy.
We could add Acquire::https::Proxy::override kind of hierarchy
but since we're about 2 years of a release, you need to find
a workaround anyhow, so it's not like this produces much value.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
--- End Message ---
Reply to: