Bug#508295: debootstrap: doesn't work with proxifiers (tsocks and proxychains)
On Tue, Dec 09, 2008 at 08:34:03PM +0200, Eugene V. Lyubimkin wrote:
> One of my machines is behind the corporative proxy (both HTTP and SOCKSv5).
> For applications that have not built-in proxy support I successfully use either
> tsocks (SOCKS) or proxychanins proxifiers. They works well with 'bts' or
> 'reportbug', but debootstrap'ping always silently fail with 'Unable to retrieve Release'.
> 'strace -e trace=network' doesn't show any relevant info. Please investigate the
> problem and suggest some solution or even a workaround would be appreciated.
How are you invoking debootstrap? The following is a guess:
Both tsocks and proxychains appear to operate by setting the LD_PRELOAD
environment variable. This environment variable is removed by glibc when
executing any set-id program (including sudo, su, etc.) because it is an
easy way for a non-root attacker to attack any such set-id program. This
is inherent to set-id programs and has nothing to do with debootstrap
Unless it's straightforward to start tsocks or proxychains *after*
escalating to root, perhaps you might try something like this:
sudo env LD_PRELOAD="$LD_PRELOAD" debootstrap ...
(I agree that this is not obvious. I don't think debootstrap's
documentation is a good place to talk about it, though; if this is
indeed the problem then I think it should be documented by tsocks and
Colin Watson [email@example.com]