[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#929224: apt-cacher-ng, debootstrap and deb.debian.org combination fails

Package: apt-cacher-ng, debootstrap
Version: 3.2-1, 1.0.114
X-debbugs-cc: debian-admin@lists.debian.org

Dear maintainers and DSA,

The combination of apt-cacher-ng, debootstrap and the deb.debian.org
service fails:

    root@iris:/srv/chroot>http_proxy=http://localhost:3142 debootstrap sid chr/ http://deb.debian.org/debian
    I: Target architecture can be executed
    I: Retrieving InRelease
    I: Retrieving Release
    E: Failed getting release file http://deb.debian.org/debian/dists/sid/Release

However, replacing deb.debian.org with cdn-fastly.deb.debian.org
succeeds.  And note that apt can happily use the combination of
apt-cacher-ng and <http://deb.debian.org/debian>.

I thought that the problem is that apt-cacher-ng is not able to resolve
SRV records.  However, I'm not so sure about that now.  debootstrap uses
wget to download stuff, so I tried this:

    root@iris:/srv/chroot>http_proxy=http://localhost:3142 wget http://deb.debian.org/debian/dists/sid/Release
    URL transformed to HTTPS due to an HSTS policy
    --2019-05-19 07:54:37--  https://deb.debian.org/debian/dists/sid/Release
    Resolving localhost (localhost)... ::1,
    Connecting to localhost (localhost)|::1|:3142... connected.
    Proxy tunneling failed: CONNECT denied (ask the admin to allow HTTPS tunnels)Unable to establish SSL connection.

I then tried passing --no-hsts to wget, which allowed the download to
succeed, and after that the file was cached by apt-cacher-ng so
--no-hsts was no longer needed.

I don't know whether debootstrap needs to start passing --no-hsts to
wget, or apt-cacher-ng should be fixed, or there is a configuration
problem with the deb.debian.org service.  But since this is our main
CDN, it seems like it ought to be possible to use the combination of
apt-cacher-ng, deb.debian.org and debootstrap.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: