Hello list, I've been distracted for a while in getting the live-build images into Jenkins, now I'm focussing again on the proxy behaviour: https://salsa.debian.org/live-team/live-build/-/merge_requests/252 I'm posting to the list, instead of directly in the merge request, because of the large audience. Now that the proposed --http-proxy 'manual' option is removed, I would also remove the --http-proxy URL version, to keep all simpler. Therefore, there is no need to add a new command line option any more. Getting the behaviour for the http proxy proved to be trickier than I originally thought. I've been digging in the source code for apt, to see how apt handles proxies. The following configuration elements influence the usage of a proxy: * The `lb config` command line option `--apt-http-proxy` ** The `lb` scripts set the apt configuration `Acquire::http::Proxy` when invoking `apt` * The apt configuration `Acquire::http::Proxy-Auto-Detect` (and the legacy `Acquire::http::ProxyAutoDetect`) ** If the script fails, or the result of the script is `DIRECT` or an empty line, it is considered to be not set (https://sources.debian.org/src/apt/2.3.9/apt-pkg/contrib/proxy.cc/) * The apt configuration `Acquire::http::proxy::URL-host` (https://sources.debian.org/src/apt/2.3.9/methods/http.cc/) ** If set to `DIRECT`, it is considered to be not set * The apt configuration `Acquire::http::Proxy` * The environment variable `http_proxy` ** Will be used only when there is no apt configuration * The environment variable `no_proxy` ** It contains a list of domains that must not be handled by a proxy ** Overrides all previous settings by apt and `http_proxy` If none of these configuration elements are set, no proxy will be used. (No change compared to the current code) If more than one configuration element is found, any conflicting setting will result in an error -> a cautious mode. Since `wget` uses `http_proxy` and `debootstrap` uses `wget`, it will be easiest to set `http_proxy` in the `lb` scripts and not to use apt configuration options any more. Additionally, we are using `chroot`, so there is no apt configuration active there (unless it is explicitly configured by the user) and therefore only `http_proxy` will be sufficient. Parsing the full apt configuration is required to find possible configuration conflicts, and to automagically obtain the setting from the host, without the need to use `--apt-http-proxy`. There a minimal amount of documentation regarding the use of a proxy in the manual: https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#464 I'll update the manual as well. As you can see on https://wiki.debian.org/ReproducibleInstalls/LiveImages, I'm using proxies a lot. It saves me lots of bandwidth (and time) while constructing live images. I'm planning to add a section in the live-manual as well about using a proxy while the user is preparing the configuration files (which typically needs several retries before everything is right). Development notes: The host apt HTTP proxy setting will be determined by `apt-config dump`. Using `Debug::Acquire::http` apt will output more information With kind regards, Roland Clobus
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature