[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Netinstall and socks5 support

I am unsure how to report this, as it is not against a package, but rather the installer.
I searched for any sock5 bugs to see if anything similar had been reported, but found nothing.

The netinstall installer does not support socks5 proxies, even though apt does.
https://manpages.debian.org/trixie/apt/apt-transport-http.1.en.html
root@debian:~# apt -oDebug::pkgAcquire::Worker=1 update 2>&1| grep Connecting
 <- https:102%20Status%0aMessage:%20Connecting%20to%20localhost%0aURI:%20https://deb.debian.org/debian/dists/trixie/InRelease
 <- https:102%20Status%0aMessage:%20Connecting%20to%20localhost%20(127.0.0.1)%0aURI:%20https://deb.debian.org/debian/dists/trixie/InRelease
 <- https:102%20Status%0aMessage:%20Connecting%20to%20SOCKS5h%20proxy%20(socks5h://localhost:8899)%0aURI:%20https://deb.debian.org/debian/dists/trixie/InRelease
 <- https:102%20Status%0aMessage:%20Connecting%20to%20localhost%0aURI:%20https://security.debian.org/debian-security/dists/trixie-security/InRelease
 <- https:102%20Status%0aMessage:%20Connecting%20to%20localhost%20(127.0.0.1)%0aURI:%20https://security.debian.org/debian-security/dists/trixie-security/InRelease
 <- https:102%20Status%0aMessage:%20Connecting%20to%20SOCKS5h%20proxy%20(socks5h://localhost:8899)%0aURI:%20https://security.debian.org/debian-security/dists/trixie-security/InRelease

Based on the output from the installer, it is because when validating the mirror, the installer attempts to download the Release using wget. wget has never been updated to use socks5.
root@debian:~# wget https://deb.debian.org/debian/
Error parsing proxy URL socks5h://localhost:8899: Unsupported scheme.

If the installer used curl for that check, the existing proxy support (http/https/ftp) could be expanded to allow installation in a socks5 environment.
root@debian:~# curl https://deb.debian.org/debian/ -v
* Uses proxy env variable https_proxy == 'socks5h://localhost:8899'
* Host localhost:8899 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:8899...
* SOCKS5 connect to deb.debian.org:443 (remotely resolved)
* SOCKS5 request granted.
* Connected to localhost () port 8899
* using HTTP/1.x
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519MLKEM768 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=cdn-fastly.deb.debian.org
*  start date: Sep 13 00:56:08 2025 GMT
*  expire date: Dec 12 00:56:07 2025 GMT
*  subjectAltName: host "deb.debian.org" matched cert's "deb.debian.org"
*  issuer: C=US; O=Let's Encrypt; CN=R12
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to localhost (::1) port 8899
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://deb.debian.org/debian/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: deb.debian.org]
* [HTTP/2] [1] [:path: /debian/]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET /debian/ HTTP/2
> Host: deb.debian.org
> User-Agent: curl/8.14.1
> Accept: */*


Advice requested.

Reply to: