Date: Thu, 16 Dec 2010 12:57:30 GMT From: Mario Kleinboelting <mario@kleinboelting.de> To: freebsd-gnats-submit@FreeBSD.org Subject: www/153211: freebsd-update can not fetch updates over a proxy with mandatory authorization Message-ID: <201012161257.oBGCvUE9076924@red.freebsd.org> Resent-Message-ID: <201012161300.oBGD0I0f044556@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153211 >Category: www >Synopsis: freebsd-update can not fetch updates over a proxy with mandatory authorization >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 16 13:00:18 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Mario Kleinboelting >Release: 8.1-RELEASE (Version from CD without any updates) >Organization: >Environment: FreeBSD mr0111.de.deutz.de 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: I installed a FreeBSD 8.1 i386 Server from CD-ROM. After installation i tried to update the server with freebsd-update and portsnap. The freebsd-update did not work properly in our environment. freebsd-update can not fetch updates because the internet connection is established with an auth proxy. Our proxy requires username an password. Two environment variables are set for the proxy connection. http_proxy and ftp_proxy. Both contains the proxy URL and the proxy credentials and are exported. http_proxy="http://username:password@http-proxy:3128" ftp_proxy="http://username:password@ftp-proxy:3428" The start of freebsd-update -v debug fetch says: ---------------------------------------------------------------------- # freebsd-update -v debug fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 8.1-RELEASE from update.FreeBSD.org... latest.ssl 100% of 512 B 1667 kBps done. Fetching metadata index... 14b0dfddc908e278d231e3290507fe1ab01e6ceb553a9d100% of 225 B 552 kBps done. Fetching 2 metadata files... /usr/libexec/phttpget update.FreeBSD.org 8.1-RELEASE/i386/m/61dfab427765793984bc911a1eab992cffc22c26bba438fe11a665820fcf97f2.gz 8.1-RELEASE/i386/m/e376c4c604af7362453546c3ebb4ad439f900173000d8412aabcf0101c92311d.gz phttpget: host = username, port = password@http-proxy:3128: servname not supported for ai_socktype failed. ---------------------------------------------------------------------- freebsd-update seems to evaluate the variable and cuts server and port with ":". Now we have ":" two times. Delimiter for username and passwort and delimiter for proxyserver and port. I have tested the variable http_proxy and ftp_proxy with only the proxy server and the variable http_proxy_auth with the proxy credentials. Then freebsd-update says: ---------------------------------------------------------------------- # export http_proxy="http://http-proxy:3128" # export ftp_proxy="http://ftp-proxy:3428" # export http_proxy_auth="basic:*:username:password" # freebsd-update -v debug fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 8.1-RELEASE from update.FreeBSD.org... fetch: http://update.FreeBSD.org/8.1-RELEASE/i386/latest.ssl: Proxy Authentication Required failed. No mirrors remaining, giving up. ---------------------------------------------------------------------- It seems that freebsd-update did not recognize the http_proxy_auth variable portsnap and /usr/bin/fetch works fine with our proxy an handles the authentication info in http_proxy and ftp_proxy correct. Our Proxyserver is squid on solaris. Every connection to the internet must use username and a password by corporate policy. FYI: Username and password are not my real proxy credentials... >How-To-Repeat: Use freebsd-update behind a (squid) proxy with mandatory username and password authorization. >Fix: Rewrite of /usr/libexec/phttpget and freebsd-update to work with auth information in proxy URL's. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012161257.oBGCvUE9076924>