Package: apt-cacher-ng, debootstrap Version: 3.2-1, 1.0.114 X-debbugs-cc: debian-ad...@lists.debian.org
Dear maintainers and DSA,
The combination of apt-cacher-ng, debootstrap and the deb.debian.org
service fails:
root@iris:/srv/chroot>http_proxy=http://localhost:3142 debootstrap sid chr/
http://deb.debian.org/debian
I: Target architecture can be executed
I: Retrieving InRelease
I: Retrieving Release
E: Failed getting release file
http://deb.debian.org/debian/dists/sid/Release
However, replacing deb.debian.org with cdn-fastly.deb.debian.org
succeeds. And note that apt can happily use the combination of
apt-cacher-ng and <http://deb.debian.org/debian>.
I thought that the problem is that apt-cacher-ng is not able to resolve
SRV records. However, I'm not so sure about that now. debootstrap uses
wget to download stuff, so I tried this:
root@iris:/srv/chroot>http_proxy=http://localhost:3142 wget
http://deb.debian.org/debian/dists/sid/Release
URL transformed to HTTPS due to an HSTS policy
--2019-05-19 07:54:37-- https://deb.debian.org/debian/dists/sid/Release
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:3142... connected.
Proxy tunneling failed: CONNECT denied (ask the admin to allow HTTPS
tunnels)Unable to establish SSL connection.
I then tried passing --no-hsts to wget, which allowed the download to
succeed, and after that the file was cached by apt-cacher-ng so
--no-hsts was no longer needed.
I don't know whether debootstrap needs to start passing --no-hsts to
wget, or apt-cacher-ng should be fixed, or there is a configuration
problem with the deb.debian.org service. But since this is our main
CDN, it seems like it ought to be possible to use the combination of
apt-cacher-ng, deb.debian.org and debootstrap.
--
Sean Whitton
signature.asc
Description: PGP signature
