Control: tag -1 + wontfix
Control: retitle -1 auto-apt-proxy: https mirror URLs might not work depending 
on the proxy configuration

Hi,

On Fri, Sep 06, 2024 at 03:49:47PM +0200, Lars Kruse wrote:
> Hello,
> 
> 
> Am Wed, 4 Sep 2024 19:48:27 -0300
> schrieb Antonio Terceiro <[email protected]>:
> 
> > Can you please clarify how exactly are you hitting this issue? Can you
> > provide an example of how I can reproduce this?
> 
> yes, sorry for omitting these details in my initial bug report.
> 
> I just created a fresh image for testing and ran the following procedure:
> 
> 1. `apt install auto-apt-proxy ca-certificates`
>    (certificates are necessary for https connections)
> 1. change the URL in `/etc/apt/sources.list` to
>     http://deb.debian.org/debian
> 1. run `apt update` -> success
> 1. change the URL in `/etc/apt/sources.list` to
>     https://deb.debian.org/debian
> 1. run `apt update` -> failure (see below)
> 1. `apt purge auto-apt-proxy`
> 1. run `apt update` -> success
> 
> 
> Here `auto-apt-proxy` detected the presence of approx via the DNS SRV entry
> (_apt_proxy._tcp).
> 
> The above example illustrates, that auto-apt-proxy will send the request for
> an https ressource to approx, even though approx cannot handle such requests.
> 
> Of course, the use case behind the above switch to "https" can be questioned,
> since the default settings for apt servers usually use http URLs.
> 
> In my use case we stumbled upon the problem, since our internal apt repository
> server is usually accessed via https (for no specific reasons).
> This turned out to be problematic as soon as approx was indirectly used via
> auto-apt-proxy.
> 
> I hope, this clarifies my use case.

It does. However, HTTP proxy servers and HTTPS is usually problematic
regardless of auto-apt-proxy being in use or not. apt-cacher-ng needs a
specific line in the config file to make it work, and approx seems to
not support HTTPS at all based on what you are saying.

Whether HTTPS will work or not will always depend on the proxy
configuration, and there is not much I can do on auto-apt-proxy to
detect that.

For you case, as a workaround you could put the following in a file
under /etc/apt/apt.conf.d/:

Acquire::https::Proxy "DIRECT";

or even

Acquire::https::Proxy::mirror.hostname "DIRECT";

Attachment: signature.asc
Description: PGP signature

Reply via email to