Ubuntu
apt package

apt does not honor Proxy-Auto-Detect for HTTPS URLs

Bug #1656352 reported by MelkorLord
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

apt(-get) does not honor Proxy-Auto-Detect configuration in any way for HTTPS URLs.

ex: vi /etc/apt/apt.conf.d/99-proxy-auto-detect

Acquire::http:Proxy-Auto-Detect "/path/to/app";

"app" performs some actions and output the name of the proxy server according to some internal rules, in the form "http://proxy.domain.tld:1234/"

This works perfectly for all HTTP-like "deb http://example.com/ xxx" URLs but is ignored for HTTPS URLs. Setting "Acquire::https:Proxy-Auto-Detect" or even the legacy variable name "ProxyAutoDetect" (without dashes) does not help either.

This is very annoying as the very purpose of this auto-detection is to be network environment aware instead of using a hardcoded value for the proxy setting.

This should be fixed. Thank you.

See original description
MelkorLord (melkorlord)
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

Proxy Auto detect for https works perfectly fine, but there's a catch: The proxy needs to be the same type as the URL. So https only supports an https proxy, not an http proxy url.

I'm not sure how far we should open that up, but https via http and http via https are things you probably want to work. The former is possible, the latter we cannot support at all yet.

Changed in apt (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
MelkorLord (melkorlord) wrote :

Why the "catch" isn't documented anywhere?

There's another catch here : If the proxy setting needs to be of the same type as the URL, how exactly am I supposed to know in advance when querying the information?

As you can imagine, the /etc/apt/souces.list.d is filed with mixed content such as HTTP and HTTPS so how can I sort this out?

I've made a quick test and there's nothing in the environment nor arguments passed to "app" that would help make the decision.

Anyway, given the info you provide, even if I decide to go full HTTPS on the proxy, this would break the classic HTTP URLs.

This sounds like a big design mistake here... this forces people to HARDCODE things in configuration which really bad design :-(

What's so harmful in using an HTTP proxy to fetch data from an HTTPS URL? That's just a proxy to get Internet access, nothing more, because depending on the environment, you may have (or not) direct Internet access, hence the use of Proxy-Auto-Detect.

You really need to reconsider this!

Revision history for this message
Julian Andres Klode (juliank) wrote :

This was fixed in the 1.5 series in artful. You can now return http, https, and socks5h proxy URIs. Note that you also need to use

Acquire::https::Proxy-Auto-Detect

if you want it to be used for https.

The http method gained native https support, so you can now use http and https with http, https, and socks5h proxies. I added a whitelist to the proxy autodetection script to make it accept these URL types for any http or https URLs.

Changed in apt (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.