too hard to use "sudo apt-get" behind a proxy with authentication

Binary package hint: sudo

% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04

The configuration needed to get "sudo apt-get" working when behind a proxy with authentication is not trivial. Here are some ideas to enhance it.

Here is my environment : I am on an enterprise network, behind a proxy requiring authentication for http. I want to access a repository server from the outside world.

To use apt-get with the proxy, I configured the proxy with the GNOME proxy capplet. I set the proxy host to "proxy.myenterprise.com" and proxy port to "90" in the configuration tab, and a list of hosts to exclude in the advanced tab, like "localhost" and "*.myenterprise.com" in the list.

When I open a terminal, the environment variable http_proxy is set to "http://proxy.myenterprise.com:90/" which is correct, but it is not enough to let me get some data from the outside with "sudo apt-get update". In fact the proxy refuses my request because authentication is required. To provide my authentication credentials, I need to manually set http_proxy to "http://username:<email address hidden>:90/". Then "sudo apt-get update" works.

But I need a little more : we have a local mirror of the repository for the binary packages on our enterprise network (which is debmirror.myenterprise.com), but not for the source packages so we still use "archive.ubuntu.com" as repository.

If I try to "sudo apt-get update", it will try to reach debmirror.myenterprise.com by using the proxy, but it won't work. I mentionned that I configured the GNOME proxy capplet to ignore host matching "localhost,*.myenterprise.com". That's why I have the $no_proxy environment variable set to "*.myenterprise.com". But "sudo apt-get update" still does not work the way it should. The reason it does not work are :
 * the environment variable $no_proxy is not preserved when calling sudo, in contrary to $http_proxy. To see it, run "sudo -V" as root: it gives a list of the environment variables that are checked/removed/preserved.
 * $no_proxy environment variable does not allow wildcards : it should rather be no_proxy="localhost,myenterprise.com"

So to have the environment variable $no_proxy preserved when calling sudo, I have to add the following line in my sudoers file :

Defaults env_keep+="no_proxy"

And to have some correct $http_proxy and $no_proxy variables, I have to define them in my .bashrc. When I do all this, it works like a charm: I can access to inside repositories, or outside repository. But to get it working, you need to know a lot of system things.

So here are my ideas:
 * In the GNOME proxy capplet, in the advanced tab, have a checkbox "the proxy needs authentication" which allows to enter authentication credentials. This could be stored safely in the GNOME keyring. So they can be used to set $http_proxy to "http://username:password@proxyhost:port/".
 * sudo already preserve the $http_proxy environment variable (bug #194238 mentions it). I think it should also preserve the $no_proxy environment variable to ignore some hosts for the proxy.
 * the GNOME proxy capplet allows to enter some hosts to ignore, but it fails to translate them correctly in the $no_proxy environment variable. It needs a filter to remove wildcards and keep only valid hosts (for example, "192.168.*" cannot be in $no_proxy in the "192.168." form, but *.myenterprise.com can with the "myenterprise.com" form).

I assigned this bug to sudo because from the 3 problems I exposed, modifying the sudoers file to preserve the $no_proxy variable is the only thing a normal user cannot do. But I could also have assigned this bug to the GNOME proxy capplet.