Failed to build of snappy package on Launchpad: Invalid header value 'Basic U05BUEJVSUxELTE4NzAtMTQ2OTQyNjE0ODpjOTJkYzVjOWQ0OTg0ZGE5OWZlNGY1ZjI3ODRhMWJk\nOA=='

Bug #1606203 reported by Eldar Khayrullin on 2016-07-25
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Bazaar
Critical
Vincent Ladeuil
Snapcraft
Low
Sergio Schvezov
bzr (Ubuntu)
High
Unassigned
Xenial
High
Colin Watson

Bug Description

[Impact] bzr fails to fetch through an authenticated HTTP(S) proxy if the combined length of the username and password exceeds 57 characters. In particular, this breaks some snaps built on Launchpad.
[Test Case] Build https://launchpad.net/~snappy-dev/+snap/pi2-kernel from the -proposed pocket.
[Regression Potential] Can't affect anything other than authenticated proxies.

Original report follows:

Snappy package of KiCad:
https://code.launchpad.net/~eldar/+snap/kicad-snappy

Log amd64:
https://launchpadlibrarian.net/274916496/buildlog_snap_ubuntu_xenial_amd64_kicad-snappy_BUILDING.txt.gz

Related branches

Eldar Khayrullin (eldar) wrote :

Local build of snappy package is OK.

Colin Watson (cjwatson) wrote :

Looks like bzr has trouble talking to the Launchpad directory service through an authenticated proxy (it's getting a bit confused and using the proxy credentials in the wrong place), which is at least arguably a bzr bug. That will probably be no fun to fix, and there's not much activity on bzr at the moment, so it may be most economical to hack snapcraft to unset https_proxy when calling bzr, with a comment explaining that this is due to this bug.

Oliver Grawert (ogra) wrote :

adding this hack to snapcraft works (but i was told it is undesired upstream)

diff --git a/snapcraft/internal/sources.py b/snapcraft/internal/sources.py
index b6ee2d6..9a2171d 100644
--- a/snapcraft/internal/sources.py
+++ b/snapcraft/internal/sources.py
@@ -138,6 +138,8 @@ class Bazaar(Base):

     def pull(self):
         tag_opts = []
+ os.environ['http_proxy'] = ""
+ os.environ['https_proxy'] = ""
         if self.source_tag:
             tag_opts = ['-r', 'tag:' + self.source_tag]
         if os.path.exists(os.path.join(self.source_dir, '.bzr')):

Leo Arias (elopio) wrote :

the patch would have to be to unset the proxy when calling bzr on launchpad, right? If so, how do we identify we are building in launchpad?

Or is it a problem bzr will have everywhere?

Changed in snapcraft:
status: New → Incomplete
Oliver Grawert (ogra) wrote :

well, colins text above sounds like this might be happening on all authenticated proxy connections, probably not on generic non-auth http proxies ... (i guess thats easy to test by someone who has a proxy available)

Colin Watson (cjwatson) wrote :

bzr would have this problem behind any authenticated proxy, yes, so perhaps a less invasive hack would be to test for '@' in the proxy string and unset it only if that exists. (Again, unless somebody can figure out how to fix this in bzr.)

Sergio Schvezov (sergiusens) wrote :

ok then, let's work around this.

Changed in snapcraft:
status: Incomplete → Triaged
milestone: none → 2.17
Sergio Schvezov (sergiusens) wrote :
Changed in snapcraft:
importance: Undecided → Low
status: Triaged → In Progress
assignee: nobody → Sergio Schvezov (sergiusens)
Vincent Ladeuil (vila) wrote :

Hmmm, sorry to be late in the game I got pinged only yesterday :-/

> That will probably be no fun to fix, and there's not much activity on bzr at the moment

Please add tasks to bzr in cases such like this bug or there is indeed no chance to trigger activity in the bzr project. Support and active development are not the same thing.
 Thanks in advance.

None of the log files are available anymore so I can't be 100% sure.

But it seems to me the issue here is caused by the launchpad pluging not using launchpadlib and introducing a bug in the proxy handling for a launchpad very specific feature (checking the related packaging branch) which is not supported by launchpad anymore anyway ;)

Long story short, if there is a way to reproduce, adding '-Olaunchpad.packaging_verbosity=off' to the command line should avoid the issue.

Your patch here will break all uses of authenticated proxies, which are, AFAIK, properly supported for http and https.

Alternatively, if this issue occurs only on launchpad builders 'no_proxy=launchpad.net' may be enough ?

Changed in bzr:
status: New → Incomplete
Vincent Ladeuil (vila) wrote :

Thanks ogra !

Bottom line, the bug is indeed in authenticating against a proxy with user and passwords length ending bigger than 57 chars.

Changed in bzr:
assignee: nobody → Vincent Ladeuil (vila)
importance: Undecided → Critical
milestone: none → 2.7.1
status: Incomplete → In Progress
Changed in snapcraft:
status: In Progress → Invalid
Oliver Grawert (ogra) wrote :

confirming that a PPA build with the above patch added to bzr fixes the issue.

Changed in snapcraft:
milestone: 2.17 → none
Changed in bzr:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.7.0+bzr6619-2

---------------
bzr (2.7.0+bzr6619-2) unstable; urgency=medium

  * Add 18_diff_binaries: With diffutils > 3.5, diff stop exiting with '2'
    on binary files. LP: #1622039
    Closes: #837268

  * Add 19_fix_long_creds: Fix http Basic auth with credentials longer
    than ~57 characters. LP: #1606203

 -- Vincent Ladeuil <email address hidden> Fri, 09 Sep 2016 16:00:49 +0200

Changed in bzr (Ubuntu):
status: New → Fix Released
Colin Watson (cjwatson) on 2016-09-30
description: updated
Changed in bzr (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)

Hello Eldar, or anyone else affected,

Accepted bzr into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bzr/2.7.0-2ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bzr (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in bzr (Ubuntu):
importance: Undecided → High
Colin Watson (cjwatson) wrote :
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.7.0-2ubuntu3

---------------
bzr (2.7.0-2ubuntu3) xenial; urgency=medium

  * Fix http Basic auth with credentials longer than ~57 characters
    (LP: #1606203).

 -- Colin Watson <email address hidden> Fri, 30 Sep 2016 11:58:13 +0100

Changed in bzr (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for bzr has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Vincent Ladeuil (vila) on 2017-01-16
Changed in bzr:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers