too hard to use "sudo apt-get" behind a proxy with authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sudo
% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
The configuration needed to get "sudo apt-get" working when behind a proxy with authentication is not trivial. Here are some ideas to enhance it.
Here is my environment : I am on an enterprise network, behind a proxy requiring authentication for http. I want to access a repository server from the outside world.
To use apt-get with the proxy, I configured the proxy with the GNOME proxy capplet. I set the proxy host to "proxy.
When I open a terminal, the environment variable http_proxy is set to "http://
But I need a little more : we have a local mirror of the repository for the binary packages on our enterprise network (which is debmirror.
If I try to "sudo apt-get update", it will try to reach debmirror.
* the environment variable $no_proxy is not preserved when calling sudo, in contrary to $http_proxy. To see it, run "sudo -V" as root: it gives a list of the environment variables that are checked/
* $no_proxy environment variable does not allow wildcards : it should rather be no_proxy=
So to have the environment variable $no_proxy preserved when calling sudo, I have to add the following line in my sudoers file :
Defaults env_keep+
And to have some correct $http_proxy and $no_proxy variables, I have to define them in my .bashrc. When I do all this, it works like a charm: I can access to inside repositories, or outside repository. But to get it working, you need to know a lot of system things.
So here are my ideas:
* In the GNOME proxy capplet, in the advanced tab, have a checkbox "the proxy needs authentication" which allows to enter authentication credentials. This could be stored safely in the GNOME keyring. So they can be used to set $http_proxy to "http://
* sudo already preserve the $http_proxy environment variable (bug #194238 mentions it). I think it should also preserve the $no_proxy environment variable to ignore some hosts for the proxy.
* the GNOME proxy capplet allows to enter some hosts to ignore, but it fails to translate them correctly in the $no_proxy environment variable. It needs a filter to remove wildcards and keep only valid hosts (for example, "192.168.*" cannot be in $no_proxy in the "192.168." form, but *.myenterprise.com can with the "myenterprise.com" form).
I assigned this bug to sudo because from the 3 problems I exposed, modifying the sudoers file to preserve the $no_proxy variable is the only thing a normal user cannot do. But I could also have assigned this bug to the GNOME proxy capplet.