get proxy config from user configuration if set

Bug #13661 reported by Michael Vogt on 2005-03-08
This bug affects 18 people
Affects Status Importance Assigned to Milestone
synaptic (Debian)
synaptic (Ubuntu)
Declined for Intrepid by Steve Langasek

Bug Description

get proxy via gconf even if synaptic runs as root. recent gnome has a
"mandatory" setting for stuff like the proxy to make system wide installs easy

Michael Vogt (mvo) wrote :

It should also try to get the proxy from the users session, probably by
seperating synaptic into frontend and backend

Michael Vogt (mvo) wrote :

*** Bug 16228 has been marked as a duplicate of this bug. ***

Jorge Castro (jorge) wrote :

*** Bug 18775 has been marked as a duplicate of this bug. ***

Michael Vogt (mvo) wrote :

Just a short explaination about the real problem:

The problem is that synaptic runs as root and has no access to the users gconf
settings (where the gnome proxy is stored). This is really difficult to solve.

One option would be to save settings like the proxy configuration to a file (via
gconftool-2 --get /system/http_proxy/use_http_proxy) before becoming root and
load it again when sudo/gksudo/su/gksu was run. Pretty hackish though :/

Corey Burger (corey.burger) wrote :

Ouch, I completely forgot about that. You might just want to mark this an
WontFix unti such time UniConf/Dconf/FreeDesktopConf comes along

Michael Vogt (mvo) wrote :

*** Bug 21793 has been marked as a duplicate of this bug. ***

a simple script to detect proxy and export http_proxy, it can be used by root
when the gnome desktop is running (I know the w|grep is not beauty but it's the
only way I found at the moment)


U=`w|grep x-session-manag| awk '{print $1}'`

if `su $U -c 'gconftool -g /system/http_proxy/use_http_proxy'`; then
        HOST=`su $U -c 'gconftool -g /system/http_proxy/host'`
        PORT=`su $U -c 'gconftool -g /system/http_proxy/port'`

        if `su $U -c 'gconftool -g /system/http_proxy/use_authentication'`; then
                USER=`su $U -c 'gconftool -g
                PASS=`su $U -c 'gconftool -g

        export http_proxy="http://$USER:$PASS@$HOST:$PORT"

Michael Vogt (mvo) wrote :

I fixed this problem by adding this feature to gksu. If a application is run via gksu, it will set the http_proxy environment. Most applications honor it (among them apt-get, synaptic, update-manager).

Because synaptic is run via gksu (both in the menu and when run from update-notifier) I consider this bug fixed. Please reopen if you still have problems (after updating to the latest gksu 1.3.7-0ubuntu5).


Changed in synaptic:
status: Confirmed → Fix Committed
Michael Vogt (mvo) on 2006-05-02
Changed in synaptic:
status: Fix Committed → Fix Released

I reopen this bug because it doesn't work for me (both Ubuntu 7.10 and 8.04).

My proxy need authentification, maybe that's why I have this problem but I don't think so. I need to configure Proxy, proxy user/password and proxy exceptions in Synaptic in order to have synaptic working correctly with both external and our internal repositories.

I run synaptic from the System> Administration menu

Changed in synaptic:
status: Fix Released → New

It might be interesting to have a look at bug #192641 because it can be related with this one.

Digging a little showed me a huge amount of bug reports against Synaptic with proxy. I think we should really take care of this. Is there any huge problem or showstopper that prevent to have a solution to this bug ?

There shouldn't be anything huge -- but there does need to be consistency.

Multiple apps need proxy settings, but store them differently.
* Synaptic has proxy settings.
* gconf has proxy settings.
* command-line environment variables have proxy settings.
* firefox has proxy settings.
* (maybe) NetworkManager has proxy settings <- maybe they should be here. Proxies should be different depending on your network.

The next problem to tackle is that a proxy server can have authentication. So you're dealing with a username and password, which is privileged information, which needs to be transferred between users. Maybe through a gnome keyring, or maybe the way NetworkManager stores WAP/WPA passwords. Find the right place. Create policy. Keep in mind that usernames and passwords can contain non-alphanumerics. A proxy server has the right to re-authenticate at any GET/POST request.

A proxy server could have automatic WPAD settings -- which means you need a JavaScript interpreter. This gets used to exclude certain domains, and to redirect to different proxys depending on the protocol.

I just realised my entire comment revolves around a lack of standardisation (in Ubuntu, Gnome and KDE, and firefox)

* No "primary source" for the data (I vote NetworkManager -- it already does WAP/WEP/WPA)
* No definition of dealing with non-alphanumerics (Must read URL specs)
* No standard WPAD library (make new -- what deals with JavaScript?)
* No standard HTTP/FTP network code that takes care of proxies (make new)
* No standard "enter your data" dialogs. Some dialogs miss "ignore proxy for" or miss "automatic proxy".

Berend > your idea is great and I perfectly agree with your proposition of putting proxy support in the network-manager. (To me, it makes also much sense to put the smtp server in it).

I strongly suggest that your repport your idea upstream against network manager. (Seriously, do it. I really appreciate your idea)

Anyway, this is more a mid/long term solution. I cannot even hope to see this in Ubuntu before 9.10, at best.

In the meantime, I think there's a need for a "quick fix" that let synaptic use the gnome proxy setting.

I think that any "quick fix" will be incomplete without WPAD support in apt's http backend. It means that automatic proxy settings in gconf cannot be honored. (assumption: Synaptic uses apt's http backend) You should report an error if gconf is set to automatic proxy.

Synaptic should have access rights to read any user's gconf proxy settings (since it's root.) Synaptic already runs the right GTK theme. Must be easy.

http_proxy environment variable is usually a bad solution because your username could contain '@' (common for domains) and the password could contain ':', and both are reserved characters in the http_proxy definition. That is usually solved by translating '@' to %40, etc. but that gets very, very ugly very quickly. Which '@' do you encode, and which do you skip? http_proxy is an incomplete solution. The data should be split into three different variables. Environment variables are also prone to leakage, meaning security risk.

I think the best "quick fix" is the hacky script wrapper in gksu. It just needs encoding/escaping for the username and password, and synaptic needs to un-encode it. (or use additional environment variables)

I would *love* proper proxy support -- it bites me every day. I'm just listing design problems you must overcome -- because there will be bug reports about missing WPAD support and funny characters in the passwords.

arencinosa (arencinosa) wrote :

[whole "story"]

[Sorry, but I found that other bug report first, and just now I realize this one is more related to. Essentially:]
After trying to get installed msttcorefonts through synaptic using proxy, I got a '407 Authentication Required'. I figured out how to get those *.exe files needed locally and I included the proper configuration on my /etc/hosts in order to let synaptic downloads them from localhost. I "unconfigured" my proxy settings ("direct connection" in global and synaptic specific settings) and then again I got a '407 Authentication Required'. Why? I found that synaptic was using this entry on /var/cache/debconf/config.dat:

Name: msttcorefonts/http_proxy
Template: msttcorefonts/http_proxy
Value: <my_proxy_host_and_port>
Owners: msttcorefonts

I needed to unset that "Value" property in order to get synaptic not using proxy even when I have a "direct connection" setting on both global proxy configuration and synaptic proxy configuration. Is that ok?? I mean, am I the only one who doesn't like that??

Jeff Anderson (jander99) wrote :

Would it be possible to rewrite parts of Synaptic to escalate privileges via PolicyKit instead of gksu? Inside the user-level environment, the user would be able to view installed packages, view available packages, then make some changes temporarily, only calling upon escalated privileges once hitting "Apply."

If that is the case, then couldn't gconf send data like proxy information to Synaptic while its running in user-level privileges, then upon escalation the only parts escalated are those that require actually installing the software.

gksu's attempt at brining forward the proxy settings on Ubuntu 8.10 results in "Error 407 Proxy Authentication Failure"
I think this has to do with a change to gconf, that previously "/system/http_proxy/use_http_proxy" was the primary key, but for Intrepid it is "/system/proxy/mode"

Michal Parusinski (astenorh) wrote :

I had the same error. I used to use internet in a place with proxy. Not anymore and when I connected to a place with no proxy the error pop-out.

Christophe Dumez (hydr0g3n) wrote :

I confirm that the problem still exists on Ubuntu Karmic.

Boniek (boniek12p) on 2010-01-11
Changed in synaptic (Ubuntu):
status: New → Confirmed
Changed in synaptic:
status: New → Confirmed
Changed in synaptic (Ubuntu):
assignee: Michael Vogt (mvo) → Jean-Baptiste Lallement (jibel)
milestone: ubuntu-6.06 → later
status: Confirmed → Triaged
Changed in synaptic (Ubuntu):
status: Triaged → In Progress

This is still a problem when trying to run update-manager -d (or -c) on 9.10 (Karmic)

- update-manager shows available new distribution, check button refreshes apt cache, install updates download and installs new packages, but when proessing upgrade to upgrade release window gets greyed out (irresponsive).
- checking traffic with tshark shows SYN packets sent to mirror server instead of proxy server
- I have http proxy set in gnome proxy settings and 'use the same proxy for all protocols' is checked, than 'apply system-wide' is pressed
- /etc/apt/apt.conf is set up correctly

Yep, distribution upgrades will not work when you have to use a proxy.
I have http_proxy and ftp_proxy set to "http://web-proxy:8080/", Synaptic, Settings->Network->Proxy set to the same and also /etc/apt/apt.conf has
Acquire::http::proxy "http://web-proxy:8080/";
Still same behavior as #34.
I also tried the following, waited and pressed Ctrl+C:

$ sudo do-release-upgrade -m desktop
Checking for a new ubuntu release
^CTraceback (most recent call last):
  File "/usr/bin/do-release-upgrade", line 61, in <module>
  File "/usr/lib/python2.6/dist-packages/UpdateManager/Core/", line 235, in run
    if not self.fetchDistUpgrader():
  File "/usr/lib/python2.6/dist-packages/UpdateManager/Core/", line 203, in fetchDistUpgrader
    uri = self._expandUri(self.new_dist.upgradeToolSig)
  File "/usr/lib/python2.6/dist-packages/UpdateManager/Core/", line 178, in _expandUri
    new_uri = self.mirror_from_sources_list(uri, self.DEFAULT_MIRROR)
  File "/usr/lib/python2.6/dist-packages/UpdateManager/Core/", line 164, in mirror_from_sources_list
    if url_downloadable(mirror_uri, self._debug):
  File "/usr/lib/python2.6/dist-packages/UpdateManager/Core/", line 105, in url_downloadable
    c.request("HEAD", path)
  File "/usr/lib/python2.6/", line 898, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.6/", line 935, in _send_request
  File "/usr/lib/python2.6/", line 892, in endheaders
  File "/usr/lib/python2.6/", line 764, in _send_output
  File "/usr/lib/python2.6/", line 723, in send
  File "/usr/lib/python2.6/", line 704, in connect
  File "/usr/lib/python2.6/", line 507, in create_connection
  File "<string>", line 1, in connect

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic
$ uname -a
Linux ubuntu 2.6.31-21-generic #59-Ubuntu SMP Wed Mar 24 07:28:56 UTC 2010 i686 GNU/Linux

jan2ary (jan2ary) wrote :

Synaptic still uses its own proxy configuration.
Ubuntu 10.10 Beta, x86_64

$ lsb_release -rd
Description: Ubuntu maverick (development branch)
Release: 10.10
$ apt-cache policy synaptic
  Installed: 0.63.1ubuntu13
  Candidate: 0.63.1ubuntu13
  Version table:
 *** 0.63.1ubuntu13 0
        500 maverick/main amd64 Packages
        100 /var/lib/dpkg/status

Delan Azabani (azabani) wrote :

As far as I've tried, if you set a proxy in gnome-network-properties, making sure to use "Apply System-Wide" before leaving, synaptic *does* in fact use the proxy, through gksu, sudo or otherwise. The only caveat is that gnome-network-properties doesn't carry any proxy authentication values to the environment variables, but that is a different bug completely and can be worked around by using ntlmaps.

Changed in synaptic (Ubuntu):
status: In Progress → Invalid
Changed in synaptic:
status: Confirmed → Invalid
Delan Azabani (azabani) wrote :

Extra version data for my configuration:

delan@delan:~$ uname -a; lsb_release -rd; apt-cache policy synaptic
Linux delan 2.6.35-20-generic #29-Ubuntu SMP Fri Sep 3 14:55:28 UTC 2010 x86_64 GNU/Linux
Description: Ubuntu maverick (development branch)
Release: 10.10
  Installed: 0.63.1ubuntu13
  Candidate: 0.63.1ubuntu13
  Version table:
 *** 0.63.1ubuntu13 0
        500 maverick/main amd64 Packages
        100 /var/lib/dpkg/status

@delan, synaptic uses its own proxy setting stored in ~/.synaptic/synaptic.conf which overrides system settings. This issue still exists in latest version of synaptic.

Changed in synaptic (Ubuntu):
status: Invalid → Triaged
Delan Azabani (azabani) wrote :

Do you mean, Synaptic uses system settings through environment variables if proxy setting local to synaptic is not set, but can use its own, and does so if you set a proxy through its preferences? If so, sorry for the misunderstanding.

Synaptic uses in that order: its own settings, apt settings defined in /etc/apt/ , then the environment.
It's a bit tricky to sort, because synaptic must be run as root to install packages and can't easily access the gconf setting for the user who launched synaptic. furthermore, if the user and root have different proxy setting (user settings not applied system wide), then synaptic will behave differently whether you're running it as a user or as root and it may create more confusion.
I've something in progress but which need more work.

Changed in synaptic (Debian):
status: Unknown → New
Changed in synaptic (Ubuntu):
status: Triaged → Fix Committed
Changed in synaptic (Ubuntu):
assignee: Jean-Baptiste Lallement (jibel) → nobody
Robert Roth (evfool) on 2012-02-14
Changed in synaptic (Ubuntu):
status: Fix Committed → Triaged
Brian Murray (brian-murray) wrote :

It seems to me that synaptic will work in most cases where proxy configuration is set system wide.

summary: - get proxy config from gnome configuration
+ get proxy config from user configuration if set
Changed in synaptic (Ubuntu):
importance: Medium → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.