apt-add-repository, gpg, wget does not honour proxy inside sudo

Bug #1312267 reported by Jan Groenewald
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

On precise wget honours the proxy inside sudo:

0 jan@tunis:/tmp$lsb_release -d
Description: Ubuntu 12.04.4 LTS
0 jan@tunis:/tmp$sudo echo $http_proxy
http://proxy.aims.ac.za:3128/
0 jan@tunis:/tmp$sudo wget www.ubuntu.com
--2014-04-24 18:01:02-- http://www.ubuntu.com/
Resolving proxy.aims.ac.za (proxy.aims.ac.za)... 192.168.42.2
Connecting to proxy.aims.ac.za (proxy.aims.ac.za)|192.168.42.2|:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 17268 (17K) [text/html]
Saving to: `index.html.1'

100%[======================================>] 17 268 --.-K/s in 0,001s

2014-04-24 18:01:02 (12,9 MB/s) - `index.html.1' saved [17268/17268]

0 jan@tunis:/tmp$

On trusty, it does not:

ift@gift-laptop:~$ lsb_release -d
Description: Ubuntu 14.04 LTS
gift@gift-laptop:~$ sudo echo $http_proxy
[sudo] password for gift:
http://proxy.aims.ac.za:3128/
gift@gift-laptop:~$ sudo wget www.ubuntu.com
--2014-04-24 19:04:22-- http://www.ubuntu.com/
Resolving www.ubuntu.com (www.ubuntu.com)... 91.189.89.103
Connecting to www.ubuntu.com (www.ubuntu.com)|91.189.89.103|:80... failed: Connection refused.
gift@gift-laptop:~$

This is going to break most of the advice on the internet to e.g. sudo wget somesite/some-apt-key.

Related branches

Revision history for this message
Jan Groenewald (jan-aims) wrote :

Also apt-add-repository is not honouring proxy inside sudo (but both wget and apt-add-repository honours the proxy in su, when a root password is set)

gift@gift-laptop:~$ cat /etc/apt/apt.conf /etc/environment
Acquire::http::proxy "http://proxy.aims.ac.za:3128/";
Acquire::https::proxy "https://proxy.aims.ac.za:3128/";
Acquire::ftp::proxy "ftp://proxy.aims.ac.za:3128/";
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy="http://proxy.aims.ac.za:3128/"
https_proxy="https://proxy.aims.ac.za:3128/"
ftp_proxy="ftp://proxy.aims.ac.za:3128/"
gift@gift-laptop:~$ sudo apt-add-repository -y ppa:aims/aims-desktop
gpg: keyring `/tmp/tmphgyjbu9o/secring.gpg' created
gpg: keyring `/tmp/tmphgyjbu9o/pubring.gpg' created
gpg: requesting key BE796FF2 from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gift@gift-laptop:~$ sudo -i
root@gift-laptop:~# apt-add-repository -y ppa:aims/aims-desktop
gpg: keyring `/tmp/tmpmeup23nj/secring.gpg' created
gpg: keyring `/tmp/tmpmeup23nj/pubring.gpg' created
gpg: requesting key BE796FF2 from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
root@gift-laptop:~# logout
gift@gift-laptop:~$ su
Password:
root@gift-laptop:/home/gift# apt-add-repository -y ppa:aims/aims-desktop
gpg: keyring `/tmp/tmp_aypocgl/secring.gpg' created
gpg: keyring `/tmp/tmp_aypocgl/pubring.gpg' created
gpg: requesting key BE796FF2 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmp_aypocgl/trustdb.gpg: trustdb created
gpg: key BE796FF2: public key "Launchpad PPA for AIMS" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
root@gift-laptop:/home/gift#

Even sudo inside su does not work!

root@gift-laptop:/home/gift# sudo apt-add-repository -y ppa:aims/aims-desktop
gpg: keyring `/tmp/tmp9kcefxji/secring.gpg' created
gpg: keyring `/tmp/tmp9kcefxji/pubring.gpg' created
gpg: requesting key BE796FF2 from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
root@gift-laptop:/home/gift#

sudo is a very common and recommended way to add a repository.

affects: wget (Ubuntu) → software-properties (Ubuntu)
summary: - wget does not honour proxy inside sudo
+ apt-add-repository, gpg, wget does not honour proxy inside sudo
Revision history for this message
Jan Groenewald (jan-aims) wrote :

Hoping the newly needed sudo -E fixes these instructions, and does not break something else.

https://launchpad.net/~aims

sudo -E apt-add-repository -y ppa:aims/aims-desktop
sudo -E apt-get update
sudo -E apt-get install aims-desktop-setup
sudo -E aims-desktop-setup

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.96.24.25

---------------
software-properties (0.96.24.25) bionic; urgency=medium

  * ppa.py:
   - rework key retrieval, instead of using hkp & gnupg/dirmngr, use https
     & python's built in urllib.
   - thus, add-apt-key for PPAs observes https_proxy for key retrieval
   - simplify gnupg operations, depend on gpg package only, and use
     import/public key operations only.
   - fix unicode process output bugs, when operating in a non-UTF-8
     locale, thus enabling to import keys for my ppas in C locale.
   - avoid creating trustdb, or requiring any gpg-agent systemd socket to
     be activated
   - update tests to execute key addition fully with less things stubbed
     out with mock
   - stop using apt-key for installing keys
   - dirmngr is a heavy dependency and not used, and it is hard to pass
     proxy information to it when invoking gpg from a non-standard homedir
   - deprecate --keyserver option, making HTTPS access to
     keyserver.ubuntu.com required
   - LP: #1755192, LP: #1713962, LP: #1699086, LP: #1510220, LP: #1433761,
     LP: #1395321, LP: #1312267

 -- Dimitri John Ledkov <email address hidden> Mon, 02 Apr 2018 10:19:34 +0100

Changed in software-properties (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.