APt proxy configuration

Dag Wieers dag at wieers.com
Mon Jun 26 23:36:13 PDT 2006


On Fri, 2 Jun 2006, Panu Matilainen wrote:

> On Fri, 2 Jun 2006, Dag Wieers wrote:
>
> > I'm having problems configuring apt to use a proxy. In fact here's the
> > executive summary :)
> >
> > I have a local repository on one of my systems with all my updated RPMs.
> > All systems are told to use _that_ internal server for updates. But some
> > of the servers have internet access and therefor have the http_proxy
> > variable set by default.
> >
> > Now the problem is, how do I tell apt to _not_ use the proxy when getting
> > packages from localhost or another hostname that's internal. Currently I
> > have to start apt-get like:
> >
> > 	http_proxy="" apt-get update
> >
> > But that's annoying and only works if all the repositories are internal.
> > But in some cases I use mixed internal and internet repositories.
> 
> For similar reasons I ended up patching apt to use apt_http_proxy env 
> variable instead of http_proxy at work :) The problem is, http_proxy 
> overrides all other settings, at least that's what apt.conf manual says 
> (this is an area I haven't much looked at). The overriding order seems 
> backwards to me, I my mind http_proxy is a *generic* setup that should be 
> overridable with specific configuration.
> 
> Hmm.. it does also support no_proxy environment variable, but it only 
> works properly when FQDN hostnames are used in sources.list (ie it 
> doesn't resolve sources.list host FQDN before matching it against the 
> no_proxy list). Maybe it'll help you, didn't work for me.

I'll check, still I think apt is doing it wrongly though. The syntax for 
apt.conf allows me to set for specific hosts different proxy servers, 
something http_proxy would not even be able to do. But http_proxy 
overrides any specific configuration one makes. It feels very 
counterintuitive and prevents certain usage-scenarios.


> > I tried something like:
> >
> > 	Acquire {
> > 	        http {
> > 			Proxy::apt.sw.be "http://proxy:8080";
> > 	                Proxy::localhost "DIRECT";
> > 			Proxy::yam "DIRECT";
> > 	                Timeout "120";
> > 	                Pipeline-Depth "5";
> >
> > 	                No-Cache "false";
> > 	                Max-Age "86400";     // 1 Day age on index files
> > 	                No-Store "false";    // Prevent the cache from storing archives
> > 	        };
> > 	};
> >
> > in /etc/apt/apt.conf.d/proxy.conf
> >
> > But I'm not sure it is being used. Strangely it then seems to parse HTML
> > content it gets from the proxy instead.
> >
> > 	[root at system root]# apt-get update
> > 	Get:1 http://localhost rhel3as-i386/RPMS.os repomd.xml [630B]
> > 	0% [1 repomd.xml 0/630B
> > 	0%]/var/state/apt/lists/localhost_yam_rhel3as-i386_RPMS.os_repodata_repomd.xml:6:
> > 	parser error : Opening and ending tag mismatch: meta line 5 and head
> > 	</head>
> > 	       ^
> > 	/var/state/apt/lists/localhost_yam_rhel3as-i386_RPMS.os_repodata_repomd.xml:9:
> > 	parser error : AttValue: " or ' expected
> > 	<img src=http://www.company.com/wps/themes/html/Company/top_logo.gif>
> > 	         ^
> > 	/var/state/apt/lists/localhost_yam_rhel3as-i386_RPMS.os_repodata_repomd.xml:9:
> > 	parser error : attributes construct error
> > 	<img src=http://www.company.com/wps/themes/html/Company/top_logo.gif>
> > ...
> >
> > Anyone has an idea how to fix this ?
> 
> You could try setting no_proxy for the internal hosts for starters. But 
> now that you reminded me of this - I think the solution is to revert the 
> overriding so that any apt specific config overrides http_proxy etc and 
> not the other way around.

When would a change of this behaviour go into apt ? If you have a patch to 
make it more reasonable I'm happy to try it out under various conditions.

For me this is an important fix as it is confusing to team-members when or 
when not to use http_proxy="" when using apt.

PS I did discover that no_proxy works, the delimiter required is a comma. 
So it does work if I do:

	export no_proxy "localhost,hostname,yam,footprint,svn"

Kind regards,
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]



More information about the Apt-Rpm mailing list