[Bug 226780] Re: apt-key net-update does not obey APT::Acquire::http::Proxy

Michael 226780 at bugs.launchpad.net
Tue Jun 26 15:10:21 UTC 2012


I feel the updated description describes a different bug to what I (and
other commenters) are reporting on, ie. as per the bug *title*, that
apt-key does not obey APT::Acquire::http::Proxy. The new description
merely suggests changing behaviour such that it fails sooner, rather
than not make it fail in the first place!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/226780

Title:
  apt-key net-update does not obey APT::Acquire::http::Proxy

Status in “apt” package in Ubuntu:
  Triaged
Status in “apt” source package in Lucid:
  Triaged
Status in “apt” source package in Natty:
  New
Status in “apt” source package in Oneiric:
  New
Status in “apt” source package in Precise:
  Triaged

Bug description:
  [Impact]
  IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval. An example, would be attempting to reduce the number of retries wget performs in order to receive the gpg key. The default is 20 tries, however, if the firewall is set to DROP packets then thats a 90*20 timeout.

  [Test Case]
  # iptables -A OUTPUT -p tcp --dport 80 -j DROP
  # wget -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
  [endless hang] ^C

  # iptables -F
  # iptables -A OUTPUT -p tcp --dport 80 -j REJECT
  # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
  [returns in 90 seconds]
  #
  # iptables -F
  # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
  [returns instantly]
  #
  #
  # iptables -A OUTPUT -p tcp --dport 80 -j DROP
  # route del default
  # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
  [returns instantly]

  [Regression Potential]
  Potential for regression is minimal as this would allow apt-key to successfully timeout if the keyserver is unreachable and allow for continued operation required by other services (i.e. cron executed instances)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/226780/+subscriptions




More information about the foundations-bugs mailing list