[Bug 1952720] Re: apt uses proxy in order to access local resources

David Laštovička 1952720 at bugs.launchpad.net
Tue Nov 30 11:02:12 UTC 2021 

For reference, see below the content of the sources.list (comments stripped, source.list.d is empty; you can see that it does not contain neither 127.0.0.1 nor 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 mentioned in the error messages; the 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 is IP assigned by DHCP to the apt's localhost):
deb http://lu.archive.ubuntu.com/ubuntu/ impish main restricted
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates main restricted
deb http://lu.archive.ubuntu.com/ubuntu/ impish universe
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates universe
deb http://lu.archive.ubuntu.com/ubuntu/ impish multiverse
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates multiverse
deb http://lu.archive.ubuntu.com/ubuntu/ impish-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu impish-security main restricted
deb http://security.ubuntu.com/ubuntu impish-security universe
deb http://security.ubuntu.com/ubuntu impish-security multiverse

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1952720

Title:
  apt uses proxy in order to access local resources

Status in apt package in Ubuntu:
  Invalid

Bug description:
  apt uses proxy in order to access local resources. This leads to
  errors when the proxy is configured to allow only access to the
  resources that apt is actually expected to be trying to reach.

  Steps to reproduce:

  - In VirtualBox install Ubuntu 21.10, Minimal installation.
  - In Terminal run:
    sudo apt install squid-deb-proxy squid-deb-proxy-client
    sudo apt update

  After the last step, apt is trying to use the installed squid-deb-
  proxy, but it fails, because the proxy is configured to allow access
  only to the mirrors, but apt is trying to use it also to access the
  locally available keys.

  As a workaround, the proxy configuration can be changed to accept any connection:
  in /etc/squid-deb-proxy/squid-deb-proxy.conf replace the line:
  'http_access deny !to_archive_mirrors'
  with
  'http_access allow all'
  run 'sudo systemctl restart squid-deb-proxy'
  Now, 'sudo apt update' will succeed.

  While what I managed to "correct" the issue by amending squid-deb-
  proxy configuration, I believe that it is a bug in apt that uses the
  proxy when not appropriate.

  The output of the failing sudo apt update (with IP addresses "anonymized"; the address 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 is supposed to be the IP assigned to the machine where the apt client is running):
  Err:1 http://lu.archive.ubuntu.com/ubuntu impish InRelease
    403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  Err:2 http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease
    403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  Err:3 http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease
    403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
  Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
  Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
  Err:4 http://security.ubuntu.com/ubuntu impish-security InRelease
    Connection failed [IP: 127.0.0.1 8000]
  Reading package lists... Done
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish InRelease' is no longer signed.
  E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish/InRelease  403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-updates/InRelease  403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease' is no longer signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-backports/InRelease  403  Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
  E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease' is no longer signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1952720/+subscriptions

More information about the foundations-bugs mailing list