[Bug 1952720] Re: apt uses proxy in order to access local resources
David Laštovička
1952720 at bugs.launchpad.net
Tue Nov 30 11:02:12 UTC 2021
For reference, see below the content of the sources.list (comments stripped, source.list.d is empty; you can see that it does not contain neither 127.0.0.1 nor 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 mentioned in the error messages; the 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 is IP assigned by DHCP to the apt's localhost):
deb http://lu.archive.ubuntu.com/ubuntu/ impish main restricted
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates main restricted
deb http://lu.archive.ubuntu.com/ubuntu/ impish universe
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates universe
deb http://lu.archive.ubuntu.com/ubuntu/ impish multiverse
deb http://lu.archive.ubuntu.com/ubuntu/ impish-updates multiverse
deb http://lu.archive.ubuntu.com/ubuntu/ impish-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu impish-security main restricted
deb http://security.ubuntu.com/ubuntu impish-security universe
deb http://security.ubuntu.com/ubuntu impish-security multiverse
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1952720
Title:
apt uses proxy in order to access local resources
Status in apt package in Ubuntu:
Invalid
Bug description:
apt uses proxy in order to access local resources. This leads to
errors when the proxy is configured to allow only access to the
resources that apt is actually expected to be trying to reach.
Steps to reproduce:
- In VirtualBox install Ubuntu 21.10, Minimal installation.
- In Terminal run:
sudo apt install squid-deb-proxy squid-deb-proxy-client
sudo apt update
After the last step, apt is trying to use the installed squid-deb-
proxy, but it fails, because the proxy is configured to allow access
only to the mirrors, but apt is trying to use it also to access the
locally available keys.
As a workaround, the proxy configuration can be changed to accept any connection:
in /etc/squid-deb-proxy/squid-deb-proxy.conf replace the line:
'http_access deny !to_archive_mirrors'
with
'http_access allow all'
run 'sudo systemctl restart squid-deb-proxy'
Now, 'sudo apt update' will succeed.
While what I managed to "correct" the issue by amending squid-deb-
proxy configuration, I believe that it is a bug in apt that uses the
proxy when not appropriate.
The output of the failing sudo apt update (with IP addresses "anonymized"; the address 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 is supposed to be the IP assigned to the machine where the apt client is running):
Err:1 http://lu.archive.ubuntu.com/ubuntu impish InRelease
403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
Err:2 http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease
403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
Err:3 http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease
403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
Ign:4 http://security.ubuntu.com/ubuntu impish-security InRelease
Err:4 http://security.ubuntu.com/ubuntu impish-security InRelease
Connection failed [IP: 127.0.0.1 8000]
Reading package lists... Done
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish InRelease' is no longer signed.
E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-updates/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-updates InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://lu.archive.ubuntu.com/ubuntu/dists/impish-backports/InRelease 403 Forbidden [IP: 2a03:687:4ea:4900:fe9f:937c:3487:4cd3 8000]
E: The repository 'http://lu.archive.ubuntu.com/ubuntu impish-backports InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1952720/+subscriptions
More information about the foundations-bugs
mailing list