installing Ubuntu https PPA's with squid caching

[Stuart McGraw]

Sorry for the delayed reply, I was away for the holidays.

On 11/22/18 5:29 AM, Colin Watson wrote:
> On Wed, Nov 21, 2018 at 02:26:40PM -0700, Stuart McGraw wrote:
>> Thanks, I've started looking at acng but it feels like a sub-optimal
>> solution:
>> - Project hasn't seen any activity in 5 years
> 
> This seems untrue (even if the upstream web page hasn't been touched - I
> don't know).  See https://tracker.debian.org/pkg/apt-cacher-ng

Oops, you are correct.  I was somehow looking at a github clone I
erroneously thought was the upstream source.

>> - Caching seems to be a complex business and seems like Squid or some
>>    thing similar is likely more widely used and hence more robust.
>> - acng is limited to Ubuntu/Debian servers (my current Squid solution
>>    is running on an old Fedora box and I hoped to also cache Fedora rpms.)
>> However, if that is the only viable option then that's just how things
>> are.  :-(
> 
> Indeed.
> 
>> I guess I remain surprised at the lack of a good general solution since
>> it seems this is a growing problem with the promotion of https everywhere.
>> I had hoped that Squid could accept an http connection from a client and
>> proxy it as a https connection to the destination server (glossing over
>> how it knows whether to do that or not).
> 
> I think the problem is more persuading the client to do that; if all
> squid sees is a CONNECT request there's not much it can do about it.

I was envisioning the client (apt in this case) connecting to the
proxy (squid) via http (isn't that the way it was done before CONNECT
existed?) and the proxy would talk to the destination server via https.
I was hoping there were some secret options in apt and/or squid to allow
this to be done.  It seems there is not.  :-(

I'm in the process now of trying to use squid's "ssl bump" feature to
decrypt apt's https requests and cache them but it seems like a lot
of complexity and fragility for what seems like a common use case.