https://bugzilla.novell.com/show_bug.cgi?id=227511 dmacvicar@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |mc@novell.com ------- Comment #1 from dmacvicar@novell.com 2006-12-11 09:37 MST ------- opensuse-updater just calls zypp-checkpatches, which links against libzypp whioch reads proxy information from /etc/proxy/sysconfig It seems libzypp does not read the proxy authentication from there, but from HOME/.curlrc but according to YaST module, you can specify the proxy auth information there: "f you are using a proxy server with authorization, enter Proxy User Name and Proxy Password. A valid username consists of printable ASCII characters (except for quotation marks) only." -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 ------- Comment #3 from mludvig@logix.net.nz 2006-12-11 16:12 MST ------- That's the problem - the password IS set in ~root/.curlrc but opensuse-updater (is that how the KDE icon / applet is called, isn't it?) runs with privileges of my normal user. Unfortunately in ~mludvig/.curlrc the password is not set. Now I anticipate arguments about security considerations ;-) Well, how about having a checkbox in the Yast proxy module saying something like "Disclose this username and password to users" (maybe "... in group wheel" or something). And then put it in /etc/curlrc? Or at least make opensuse-updater complain loudly when the proxy asks for authorization but that can't be found in .curlrc and/or $http_proxy. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 mludvig@logix.net.nz changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|227513 | nThis| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 dmacvicar@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |mludvig@logix.net.nz ------- Comment #5 from dmacvicar@novell.com 2006-12-12 03:35 MST ------- Comment #3 is incorrect. Please forget about the applet. The applet is dumb. The real guilty here is a binary the applet launches. This binary is run by the user, but the bnary has the suid bit on (+s). I think the bug could be that, HOME is defined in this case as the user's home, but zypp still looks if the curl file is owned by root. I mean, this implies zypp is not taking the case where a user runs a suid program linked to it. Michal, can you please chown /home/mludvig/.curlrc to root but give permissions to others to read? I want: mludvig@zofka:~> ls -l .curlrc -rw-r--r-- 1 root users 31 2006-12-12 14:33 .curlrc and see if it works. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 ------- Comment #7 from dmacvicar@novell.com 2006-12-12 03:54 MST ------- That is the reason then. zypp is not finding curlrc at all. And even if HOME is not cleaned, the user's curlc is not owned by root as zypp checks first. Which is the guilty component here? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 dmacvicar@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|opensuseupdater doesn't |[zypper][libzypp] doesn't authenticate to http |authenticate to http proxy |proxy -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511 iladijas+suse@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |iladijas+suse@gmail.com ------- Comment #10 from iladijas+suse@gmail.com 2007-05-16 13:21 MST ------- -- [~]$ wbinfo -u DOMAIN\sjd [~]# kinit -V sjd Password for sjd@xyzproxy.full.domain-name.com: ********** Authenticated to Kerberos v5 -- [~]$ wbinfo -i DOMAIN\\sjd DOMAIN\sjd:*:10000:10002:Sajid Ali:/home/DOMAIN/sjd:/bin/bash [~]$ wbinfo --separator \ [~]$ wbinfo --krb5auth=DOMAIN\\sjd%0password\) plaintext kerberos password authentication for [DOMAIN\sjd%0password)] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_10000 plaintext kerberos password authentication for [DOMAIN\sjd%0password\)] succeeded (requesting cctype: KCM) no credentials cached plaintext kerberos password authentication for [DOMAIN\sjd%0password)] succeeded (requesting cctype: KCM:0) no credentials cached plaintext kerberos password authentication for [DOMAIN\sjd%0password)] succeeded (requesting cctype: Garbage) no credentials cached plaintext kerberos password authentication for [DOMAIN\sjd%0password)] succeeded (requesting cctype: (null)) no credentials cached plaintext kerberos password authentication for [DOMAIN\sjd%0password)] succeeded (requesting cctype: 0) no credentials cached -- [~]# ls -l /root/.curlrc -rw-r--r-- 1 root root 82 May 16 22:05 /root/.curlrc [~]# ls -l /home/DOMAIN/sjd/.curlrc ls: cannot access /home/DOMAIN/sjd/.curlrc: No such file or directory [~]# cp -vp /root/.curlrc /home/DOMAIN/sjd/ `/root/.curlrc' -> `/home/DOMAIN/sjd/.curlrc' [~]# ls -l /home/DOMAIN/sjd/.curlrc -rw-r--r-- 1 root root 82 May 16 22:05 /home/DOMAIN/sjd/.curlrc <- -rw-r--r-- (readable by group|other) -- [~]# cat /root/.curlrc # Changed by YaST2 module proxy 05/16/2007 <- changed by YaST2, of course, as noted by YaST2 proxy-user = "DOMAIN\\sjd:0password\)" -- [~]# cat /etc/sysconfig/proxy PROXY_ENABLED="yes" HTTP_PROXY="DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080" HTTPS_PROXY="DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080" FTP_PROXY="DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080" GOPHER_PROXY="" NO_PROXY="localhost, 127.0.0.1" __note__: username: domain\sjd password: 0password) <- yes, zero & right parenthesis are part of the password -- [~]# cat /home/INT/sjd/.profile http_proxy=DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080 ftp_proxy=DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080 https_proxy=DOMAIN\\sjd:0password\)@xyzproxy.full.domain-name.com:8080 -- [~]# env | grep proxy http_proxy=http://xyzproxy.full.domain-name.com:8080 ftp_proxy=http://xyzproxy.full.domain-name.com:8080 https_proxy=http://xyzproxy.full.domain-name.com:8080 no_proxy=localhost, 127.0.0.1 -- Installation repos [~]# zypper sl # | Enabled | Refresh | Type | Name | URI --+---------+---------+------+-----------------------------------------+------------------------------------------------------------------ 1 | Yes | Yes | YaST | 20070210-123801 | ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/non-oss/ 2 | Yes | Yes | YUM | http://packman.unixheads.com/suse/10.2/ | http://packman.unixheads.com/suse/10.2/ 3 | Yes | Yes | YaST | 20070210-123301 | ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/oss -- zypper list update fails [~]# zypper lu Restoring system sources... Not found: Media Exception Not found: Media Exception Please insert media [Curl error for: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/non-oss/media.1/directory.yast: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 ] # 1. Retry [y/n]: n Please insert media [Curl error for: http://packman.unixheads.com/suse/10.2/repodata/repomd.xml: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 ] # 1. Retry [y/n]: n I/O error: Can't provide /repodata/repomd.xml from http://packman.unixheads.com/suse/10.2/ (A)bort, (R)etry, (I)gnore? a I/O error: Can't provide /repodata/repomd.xml from http://packman.unixheads.com/suse/10.2/ Not found: Media Exception Not found: Media Exception Please insert media [Curl error for: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/oss/media.1/directory.yast: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 ] # 1. Retry [y/n]: n Failed to restore sources -- YaST Online update fails [~]# you URL: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/non-oss/ Curl error for: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/non-oss/media.1/directory.yast: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 URL: http://packman.unixheads.com/suse/10.2/ Curl error for: http://packman.unixheads.com/suse/10.2/repodata/repomd.xml: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 http://packman.unixheads.com/suse/10.2/ Can't provide /repodata/repomd.xml from http://packman.unixheads.com/suse/10.2/ URL: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/oss Curl error for: ftp://mirrors.kernel.org/opensuse/distribution/10.2/repo/oss/media.1/directory.yast: Error code: HTTP response: 407 Error message: The requested URL returned error: 407 Please help. -- Sajid Ali "Information is not knowledge." -Albert Einstein -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c12 Andrew Pastuszak changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |amp68@verizon.net --- Comment #12 from Andrew Pastuszak 2007-10-02 14:15:45 MST --- Is there some reason you can't fix this in 10.2? There is no Novell client for 10.3, but there is for 10.2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511 Duncan Mac-Vicar changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|dmacvicar@novell.com |jkupec@novell.com Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c15 --- Comment #15 from Andrew Pastuszak 2007-10-07 11:03:07 MST --- Finally a workaround! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c17 --- Comment #17 from Ján Kupec 2007-10-08 03:56:57 MST --- BTW, confirmed, any of the following is correct, -- and = are optional: long-opt value --long-opt value long-opt = value --long-opt = value the correct way would be to fix it in libzypp, but let's use the '=' for now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c19 Ján Kupec changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mmarek@novell.com --- Comment #19 from Ján Kupec 2007-10-08 11:26:35 MST --- (In reply to comment #18 from Senthil Nachimuthu)

(In reply to comment #17 from Ján Kupec)

...

BTW, confirmed, any of the following is correct, -- and = are optional:

long-opt value --long-opt value long-opt = value --long-opt = value

Can you tell me where you found documentation for the .curlrc file syntax please? I searched the man pages for curl but I couldn't find the proper syntax.

Unfortunately i've hit the same problem, the correct syntax is poorly documented in the man page and i did not find anything more on the web either. All i did was to experiment with it.

I thought curl would just read this file and append it to the command line

Me too, but nope, it does not work like that, check for example the following: this one works: $ curl --max-filesize 2 http://asdf.comer this one doesn't (but within .curlrc it is OK) $ curl --max-filesize=2 http://asdf.comer curl: option --max-filesize=2: is unknown

switches. In that case, are the = sign and the double quotes required? I think As i said above, the = sign is not required but permitted in the .curlrc file, but _not allowed_ on the command line.

if the the value contains a whitespace, then it should be enclosed in single quotes? Can it be either single quotes or double quotes?

Yes, both are OK, AFAIK

Sorry for asking so many questions, I haven't used curl much, and the man pages do not provide these details.

true, we are left to experiments and source code reading :O( CCing our curl maintainer so that he can push the correction of the documentation upstream. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c21 Ján Kupec changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #21 from Ján Kupec 2007-10-15 02:14:06 MST --- (In reply to comment #20 from Andrew Pastuszak)

I added the = to the .curlrc in openSUSE and could not get opensuse-updater working. Is there any way to get this working on 10.2?

IIRC libzypp doesn't expect initial double dashes in the options in 10.2 (eg. use 'proxyuser = ' instead of '--proxyuser = '). Also you can use the workaround where you pass the options in the URL. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511#c23 eric vialas changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eric.vialas@laposte.net --- Comment #23 from eric vialas 2007-10-24 01:44:52 MST --- The workaround does not work for me because our corporate proxy does not accept Basic authentification but only NTLM or Kerberos. Curl will not work untill i add "proxy-ntlm" or "proxy-anyauth" into /root/.curlrc but even with this modification, i can't get a working opensuse-updater. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=227511#c25 Jiří­ Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |paetsch@adler.de --- Comment #25 from Jiří­ Suchomel 2007-12-10 08:17:03 MST --- *** Bug 344930 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=344930 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511 Ján Kupec changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[libzypp] doesn't authenticate to http proxy - |[libzypp][updater] doesn't authenticate to http |problem with $HOME? |proxy - problem with $HOME? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511 User jimomura@pathcom.com added comment https://bugzilla.novell.com/show_bug.cgi?id=227511#c27 Jim Omura changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jimomura@pathcom.com --- Comment #27 from Jim Omura 2008-07-22 15:51:56 MDT --- The last updates for "zypper" and "libzypp" were July 4, bringing "zypper" up to "zypper-0.8.23-7.x86_64.rpm". I have been using it lately and the panel icon seems to be working. I am thinking about asking for a change, but that would be an enhancement in another "bug report". Is there any reason not to close this one? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=227511 User jimomura@pathcom.com added comment https://bugzilla.novell.com/show_bug.cgi?id=227511#c29 --- Comment #29 from Jim Omura 2008-07-23 18:15:59 MDT --- (In reply to comment #28 from Jan Kupec)

(In reply to comment #27 from Jim Omura)

...

The last updates for "zypper" and "libzypp" were July 4, bringing "zypper" up to "zypper-0.8.23-7.x86_64.rpm". I have been using it lately and the panel icon seems to be working.

Are you behind a proxy that requires authentication?

No, but back at the end of October you recommended that a new "report" be opened requesting an enhancement. So at that point I was wondering if it had been done. Since another report could have been opened and closed without affecting this one. So the only outstanding problem I could see when reading through all this was the last problem where the icon applet was "not working at all", and since mine seems to be working fine, that raised the question whether this bug should be closed.

...

I am thinking about asking for a change, but that would be an enhancement in another "bug report". Is there any reason not to close this one?

Do you mean this "copy to new" button? Yes, you can do that (i hope it does not copy all the comments :O). In any case, it should be a NEW bug report.

No, actually, I was thinking about asking for more options beyond checking "every day" and "every other day." I am currently using this on a laptop and it just wastes my online time because there is no way I am going to update while I am on a v.90 connection. Do you guys ever remember how slow this can be? :-) However, I think the better idea would be for me to uninstall the icon applet, if I can do that without affecting the regular "online update" in Yast2. So I might not bother asking for any changes. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.