[Bug 732886] New: on 12.1 : Yast - zypper fails behaind a proxy
https://bugzilla.novell.com/show_bug.cgi?id=732886 https://bugzilla.novell.com/show_bug.cgi?id=732886#c0 Summary: on 12.1 : Yast - zypper fails behaind a proxy Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: i586 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Kasimir.Mueller@t-online.de QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 see http://lists.opensuse.org/opensuse-de/2011-11/msg00689.html Yast2/zypper softwaremangement fails behind a authentificating proxy (squid), even if Yast2 - proxy says OK. /etc/sysconfig/proxy and environment-variables are set. Commandline wget works. The proxy blocks ping and icmp-traffic. Reproducible: Always Steps to Reproduce: 1. set yast2 - proxy 2. open yast2 softwaremanagement 3. run zypper ref in commandline Actual Results: server temporarily not accessible Expected Results: software management should be working behind a proxy -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c1
--- Comment #1 from Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c
Martin Vidner
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c2
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c3
Kasimir Mueller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c4
--- Comment #4 from Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c5
Duncan Mac-Vicar
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c6
--- Comment #6 from Kasimir Mueller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c
Kasimir Mueller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c7
--- Comment #7 from Kasimir Mueller
I tried to reproduced this with our internal proxy and I could not.
YaST setup /root/.curlrc which is what both my logs and your logs are using.
The difference starts in this line:
2011-12-01 09:46:05 <1> linux-v3uk(4844) [zypp++] MediaCurl.cc(log_curl):111 * About to connect() to proxy 10.141.21.13 port 3128 (#0) 2011-12-01 09:46:05 <1> linux-v3uk(4844) [zypp++] MediaCurl.cc(log_curl):111 * Trying 10.141.21.13... 2011-12-01 09:46:05 <1> linux-v3uk(4844) [zypp++] MediaCurl.cc(log_curl):111 * connected 2011-12-01 09:46:05 <1> linux-v3uk(4844) [zypp++] MediaCurl.cc(log_curl):111 * The requested URL returned error: 503 2011-12-01 09:46:05 <1> linux-v3uk(4844) [zypp++] MediaCurl.cc(log_curl):111 * Closing connection #0
You are getting 503 Service Unavailable. I tried changing the credentials to wrong ones or removing them gives me 407.
With this information we can assume: - libzypp is reading proxy info from .curlrc - It identifies the proxy correclty (connected line) - It seems to not be a problem of credentials (error code)
Can you try curl on the command line as root?
curl and wget work wonderful ! curl http://download.opensuse.org/update/12.1/repodata/repomd.xml displays the file on screen -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c8
Dirk Schwartzkopff
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c9
Benjamin Zoeller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c10
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c11
--- Comment #11 from Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c12
Bill Page
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c13
--- Comment #13 from Benjamin Zoeller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c14
--- Comment #14 from Duncan Mac-Vicar
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c15
--- Comment #15 from Bill Page
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c16
Dieter Jurzitza
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c17
--- Comment #17 from Benjamin Zoeller
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c18
Michal Seben
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c19
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c20
--- Comment #20 from Dieter Jurzitza
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c21
--- Comment #21 from Michael Andres
variables are not honored by libzypp (or whatever ....)
libproxy. We moved the proxy handling out of libzypp and are using libproxy now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c22
Robert Thomas
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c23
Trevor Woerner
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c24
--- Comment #24 from Trevor Woerner
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c25
--- Comment #25 from Michael Andres
~/.aria2/aria2.conf
Per default zypp does not use aria.
etc... and still not getting it to work (probably due to things like underscores in the company server names)
- Maybe due to bug #74076. user:pass directly embedded in a proxy url in /etc/sysconfig/proxy did not work correctly. (fixed in libzypp 10.3.6) With older libzypp versions sysconfig/proxy needs to contain the plain url and credentials are taken from .curlrc only. (the way yast configures it). - '<domain>\\<user>' might not work either (depends on libcurl). Zypp will pass the '\\' literally to libcurl, i.e. zypp expects special chars in the url to be %-escaped ('%5C' for '\'). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c26
Petr Uzel
In case this is of any interest to people looking for a solution...
..... it took all of 3 minutes to get everything working perfectly by using cntlm.
Trevor, could you please share the exact steps necessary to make it work with work with cntlm? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c27
--- Comment #27 from Duncan Mac-Vicar
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c28
--- Comment #28 from Duncan Mac-Vicar
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c29
--- Comment #29 from Trevor Woerner
Trevor, could you please share the exact steps necessary to make it work with work with cntlm?
Sure. 1) install the cntlm package (in my case cntlm-0.35.1-17.1.2.x86_64) 2) as root, edit its configuration file (/etc/cntlm.conf) - at the very top you should see entries for "Username", "Domain", "Password", and "Proxy" - edit and uncomment those lines with the information appropriate to your situation - I have two "Proxy" lines since there are two proxies on my particular network - everything else in this file, for me, remains commented out 3) use Yast2's "System" -> "System Services (Runlevel)" to start the cntlm process and to ensure it will start up on reboot 4) now use Yast2's "Network Services" -> "Proxy" to configure a proxy but point all your proxies to your local machine. By default cntlm will listen on port 3128 so if you haven't changed it, point all your proxies to 127.0.0.1:3128 At this point everything worked for me: wget, Yast2 "Software" -> "Online Update", curl, etc. I edited Firefox's settings to "Use System Proxy Settings" and it works for me too. While trying to follow the advice from above in this bug report I ran into several snafus because of the backslash between the Username and Domain for the Windows credentials and the fact out corporate proxy uses an underscore in the hostname. I found Yast2's Proxy wouldn't accept the underscore but had different behaviour if I used the IP address directly versus editing the /etc/sysconfig/proxy file by hand and inserting the hostnames with underscores directly. I also found some things worked but not all when using the backslash for the credentials. By separating out the Username and Domain, and by understanding they exist, cntlm doesn't have any issues authenticating with the Windows credentials (i.e there's no backslash issue). In my case I used the IP addresses + ":" + port themselves in cntlm's configuration file and that worked fine to specify my two proxies. Since cntlm is able to authenticate correctly and all the authentication happens in only one place, pointing all your proxies to your local cntlm instance works out nicely. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c30
--- Comment #30 from Trevor Woerner
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c31
--- Comment #31 from Michael Andres
(for SLE-11 SP1 and SP2). The same patch should be in Factory already, but not in 12.1. May be we can release a backport for 12.1 too.
It's in 12.1 since libzypp-10.3.0 (Oct 2011) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732886
https://bugzilla.novell.com/show_bug.cgi?id=732886#c32
Michael Andres
participants (1)
-
bugzilla_noreply@novell.com