Sunday, March 1, 2009

Setting up Debian APT behind Proxy Server

Setting APT to run behind a proxy server is a pretty easy and quick procedure. Login as root user, and then All you need to do is set http_proxy environment variable in http://username:password@proxy.server.com:port_no/ format.

debian:~# export http_proxy='http://shreyas:myPassword@myproxyserver.co.in:8080/'
debian:~# echo $http_proxy
http://shreyas:myPassword@myproxyserver.co.in:8080/
debian:~# cat /etc/apt/sources.list
#
deb http://ftp.us.debian.org/debian/ etch main
debian:~# apt-get update
Err http://ftp.us.debian.org etch Release.gpg
Could not resolve myproxyserver.co.in
Ign http://ftp.us.debian.org etch Release
Ign http://ftp.us.debian.org etch/main Packages/DiffIndex
Err http://ftp.us.debian.org etch/main Packages
Could not resolve myproxyserver.co.in
Failed to fetch http://ftp.us.debian.org/debian/dists/etch/Release.gpg Could not resolve myproxyserver.co.in
Failed to fetch http://ftp.us.debian.org/debian/dists/etch/main/binary-i386/Packages.gz Could not resolve myproxyserver.co.in
Reading package lists... Done
E: Some index files failed to download, they have been ignored, or old ones used instead.
debian:~#

Here as the proxy server address is fictitious, apt reports an error. But that's not the point really. The point is, if you observe, what apt does with the http_proxy URL is, it separates out the host (in this case, myproxyserver.co.in) from the URL. And how does it do that? Simply by finding '@' sign in the http_proxy URL and then taking the part from '@' to ':'.

This is fine, but only as long as our password is plain alpha-numeric. The moment password contains a special character, like an '@', this whole thing goes for a toss.

debian:~# export http_proxy='http://shreyas:my@Password@myproxyserver.co.in:8080/'
debian:~# echo $http_proxy
http://shreyas:my@Password@myproxyserver.co.in:8080/
debian:~# apt-get update
Err http://ftp.us.debian.org etch Release.gpg
Could not resolve Password@myproxyserver.co.in
Ign http://ftp.us.debian.org etch Release
Ign http://ftp.us.debian.org etch/main Packages/DiffIndex
Err http://ftp.us.debian.org etch/main Packages
Could not resolve Password@myproxyserver.co.in
Failed to fetch http://ftp.us.debian.org/debian/dists/etch/Release.gpg Could not resolve Password@myproxyserver.co.in
Failed to fetch http://ftp.us.debian.org/debian/dists/etch/main/binary-i386/Packages.gz Could not resolve Password@myproxyserver.co.in
Reading package lists... Done
E: Some index files failed to download, they have been ignored, or old ones used instead.
debian:~#

Now if you observe, because of the '@' in password, apt thinks the username is 'shreyas', password is 'my' and the host is 'Password@myproxyserver.co.in'!! Try using escaping the '@' with a '\' and you will still get the same result.

This is the problem I had been facing since last couple of days. Few of the other guys have also reported this problem in other debian and ubuntu forums, and it's around for almost an year now. It has also been filed in Debian Bug Tracking System (BTS) as bug #500560.

Though this might seem as a rare occurrence, passwords with special characters are a norm in password policies of several organizations, as it is with mine. So I had no option but to either say goodbye to Debian, or fix it myself. And given the regard and love I have towards Debian, I had to at least have a go at fixing the bug. Saying goodbye to such a fantastic distro just because of this minor problem would have been very painful.

Bugfix for APT Bug #500560

And the bug is fixed! As I said, what APT used to do was to look for '@' and a ':' just after that to resolve the Host from http_proxy URL.

After the bugfix, now APT supports escape character '\' before '@'s and ':'s, formulates the correct password. For example, if your password contains an '@' character, all you need to do is prefix the '@' with a '\' while exporting the http_proxy environment variable.

debian:~# export http_proxy='http://shreyas:my\@Password@myproxyserver.co.in:8080/'
debian:~# echo $http_proxy
http://shreyas:my\@Password@myproxyserver.co.in:8080/
debian:~#

I have prepared this bugfix patches for both Lenny and Etch distributions. And they are available at my bugfix post.

For ready reference, here are the cross links to the patch files – 

  1. Debian Lenny - Bug #500560 Patch for APT v0.7.20.2

  2. Debian Etch - Bug #500560 Patch for APT v0.6.46.4.1

These patches have been tested on a Debian 'etch' 4.0 r4a distro running on a Dell Vostro 1500 latop (core 2 duo, 2GB).

Please report if you face any issues with the patches.







Posted by shreyas at 10:31:00 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)