Bug #14609
closed
Update check in GUI does not always honor the configured proxy settings
100%
Description
When checking for updates from System > Update, the function call to update_repos() and pfSense-repoc does not honor the configured proxy settings (System > Advanced, Misc tab). I see the initial request to ews.netgate.com going directly out the WAN and not through the proxy.
When checking from the dashboard or from a shell prompt, all requests go through the proxy.
The following diff makes it work, but is just a proof of concept:
diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc
index a31dd38748..8decf26f3c 100644
--- a/src/etc/inc/pkg-utils.inc
+++ b/src/etc/inc/pkg-utils.inc
@@ -1507,7 +1507,23 @@ function update_repos() {
$out = NULL;
$product_name = g_get('product_name');
- $res = exec("/usr/local/sbin/{$product_name}-repoc", $out, $rc);
+ $envstring = "";
+ $http_proxy = config_get_path('system/proxyurl');
+ $http_proxyport = config_get_path('system/proxyport');
+ if (!empty($http_proxy)) {
+ if (!empty($http_proxyport)) {
+ $http_proxy .= ':' . $http_proxyport;
+ }
+ $envstring .= 'HTTP_PROXY=' . escapeshellarg($http_proxy);
+
+ $proxyuser = config_get_path('system/proxyuser');
+ $proxypass = config_get_path('system/proxypass');
+ if (!empty($proxyuser) && !empty($proxypass)) {
+ $envstring .= ' HTTP_PROXY_AUTH=' . escapeshellarg("basic:*:" . $proxyuser . ":" . $proxypass);
+ }
+ }
+
+ $res = exec("{$envstring} /usr/local/sbin/{$product_name}-repoc", $out, $rc);
if ($res === false || $out === NULL) {
return (array( "error" => 1,
"messages" => array("We could not connect to Netgate servers. Please try again later.")));
Might be best to rewrite that to use pkg_env() and process_open() like we do for pkg_call() and pkg_exec().
Anyone who hits this can work around it by running the update check and the actual update from a real shell prompt (SSH or local console, not the GUI)
Updated by Jim Pingle 8 months ago
- Status changed from New to In Progress
- Private changed from Yes to No
Updated by Jim Pingle 8 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 3c8a408116c01d74fd114d8cc143b0f550bf00c5.
Updated by Azamat Khakimyanov 7 months ago
- Status changed from Feedback to Resolved
Tested on 23.05_1 and 23.09-BETA (built on Mon Oct 16 2:31:00 UTC 2023)
I was able to reproduce this issue on 23.05_1.
Applying patch fixed it. As a test I used traffic to ews.netgate.com. After applying patch traffic was forwarded correctly via configured proxy.
I didn't see this issue on 23.09-BETA.
I marked this Bug as resolved.