Project

General

Profile

Actions

Bug #14609

closed

Update check in GUI does not always honor the configured proxy settings

Added by Jim Pingle 12 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Upgrade
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

When checking for updates from System > Update, the function call to update_repos() and pfSense-repoc does not honor the configured proxy settings (System > Advanced, Misc tab). I see the initial request to ews.netgate.com going directly out the WAN and not through the proxy.

When checking from the dashboard or from a shell prompt, all requests go through the proxy.

The following diff makes it work, but is just a proof of concept:

diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc
index a31dd38748..8decf26f3c 100644
--- a/src/etc/inc/pkg-utils.inc
+++ b/src/etc/inc/pkg-utils.inc
@@ -1507,7 +1507,23 @@ function update_repos() {
        $out = NULL;
        $product_name = g_get('product_name');

-       $res = exec("/usr/local/sbin/{$product_name}-repoc", $out, $rc);
+       $envstring = "";
+       $http_proxy = config_get_path('system/proxyurl');
+       $http_proxyport = config_get_path('system/proxyport');
+       if (!empty($http_proxy)) {
+               if (!empty($http_proxyport)) {
+                       $http_proxy .= ':' . $http_proxyport;
+               }
+               $envstring .= 'HTTP_PROXY=' . escapeshellarg($http_proxy);
+
+               $proxyuser = config_get_path('system/proxyuser');
+               $proxypass = config_get_path('system/proxypass');
+               if (!empty($proxyuser) && !empty($proxypass)) {
+                       $envstring .= ' HTTP_PROXY_AUTH=' . escapeshellarg("basic:*:" . $proxyuser . ":" . $proxypass);
+               }
+       }
+
+       $res = exec("{$envstring} /usr/local/sbin/{$product_name}-repoc", $out, $rc);
        if ($res === false || $out === NULL) {
                return (array( "error" => 1,
                    "messages" => array("We could not connect to Netgate servers. Please try again later.")));

Might be best to rewrite that to use pkg_env() and process_open() like we do for pkg_call() and pkg_exec().

Anyone who hits this can work around it by running the update check and the actual update from a real shell prompt (SSH or local console, not the GUI)

Actions #1

Updated by Jim Pingle 12 months ago

  • Description updated (diff)
Actions #2

Updated by Jim Pingle 12 months ago

  • Description updated (diff)
Actions #4

Updated by Jim Pingle 11 months ago

  • Assignee set to Jim Pingle
Actions #5

Updated by Jim Pingle 11 months ago

  • Status changed from New to In Progress
  • Private changed from Yes to No
Actions #6

Updated by Jim Pingle 11 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #7

Updated by Azamat Khakimyanov 9 months ago

  • Status changed from Feedback to Resolved

Tested on 23.05_1 and 23.09-BETA (built on Mon Oct 16 2:31:00 UTC 2023)

I was able to reproduce this issue on 23.05_1.
Applying patch fixed it. As a test I used traffic to ews.netgate.com. After applying patch traffic was forwarded correctly via configured proxy.

I didn't see this issue on 23.09-BETA.

I marked this Bug as resolved.

Actions #8

Updated by Jim Pingle 9 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF