Project

General

Profile

Actions
Copy link

Bug #14609

closed

Update check in GUI does not always honor the configured proxy settings

Added by Jim Pingle 10 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Upgrade
Target version:
2.7.1
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

When checking for updates from System > Update, the function call to update_repos() and pfSense-repoc does not honor the configured proxy settings (System > Advanced, Misc tab). I see the initial request to ews.netgate.com going directly out the WAN and not through the proxy.

When checking from the dashboard or from a shell prompt, all requests go through the proxy.

The following diff makes it work, but is just a proof of concept:

diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc
index a31dd38748..8decf26f3c 100644
--- a/src/etc/inc/pkg-utils.inc
+++ b/src/etc/inc/pkg-utils.inc
@@ -1507,7 +1507,23 @@ function update_repos() {
        $out = NULL;
        $product_name = g_get('product_name');

-       $res = exec("/usr/local/sbin/{$product_name}-repoc", $out, $rc);
+       $envstring = "";
+       $http_proxy = config_get_path('system/proxyurl');
+       $http_proxyport = config_get_path('system/proxyport');
+       if (!empty($http_proxy)) {
+               if (!empty($http_proxyport)) {
+                       $http_proxy .= ':' . $http_proxyport;
+               }
+               $envstring .= 'HTTP_PROXY=' . escapeshellarg($http_proxy);
+
+               $proxyuser = config_get_path('system/proxyuser');
+               $proxypass = config_get_path('system/proxypass');
+               if (!empty($proxyuser) && !empty($proxypass)) {
+                       $envstring .= ' HTTP_PROXY_AUTH=' . escapeshellarg("basic:*:" . $proxyuser . ":" . $proxypass);
+               }
+       }
+
+       $res = exec("{$envstring} /usr/local/sbin/{$product_name}-repoc", $out, $rc);
        if ($res === false || $out === NULL) {
                return (array( "error" => 1,
                    "messages" => array("We could not connect to Netgate servers. Please try again later.")));

Might be best to rewrite that to use pkg_env() and process_open() like we do for pkg_call() and pkg_exec().

Anyone who hits this can work around it by running the update check and the actual update from a real shell prompt (SSH or local console, not the GUI)

Actions
Copy link

Also available in: Atom PDF