Actions
Regression #15094
closedUpdates fail against an authenticated upstream proxy
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.11
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
All
Description
When an upstream authenticated proxy is defined pkg commands fail, appearing to use the defined proxy but not send login creds:
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: pkg -d update DBG(1)[63719]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[63719]> PkgRepo: verifying update for pfSense-core DBG(1)[63719]> PkgRepo: need forced update of pfSense-core DBG(1)[63719]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[63719]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[63719]> curl_open DBG(1)[63719]> Fetch: fetcher used: pkg+https DBG(1)[63719]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[63719]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Trying 172.21.16.185:3128... * Connected to 172.21.16.185 (172.21.16.185) port 3128 * CONNECT tunnel: HTTP/1.1 negotiated * allocate connect buffer * Establish HTTP proxy tunnel to pfsense-plus-pkg01.atx.netgate.com:443 > CONNECT pfsense-plus-pkg01.atx.netgate.com:443 HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com:443 User-Agent: pkg/1.20.8 Proxy-Connection: Keep-Alive < HTTP/1.1 407 Proxy Authentication Required < Server: squid < Mime-Version: 1.0 < Date: Thu, 14 Dec 2023 02:07:18 GMT < Content-Type: text/html;charset=utf-8 < Content-Length: 3614 < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 < Vary: Accept-Language < Content-Language: en < Proxy-Authenticate: Basic realm="Please enter your credentials to access the proxy" < X-Cache: MISS from cuda.stevew.lan < X-Cache-Lookup: NONE from cuda.stevew.lan:3128 < Via: 1.1 cuda.stevew.lan (squid) < Connection: keep-alive < * Ignore 3614 bytes of response-body * CONNECT tunnel failed, response 407 * Closing connection
This appears to be due to newer pkg versions using curl which also fails where fetch still succeeds:
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: fetch https://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core/meta.txz meta.txz 944 B 4117 kBps 00s [23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: pfSense-repoc Messages: Your Netgate device has pfSense+ as part of your device purchase.
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: curl -v https://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core/meta.txz * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Trying [2610:160:11:18::209]:443... * Immediate connect fail for 2610:160:11:18::209: No route to host ^C
Curl not even trying to use the copmnfigured proxy when called directly
Updated by Jim Pingle about 1 year ago
- Target version changed from CE-Next to 2.8.0
- Plus Target Version changed from Plus-Next to 24.03
Updated by Jim Pingle 12 months ago
- Plus Target Version changed from 24.03 to 24.07
Updated by Brad Davis 10 months ago
- Assignee set to Brad Davis
Fixed upstream, will be in the next pkg release
Updated by Kris Phillips 10 months ago
Tickets 2616976047 and 2698680909 both are regarding this issue.
Updated by Jim Pingle 10 months ago
- Plus Target Version changed from 24.07 to 24.08
Updated by Steve Wheeler 9 months ago
- Status changed from New to In Progress
Updated by Jim Pingle 5 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Has this been tested lately? The relevant commits to fix this have been in our pkg port for a couple months now.
The upstream PR was merged but it doesn't appear to be in an upstream release yet, but there is a patch in our ports tree that adds it.
Updated by Jim Pingle 5 months ago
- Plus Target Version changed from 24.08 to 24.11
Actions