Actions
Regression #15094
open
Updates fail against an authenticated upstream proxy
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.11
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
All
Description
When an upstream authenticated proxy is defined pkg commands fail, appearing to use the defined proxy but not send login creds:
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: pkg -d update DBG(1)[63719]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[63719]> PkgRepo: verifying update for pfSense-core DBG(1)[63719]> PkgRepo: need forced update of pfSense-core DBG(1)[63719]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[63719]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[63719]> curl_open DBG(1)[63719]> Fetch: fetcher used: pkg+https DBG(1)[63719]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[63719]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Trying 172.21.16.185:3128... * Connected to 172.21.16.185 (172.21.16.185) port 3128 * CONNECT tunnel: HTTP/1.1 negotiated * allocate connect buffer * Establish HTTP proxy tunnel to pfsense-plus-pkg01.atx.netgate.com:443 > CONNECT pfsense-plus-pkg01.atx.netgate.com:443 HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com:443 User-Agent: pkg/1.20.8 Proxy-Connection: Keep-Alive < HTTP/1.1 407 Proxy Authentication Required < Server: squid < Mime-Version: 1.0 < Date: Thu, 14 Dec 2023 02:07:18 GMT < Content-Type: text/html;charset=utf-8 < Content-Length: 3614 < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 < Vary: Accept-Language < Content-Language: en < Proxy-Authenticate: Basic realm="Please enter your credentials to access the proxy" < X-Cache: MISS from cuda.stevew.lan < X-Cache-Lookup: NONE from cuda.stevew.lan:3128 < Via: 1.1 cuda.stevew.lan (squid) < Connection: keep-alive < * Ignore 3614 bytes of response-body * CONNECT tunnel failed, response 407 * Closing connection
This appears to be due to newer pkg versions using curl which also fails where fetch still succeeds:
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: fetch https://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core/meta.txz meta.txz 944 B 4117 kBps 00s [23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: pfSense-repoc Messages: Your Netgate device has pfSense+ as part of your device purchase.
[23.09.1-RELEASE][admin@5100-2.stevew.lan]/root: curl -v https://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core/meta.txz * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Trying [2610:160:11:18::209]:443... * Immediate connect fail for 2610:160:11:18::209: No route to host ^C
Curl not even trying to use the copmnfigured proxy when called directly
Updated by Jim Pingle 11 months ago
- Target version changed from CE-Next to 2.8.0
- Plus Target Version changed from Plus-Next to 24.03
Updated by Jim Pingle 8 months ago
- Plus Target Version changed from 24.03 to 24.07
Updated by Brad Davis 6 months ago
- Assignee set to Brad Davis
Fixed upstream, will be in the next pkg release
Updated by Kris Phillips 6 months ago
Tickets 2616976047 and 2698680909 both are regarding this issue.
Updated by Jim Pingle 6 months ago
- Plus Target Version changed from 24.07 to 24.08
Updated by Steve Wheeler 5 months ago
- Status changed from New to In Progress
Updated by Jim Pingle about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Has this been tested lately? The relevant commits to fix this have been in our pkg port for a couple months now.
The upstream PR was merged but it doesn't appear to be in an upstream release yet, but there is a patch in our ports tree that adds it.
Updated by Jim Pingle about 1 month ago
- Plus Target Version changed from 24.08 to 24.11
Actions