Tâche #27147: Le téléchargement des clefs GPG des dépôts tiers n’est pas possible en HTTP - Distribution EOLE - Ensemble Ouvert Libre Évolutif

Tâche #27147

Scénario #26618: Traitement express MEN (10-12)

Le téléchargement des clefs GPG des dépôts tiers n’est pas possible en HTTP

Added by Emmanuel GARETTE 8 months ago. Updated 7 months ago.

Status:

Fermé

Priority:

Normal

Assigned To:

Daniel Dehennin

Target version:

sprint 2019 10-12 Equipe MENSR

Start date:

03/07/2019

Due date:

% Done:

100%

Estimated time:

2.00 h

Remaining (hours):

0.0

Description

Dans pyeole/pkg.py on a :

                         env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1])}
                         env = {'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}

Le proxy n'est donc pas mis pour http. Il faudrait corrigé de la manière suivante :

                        env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1]),
                               'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}

Associated revisions

Revision 6d143e6e (diff)
Added by Daniel Dehennin 8 months ago

Additionnal repository key can not be download by HTTP with a proxy

The “env” variable is overridden with the “https_proxy” resulting in
the loss of “http_proxy” environnment variable.

pyeole/pkg.py (_configure_sources_mirror): set “env” variable as a
python dictionnary.

Ref: #21147

Revision 5a9a53cf (diff)
Added by Daniel Dehennin 8 months ago

GPG keyserver download require a special option for proxy

Exporting the proxy to the environnment does not work GPG. GPG
requires a dedicated “--keyserver-options”.

pyeole/pkg.py (_configure_sources_mirror): pass the proper
“http-proxy” option to GPG instead of using an environment variable.

Ref: #21147

History

#1 Updated by Daniel Dehennin 8 months ago

Estimated time set to 2.00 h
Parent task set to #26911

#2 Updated by Daniel Dehennin 8 months ago

Assigned To set to Daniel Dehennin
Remaining (hours) set to 2.0

#3 Updated by Daniel Dehennin 8 months ago

Le problème est présent depuis 2.6.1.

#4 Updated by Daniel Dehennin 8 months ago

Status changed from Nouveau to En cours
% Done changed from 0 to 100

#5 Updated by Daniel Dehennin 8 months ago

Subject changed from Le proxy http n'est pas mis en place pour les dépôts tiers to Le téléchargement des clefs GPG des dépôts tiers n’est pas possible en HTTP

#6 Updated by Emmanuel GARETTE 8 months ago

Il y un problème avec le proxy et GPG ...

Chez moi ca corrige :

--- a/pyeole/pkg.py
+++ b/pyeole/pkg.py
@@ -1914,22 +1914,20 @@ def _configure_sources_mirror(pkgmgr, ubuntu=None, eole=None, envole=None,
                         raise AptProxyError(_('cannot retrieve the URL {}, more information in {}').format(url, logfile))
                 else:
                     proxy = EolePkgApt._get_proxy()
-                    if proxy is None:
-                        env = None
-                    else:
-                        env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1]),
-                               'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}
                     keyserver = additional_repository_key_signserver[idx]
                     signing_key_fingerprint = additional_repository_key_fingerprint[idx]
                     secret_keyring = os.path.join(keyring_dir, "secring.gpg")
                     export_keyring = os.path.join(keyring_dir, "export-keyring.gpg")
                     cmd = ['gpg', '--no-default-keyring', '--no-options',
-                           '--homedir', keyring_dir,
-                           '--secret-keyring', secret_keyring,
-                           '--keyring', export_keyring,
-                           '--keyserver', keyserver,
-                           '--recv', signing_key_fingerprint]
-
+                           '--homedir', keyring_dir]
+
+                    if proxy is not None:
+                        cmd.append('--keyserver-options')
+                        cmd.append('http-proxy=http://{}:{}'.format(proxy[0], proxy[1]))
+                    cmd.extend(['--secret-keyring', secret_keyring,
+                                '--keyring', export_keyring,
+                                '--keyserver', keyserver,
+                                '--recv', signing_key_fingerprint])
                     code, stdout, stderr = system_out(cmd)
                     if code != 0:
                         if os.path.isfile(keyring):