Project

General

Profile

Tâche #27147

Scénario #26618: Traitement express MEN (10-12)

Le téléchargement des clefs GPG des dépôts tiers n’est pas possible en HTTP

Added by Emmanuel GARETTE 8 months ago. Updated 7 months ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
03/07/2019
Due date:
% Done:

100%

Estimated time:
2.00 h
Remaining (hours):
0.0

Description

Dans pyeole/pkg.py on a :

                         env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1])}
                         env = {'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}

Le proxy n'est donc pas mis pour http. Il faudrait corrigé de la manière suivante :

                        env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1]),
                               'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}

Associated revisions

Revision 6d143e6e (diff)
Added by Daniel Dehennin 8 months ago

Additionnal repository key can not be download by HTTP with a proxy

The “env” variable is overridden with the “https_proxy” resulting in
the loss of “http_proxy” environnment variable.

  • pyeole/pkg.py (_configure_sources_mirror): set “env” variable as a
    python dictionnary.

Ref: #21147

Revision 5a9a53cf (diff)
Added by Daniel Dehennin 8 months ago

GPG keyserver download require a special option for proxy

Exporting the proxy to the environnment does not work GPG. GPG
requires a dedicated “--keyserver-options”.

  • pyeole/pkg.py (_configure_sources_mirror): pass the proper
    “http-proxy” option to GPG instead of using an environment variable.

Ref: #21147

History

#1 Updated by Daniel Dehennin 8 months ago

  • Estimated time set to 2.00 h
  • Parent task set to #26911

#2 Updated by Daniel Dehennin 8 months ago

  • Assigned To set to Daniel Dehennin
  • Remaining (hours) set to 2.0

#3 Updated by Daniel Dehennin 8 months ago

Le problème est présent depuis 2.6.1.

#4 Updated by Daniel Dehennin 8 months ago

  • Status changed from Nouveau to En cours
  • % Done changed from 0 to 100

#5 Updated by Daniel Dehennin 8 months ago

  • Subject changed from Le proxy http n'est pas mis en place pour les dépôts tiers to Le téléchargement des clefs GPG des dépôts tiers n’est pas possible en HTTP

#6 Updated by Emmanuel GARETTE 8 months ago

Il y un problème avec le proxy et GPG ...

Chez moi ca corrige :

--- a/pyeole/pkg.py
+++ b/pyeole/pkg.py
@@ -1914,22 +1914,20 @@ def _configure_sources_mirror(pkgmgr, ubuntu=None, eole=None, envole=None,
                         raise AptProxyError(_('cannot retrieve the URL {}, more information in {}').format(url, logfile))
                 else:
                     proxy = EolePkgApt._get_proxy()
-                    if proxy is None:
-                        env = None
-                    else:
-                        env = {'http_proxy': '{}:{}'.format(proxy[0], proxy[1]),
-                               'https_proxy': '{}:{}'.format(proxy[0], proxy[1])}
                     keyserver = additional_repository_key_signserver[idx]
                     signing_key_fingerprint = additional_repository_key_fingerprint[idx]
                     secret_keyring = os.path.join(keyring_dir, "secring.gpg")
                     export_keyring = os.path.join(keyring_dir, "export-keyring.gpg")
                     cmd = ['gpg', '--no-default-keyring', '--no-options',
-                           '--homedir', keyring_dir,
-                           '--secret-keyring', secret_keyring,
-                           '--keyring', export_keyring,
-                           '--keyserver', keyserver,
-                           '--recv', signing_key_fingerprint]
-
+                           '--homedir', keyring_dir]
+
+                    if proxy is not None:
+                        cmd.append('--keyserver-options')
+                        cmd.append('http-proxy=http://{}:{}'.format(proxy[0], proxy[1]))
+                    cmd.extend(['--secret-keyring', secret_keyring,
+                                '--keyring', export_keyring,
+                                '--keyserver', keyserver,
+                                '--recv', signing_key_fingerprint])
                     code, stdout, stderr = system_out(cmd)
                     if code != 0:
                         if os.path.isfile(keyring):

#7 Updated by Daniel Dehennin 8 months ago

  • Parent task changed from #26911 to #26618

#8 Updated by Daniel Dehennin 8 months ago

  • Remaining (hours) changed from 2.0 to 0.5

#9 Updated by Scrum Master 8 months ago

  • Project changed from python-pyeole to Distribution EOLE
  • Status changed from En cours to Résolu

#10 Updated by Joël Cuissinat 7 months ago

Non testé mais on a confiance :)

#11 Updated by Joël Cuissinat 7 months ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.5 to 0.0

#12 Updated by Emmanuel GARETTE 7 months ago

Ca fonctionne sur 24 machines :)

Also available in: Atom PDF