Chroot behind proxy still missing wget proxy configuration

[mfbenson]

In Issue #47, the proxy -P switch was added to enter-chroot and it likely worked fine at that time. Now, when updating a chroot behind a proxy (sometimes I do this at work), when it attempts to update the CRAS audio target, it seems to use wget. I found that modifying the /etc/wgetrc in the chroot fixes the issue. Could those modifications be added under the -P switch in enter-chroot?

Also, along these same lines, there is an issue with gpg when updating the xfce target:

Installing target xfce... Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.C2zTooc48u --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 07D44A5424C7C12A4BAB1E80EB563F93142986CE gpg: requesting key 142986CE from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error Failed to complete chroot setup.

I found this bug that might apply, but there is no resolution.

[dnschneid]

Weird. Does the chroot's /etc/environment have the right proxy entries?

[mfbenson]

I just tried it on a precise chroot started with "sudo sh -e /media/removable/SD\ Card/crouton -p /media/removable/SD\ Card -n precise -u -P proxy:port". The proxy is a CNTLM proxy because the true proxy is a Microsoft ISA that requires authentication. Everything seems to be working fine until it gets to the error I specified in my first post.

The /etc/environment file seems to be empty (only some comments). The file is read only, too (even using sudo vi /etc/environment).

Thanks, Mike

On Mon, Jun 23, 2014 at 2:30 PM, David Schneider notifications@github.com wrote:

Weird. Does the chroot's /etc/environment have the right proxy entries?

— Reply to this email directly or view it on GitHub https://github.com/dnschneid/crouton/issues/883#issuecomment-46883341.

[dnschneid]

Can you post the full contents of /etc/environment? The crouton installer is supposed to update it with your proxy.

[mfbenson]

I tried starting an update on my precise chroot. Then, I started another shell and opened a cli to that chroot. Here is the contents of the /etc/environment:

(precise)mbenson@localhost:~$ cat /etc/environment

begin crouton-generated environment variables

http_proxy='http://dx07itd13:3128' HTTP_PROXY='http://dx07itd13:3128' https_proxy='http://dx07itd13:3128' HTTPS_PROXY='http://dx07itd13:3128' ftp_proxy='http://dx07itd13:3128' FTP_PROXY='http://dx07itd13:3128' no_proxy='localhost,127.0.0.1' NO_PROXY='localhost,127.0.0.1'

end crouton-generated environment variables

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

The proxy being used is a Fedora linux PC running CNTLM. As before, everything seems to be updating fine until gpg.

I found various sites for older versions of Ubuntu where they recommend changing the gpg line to use "--keyserver hkp://keyserver.ubuntu.com:80". I tried that from the cli and it also failed.

Thanks, Mike

On Sat, Jun 28, 2014 at 4:35 AM, David Schneider notifications@github.com wrote:

Can you post the full contents of /etc/environment? The crouton installer is supposed to update it with your proxy.

— Reply to this email directly or view it on GitHub https://github.com/dnschneid/crouton/issues/883#issuecomment-47421761.

[drinkcat]

In Issue #47, the proxy -P switch was added to enter-chroot and it likely worked fine at that time. Now, when updating a chroot behind a proxy (sometimes I do this at work), when it attempts to update the CRAS audio target, it seems to use wget. I found that modifying the /etc/wgetrc in the chroot fixes the issue. Could those modifications be added under the -P switch in enter-chroot?

You need to specify the proxy with -P on update as well (indeed, apt-get works but the proxy environment is not sourced and wget fails). Obviously not what we want. I'll provide a fix.

Also, along these same lines, there is an issue with gpg when updating the xfce target:

I tried to reproduce with a local proxy, without success. I'm not sure what type of proxy I'm using, but it looks like old versions of CNTLM have problems with hkp protocol. https://bugs.launchpad.net/ubuntu/+source/cntlm/+bug/257210 says that 0.91~rc6-0ubuntu2.12.04.1 is broken, but 0.92.3-0ubuntu0.1 works, so maybe you just need a fresher CentOS package.

---

For reference, I don't have a network that needs a proxy, so I used these commands to emulate it (leaving ssh open as well, running this in QEMU). Put the commands in a file, replace 1.2.3.4 with you local proxy, and run with sudo:

iptables -I OUTPUT -p tcp -j REJECT
iptables -I OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
iptables -I OUTPUT -d 1.2.3.4 -p tcp -m tcp -j ACCEPT

Then this worked, including key fetching (obviously, it failed without the proxy):

sudo sh installer/main.sh -r precise -t xfce -n precise.proxy -P 'http://1.2.3.4:80'

But this failed with a wget error, as you reported:

sudo sh installer/main.sh  -t xfce -n precise.proxy -u