search

openSUSE / opi

OBS Package Installer (CLI)
GNU General Public License v3.0
248 stars 22 forks source link

HTTPS proxy ignored #186

Closed RafaelLinux closed 1 month ago

RafaelLinux commented 1 month ago

To access the Internet, my computer requires access to an HTTP proxy with user authentication. The native openSUSE applications use it without problems, using for this purpose the username and passwords previously stored by me with the “Yast proxy” tool. I don't need to type user and password authentication, because I take them from my configuration.

However, opi seems to ignore the proxy configuration and starts showing authentication errors when I try to install applications with it.

This is partial ouput (from beginning) launching opi:

>opi proxy 
Searching repos for: proxy
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 776, in urlopen
    self._prepare_proxy(conn)
  File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1045, in _prepare_proxy
    conn.connect()
  File "/usr/lib/python3.11/site-packages/urllib3/connection.py", line 625, in connect
    self._tunnel()  # type: ignore[attr-defined]
    ^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/http/client.py", line 943, in _tunnel
    raise OSError(f"Tunnel connection failed: {code} {message.strip()}")
OSError: Tunnel connection failed: 407 Proxy Authentication Required

The above exception was the direct cause of the following exception:

urllib3.exceptions.ProxyError: ('Unable to connect to proxy', OSError('Tunnel connection failed: 407 Proxy Authentication Required'))
...

Output from commands:


>cat /etc/os-release
NAME="openSUSE Tumbleweed"
# VERSION="20240910"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20240910"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
# CPE 2.3 format, boo#1217921
CPE_NAME="cpe:2.3:o:opensuse:tumbleweed:20240910:*:*:*:*:*:*:*"
#CPE 2.2 format
#CPE_NAME="cpe:/o:opensuse:tumbleweed:20240910"
BUG_REPORT_URL="https://bugzilla.opensuse.org"
SUPPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"


> (cd /etc/zypp/repos.d; \ls | while read line ; do echo -e "\n----\n$(ls -l $line):"; cat "$line" ; done)

----
-rw-r--r-- 1 root root 229 sep 17 10:30 brave-browser.repo:
[brave-browser]
name=Brave Browser
enabled=1
autorefresh=1
baseurl=https://brave-browser-rpm-release.s3.brave.com/x86_64/
type=rpm-md
gpgcheck=1
gpgkey=https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
keeppackages=0

----
-rw-r--r-- 1 root root 189 sep 17 10:30 download.opensuse.org-non-oss.repo:
[download.opensuse.org-non-oss]
name=Repositorio principal (NON-OSS)
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/tumbleweed/repo/non-oss/
path=/
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 204 sep 17 10:30 ftp.gwdg.de-Essentials.repo:
[ftp.gwdg.de-Essentials]
name=Packman Essentials Repository
enabled=1
autorefresh=1
baseurl=http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials
path=/
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 192 sep 17 10:30 ftp.gwdg.de-openSUSE_Tumbleweed.repo:
[ftp.gwdg.de-openSUSE_Tumbleweed]
name=Packman Repository
enabled=1
autorefresh=1
baseurl=http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/
path=/
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 215 sep 17 10:30 google-chrome.repo:
[google-chrome]
name=google-chrome
enabled=1
autorefresh=1
baseurl=https://dl.google.com/linux/chrome/rpm/stable/x86_64
type=rpm-md
gpgcheck=1
gpgkey=https://dl.google.com/linux/linux_signing_key.pub
keeppackages=0

----
-rw-r--r-- 1 root root 116 sep 17 10:30 NVIDIA.repo:
[NVIDIA]
enabled=1
autorefresh=1
baseurl=https://download.nvidia.com/opensuse/tumbleweed
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 242 sep 17 10:30 packman.repo:
[packman]
name=Packman
enabled=1
autorefresh=1
baseurl=https://ftp.fau.de/packman//suse/openSUSE_Tumbleweed/
type=rpm-md
priority=70
gpgcheck=1
gpgkey=https://ftp.fau.de/packman/suse/openSUSE_Tumbleweed/repodata/repomd.xml.key
keeppackages=0

----
-rw-r--r-- 1 root root 154 sep 17 10:30 repo-non-oss.repo:
[repo-debug]
name=openSUSE-Tumbleweed-Debug
enabled=0
autorefresh=1
baseurl=http://download.opensuse.org/debug/tumbleweed/repo/oss/
path=/
keeppackages=0

----
-rw-r--r-- 1 root root 182 sep 17 10:30 repo-openh264.repo:
[repo-openh264]
name=Open H.264 Codec (openSUSE Tumbleweed)
enabled=1
autorefresh=1
baseurl=http://codecs.opensuse.org/openh264/openSUSE_Tumbleweed
path=/
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 156 sep 17 10:30 repo-oss.repo:
[repo-oss]
name=openSUSE-Tumbleweed-Oss
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/tumbleweed/repo/oss/
path=/
type=rpm-md
keeppackages=0

----
-rw-r--r-- 1 root root 157 sep 17 10:30 repo-source.repo:
[repo-source]
name=openSUSE-Tumbleweed-Source
enabled=0
autorefresh=1
baseurl=http://download.opensuse.org/source/tumbleweed/repo/oss/
path=/
keeppackages=0

----
-rw-r--r-- 1 root root 160 sep 17 10:30 repo-update.repo:
[repo-update]
name=openSUSE-Tumbleweed-Update
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/update/tumbleweed/
path=/
type=rpm-md
keeppackages=0
asdil12 commented 1 month ago

Could you send me the output of:

env|grep -i proxy

Please make sure to redact your password if needed.

RafaelLinux commented 1 month ago

Proxy variables seems assigned at console level:

no_proxy=0.0.0.0/0,work.oursite.com
gopher_proxy=
ftp_proxy=
https_proxy=http://10.162.0.1:128
socks_proxy=
NO_PROXY=0.0.0.0/0,work.oursite.com
http_proxy=http://10.162.0.1:128
SOCKS_PROXY=

Take into account that proxy credentials are not in environment variables and can't be added in the way "user:pwd@10.162.0.1:128" cause is not a standard for this variables and will be ignored.

asdil12 commented 1 month ago

hm - all sources that I could find indicate usage of this syntax:

export https_proxy="https://USER:PASSWORD@PROXY_SERVER:PORT"

e.g. https://www.shellhacks.com/linux-proxy-server-settings-set-proxy-command-line/

Also the python-requests library that opi is using will work with that syntax: https://docs.python-requests.org/en/latest/user/advanced/#proxies

The yast proxy module seems to essentially do what is described in this support document: https://www.suse.com/support/kb/doc/?id=000017441

It will only store the proxy credentials in /root/.curlrc:

# Changed by YaST2 module proxy 19.09.2024
--proxy-user "testuser:testpass"
--noproxy "localhost,127.0.0.1"

I would expect that only libcurl based tools will parse that file.

RafaelLinux commented 1 month ago

But then, I should try with the "export ...." and launch opi?

asdil12 commented 1 month ago

Yes. That should work according to the python-requests documentation.

To make it persistent I guess you would need to put it into your bashrc, .profile or /etc/environment (no export in that file!)

RafaelLinux commented 1 month ago

Yes, this is indeed how it works. Personally I don't like to have the username/password clear, but I guess there is a problem between openSUSE and the applications that want to use the credentials it stores for the proxy. It should be somewhat transparent, as it is when using “zypper” or other commands that require Internet access.

Thanks

I close the request