[Bug 1913240] Re: do-release-upgrade ignores APT proxy exemption

Sun Feb 14 02:00:00 UTC 2021

Posted a 10 USD bounty on this issue:
https://www.bountysource.com/issues/96530138-do-release-upgrade-ignores-apt-proxy-exemption

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1913240

Title:
  do-release-upgrade ignores APT proxy exemption

Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  When I try to check for an upgrade, this is what happens:

  # do-release-upgrade -c
  Checking for a new Ubuntu release
  Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
  There is no development version of an LTS available.
  To upgrade to the latest non-LTS develoment release 
  set Prompt=normal in /etc/update-manager/release-upgrades.

  With tcpdump, I discovered that do-release-upgrade tries to connect
  the configured APT-Cacher-NG proxy. The proxy only listens on
  plaintext HTTP (TCP:80), while the script tries to connect it on HTTPS
  (TCP:443), because it wants to download meta-release-lts through an
  https:// URL. Since I have no intention to configure SSL certificates
  on the proxy for the sole reason to enable upgraders to operate, I
  thought I'd rather exempt it from the APT proxy setting.

  Currently, I have this APT proxy configuration under
  /etc/apt/apt.conf.d:

  Acquire::http {
  	Proxy::changelogs.ubuntu.com "DIRECT";
  	Proxy "http://taranis.lan";
  };
  Acquire::https {
  	Proxy::changelogs.ubuntu.com "DIRECT";
  };

  I added an explicit section for https too, just in case. According to
  man apt-transport-http, the syntax should be correct and `apt-config
  dump` reports that it correctly parsed the config file and understands
  that it needs to exempt changelogs.ubuntu.com.

  Acquire::http::Proxy "http://taranis.lan";
  Acquire::http::Proxy::changelogs.ubuntu.com "DIRECT";
  Acquire::https::Proxy "";
  Acquire::https::Proxy::changelogs.ubuntu.com "DIRECT";

  However, trying `do-release-upgrade -c` has the same result, the
  upgrader still wants to get the meta-release file via the proxy. It is
  a strange situation, because it seems `do-release-upgrade` wants to
  honour the APT proxy configuration, but it ignores the exemptions. In
  my case, it would be better to ignore the proxy altogether.

  I have this proxy for quite a while and the server was configured to
  use it, and I don't remember encountering this issue on any previous
  release upgrade, but I haven't run one since 2018. I guess the feature
  of honouring the APT proxy config was added recently in the last 2
  years. I have this issue on my Bionic server, and I reproduced it on a
  pristine Focal VM installation as well.

  I think the intended or desirable behaviour would be to adhere to the
  APT proxy configuration in its entirety, including the exemptions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1913240/+subscriptions