Re: apt-get and proxy

[Jason Gunthorpe]

On Wed, 13 Sep 2000, Andreas Tille wrote:

> When I wrote, that the proxy variables were ignored just my description
> was wrong.  May be they are used but they are used in an other way
> than if I use settings in /etc/apt/apt.conf.  While trying several different
> proxy-settings (sorry, don't remember) there, I got explicitely the
> message that the proxy is contacted.  Using just the environment

Nope, they are 100% identical. The only way it could not work is if you
were not actually exporting the variable, or were typing something wrong.

> the time is always the same when updating package list (also doing this
> several times on the same box - at least this could be cached even
> without using a proxy - is this worth a wishlist-bug?) or when obtaining

It is cached - only environmental problems can defeat the cache - these
invariably boil down to defective servers, transparent proxies, or
*something* like that.

Jason



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Jason Gunthorpe]

On Wed, 13 Sep 2000, Andreas Tille wrote:

> >From /var/lib/dpkg/available:
> Package: makedev:
> ...
> MD5sum: 7f6b97b984c246ead2c7be45ce4f1678
> 
> /var/cache/apt/archives/partial> md5sum makedev_2.3.1-46_all.deb
> 7f6b97b984c246ead2c7be45ce4f1678  makedev_2.3.1-46_all.deb

Please use apt-cache show makedev rather than the available file, and
verify the version numbers too. 

Are you certain there is not a problem with your CPU/Memory that could
cause this?

See, the only time bytes are added to the hash is when they are written to
the file, so.. Well, what you are describing is impossible :> I'd like to
see strace -o /tmp/foo -f -ff's -s200 and script logs of an apt-get doing
this. 

I did lots of testing of apt-get and most squids and never once
encountered an MD5 error.
 
> Well but some of my boxes don't use NFS and those using NFS have trouble
> with tke lock file.  At least I had when I tried.  Any example for 
> /etc/exports and /etc/fstab which handle this right?

You need kernel NFS server for locking.

Jason


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Sebastian Rittau]

On Wed, Sep 13, 2000 at 07:55:11AM +0200, Andreas Tille wrote:

> I'm in real trouble with apt-get and a squid proxy.

We've got the same problem when using apt via Squid via a broken
IBM proxy. (Apt connects to the Squid proxy, which has the proxies
of the German provider T-Online as its only and mandatory parent.[1]
I thought it was the result of some strange interaction between the
two proxies and didn't care. I just changed all apt methods from ftp
to their http equivalents, which works.

Before, most packages were rejected due to a "size mismatch". Just
moving these packages from /var/cache/apt/archives/partial to
/var/cache/apt/archives and re-running apt worked.

 - Sebastian

[1] The IBM proxy is quite buggy. It returns an HTTP status of 200 (Ok)
on several occasions, where an error code would be appropriate.
This also showed a bug in Squid: Squid tries to request a
document called something like /squid-internal-db from
neightbor caches. Of course the IBM proxy does not find this
document and returns status code 200 with an HTML body, saying
"404 Document Not Found". Squid, on the other hand, handles the
returned document as binary data and tries to parse it,
resulting in undefined behaviour. (In our case it hung while
consuming all CPU power.)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Andreas Tille]

On Wed, 13 Sep 2000, Andreas Tille wrote and forgot to mention:

> On Wed, 13 Sep 2000, Jason Gunthorpe wrote:
> 
> > Wakko{root}~/work/apt2/build/bin#http_proxy="http://void"; apt-get install 
> > apt
> > Reading Package Lists... Done
> > Building Dependency Tree... Done
> > 1 packages upgraded, 0 newly installed, 0 to remove and 362 not upgraded.
> > Need to get 483kB of archives. After unpacking 142kB will be used.
> > Err http://sunsite.ualberta.ca woody/main apt 0.3.19
> >   Could not resolve 'void'
> > 
> > Maybe your shell is foobar 
> Sorry, I havn't checked recently.  It was in former times when I had to
> work around this.  Now it works correctly!!
When I wrote, that the proxy variables were ignored just my description
was wrong.  May be they are used but they are used in an other way
than if I use settings in /etc/apt/apt.conf.  While trying several different
proxy-settings (sorry, don't remember) there, I got explicitely the
message that the proxy is contacted.  Using just the environment
variables there is no message about contacting the proxy and in fact
the time is always the same when updating package list (also doing this
several times on the same box - at least this could be cached even
without using a proxy - is this worth a wishlist-bug?) or when obtaining
packages.  I really doubt that this is a squid bug because I use it
successfully with wget and lynx.

Kind regards

 Andreas.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Andreas Tille]

On Wed, 13 Sep 2000, Jules Bean wrote:

> In shells I've used, 'set' gives you the list of shell variables, not
> environment variables. Try 'export http_proxy' and/or 'env | grep
> proxy'.
I'm very sorry for the confusion!  I'm using 'export http_proxy'
in bash and it works now for apt-get. (Don't know if and when it
failed.  I should have checked once more before posting!!! - Sorry).
 
> http_proxy has worked for my apt fine for well over a year now...
Well, OK the proxy works, but the MD5sum problem remains and this
is the bigger one!

Kind regards

 Andreas.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Jules Bean]

On Wed, Sep 13, 2000 at 07:55:11AM +0200, Andreas Tille wrote:
> Hello,
> 
> I'm in real trouble with apt-get and a squid proxy.  First of all
> I found out that in contrast to the manual of apt.conf the environment
> variables
> 
> ~# set | grep proxy
> ftp_proxy=http://wr-linux01.rki.de:3128/
> http_proxy=http://wr-linux01.rki.de:3128/

In shells I've used, 'set' gives you the list of shell variables, not
environment variables. Try 'export http_proxy' and/or 'env | grep
proxy'.

http_proxy has worked for my apt fine for well over a year now...

Jules


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Andreas Tille]

On Wed, 13 Sep 2000, Jason Gunthorpe wrote:

> Wakko{root}~/work/apt2/build/bin#http_proxy="http://void"; apt-get install apt
> Reading Package Lists... Done
> Building Dependency Tree... Done
> 1 packages upgraded, 0 newly installed, 0 to remove and 362 not upgraded.
> Need to get 483kB of archives. After unpacking 142kB will be used.
> Err http://sunsite.ualberta.ca woody/main apt 0.3.19
>   Could not resolve 'void'
> 
> Maybe your shell is foobar 
Sorry, I havn't checked recently.  It was in former times when I had to
work around this.  Now it works correctly!!
 
> Well, this means the bits that were pulled down don't match the what the
> Package file claims. Should never ever happen of course.
> 
> > file enforced http-protocol instead of ftp.  But all files where OK
> > and I could cmp them perfectly to files I got "by hand".  I could
> 
> Run md5sum on the files in partial and check against the Package file.
> Your cache may be caching a corrupted file or the end servers
> just might be bad . Heck, you might have a 1 bit error that isn't
> within any compressed data. So it eludes gzip's CRC.

>From /var/lib/dpkg/available:
Package: makedev:
...
MD5sum: 7f6b97b984c246ead2c7be45ce4f1678

/var/cache/apt/archives/partial> md5sum makedev_2.3.1-46_all.deb
7f6b97b984c246ead2c7be45ce4f1678  makedev_2.3.1-46_all.deb

If I'm not completely wrong this is the same MD5sum.

> If they do match, then congrats, you found a bug - though due to the way
> the code is that would be .. interesting .. 
I just want to make sure that I understand all things right before I file
a bug report.

> FTP over HTTP over Squid is slightly less than desirable, I dont think
> If-Modified-Since actually works (squid bug). I *don't* recommend this
> configuration BTW.
Hmm, is there any other cache?? Never noticed that squid doesn't work
when using wget or lynx.
 
> I recommend shared NFS of /var/cache/apt/archives... Faster/better than
> squid for .debs
Well but some of my boxes don't use NFS and those using NFS have trouble
with tke lock file.  At least I had when I tried.  Any example for 
/etc/exports and /etc/fstab which handle this right?

Kind regards

Andreas.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get and proxy

[Jason Gunthorpe]

On Wed, 13 Sep 2000, Andreas Tille wrote:

> I'm in real trouble with apt-get and a squid proxy.  First of all
> I found out that in contrast to the manual of apt.conf the environment
> variables

Uh..

Wakko{root}~/work/apt2/build/bin#http_proxy="http://void"; apt-get install apt
Reading Package Lists... Done
Building Dependency Tree... Done
1 packages upgraded, 0 newly installed, 0 to remove and 362 not upgraded.
Need to get 483kB of archives. After unpacking 142kB will be used.
Err http://sunsite.ualberta.ca woody/main apt 0.3.19
  Could not resolve 'void'

Maybe your shell is foobar 

> Unfortunately I've got MD5 sum errors for all files I got via
>   apt-get install
> which remained in /var/cache/apt/archives/partial if the sources.list

Well, this means the bits that were pulled down don't match the what the
Package file claims. Should never ever happen of course.

> file enforced http-protocol instead of ftp.  But all files where OK
> and I could cmp them perfectly to files I got "by hand".  I could

Run md5sum on the files in partial and check against the Package file.
Your cache may be caching a corrupted file or the end servers
just might be bad . Heck, you might have a 1 bit error that isn't
within any compressed data. So it eludes gzip's CRC.

If they do match, then congrats, you found a bug - though due to the way
the code is that would be .. interesting .. 

> perfectly install them via "dpkg -i".  I guess that the squid-proxy
> prevents a MD5 validation.

Nope, impossible.

> I've thought I could get rid off this problem using ftp-protocol
> in sources.list entries, because the MD5 problem vanished.  Today I
> recogniced that the cache is ignored and files are obtained everytime
> from the far host instead of using the squid-cache.

FTP over HTTP over Squid is slightly less than desirable, I dont think
If-Modified-Since actually works (squid bug). I *don't* recommend this
configuration BTW.

> I really hope that there is anybody who can help me out this situation.
> I'm sharing a 128kByte line with many people :-(( and need the cache
> very hard.

I recommend shared NFS of /var/cache/apt/archives... Faster/better than
squid for .debs

Jason


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]