This bug was fixed in the package software-properties - 0.96.24.25
---------------
software-properties (0.96.24.25) bionic; urgency=medium
* ppa.py:
- rework key retrieval, instead of using hkp & gnupg/dirmngr, use https
& python's built in urllib.
- thus, add-apt-key for PPAs observes https_proxy for key retrieval
- simplify gnupg operations, depend on gpg package only, and use
import/public key operations only.
- fix unicode process output bugs, when operating in a non-UTF-8
locale, thus enabling to import keys for my ppas in C locale.
- avoid creating trustdb, or requiring any gpg-agent systemd socket to
be activated
- update tests to execute key addition fully with less things stubbed
out with mock
- stop using apt-key for installing keys
- dirmngr is a heavy dependency and not used, and it is hard to pass
proxy information to it when invoking gpg from a non-standard homedir
- deprecate --keyserver option, making HTTPS access to
keyserver.ubuntu.com required
- LP: #1755192, LP: #1713962, LP: #1699086, LP: #1510220, LP: #1433761,
LP: #1395321, LP: #1312267
-- Dimitri John Ledkov <x...@ubuntu.com> Mon, 02 Apr 2018 10:19:34
+0100
** Changed in: software-properties (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/1433761
Title:
apt-key and add-apt-repository don't honor Acquire::http::Proxy
Status in software-properties package in Ubuntu:
Fix Released
Bug description:
When setting the proxy server globally on the system for the APT
package manager, add-apt-repository ignores the setting. This issue is
present on all versions of Debian that I have tested.
# cat /etc/apt/apt.conf.d/80proxy
Acquire::http::proxy "http://w.x.y.z:nnnn/";;
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A9A06AEF9CB8DB0
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring
--homedir /tmp/tmp.TIa517Kcw8 --no-auto-check-trustdb --trust-model always
--keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring
/etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring
/etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring
/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring
/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring
/etc/apt/trusted.gpg.d/saltstack-salt.gpg --keyserver keyserver.ubuntu.com
--recv-keys 5A9A06AEF9CB8DB0
gpg: requesting key F9CB8DB0 from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
This has serious repercussions. Unattended installs such as juju,
maas, etc are all affected for anyone who is working behind a proxy.
This is the case for most enterprise environments where such maas and
juju setups will be tested out, and as such has great repercussions
for Canonical as a viable supplier of OpenStack environments: if your
product fails to install, you're not going to get the business.
Considering that:
* The setting to use already exists in /etc/apt/apt.conf and that all other
tools use this correctly
* The serious impact of this issue for downstream projects and Debian usage
in the enterprise
* The long time this issue has been standing and has affected people
I suggest that this either
1) be fixed, or
2) the apt-key and add-apt-repository programs are renamed so that it is made
clear they are not part of the APT suite of programs and therefor cannot be
trusted to behave as if they were part of APT.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
