** Description changed: - [Impact] - IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval. + [Impact] + IWBNI apt-key obeyed apt's network preferences like the rest of the apt-* tools do. The fix is to append a timeout option to wget which is invoked in apt-key during key retrieval. An example, would be attempting to reduce the number of retries wget performs in order to receive the gpg key. The default is 20 tries, however, if the firewall is set to DROP packets then thats a 90*20 timeout. [Test Case] # iptables -A OUTPUT -p tcp --dport 80 -j DROP # wget -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg [endless hang] ^C # iptables -F # iptables -A OUTPUT -p tcp --dport 80 -j REJECT # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg [returns in 90 seconds] # # iptables -F # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg [returns instantly] # # # iptables -A OUTPUT -p tcp --dport 80 -j DROP # route del default # wget --timeout=90 -q -N http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg [returns instantly] [Regression Potential] Potential for regression is minimal as this would allow apt-key to successfully timeout if the keyserver is unreachable and allow for continued operation required by other services (i.e. cron executed instances)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/226780 Title: apt-key net-update does not obey APT::Acquire::http::Proxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/226780/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
