|Summary:||[patch] usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf|
|Product:||Base System||Reporter:||Olli Hauer <ohauer>|
|Component:||bin||Assignee:||freebsd-bugs (Nobody) <bugs>|
|Severity:||Affects Some People||CC:||emaste|
Description Olli Hauer 2016-01-17 14:46:19 UTC
Created attachment 165716 [details] [patch] allow proxy in freebsd-update.conf The attached patch allows to specify a proxy in the freebsd-update.conf, but also to overwrite the specified proxy via `setenv HTTP_PROXY=... ' This is handy if different proxy's are in use and the systems are managed e.g. with salt ... For example I have hosts in different locations all of them can fetch updates only via different proxy's and it would be nice to have them configured instead setting running with setenv also the freebsd-update cron would benefit from this patch.
Comment 1 Olli Hauer 2016-02-25 20:56:50 UTC
Hi Collin, Please can you take a look into the patch? It would be nice to have in 10.3 proxy support in freebsd-update.conf ;)
Comment 2 Colin Percival 2016-02-25 22:54:09 UTC
Looks plausible. Does it work? ;-)
Comment 3 Olli Hauer 2016-02-26 04:21:36 UTC
Yes, but I have to admit I'm using squid behind authpf, without authentication. If the proxy needs auth it will be a good idea to chmod 640 /etc/freebsd-update.conf.
Comment 4 Colin Percival 2016-02-27 00:35:00 UTC
If it needs proxy auth then this patch wouldn't work anyway... you would need a separate environment variable for the proxy auth parameters.
Comment 5 Olli Hauer 2017-01-06 15:40:50 UTC
Hi Colin, is there something I can do so the patch will be included in one of the next upcoming releases, or are there any security concerns holding it back?
Comment 6 Colin Percival 2017-01-06 19:05:50 UTC
We need an update to share/man/man5/freebsd-update.conf.5. But once you've done that it should be good.
Comment 7 Olli Hauer 2017-01-06 20:07:06 UTC
Sounds promising. Do you have a favor place where I should insert the proxy section? E.g. between ServerName and Components in man(5) freebsd-update.conf and between "-s server" and "-t address" in man(8) freebsd-update Oh, I see I have to extend also the '# Configuration file equivalents' parts, will do it (and test) in the next days.
Comment 8 Olli Hauer 2017-01-06 21:07:07 UTC
Created attachment 178586 [details] freebsd-update and updated man pages v1 The new patch contains now the HttpProxy extension and the updated man pages. Hope the explanation is sufficient.
Comment 9 Colin Percival 2017-01-07 04:45:57 UTC
Comment on attachment 178586 [details] freebsd-update and updated man pages v1 +.It Fl p Ar proxy +Fetch files via the specified HTTP proxy:port. Maybe that should be s/proxy/proxy:port/ on the first line? It might also be worth documenting that the HTTP_PROXY environment variable overrides any configuration file or command-line setting.
Comment 10 Colin Percival 2019-03-12 22:59:50 UTC
Drop freebsd-update PRs which were assigned to me. I'm not working on this code any more.