Bug 206336

Summary: usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf
Product: Base System Reporter: Olli Hauer <ohauer>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Some People CC: emaste
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
[patch] allow proxy in freebsd-update.conf
none
freebsd-update and updated man pages v1 none

Description Olli Hauer freebsd_committer freebsd_triage 2016-01-17 14:46:19 UTC 
Created attachment 165716 [details]
[patch] allow proxy in freebsd-update.conf

The attached patch allows to specify a proxy in the freebsd-update.conf, but also to overwrite the specified proxy via `setenv HTTP_PROXY=... '

This is handy if different proxy's are in use and the systems are managed e.g. with salt ...

For example I have hosts in different locations all of them can fetch updates only via different proxy's and it would be nice to have them configured instead setting running with setenv also the freebsd-update cron would benefit from this patch.
Comment 1 Olli Hauer freebsd_committer freebsd_triage 2016-02-25 20:56:50 UTC 
Hi Collin,

Please can you take a look into the patch?
It would be nice to have in 10.3 proxy support in freebsd-update.conf ;)
Comment 2 Colin Percival freebsd_committer freebsd_triage 2016-02-25 22:54:09 UTC 
Looks plausible.  Does it work? ;-)
Comment 3 Olli Hauer freebsd_committer freebsd_triage 2016-02-26 04:21:36 UTC 
Yes, but I have to admit I'm using squid behind authpf, without authentication. If the proxy needs auth it will be a good idea to chmod 640 /etc/freebsd-update.conf.
Comment 4 Colin Percival freebsd_committer freebsd_triage 2016-02-27 00:35:00 UTC 
If it needs proxy auth then this patch wouldn't work anyway... you would need a separate environment variable for the proxy auth parameters.
Comment 5 Olli Hauer freebsd_committer freebsd_triage 2017-01-06 15:40:50 UTC 
Hi Colin,

is there something I can do so the patch will be included in one of the next upcoming releases, or are there any security concerns holding it back?
Comment 6 Colin Percival freebsd_committer freebsd_triage 2017-01-06 19:05:50 UTC 
We need an update to share/man/man5/freebsd-update.conf.5.  But once you've done that it should be good.
Comment 7 Olli Hauer freebsd_committer freebsd_triage 2017-01-06 20:07:06 UTC 
Sounds promising.

Do you have a favor place where I should insert the proxy section?
E.g. 
 between ServerName and Components in man(5) freebsd-update.conf 
and
 between "-s server" and "-t address" in man(8) freebsd-update

Oh, I see I have to extend also the '# Configuration file equivalents' parts, will do it (and test) in the next days.
Comment 8 Olli Hauer freebsd_committer freebsd_triage 2017-01-06 21:07:07 UTC 
Created attachment 178586 [details]
freebsd-update and updated man pages v1

The new patch contains now the HttpProxy extension and the updated man pages.
Hope the explanation is sufficient.
Comment 9 Colin Percival freebsd_committer freebsd_triage 2017-01-07 04:45:57 UTC 
Comment on attachment 178586 [details]
freebsd-update and updated man pages v1

+.It Fl p Ar proxy
+Fetch files via the specified HTTP proxy:port.

Maybe that should be s/proxy/proxy:port/ on the first line?

It might also be worth documenting that the HTTP_PROXY environment variable overrides any configuration file or command-line setting.
Comment 10 Colin Percival freebsd_committer freebsd_triage 2019-03-12 22:59:50 UTC 
Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.