206336 – usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf

Bug 206336 - usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf

Summary: usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-17 14:46 UTC by Olli Hauer
Modified:	2023-10-01 20:34 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
[patch] allow proxy in freebsd-update.conf (1.56 KB, patch) 2016-01-17 14:46 UTC, Olli Hauer	no flags	Details \| Diff
freebsd-update and updated man pages v1 (3.03 KB, patch) 2017-01-06 21:07 UTC, Olli Hauer	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olli Hauer freebsd_committer

2016-01-17 14:46:19 UTC

Created attachment 165716 [details]
[patch] allow proxy in freebsd-update.conf

The attached patch allows to specify a proxy in the freebsd-update.conf, but also to overwrite the specified proxy via `setenv HTTP_PROXY=... '

This is handy if different proxy's are in use and the systems are managed e.g. with salt ...

For example I have hosts in different locations all of them can fetch updates only via different proxy's and it would be nice to have them configured instead setting running with setenv also the freebsd-update cron would benefit from this patch.

Comment 1 Olli Hauer freebsd_committer

2016-02-25 20:56:50 UTC

Hi Collin,

Please can you take a look into the patch?
It would be nice to have in 10.3 proxy support in freebsd-update.conf ;)

Comment 2 Colin Percival freebsd_committer

2016-02-25 22:54:09 UTC

Looks plausible.  Does it work? ;-)

Comment 3 Olli Hauer freebsd_committer

2016-02-26 04:21:36 UTC

Yes, but I have to admit I'm using squid behind authpf, without authentication. If the proxy needs auth it will be a good idea to chmod 640 /etc/freebsd-update.conf.

Comment 4 Colin Percival freebsd_committer

2016-02-27 00:35:00 UTC

If it needs proxy auth then this patch wouldn't work anyway... you would need a separate environment variable for the proxy auth parameters.

Comment 5 Olli Hauer freebsd_committer

2017-01-06 15:40:50 UTC

Hi Colin,

is there something I can do so the patch will be included in one of the next upcoming releases, or are there any security concerns holding it back?

Comment 6 Colin Percival freebsd_committer

2017-01-06 19:05:50 UTC

We need an update to share/man/man5/freebsd-update.conf.5.  But once you've done that it should be good.

Comment 7 Olli Hauer freebsd_committer

2017-01-06 20:07:06 UTC

Sounds promising.

Do you have a favor place where I should insert the proxy section?
E.g. 
 between ServerName and Components in man(5) freebsd-update.conf 
and
 between "-s server" and "-t address" in man(8) freebsd-update

Oh, I see I have to extend also the '# Configuration file equivalents' parts, will do it (and test) in the next days.

Comment 8 Olli Hauer freebsd_committer

2017-01-06 21:07:07 UTC

Created attachment 178586 [details]
freebsd-update and updated man pages v1

The new patch contains now the HttpProxy extension and the updated man pages.
Hope the explanation is sufficient.

Comment 9 Colin Percival freebsd_committer

2017-01-07 04:45:57 UTC

Comment on attachment 178586 [details]
freebsd-update and updated man pages v1

+.It Fl p Ar proxy
+Fetch files via the specified HTTP proxy:port.

Maybe that should be s/proxy/proxy:port/ on the first line?

It might also be worth documenting that the HTTP_PROXY environment variable overrides any configuration file or command-line setting.

Comment 10 Colin Percival freebsd_committer

2019-03-12 22:59:50 UTC

Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.