Bug 206336 - [patch] usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf
Summary: [patch] usr.sbin/freebsd-update allow proxy config in etc/freebsd-update.conf
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
Keywords: patch
Depends on:
Reported: 2016-01-17 14:46 UTC by Olli Hauer
Modified: 2019-03-12 22:59 UTC (History)
1 user (show)

See Also:
ohauer: mfc-stable10?

[patch] allow proxy in freebsd-update.conf (1.56 KB, patch)
2016-01-17 14:46 UTC, Olli Hauer
no flags Details | Diff
freebsd-update and updated man pages v1 (3.03 KB, patch)
2017-01-06 21:07 UTC, Olli Hauer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olli Hauer freebsd_committer 2016-01-17 14:46:19 UTC
Created attachment 165716 [details]
[patch] allow proxy in freebsd-update.conf

The attached patch allows to specify a proxy in the freebsd-update.conf, but also to overwrite the specified proxy via `setenv HTTP_PROXY=... '

This is handy if different proxy's are in use and the systems are managed e.g. with salt ...

For example I have hosts in different locations all of them can fetch updates only via different proxy's and it would be nice to have them configured instead setting running with setenv also the freebsd-update cron would benefit from this patch.
Comment 1 Olli Hauer freebsd_committer 2016-02-25 20:56:50 UTC
Hi Collin,

Please can you take a look into the patch?
It would be nice to have in 10.3 proxy support in freebsd-update.conf ;)
Comment 2 Colin Percival freebsd_committer 2016-02-25 22:54:09 UTC
Looks plausible.  Does it work? ;-)
Comment 3 Olli Hauer freebsd_committer 2016-02-26 04:21:36 UTC
Yes, but I have to admit I'm using squid behind authpf, without authentication. If the proxy needs auth it will be a good idea to chmod 640 /etc/freebsd-update.conf.
Comment 4 Colin Percival freebsd_committer 2016-02-27 00:35:00 UTC
If it needs proxy auth then this patch wouldn't work anyway... you would need a separate environment variable for the proxy auth parameters.
Comment 5 Olli Hauer freebsd_committer 2017-01-06 15:40:50 UTC
Hi Colin,

is there something I can do so the patch will be included in one of the next upcoming releases, or are there any security concerns holding it back?
Comment 6 Colin Percival freebsd_committer 2017-01-06 19:05:50 UTC
We need an update to share/man/man5/freebsd-update.conf.5.  But once you've done that it should be good.
Comment 7 Olli Hauer freebsd_committer 2017-01-06 20:07:06 UTC
Sounds promising.

Do you have a favor place where I should insert the proxy section?
 between ServerName and Components in man(5) freebsd-update.conf 
 between "-s server" and "-t address" in man(8) freebsd-update

Oh, I see I have to extend also the '# Configuration file equivalents' parts, will do it (and test) in the next days.
Comment 8 Olli Hauer freebsd_committer 2017-01-06 21:07:07 UTC
Created attachment 178586 [details]
freebsd-update and updated man pages v1

The new patch contains now the HttpProxy extension and the updated man pages.
Hope the explanation is sufficient.
Comment 9 Colin Percival freebsd_committer 2017-01-07 04:45:57 UTC
Comment on attachment 178586 [details]
freebsd-update and updated man pages v1

+.It Fl p Ar proxy
+Fetch files via the specified HTTP proxy:port.

Maybe that should be s/proxy/proxy:port/ on the first line?

It might also be worth documenting that the HTTP_PROXY environment variable overrides any configuration file or command-line setting.
Comment 10 Colin Percival freebsd_committer 2019-03-12 22:59:50 UTC
Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.