.archive.ubuntu.com is non inclusive

Bug #1483093 reported by José Antonio Rey
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

On the mirror-dstdomain.acl list, it has the following entries:

.archive.ubuntu.com
ports.ubuntu.com
security.ubuntu.com
ddebs.ubuntu.com
mirrors.ubuntu.com
.archive.canonical.com
.extras.ubuntu.com
changelogs.ubuntu.com

However, the .archive.ubuntu.com entry, for example, is non inclusive. This means that when there is a DNS forward made to this proxy, if pointed as archive.ubuntu.com it will cause an error. The entry should be either inclusive, or have the dot removed from the front on the default auto-generated list.

Tags: bitesize
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I believe MAAS uses squid-deb-proxy and hits archive.ubuntu.com by default (not a subdomain) and I believe it works correctly right now. Are you saying that this case won't work? If so, please could you provide a more detailed failure case?

Once done, please change the bug status back to New. Thanks!

Changed in squid-deb-proxy (Ubuntu):
status: New → Incomplete
Revision history for this message
José Antonio Rey (jose) wrote :

Hello, Robie!

I downloaded and installed Ubuntu Server from the releases.ubuntu.com cd repository. Once the server was installed (14.04.2), I installed and configured a mirror with squid-deb-proxy. I set it up so it would work with a DNS redirect. So, I had custom DNSs, and they pointed archive.ubuntu.com to my mirror (172.16.224.222). However, when users started using apt-get, it started giving 403 errors. The errors went away when we removed the . at the start from .archive.ubuntu.com, which changed from ".archive.ubuntu.com" to "archive.ubuntu.com". Yes, this was the change that stopped giving the 403, since we were tailing the logs and it stopped as soon as we removed the dot and restarted squid-deb-proxy.

If you need any more details, feel free to let me know. I'll be glad to help.

Changed in squid-deb-proxy (Ubuntu):
status: Incomplete → Opinion
status: Opinion → New
Revision history for this message
Robie Basak (racb) wrote :

Thanks José.

I wonder if this is something that only occurs when using DNS-based redirection as opposed to hitting squid-deb-proxy directly by client proxy configuration? That might explain why this doesn't have any other reports (as otherwise it seems to me that the package would be completely broken in the default case).

I just realise now that you haven't stated what version you are using. 14.04 has versions in the updates and backports pockets. Please could you confirm which version affects you? "apport-collect 1483093" will provide this to the bug automatically.

tags: added: bitesize server-next
Robie Basak (racb)
Changed in squid-deb-proxy (Ubuntu):
assignee: nobody → Kick In (kick-d)
Robie Basak (racb)
tags: removed: server-next
Revision history for this message
José Antonio Rey (jose) wrote :

Hey Robie,

Unfortunately, this server was installed for a conference that has already ended, and infrastructure for the site has already torn it down. If it helps, I installed 14.04.2 just a couple days before 14.04.3 was released. No ppas, stock from the repo. No modifications on the sources list.

And yes, it does seem like it happens with the DNS redirection. I never tried using the squid client, since it was, as I mentioned, to use at a conference with large attendance.

Kick In (kick-d)
Changed in squid-deb-proxy (Ubuntu):
status: New → Incomplete
Revision history for this message
Kick In (kick-d) wrote :

Hi José,

I tried to re-create your setup for reproducing the bug.

This is what I've done using Trusty 14.04.3 for all machines:

Created a router vm that will nat all traffic and manage dns/dhcp of a dedicated subnet for those tests.

On this subnet there is a apt-mirror setup vm with squid-deb-proxy installed (using apache2 default setup to serve files)

The dns redirect fr.archive.ubuntu.com and archive.ubuntu.com to the apt-mirror setup (mirror: 192.168.101.2)

I have a client vm in this subnet, with a squid-deb-proxy-client setup. I could update and install packages both from fr.archive.ubuntu.com and archive.ubuntu.com, while checking that it really end-up in the apt-mirror vm, and that was the case for both targets. No 403 errors, and using stock squid-deb-proxy mirror-dstdomain.acl file.

So I will mark it as incomplete, because I couldn't reproduce it, feel free to re-open with more details if you think it is still relevant.

Robie Basak (racb)
Changed in squid-deb-proxy (Ubuntu):
assignee: Kick In (kick-d) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for squid-deb-proxy (Ubuntu) because there has been no activity for 60 days.]

Changed in squid-deb-proxy (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.