[pbs-devel] [PATCH proxmox-backup] correctly set apt proxy configuration

Thomas Lamprecht t.lamprecht at proxmox.com
Wed May 12 12:01:21 CEST 2021


looks mostly good, a few comments in line.

On 11.05.21 08:54, Dietmar Maurer wrote:
> ---
>  src/api2/node/apt.rs    | 41 ++++++++++++++++++++++++++++++++---------
>  src/api2/node/config.rs |  9 ++++++++-
>  src/config/node.rs      |  4 +++-
>  src/tools/http.rs       | 18 +++++++++++++++---
>  4 files changed, 58 insertions(+), 14 deletions(-)
> 
> diff --git a/src/api2/node/apt.rs b/src/api2/node/apt.rs
> index 1e57ea8d..83ccc460 100644
> --- a/src/api2/node/apt.rs
> +++ b/src/api2/node/apt.rs
> @@ -5,11 +5,11 @@ use std::collections::HashMap;
>  use proxmox::list_subdirs_api_method;
>  use proxmox::api::{api, RpcEnvironment, RpcEnvironmentType, Permission};
>  use proxmox::api::router::{Router, SubdirMap};
> +use proxmox::tools::fs::{replace_file, CreateOptions};
>  
>  use crate::config::node;
>  use crate::server::WorkerTask;
> -use crate::tools::{apt, SimpleHttp, subscription};
> -
> +use crate::tools::{apt, SimpleHttp, http::ProxyConfig, subscription};
>  use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
>  use crate::api2::types::{Authid, APTUpdateInfo, NODE_SCHEMA, UPID_SCHEMA};
>  
> @@ -47,10 +47,36 @@ fn apt_update_available(_param: Value) -> Result<Value, Error> {
>      Ok(json!(cache.package_status))
>  }
>  
> +pub fn update_apt_proxy_config(proxy_config: Option<&ProxyConfig>) -> Result<(), Error> {
> +
> +    const PROXY_CFG_FN: &str = "/etc/apt/apt.conf.d/76pveproxy"; // use same file as PVE
> +
> +    if let Some(proxy_config) = proxy_config {
> +        let proxy = proxy_config.to_proxy_string()?;
> +        let data = format!("Acquire::http::Proxy \"{}\";\n", proxy);
> +        replace_file(PROXY_CFG_FN, data.as_bytes(), CreateOptions::new())?;
> +    } else {
> +        let _ = std::fs::remove_file(PROXY_CFG_FN);


I do not like such results thrown away, I mean it is unlikely, but if the removal fails the
proxy would still be configured for apt, which may come as a surprise for an user.

Can we do something like:

std::fs::remove_file(PROXY_CFG_FN).map_err(|err| {
    format_err!("failed to remove proxy config '{}' - {}", PROXY_CFG_FN, err)
})?;

here?

> +    }
> +
> +    Ok(())
> +}
> +
> +fn read_and_update_proxy_config() -> Result<Option<ProxyConfig>, Error> {
> +    let proxy_config = if let Ok((node_config, _digest)) = node::config() {
> +        node_config.http_proxy()
> +    } else {
> +        None
> +    };
> +    update_apt_proxy_config(proxy_config.as_ref())?;
> +
> +    Ok(proxy_config)
> +}
> +
>  fn do_apt_update(worker: &WorkerTask, quiet: bool) -> Result<(), Error> {
>      if !quiet { worker.log("starting apt-get update") }
>  
> -    // TODO: set proxy /etc/apt/apt.conf.d/76pbsproxy like PVE
> +    read_and_update_proxy_config()?;
>  
>      let mut command = std::process::Command::new("apt-get");
>      command.arg("update");
> @@ -153,6 +179,7 @@ pub fn apt_update_database(
>  }
>  
>  #[api(
> +    protected: true,
>      input: {
>          properties: {
>              node: {
> @@ -195,12 +222,7 @@ fn apt_get_changelog(
>          bail!("Package '{}' not found", name);
>      }
>  
> -    let proxy_config = if let Ok((node_config, _digest)) = node::config() {
> -        node_config.http_proxy()
> -    } else {
> -        None
> -    };
> -
> +    let proxy_config = read_and_update_proxy_config()?;
>      let mut client = SimpleHttp::new(proxy_config);
>  
>      let changelog_url = &pkg_info[0].change_log_url;
> @@ -235,6 +257,7 @@ fn apt_get_changelog(
>          Ok(json!(changelog))
>  
>      } else {
> +        eprintln!("TZEST2");


please remove the left over debug print above


>          let mut command = std::process::Command::new("apt-get");
>          command.arg("changelog");
>          command.arg("-qq"); // don't display download progress
> diff --git a/src/api2/node/config.rs b/src/api2/node/config.rs
> index 92c0100e..290e9284 100644
> --- a/src/api2/node/config.rs
> +++ b/src/api2/node/config.rs
> @@ -4,6 +4,7 @@ use proxmox::api::schema::Updatable;
>  use proxmox::api::{api, Permission, Router, RpcEnvironment};
>  
>  use crate::api2::types::NODE_SCHEMA;
> +use crate::api2::node::apt::update_apt_proxy_config;
>  use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
>  use crate::config::node::{NodeConfig, NodeConfigUpdater};
>  
> @@ -78,5 +79,11 @@ pub fn update_node_config(
>  
>      config.update_from(updater, &delete)?;
>  
> -    crate::config::node::save_config(&config)
> +    let http_proxy = config.http_proxy();
> +
> +    crate::config::node::save_config(&config)?;
> +
> +    update_apt_proxy_config(http_proxy.as_ref())?;

would be enough and IMO still readable if we'd just that in one line here:

update_apt_proxy_config(config.http_proxy().as_ref())?;

but no hard feelings here

> +
> +    Ok(())
>  }
> diff --git a/src/config/node.rs b/src/config/node.rs
> index 31a2c5ab..33f3e2ad 100644
> --- a/src/config/node.rs
> +++ b/src/config/node.rs
> @@ -151,6 +151,7 @@ impl NodeConfig {
>          AcmeDomainIter::new(self)
>      }
>  
> +    /// Returns the parsed ProxyConfig
>      pub fn http_proxy(&self) -> Option<ProxyConfig> {
>          if let Some(http_proxy) = &self.http_proxy {
>              match ProxyConfig::parse_proxy_url(&http_proxy) {
> @@ -162,7 +163,8 @@ impl NodeConfig {
>          }
>      }
>  
> -    pub fn set_proxy(&mut self, http_proxy: Option<String>) {
> +    /// Sets the HTTP proxy configuration
> +    pub fn set_http_proxy(&mut self, http_proxy: Option<String>) {
>          self.http_proxy = http_proxy;
>      }
>  
> diff --git a/src/tools/http.rs b/src/tools/http.rs
> index 998e7647..0821992a 100644
> --- a/src/tools/http.rs
> +++ b/src/tools/http.rs
> @@ -43,7 +43,7 @@ pub(crate) fn build_authority(host: &str, port: u16) -> Result<Authority, Error>
>  pub struct ProxyConfig {
>      pub host: String,
>      pub port: u16,
> -    pub authorization: Option<String>, // Proxy-Authorization header value
> +    pub authorization: Option<String>, // user:pass
>      pub force_connect: bool,
>  }
>  
> @@ -94,7 +94,7 @@ impl ProxyConfig {
>  
>              let authority_vec: Vec<&str> = proxy_authority.as_str().rsplitn(2, '@').collect();
>              let authorization = if authority_vec.len() == 2 {
> -                Some(format!("Basic {}", base64::encode(authority_vec[1])))
> +                Some(authority_vec[1].to_string())

It seems like all changes to this file and config/node.rs could haven been its own patch,
as they are not directly related to setting the apt proxy, but I'm fine with it as is too.

>              } else {
>                  None
>              };
> @@ -107,6 +107,15 @@ impl ProxyConfig {
>              })
>          }).map_err(|err| format_err!("parse_proxy_url failed: {}", err))
>      }
> +
> +    /// Assemble canonical proxy string (including scheme and port)
> +    pub fn to_proxy_string(&self) -> Result<String, Error> {
> +        let authority = build_authority(&self.host, self.port)?;
> +        Ok(match self.authorization {
> +            None => format!("http://{}", authority),
> +            Some(ref authorization) => format!("http://{}@{}", authorization, authority)
> +        })
> +    }
>  }
>  
>  #[derive(Clone)]
> @@ -241,7 +250,10 @@ impl hyper::service::Service<Uri> for HttpsConnector {
>  
>                      let mut connect_request = format!("CONNECT {0}:{1} HTTP/1.1\r\n", host, port);
>                      if let Some(authorization) = authorization {
> -                        connect_request.push_str(&format!("Proxy-Authorization: {}\r\n", authorization));
> +                        connect_request.push_str(&format!(
> +                            "Proxy-Authorization: Basic {}\r\n",
> +                            base64::encode(authorization),
> +                        ));
>                      }
>                      connect_request.push_str(&format!("Host: {0}:{1}\r\n\r\n", host, port));
>  
> 






More information about the pbs-devel mailing list