AppImageUpdate icon indicating copy to clipboard operation
AppImageUpdate copied to clipboard
verified publisher icon AppImageCommunity

Unable to run update behind a proxy

Open reinhapa opened this issue 6 years ago • 11 comments

The AppImageUpdate does not work behind a proxy even if if has been specified using the one of the following the environment variables (or their uppercase variants):

http_proxy
https_proxy
no_proxy

reinhapa avatar Jan 17 '19 16:01 reinhapa

We use libcurl internally. Does it provide any environment variables normally?

TheAssassin avatar Jan 17 '19 16:01 TheAssassin

libcurl respects the proxy environment variables named http_proxy, ftp_proxy, sftp_proxy etc. If set, libcurl will use the specified proxy for that URL scheme. So for a "FTP://" URL, the ftp_proxy is considered. all_proxy is used if no protocol specific proxy was set.

https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html

probonopd avatar Jan 17 '19 17:01 probonopd

@probonopd I wonder why they're not respected then. See https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html:

Environment variables

libcurl respects the proxy environment variables named http_proxy, ftp_proxy, sftp_proxy etc. If set, libcurl will use the specified proxy for that URL scheme. So for a "FTP://" URL, the ftp_proxy is considered. all_proxy is used if no protocol specific proxy was set.

If no_proxy (or NO_PROXY) is set, it is the exact equivalent of setting the CURLOPT_NOPROXY option.

The CURLOPT_PROXY and CURLOPT_NOPROXY options override environment variables.

TheAssassin avatar Jan 17 '19 21:01 TheAssassin

@TheAssassin what type of protocol do you use for getting the updated versions? Is it something else than http or https?

reinhapa avatar Jan 18 '19 07:01 reinhapa

We just use HTTP(S), I'm not aware of any AppImages using different protocols. I will try this later in a fresh VM running a live system.

TheAssassin avatar Jan 18 '19 15:01 TheAssassin

Can HTTPS be proxied at all?

probonopd avatar Jan 18 '19 16:01 probonopd

@probonopd sure, the proxy server just forwards the encrypted traffic as far I know...

reinhapa avatar Jan 18 '19 19:01 reinhapa

I tested zsync-curl via a proxy (Apache2). It failed with HTTPS but works with HTTP. (mod_proxy_connect which does the HTTPS traffic in mod_proxy does not seem to do byte ranges). I then changed my AppImage Update URL to be HTTP not HTTPS. However, it does not work as it looks like AppImageUpdate is using zsync2 and this does not set the CURLOPT_PROXY variable. Maybe this is not the issue as shouldn't CURL pick up my CURLOPT_PROXY from the shell anyway? So: Is there any way to build AppImageUpdate with zsync-curl instead of zsync2?

keniwhat avatar Jan 17 '20 17:01 keniwhat

I have been able to temporarily patch this by changing Session::Impl::makeRequest as follows: if (proxies_.has(protocol)) { curl_easy_setopt(curl, CURLOPT_PROXY, proxies_[protocol].data()); } else { char* proxy = getenv("http_proxy"); if (proxy != NULL) { curl_easy_setopt(curl, CURLOPT_PROXY, proxy); } else curl_easy_setopt(curl, CURLOPT_PROXY, ""); }

However, this does not look like the intended way the source is supposed to work. It looks like SetProxies does not get called on the Session object outside of the Test Suite.
I am not creating a pull request or even forking this as I am sure the intention is to call SetProxies with the http_proxy setting. I didn't quite work out the best place to do this. I am just passing this on for anyone else needing an immediate fix. Regards, Ken

keniwhat avatar Jan 18 '20 10:01 keniwhat

@TheAssassin wdyt?

probonopd avatar Jan 19 '20 15:01 probonopd

@probonopd I'm not willing to patch around in that dependency... it's an annoying one anyway, the whole core (libappimageupdate, that is) requires a rewrite, including all the legacy stuff we recycled from zsync. If I just had 3-5 days...

TheAssassin avatar Feb 18 '20 04:02 TheAssassin