From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 21 19:00:12 2015 Received: (at submit) by debbugs.gnu.org; 21 Apr 2015 23:00:12 +0000 Received: from localhost ([127.0.0.1]:35606 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Ykh9C-0005a7-5N for submit@debbugs.gnu.org; Tue, 21 Apr 2015 19:00:11 -0400 Received: from mail-la0-f50.google.com ([209.85.215.50]:33843) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Ykh5M-0005U5-ML for submit@debbugs.gnu.org; Tue, 21 Apr 2015 18:56:09 -0400 Received: by laat2 with SMTP id t2so162162946laa.1 for ; Tue, 21 Apr 2015 15:56:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=k4dzW7sJf6NbWt+elzOO44yFbYcmLOI2G9hHKdLifMg=; b=HdZC2vuCqeB+CUgaEC4wwWmJiNYy8s0JqzUq2WpReUg1nf2/pnsTbqQW0bN4QjUiic mk56kDO2y+y6LmHWCv2LFtZ2aDUdDeSLhedkrSvLmm/2asWH03OvFl+atdCvT4qTEqKd MDk8BiuZWdhgYphEo279rjZBuBRxr3xAaAh7xKLSlZBolmnirSZB+VGl8tL/EPrXIZMB Q0F/CpyhSEOi0SU5EFilrlr8boT0ipol29L/cti0IvizzGW5kflI/wC84oWz+yGC8kl6 ml3og1k4Ckli2Cm3s0gCfm8ZNM9XqN2BQLtc2FKvasS0Yhm040D1WuJ+c1LnPJtXuNDp RiuQ== MIME-Version: 1.0 X-Received: by 10.152.239.135 with SMTP id vs7mr22182991lac.104.1429656962172; Tue, 21 Apr 2015 15:56:02 -0700 (PDT) Received: by 10.25.80.9 with HTTP; Tue, 21 Apr 2015 15:56:02 -0700 (PDT) Date: Tue, 21 Apr 2015 23:56:02 +0100 X-Google-Sender-Auth: 2_PZ6HObWICxUbal8Z8XFEuuuto Message-ID: Subject: guix cannot download via an http proxy From: Joshua Randall To: submit@debbugs.gnu.org Content-Type: multipart/alternative; boundary=001a1134788c618db6051443f3be X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 21 Apr 2015 19:00:04 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a1134788c618db6051443f3be Content-Type: text/plain; charset=UTF-8 Package: guix Version: 0.8.1 I am attempting to use guix from within a network that does not allow outbound http connections except via an http proxy. I am using Guile v2.0.11, which supports http proxies, so my expectation would be that since I have http_proxy and https_proxy environment variables set, guix would use the specified proxy for outbound http connections, but instead it appears to ignore the proxy settings and attempts to contact the http server directly, which results in a timeout. For example, when doing a `guix pull` I got the following: $ guix pull starting download of `/tmp/guix-file.l1zwZ7' from ` http://git.savannah.gnu.org/cgit/guix.git/snapshot/guix-master.tar.gz'... ERROR: In procedure connect: Connection timed out failed to download "/tmp/guix-file.l1zwZ7" from " http://git.savannah.gnu.org/cgit/guix.git/snapshot/guix-master.tar.gz" guix pull: error: failed to download up-to-date source, exiting It appears that Guile has had support for http proxies in the web client package since v2.0.10, and although guix is using the http-get method from Guile, it isn't using the open-socket-for-uri method, which is the one that implements making a proxy connection. Instead, guix seems to have copied and modified the code from an older version of open-socket-for-uri into open-connection-for-uri ( http://git.savannah.gnu.org/cgit/guix.git/tree/guix/build/download.scm?id=v0.8.1#n153) and uses that instead. I suspect what has happened is that the Guile version of open-socket-for-uri has added proxy support since the code was copied into open-connection-for-uri. One fix would be to port over the changes to open-socket-for-uri that were made in Guile 2.0.10. However, it appears from the code comment that that the reason open-connection-for-uri copies the functionality of open-socket-for-uri is to avoid NSS lookups for symbolic port arguments, and it looks to me that since version 2.0.7 of Guile, its open-socket-for-uri can be convinced not to do NSS lookups as long as (uri-port uri) is not #f (see http://git.savannah.gnu.org/cgit/guile.git/tree/module/web/client.scm?id=v2.0.7#n53 ). Rather than porting the new code from Guile's open-socket-for-uri, it might make more sense to just call open-socket-for-uri with a uri that always has a port (i.e. implement the same hard-coding for http and https in the http-fetch function to make sure that uri has the default port set - I notice for some reason Guile's string->uri parser does not set the port for http and https even though it has the default ports for both set in the code. I suppose one could use the existing post-2.0.7? test to keep calling open-connection-for-uri for backwards compatibility with old versions of Guile (which in any case don't have proxy support, so for my use case it doesn't matter). I can try to put together a patch that implements this fix, although I haven't written scheme in quite a while, so someone else may be better suited for it. Cheers, Josh. --001a1134788c618db6051443f3be Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Package: guix
Version: 0.8.1

= I am attempting to use guix from within a network that does not allow outbo= und http connections except via an http proxy. I am using Guile v2.0.11, wh= ich supports http proxies, so my expectation would be that since I have htt= p_proxy and https_proxy environment variables set, guix would use the speci= fied proxy for outbound http connections, but instead it appears to ignore = the proxy settings and attempts to contact the http server directly, which = results in a timeout.

For example, when doing a `g= uix pull` I got the following:=C2=A0
$ guix pull
s= tarting download of `/tmp/guix-file.l1zwZ7' from `http://g= it.savannah.gnu.org/cgit/guix.git/snapshot/guix-master.tar.gz'...
ERROR: In procedure connect: Connection timed out
failed= to download "/tmp/guix-file.l1zwZ7" from "http://git= .savannah.gnu.org/cgit/guix.git/snapshot/guix-master.tar.gz"
=
guix pull: error: failed to download up-to-date source, exiting
<= /div>

It appears that Guile has had support for http pro= xies in the web client package since v2.0.10, and although guix is using th= e http-get method from Guile, it isn't using the open-socket-for-uri me= thod, which is the one that implements making a proxy connection. Instead, = guix seems to have copied and modified the code from an older version of op= en-socket-for-uri into open-connection-for= -uri (http://git.sa= vannah.gnu.org/cgit/guix.git/tree/guix/build/download.scm?id=3Dv0.8.1#n153<= /a>) and uses that instead. I suspect what has happened is that the Guile v= ersion of open-socket-for-uri has added proxy support since the code was co= pied into open-connection-for-uri. One fix would be to port over the change= s to open-socket-for-uri that were made in Guile 2.0.10.=C2=A0
=


Rather than = porting the new code from Guile's open-socket-for-uri, it might make mo= re sense to just call open-socket-for-uri with a uri that always has a port= (i.e. implement the same hard-coding for http and https in the http-fetch = function to make sure that uri has the default port set - I notice for some= reason Guile's string->uri parser does not set the port for http an= d https even though it has the default ports for both set in the code. I su= ppose one could use the existing=C2=A0post-2.0.7? test to keep calling open-connection-for-uri for backwards c= ompatibility with old versions of Guile (which in any case don't have p= roxy support, so for my use case it doesn't matter).
<= span style=3D"color:rgb(0,0,0)">
I can try to put together a patch that implements this fix, alt= hough I haven't written scheme in quite a while, so someone else may be= better suited for it.=C2=A0

Cheers,

Josh.

--001a1134788c618db6051443f3be--