How do I get add-apt-repository to work through a proxy?

Question

I'm trying to follow the "Installing Cross Toolchain on Ubuntu 10.04 (Lucid) and 10.10 (Maverick) Hosts" instructions on wiki.linaro.org (on my Ubuntu 10.04 VM). The first step is:

sudo add-apt-repository ppa:linaro-maintainers/toolchain

But when I run that I get:

Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 110] Connection timed out>

I'm guessing the problem is with my configuration for my employer's proxy server, particularly for HTTPS.

When I opened https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain in Firefox, I got "The connection has timed out". I then went into Firefox Preferences -> Advanced -> Network -> Settings... and set HTTP Proxy to "gateway" and Port to 8080, and checked "Use this proxy server for all protocols". Then the page loaded. This supports my theory.

I've tried setting the http_proxy and https_proxy environment variables (both lower and upper case):

$ set | grep -i proxy
HTTPS_PROXY=https://gateway:8080
HTTP_PROXY=http://gateway:8080
http_proxy=http://gateway:8080
https_proxy=https://gateway:8080

I also tried changing them to:

$ set | grep -i proxy
HTTPS_PROXY=gateway:8080
HTTP_PROXY=gateway:8080
http_proxy=gateway:8080
https_proxy=gateway:8080

And I tried adding this second line to /etc/apt/apt.conf:

Acquire::http::proxy "http://gateway:8080/";
Acquire::https::proxy "https://gateway:8080/";

But I continue to get the same error.

How do I troubleshoot this?

Update: I followed the instructions in the accepted answer to "Problem adding repositories and connecting from terminal behind a proxy" and got further:

$ sudo add-apt-repository ppa:linaro-maintainers/toolchain
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 1DD749B890A6F66D050D985CF1FCBACA7BE1F97B
gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I wonder if the "HTTP fetch error" means I also need to add "Defaults env_keep = http_proxy" to /etc/sudoers...

Update #2: I added:

Defaults env_keep="http_proxy"
Defaults env_keep="https_proxy"

...as in Comment 18 for bug 516032, but I still get the same "gpgkeys: HTTP fetch error 7: couldn't connect to host" error.

And this is curious:

$ sudo env | grep proxy
https_proxy=https://gateway:8080

...because http_proxy isn't there.

Any advice is appreciated.

Update #3: Since the host of my VM is a laptop, I took it home and tried there (with no proxies):

$ sudo add-apt-repository ppa:linaro-maintainers/toolchain
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 1DD749B890A6F66D050D985CF1FCBACA7BE1F97B
gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com
gpg: key 7BE1F97B: public key "Launchpad Linaro Overlay PPA" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

It worked. So problem is related to proxy configuration. But I suppose I have a workaround.

Just for reference
http://askubuntu.com/questions/60217/apt-get-update-with-an-in-password-error — Deepak Rajput, Oct 14 '11 at 10:01

score 205 · Accepted Answer · edited Nov 09 '15 at 08:51

205

In addition to configuring proxies, tell sudo to preserve the environment with the -E option:

export http_proxy=http://<proxy>:<port>
export https_proxy=http://<proxy>:<port>
sudo -E add-apt-repository ppa:linaro-maintainers/toolchain

with username and password:

export https_proxy=https://<username>:<password>@<proxy>:<port>

edited Nov 09 '15 at 08:51

heemayl

91,753

answered Feb 08 '12 at 11:49

Amal Pillai

2,066

Ya really worked – Shashwat Kumar Mar 16 '13 at 09:00
15

-E (after doing all of the other stuff above) got it working for me. – cschooley May 24 '13 at 17:47
2

and yes, the https_proxy configuration was necessary... :P – monkut Jun 14 '13 at 05:41
3

How to add proxy permanently and avoid -E switch? I've the /etc/environment file configured properly with the lines added... Thanks – Enrique Aug 31 '15 at 20:54
1

From man sudo: -E, --preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment.m – Pablo Bianchi May 09 '18 at 06:40

score 40 · Answer 2 · edited May 15 '15 at 09:06

Use the following code in a terminal to add gpg key behind proxy,

sudo apt-key adv --keyserver-options http-proxy=http://USER:PASSWORD@PROXY_URL:PORT/ --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY

And replace uppercase letters accordingly. If you are using a proxy without any user authentication (i.e., user name and password) use http-proxy=http://PROXY_URL:PORT/ instead.

For example to have GPG_KEY=C2514567EEA14886 you can use,

sudo apt-key adv --keyserver-options http-proxy=http://user:abc123@10.10.2.21:3128/ --keyserver keyserver.ubuntu.com --recv-keys C2514567EEA14886

where,

USER_ID=user
PASSWORD=abc123
PROXY_URL=10.10.2.21
PORT=3128

If you don't have user authentication simply use,

sudo apt-key adv --keyserver-options http-proxy=http://10.10.2.21:3128/ --keyserver keyserver.ubuntu.com --recv-keys C2514567EEA14886

This does not actually "fix" add-apt-repository command execution. Indeed it works around one of its tasks. At least one additional command is necessary: sudoedit /etc/apt/sources.list.d/XXXX.list + manual edition to add the deb URLs... — Chucky, Dec 02 '14 at 11:24
Would be perfect if you add some info how to fix proxy eternally. Solution you provided requires a LOT of typing — Danatela, Jan 12 '17 at 11:14

score 10 · Answer 3 · edited Jan 02 '12 at 23:35

10

Finally! You need to set https_proxy via:

export https_proxy=....

only set http_proxy is not enough.

And I needed to execute the add-apt-repository command as root, NOT via sudo.

Code:

sudo su
add-apt-repository ppa:........

edited Jan 02 '12 at 23:35

Jorge Castro

71,754

answered Oct 14 '11 at 09:55

DaRattler

111

score 6 · Answer 4 · edited Jul 26 '13 at 10:08

It seems that the proxy configuration is set up but somehow the server cannot be contacted...

I had a very similar issue which I resolved like this: The corporate proxy allows only port 80 and 443 for security reasons, so event when it is setup, since HKP protocol is using port 11371, it will not let you through.

So, short of SSH-ing out and getting the key from one of your servers outside, downloading it and installing it locally, you can specify the key server from on of the ones listed below and specify the port:

http://sks-keyservers.net/overview-of-pools.php

e.g.:

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys XXXXX

Boom, Voila!

Yup. This worked, for me, while installing Mono on Debian 7: sudo -E apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF — qxn, Apr 14 '15 at 14:41

score 4 · Answer 5 · answered Jan 21 '15 at 19:38

The reason your sudoers change did not work as expected is that instead of:

    Defaults env_keep="http_proxy"
    Defaults env_keep="https_proxy"

You should have written:

    Defaults env_keep+="http_proxy"
    Defaults env_keep+="https_proxy"

Also make sure the space between Defaults and env_keep is a tab each time.

Junior Leota · Answer 6 · 2017-07-05T20:06:36.250

I managed to workaround this by editing /usr/lib/python3/dist-packages/softwareproperties/ppa.py and adding

"--keyserver-options", "http-proxy=<proxy_url>",

under the following line

"--keyserver", self.keyserver,

More background information

ppa.py is the python script that is used by add-apt-repository to call gpg. There sometimes seem to be a bug with gpg where it does not use the http_proxy environment variable. This can be confirmed by viewing the file /root/.gnupg/dirmngr.conf and checking to see that honor-http-proxy is not commented out.

thegreendroid · Answer 7 · 2018-02-06T22:58:03.797

3

This four step approach worked for me on an Ubuntu 17.04 VM behind a corporate proxy.

sudo apt-add-repository ppa:brightbox/ruby-ng and let it fail
sudo apt update and look for an error message like The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F5DA5F09C3173AA6
sudo apt-key adv --keyserver-options http-proxy=http://10.0.2.2:3128 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F5DA5F09C3173AA6
sudo apt update will now work

Note that the host VM is running a CNTLM proxy server on port 3128.

edited Feb 06 '18 at 22:58

answered Dec 14 '17 at 03:28

thegreendroid

133

1

You don't have to wait for apt to tell you what the key is. It';s there in the technical details of the PPA: "Fingerprint: 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6" – muru Dec 14 '17 at 03:37
That's true, but I found this process slightly easier. – thegreendroid Dec 14 '17 at 04:53

score 2 · Answer 8 · answered Jul 26 '19 at 18:56

What I do is use http via curl instead of trying to proxy apt-key or gpg:

curl -sSL \ 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBBEBDCB318AD50EC6865090613B00F1FD2C19886' \ | sudo apt-key add -

This method should be used instead of the apt-key command line or http_proxy or https_proxy environment variables settings (which are disabled in the newest versions of apt-key).

score 2 · Answer 9 · edited Jun 13 '14 at 18:05

2

This helped me:

sudo https_proxy='https://user:password@proxyhost:port/' \
http_proxy='http://user:password@proxyhost:port/' \
ftp_proxy='ftp://user:password@proxyhost:port/' \
no_proxy=localhost,127.0.0.0/8,10.0.0.0/8 add-apt-repository ppa:webupd8team/java

I guess that there are some environment variables which are not needed in the command but they do not harm.

edited Jun 13 '14 at 18:05

No Time

1,073
11
25

answered Jun 13 '14 at 16:48

leo

31
5

score 1 · Answer 10 · edited Dec 14 '17 at 03:37

In /etc/apt/apt.conf.d/01proxy add something like this

Acquire::http { Proxy "http://192.168.0.99:3142"; };

This will proxy all aptitude downloads, but I think this is the only way to do this on the backend. If your proxy supports it, you can also use a url like http://my.proxy:port/www.target.site.com/url which I know works for apt-cache-ng

I'm not sure if add-apt-repository itsself uses these settings, but if you cannot make that work, you can always add the repository to your /etc/apt/sources.list or /etc/apt/sources.list.d/*mytoolchain*

Since 11.10 there is also a cross-toolchailable in the main repo, just apt-get install gcc-arm-linux-gnueabihf. There are also cross-toolchains available from emdebian, and some instructions here: http://gsoc.sitedethib.com/posts/apt-get_install_gcc-4.7-arm-linux-gnueabihf/

user72421: how did you know that proxy should be prefixed with 01 and not with another number? — jgomo3, Sep 27 '13 at 23:22

score 1 · Answer 11 · answered Apr 06 '17 at 07:27

Add the PPA manually to your /etc/apt/sources.list:

deb http://ppa.launchpad.net/<user>/<repo>/ubuntu trusty main

Save the file and run sudo apt-get update. This error might pop up:

W: GPG error: http://ppa.launchpad.net trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5BB92C09DB82666C

Run the following command to accept the key for the PPA, remembering to change the key (5BB92C09DB82666C) for corresponding PPA.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5BB92C09DB82666C

Run sudo apt-get update and you're done.

Ref: How To Add Launchpad PPAs In Debian Via add-apt-repository Command

score 1 · Answer 12 · answered Oct 04 '17 at 16:31

Actually, I run into the same problems, that's how I found this page.

environment variables http_proxy (case sensitive) and https_proxy (whatever case) do something. Not setting them fails in the first stage, setting the environment variables do seem to have some effect; it will fail if you don't export them

TCRKVMW ~ $ sudo su -
TCRKVMW ~ # export http_proxy=http://10.54.0.4:8080/
TCRKVMW ~ # export https_proxy=http://10.54.0.4:8080/
TCRKVMW ~ # add-apt-repository ppa:webupd8team/java
You are about to add the following PPA:
 Oracle Java (JDK) Installer (automatically downloads and installs Oracle JDK7 / JDK8 / JDK9). There are no actual Java files in this PPA.

(the rest is successful - this time)

The thing is, sometimes, it just get stuck and ends with the usual timeout message: Cannot add PPA: '"Error reading https://launchpad.net/api/1.0/~webupd8team/+archive/java: (7, 'Failed to connect to launchpad.net port 443: Connection timed out')"'.

...but I'm cheating, I'm doing all this as root. An easy solution is to edit /etc/profile or, on Ubuntu/Mint, just add a script in /etc/profile.d:

    TCRKVMW ~ $ sudo su -c 'F=/etc/profile.d/proxy.sh S="export proxy_http=\"http://192.168.99.4\"\nexport proxy_https=\"http://192.168.99.4\"" ; echo -e ${S} > ${F} ; chmod 700 ${F}'

Oh, yeah, there's also that thing about curl (which is used by apt-add-repository, by the way). The manual says to add .curlrc in your home directory. Because apt-add-directory is root's own, it means adding it to /root/.curlrc:

    proxy_http="http://192.168.99.4"
    proxy_https="http://192.168.99.4"

A good idea is to do the same in your own ~/.curlrc

Also, enabling the proxy in /etc/wgetrc is a good thing to do, although it has nothing to do with the question asked, I'm just saving you another search on Google (if you read this, you have multiple with a proxy)...

score 0 · Answer 13 · edited May 19 '15 at 12:29

0

Execute the below command in terminal

export http_proxy=http://username:password@proxyserver.net:port/
export ftp_proxy=http://username:password@proxyserver.netport/

edited May 19 '15 at 12:29

muru

197,895
55
485
740

answered Feb 08 '12 at 07:05

Deepak Rajput

6,947

score 0 · Answer 14 · answered Jul 26 '19 at 18:59

0

Another solution is to add a APT proxy.conf file, /etc/apt/apt.conf.d/proxy.conf

Acquire::http::Proxy "http://your.proxy.server.here.com:port/";
Acquire::https::Proxy "http://your.proxy.server.here.com:port/";

answered Jul 26 '19 at 18:59

Dan Anderson

131
3

score 0 · Answer 15 · answered Dec 28 '21 at 21:01

Yet another potential solution:

The proxy settings in all the above solutions all point to some underlying connectivity problems. In my case, I'm executing the command on my laptop which is connected through my home internet provider. Although my internet provider doesn't require me to set http(s)_proxy, I figured that my internet provider may have some settings on their end that somehow (unintentionally) blocked the connection for this command.

I turned on a personal client VPN on my laptop. That got around whatever connection restrictions my home internet provider may have had. It worked!

So, if you have either a personal or work VPN for your laptop (and you're executing the command on your laptop), try it.

score 0 · Answer 16 · edited May 10 '17 at 06:56

System wide environment variables should really be added to /etc/environment (use sudo or gksu), but the error reported to you seems to state no gpg data was found. Ideas:

check the proxy settings (if you have access)
check if the proxy is somehow munging the output of encrypted traffic.
run a continuous netstat to see if the connection to the proxy is in fact being made
last resort would be to tcpdump & inspect in wireshark
try a http tunnel ;)

How do I get add-apt-repository to work through a proxy?

16 Answers16

Linked

Related