Package: auto-apt-proxy
Version: 11
Severity: wishlist
Tags: patch
Currently auto-apt-proxy doesn't work for me because I run
apt-cacher-ng on a dedicated host, which is neither the client's
localhost, nor the client's default gateway.
Currently squid-deb-proxy-client doesn't work for me because I run the
apt-cacher-ng and its clients on different LANs (e.g. DMZ and BYOD).
squid-deb-proxy-client only uses avahi, and
avahi only queries MDNS (not regular DNS), and
MDNS does not propagate between LANs, and
I don't want to forward MDNS traffic between LANs for security reasons.
What I propose is to have static SRV records in normal DNS, similar to
_ldap._tcp and _krb._tcp in large corporate networks. Here is how it
would work:
1. I run a normal apt-cacher-ng on 203.7.155.214:3128.
2. I add a SRV record to my regular DNS zone (*not* avahi MDNS).
dnsmasq --srv-host=_apt_proxy._tcp.cyber.com.au,203.7.155.214,3128
3. I install auto-apt-proxy on all clients, and it does
/usr/lib/apt/apt-helper srv-lookup _http._tcp."$(hostname --domain)"
If that succeeds, it uses the output instead of guessing 127.1 or default
gateway.
Someone else is already doing this strategy downstream of Debian:
https://gist.github.com/stickystyle/ca2e64a4f7d247648b0c
I have refined that above to use apt (not dig), and hostname (not awk)
to find the local domain. Note that resolv.conf supports separate
domain (one) and search (zero or more) domains; the gist is checking
only the first search domain; "hostname --domain" is the local domain.
SRV can return >1 result, with a weighted preference.
In theory auto-apt-proxy should choose one based on the weighting.
I think it is good enough (for now) to just use the first result,
possibly after piping through "shuf" or "sort -R".
# NOTE: this only checks regular DNS/DNS-SD, e.g. in dnsmasq.conf:
#
srv-host=_apt_proxy._tcp.example.com,apt-cacher-ng.example.com,3128
# will result in an apt proxy of
http://apt-cacher-ng.example.com:3128/.
# If you want to check MDNS/DNS-SD (avahi), use
squid-deb-proxy-client.
detect_dns_service_discovery() {
if stdout=$(/usr/lib/apt/apt-helper srv-lookup _http._tcp."$(hostname
--domain)") &&
proxy=$(
echo "$stdout" |
shuf | # FIXME: use the priority ($2) and weight ($3)!
awk '/^[^#]/{print "http://"; $1 ":" $4;exit}') &&
hit -o "Acquire::http::Proxy::${ip}=DIRECT" "$proxy" >/dev/null 2>&1 &&
[ -s "$tmpfile" ] &&
# The response came from apt-cacher or apt-cacher-ng or approx.
grep -q -i "$tmpfile" -e '<title>Apt-cacher' -e
'406.*usage.information' -e '<title>approx\s*server</title>'
then
# DNS-SD provided a working server, so use it.
echo "$proxy"
return 0
fi
return 1
}
PS: busybox also provides ip(1), and it is often installed for the ramdisk.
Therefore I suggest using it when available:
detect() {
if command -v ip >/dev/null; then
gateway=$(ip route | awk '/default/ { print($3) }')
+ elif busybox ip route >/dev/null 2>&1; then
+ gateway=$(busybox ip route | awk '/default/{print $3}')
else
gateway=''
fi
I did not use "command" because busybox might be compiled without
the ip applet (very unlikely on Debian, but theoretically possible).
