I double-checked add-apt-repository and apt-key behavior on bionic (the same doesn't work on xenial as the fix was landed for bionic only).
add-apt-proxy: ➜ ~ sudo strace -f -e connect bash -c 'HTTP_PROXY=http://192.168.1.1:3128 HTTPS_PROXY=http://192.168.1.1:3128 add-apt-repository ppa:landscape/18.03' strace: Process 20044 attached # ... connect(3, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.1.1")}, 16) = 0 More info: https://launchpad.net/~landscape/+archive/ubuntu/18.03 Press [ENTER] to continue or Ctrl-c to cancel adding it. strace: Process 20070 attached [pid 20070] connect(5, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.1.1")}, 16) = 0 [pid 20070] connect(3, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.1.1")}, 16) = 0 # ... [pid 20080] connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 0 0% [Connecting to ru.archive.ubuntu.com] [Connecting to security.ubuntu.com][pid 20079] connect(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2001:67c:1360:8001::17", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0 # ... # squid 1533649727.927 237 192.168.1.100 TCP_TUNNEL/200 5539 CONNECT launchpad.net:443 - HIER_DIRECT/91.189.89.223 - 1533649731.841 269 192.168.1.100 TCP_TUNNEL/200 5539 CONNECT launchpad.net:443 - HIER_DIRECT/91.189.89.223 - 1533649732.499 625 192.168.1.100 TCP_TUNNEL/200 4549 CONNECT keyserver.ubuntu.com:443 - HIER_DIRECT/91.189.89.49 - 1533649732.499 625 192.168.1.100 TCP_TUNNEL/200 4549 CONNECT keyserver.ubuntu.com:443 - HIER_DIRECT/91.189.89.49 - with apt-key HTTP_PROXY and HTTPS_PROXY had no effect, only --keyserver- options affected it: apt-key adv --keyserver-options 'http-proxy=http://192.168.1.1:3128' --keyserver keyserver.ubuntu.com --recv-keys 35F77D63B5CEC106C577ED856E85A86E4652B4E6 [pid 4385] connect(7, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.1.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 1533651214.446 148 192.168.1.100 TCP_MISS/200 1150 GET http://keyserver.ubuntu.com:11371/pks/lookup? - HIER_DIRECT/91.189.89.49 application/pgp-keys This makes sense as the commit below has only changed software- properties not apt-key to use pycurl and https for key retrieval instead of HKP: https://git.launchpad.net/ubuntu/+source/software- properties/commit/?id=f57935235ca0f52b32da7efe2a24cb26c7fc4573 + return get_info_from_https(SKS_KEYSERVER % signing_key_fingerprint, accept_json=False) Plus, the changelog actually makes the relevant note: " - stop using apt-key for installing keys" The apt-key part can be worked around on xenial by using curl directly before add-apt-repository: HTTPS_PROXY=http://<your-https-proxy>:3128 curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&exact=on&search=0x6E85A86E4652B4E6' | sudo apt-key add - -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1433761 Title: apt-key and add-apt-repository don't honor Acquire::http::Proxy Status in software-properties package in Ubuntu: Fix Released Bug description: When setting the proxy server globally on the system for the APT package manager, add-apt-repository ignores the setting. This issue is present on all versions of Debian that I have tested. # cat /etc/apt/apt.conf.d/80proxy Acquire::http::proxy "http://w.x.y.z:nnnn/";; # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A9A06AEF9CB8DB0 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.TIa517Kcw8 --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/saltstack-salt.gpg --keyserver keyserver.ubuntu.com --recv-keys 5A9A06AEF9CB8DB0 gpg: requesting key F9CB8DB0 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error This has serious repercussions. Unattended installs such as juju, maas, etc are all affected for anyone who is working behind a proxy. This is the case for most enterprise environments where such maas and juju setups will be tested out, and as such has great repercussions for Canonical as a viable supplier of OpenStack environments: if your product fails to install, you're not going to get the business. Considering that: * The setting to use already exists in /etc/apt/apt.conf and that all other tools use this correctly * The serious impact of this issue for downstream projects and Debian usage in the enterprise * The long time this issue has been standing and has affected people I suggest that this either 1) be fixed, or 2) the apt-key and add-apt-repository programs are renamed so that it is made clear they are not part of the APT suite of programs and therefor cannot be trusted to behave as if they were part of APT. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
