Apt socks5h proxy settings fail when specified on the command line
Apt supports HTTP, HTTPS and SOCKS5H (SOCKS5 with remote DNS resolution) proxies, according to both the source code and the man page, but when specifying the proxy values on the command line,
apt reports that the proxy is unsupported:
root@host:~# apt -o 'Acquire::https::proxy="socks5h://127.0.0.1:1080"' -o 'Acquire::http::proxy="socks5h://127.0.0.1:1080"' update Ign:1 http://apt.postgresql.org/pub/repos/apt buster-pgdg InRelease Ign:2 https://download.docker.com/linux/debian buster InRelease Ign:3 https://apt.kubernetes.io kubernetes-xenial InRelease Ign:4 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease Err:5 http://apt.postgresql.org/pub/repos/apt buster-pgdg Release Unsupported proxy configured: "socks5h://127.0.0.1:1080 Err:6 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable Release Unsupported proxy configured: "socks5h://127.0.0.1:1080 Err:7 https://download.docker.com/linux/debian buster Release Unsupported proxy configured: "socks5h://127.0.0.1:1080 Err:8 https://apt.kubernetes.io kubernetes-xenial Release Unsupported proxy configured: "socks5h://127.0.0.1:1080 ...
Oddly enough, adding these same values to the config file:
root@host:~# cat /etc/apt/apt.conf.d/50proxy.conf Acquire::https::proxy "socks5h://127.0.0.1:1080"; Acquire::http::proxy "socks5h://127.0.0.1:1080";
…results in a successful apt fetch:
root@host:~# apt update Hit:1 ftp://mirror.ac.za/debian/debian buster InRelease Hit:2 ftp://mirror.ac.za/debian/debian buster-backports InRelease Hit:3 ftp://mirror.ac.za/debian/debian buster-proposed-updates InRelease Hit:4 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease Hit:5 https://download.docker.com/linux/debian buster InRelease Hit:7 http://apt.postgresql.org/pub/repos/apt buster-pgdg InRelease Get:6 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [9,383 B] Get:8 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [56.5 kB] Fetched 65.9 kB in 5s (14.2 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. ...
Why there’s a difference between the two isn’t clear to me, since setting the option on the command line clearly reaches the appropriate code path, but it reports that the proxy is valid. The source code that checks the prefixes seems the same either way, and it simply checks for socks5h as a prefix, and then tries http and https, before displaying the “Unsupported proxy configured” message.
Oddly, this quirk doesn’t seem to be known online.