Proxy support issues since 8.0 about rpki-client-portable HOT 11 CLOSED

Looking at the rpki-client output:

rpki-client: https://rrdp.afrinic.net/notification.xml: connect: Connection refused

This error indicates that the connection to the proxy failed. What is the contents of your http_proxy env var?
The log from the proxy has no CONNECT rrdp.afrinic.net:443 HTTP/1.1 line. Which also indicates that the connection to the proxy failed.

Can you run rpki-client with something like strace and find the failing connect call?
I wonder why the 2nd connect failed.

Not much we can do about the issue in rsync, guess you need wait for a fixed rsync.

from rpki-client-portable.

I have compiled it myself now so I can run it outside the docker container. First I noticed that rpki-client uses the http_proxy environment setting, instead of the https_proxy setting for https connections.
but setting them both to

http_proxy=http://127.0.0.1:8888/
https_proxy=http://127.0.0.1:8888/

and then strace it shows that the incorrect port is being used for connecting to the proxy:

...
31277 socket(AF_INET, SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 7
31277 connect(7, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
31277 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLOUT}], 2, 15000) = 1 ([{fd=7, revents=POLLOUT|POLLERR|POLLHUP}])
31277 getsockopt(7, SOL_SOCKET, SO_ERROR, [ECONNREFUSED], [4]) = 0
...

I hope this helps.

from rpki-client-portable.

Can you give this patch a try? This should fix the problem with the proxyport settings.

rdiff.txt

from rpki-client-portable.

Yes, this indeed fixes the proxy issue! Thanks! Looking forward to 8.1 :)

from rpki-client-portable.

@cjeker, how far are we from 8.1? I'm also happy to simply add this fix to the container builds later (in case @BenCastricum refers to rpki/rpki-client:{latest,edge} on Docker Hub and Red Hat Quay).

from rpki-client-portable.

I have no good answer right now. The fix is committed and should show up in rpki-client-openbsd soon.
So the latest -current builds should have the fix tomorrow. For a real release it may take longer.

from rpki-client-portable.

No need to rush things for me, We won't be using the rpki-client:edge container, but prefer a official tagged release. The edge container also still contains the bugged rsync version,

from rpki-client-portable.

I'm happy to push the fix also to rpki/rpki-client:8.0 which is currently rpki/rpki-client:latest, if that helps?

from rpki-client-portable.

Then it would still not work 100% due to the rsync issues. We prefer an 8.1 container release with both issues fixed. That makes it clear to coworkers/staff that 8.0 is skipped due to bugs which are (hopefully) fixed in 8.1

from rpki-client-portable.

I'm working at https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/40669 to get a fixed rsync 3.2.7 into Alpine Linux 3.16.

Edit: It got merged and https://gitlab.alpinelinux.org/alpine/aports/-/commit/a2b5319e9212ae4b1fe3e87298114bc483160895 should hopefully lead to updated rsync package soon.

from rpki-client-portable.

As of writing, rpki/rpki-client:latest, currently evaluating to rpki/rpki-client:8.0, as well as rpki/rpki-client:edge both ship the rpki-client bugfix as well as rsync 3.2.7. I'm personally using podman locally, but commands should be substitutable with docker:

$ podman pull rpki/rpki-client:latest
$ podman inspect rpki/rpki-client:latest | jq -r '.[0].Config.Labels."org.opencontainers.image.revision"'
a1eed1d6b27e874506e310848ba8384f947f0c57

from rpki-client-portable.