Bug 131095 – Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Bug 131095 - Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Summary:	Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Status:	CLOSED WONTFIX

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	yum (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Jeremy Katz
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	133336
	Show dependency tree / graph

Reported:	2004-08-27 10:41 EDT by Robert Scheck
Modified:	2014-01-21 17:49 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-04-19 15:57:10 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Robert Scheck 2004-08-27 10:41:07 EDT

Description of problem:
Yum first tries an anonymous GET (without username and password) to 
get header and rpm files even if a login for http auth is specified 
at baseurl in the yum configuration file. From my access_log:

--- snipp ---
fedora.testnet - - [27/Aug/2004:16:03:11 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 401 498 "-" "Yum/2.X"
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

Version-Release number of selected component (if applicable):
yum-2.0.7-3

How reproducible:
Everytime, see below.

Steps to Reproduce:
1. Edit /etc/yum.conf and add a repository with a baseurl in the 
   form: "http://user:password@server/directory/"
2. Run "yum check-update"
3. Run "yum update"
4. Have a look to the access_log of the http server were the header 
   and rpm files are from.
  
Actual results:
Yum tries to get every file 2 times (first without http auth and 
then with http auth), that wrong behaviour causes unneeded traffic 
and unnecessary errors at server side.

Expected results:
--- snipp ---
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

That mens only ONE try to get a header and/or rpm file and then 
correctly with http auth using user and password.

Comment 1 Michael Stenner 2004-09-08 00:56:02 EDT

OK, I have good news and bad news.  The bad news is more bad than the
good news is good.

The bad news:  you are correct.  This behavior comes from urllib2 and
is not a result of yum or urlgrabber code (except in that they use
urllib2).  If I can find a sane way to work around it, I'm game.  If
it requires major hacking on urllib2, some more thinking will have to
happen.

The good news.  In poking around, I discovered that urlgrabber
accidentally stripped any trailing slashes off of directory requests,
leading to unnecessary re-directs.  I fixed that :)

Comment 2 Robert Scheck 2004-09-23 05:24:59 EDT

Only want to say, that yum 2.1.x CVS HEAD 1 h ago currently has the 
same problem anyway.

Comment 3 Michael Stenner 2004-09-23 10:55:01 EDT

Yes.  As the offending code is not actually _IN_ yum/urlgrabber, the
updates in yum/urlgrabber are not going to change it.  I'm not opposed
to trying to work around it in urlgrabber, but I just don't see a good
way now.  I'm open to suggestions.

Comment 4 Jeremy Katz 2005-09-21 14:08:31 EDT

Is this better in 2.4.0?

Comment 5 Robert Scheck 2005-10-01 07:53:35 EDT

I don't know - sorry, I developed very soon my own workaround to avoid this 
using HTTP AUTH with yum... ;-)

But looking to comments #1 and #3, I can just guess, that the problem exists 
further on.

Note You need to log in before you can comment on or make changes to this bug.