131095 – Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Bug 131095 - Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Summary: Yum tries anonymous GET even if HTTP AUTH is specified at baseurl

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	yum
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeremy Katz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	133336
TreeView+	depends on / blocked

Reported:	2004-08-27 14:41 UTC by Robert Scheck
Modified:	2014-01-21 22:49 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-04-19 19:57:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Robert Scheck 2004-08-27 14:41:07 UTC

Description of problem:
Yum first tries an anonymous GET (without username and password) to 
get header and rpm files even if a login for http auth is specified 
at baseurl in the yum configuration file. From my access_log:

--- snipp ---
fedora.testnet - - [27/Aug/2004:16:03:11 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 401 498 "-" "Yum/2.X"
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

Version-Release number of selected component (if applicable):
yum-2.0.7-3

How reproducible:
Everytime, see below.

Steps to Reproduce:
1. Edit /etc/yum.conf and add a repository with a baseurl in the 
   form: "http://user:password@server/directory/"
2. Run "yum check-update"
3. Run "yum update"
4. Have a look to the access_log of the http server were the header 
   and rpm files are from.
  
Actual results:
Yum tries to get every file 2 times (first without http auth and 
then with http auth), that wrong behaviour causes unneeded traffic 
and unnecessary errors at server side.

Expected results:
--- snipp ---
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

That mens only ONE try to get a header and/or rpm file and then 
correctly with http auth using user and password.

Comment 1 Michael Stenner 2004-09-08 04:56:02 UTC

OK, I have good news and bad news.  The bad news is more bad than the
good news is good.

The bad news:  you are correct.  This behavior comes from urllib2 and
is not a result of yum or urlgrabber code (except in that they use
urllib2).  If I can find a sane way to work around it, I'm game.  If
it requires major hacking on urllib2, some more thinking will have to
happen.

The good news.  In poking around, I discovered that urlgrabber
accidentally stripped any trailing slashes off of directory requests,
leading to unnecessary re-directs.  I fixed that :)

Comment 2 Robert Scheck 2004-09-23 09:24:59 UTC

Only want to say, that yum 2.1.x CVS HEAD 1 h ago currently has the 
same problem anyway.

Comment 3 Michael Stenner 2004-09-23 14:55:01 UTC

Yes.  As the offending code is not actually _IN_ yum/urlgrabber, the
updates in yum/urlgrabber are not going to change it.  I'm not opposed
to trying to work around it in urlgrabber, but I just don't see a good
way now.  I'm open to suggestions.

Comment 4 Jeremy Katz 2005-09-21 18:08:31 UTC

Is this better in 2.4.0?

Comment 5 Robert Scheck 2005-10-01 11:53:35 UTC

I don't know - sorry, I developed very soon my own workaround to avoid this 
using HTTP AUTH with yum... ;-)

But looking to comments #1 and #3, I can just guess, that the problem exists 
further on.

Note You need to log in before you can comment on or make changes to this bug.