Bug 131095 - Yum tries anonymous GET even if HTTP AUTH is specified at baseurl
Yum tries anonymous GET even if HTTP AUTH is specified at baseurl
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Depends On:
Blocks: 133336
  Show dependency treegraph
Reported: 2004-08-27 10:41 EDT by Robert Scheck
Modified: 2014-01-21 17:49 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-19 15:57:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2004-08-27 10:41:07 EDT
Description of problem:
Yum first tries an anonymous GET (without username and password) to 
get header and rpm files even if a login for http auth is specified 
at baseurl in the yum configuration file. From my access_log:

--- snipp ---
fedora.testnet - - [27/Aug/2004:16:03:11 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 401 498 "-" "Yum/2.X"
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

Version-Release number of selected component (if applicable):

How reproducible:
Everytime, see below.

Steps to Reproduce:
1. Edit /etc/yum.conf and add a repository with a baseurl in the 
   form: "http://user:password@server/directory/"
2. Run "yum check-update"
3. Run "yum update"
4. Have a look to the access_log of the http server were the header 
   and rpm files are from.
Actual results:
Yum tries to get every file 2 times (first without http auth and 
then with http auth), that wrong behaviour causes unneeded traffic 
and unnecessary errors at server side.

Expected results:
--- snipp ---
fedora.testnet - user [27/Aug/2004:16:03:14 +0200] "GET /files/headers/office2text-0-2004-1.i386.hdr HTTP/1.1" 200 3394 "-" "Yum/2.X"
--- snapp ---

That mens only ONE try to get a header and/or rpm file and then 
correctly with http auth using user and password.
Comment 1 Michael Stenner 2004-09-08 00:56:02 EDT
OK, I have good news and bad news.  The bad news is more bad than the
good news is good.

The bad news:  you are correct.  This behavior comes from urllib2 and
is not a result of yum or urlgrabber code (except in that they use
urllib2).  If I can find a sane way to work around it, I'm game.  If
it requires major hacking on urllib2, some more thinking will have to

The good news.  In poking around, I discovered that urlgrabber
accidentally stripped any trailing slashes off of directory requests,
leading to unnecessary re-directs.  I fixed that :)
Comment 2 Robert Scheck 2004-09-23 05:24:59 EDT
Only want to say, that yum 2.1.x CVS HEAD 1 h ago currently has the 
same problem anyway.
Comment 3 Michael Stenner 2004-09-23 10:55:01 EDT
Yes.  As the offending code is not actually _IN_ yum/urlgrabber, the
updates in yum/urlgrabber are not going to change it.  I'm not opposed
to trying to work around it in urlgrabber, but I just don't see a good
way now.  I'm open to suggestions.
Comment 4 Jeremy Katz 2005-09-21 14:08:31 EDT
Is this better in 2.4.0?  
Comment 5 Robert Scheck 2005-10-01 07:53:35 EDT
I don't know - sorry, I developed very soon my own workaround to avoid this 
using HTTP AUTH with yum... ;-)

But looking to comments #1 and #3, I can just guess, that the problem exists 
further on.

Note You need to log in before you can comment on or make changes to this bug.