cabal-install sends invalid proxy password
Dear lazy programmers, I was surprised to discover that `cabal-install' -- a popular utility for installing Hackage packages -- cannot work with HTTP proxies. Despite all the necessary code linked in. `cabal update' command returns HTTP 407 (Proxy Authentication Required) error. The problem is explained below and patches follow. * * * Our office LAN has an HTTP proxy server with authorization. And my shell environment has a variable like http_proxy='http://user:password@proxyhost:proxyport/' tcpdump-ing shows that `cabal update' sends invalid credentials in HTTP "CONNECT" request. The proper string would be "user:password" (base64-encoded) while `cabal' sends "user:password@". There's no surprise proxy server denies connection! I've traced the problem down to `userinfo' function, defined in network-2.2.0.1/Network/URI.hs:451:
-- RFC3986, section 3.2.1
userinfo :: URIParser String userinfo = do { uu <- many (uchar ";:&=+$,") ; char '@' ; return (concat uu ++"@") }
Let us see section 3.2 of RFC3986:
authority = [ userinfo "@" ] host [ ":" port ] [... ...] The user information, if present, is followed by a commercial at-sign ("@") that delimits it from the host.
There is no reason for "@" character to be a part of `userinfo' expression. * * * So, the Right Way(TM) to make cabal-install go through proxies is fixing `userinfo' function of `network' package (see the `network-2.2.0.1.patch'). Until then, we should have a workaround in `cabal-install' (cabal-install-0.6.0.patch). I do. Happy hacking! -- vvv
Valery V. Vorotyntsev
Dear lazy programmers,
I was surprised to discover that `cabal-install' -- a popular utility for installing Hackage packages -- cannot work with HTTP proxies. Despite all the necessary code linked in.
`cabal update' command returns HTTP 407 (Proxy Authentication Required) error. The problem is explained below and patches follow.
I just tripped over the same problem yesterday so your patch saved me a lot of debugging. Dominic.
On Fri, 2008-12-12 at 16:05 +0200, Valery V. Vorotyntsev wrote:
Dear lazy programmers,
I was surprised to discover that `cabal-install' -- a popular utility for installing Hackage packages -- cannot work with HTTP proxies. Despite all the necessary code linked in.
Thanks for reporting this. As you guessed, we've never tested it with a proxy that requires authentication.
So, the Right Way(TM) to make cabal-install go through proxies is fixing `userinfo' function of `network' package (see the `network-2.2.0.1.patch').
Good work. We should have this reviewed by the maintainers of the network package.
Until then, we should have a workaround in `cabal-install' (cabal-install-0.6.0.patch). I do.
Thanks, I'll apply that patch. Looking at the code it looks like it will not break when the proper fix is applied to the url code in the network package. Do you agree? Duncan
On 12/18/08, Duncan Coutts
So, the Right Way(TM) to make cabal-install go through proxies is fixing `userinfo' function of `network' package (see the `network-2.2.0.1.patch').
Good work. We should have this reviewed by the maintainers of the network package.
Until then, we should have a workaround in `cabal-install' (cabal-install-0.6.0.patch). I do.
Thanks, I'll apply that patch. Looking at the code it looks like it will not break when the proper fix is applied to the url code in the network package. Do you agree?
It will not break. It will degrade from "savior" into "harmless cruft". And when we are sure that `network' package is fixed, we should revert `cabal-install-0.6.0.patch'. Thank you, Duncan! -- vvv
participants (3)
-
Dominic Steinitz -
Duncan Coutts -
Valery V. Vorotyntsev