apt does not handle HTTP redirects

For what it's worth, switching apt's HTTP method to use an existing HTTP library
that is already well-behaved would be one way to solve this problem. One such
library is libcURL.

Thanks for your bugreport

Support for apt redirection is available in the
<email address hidden>/apt--http-authentication--0

baz branch.

Cheers,
 Michael

(In reply to comment #2)
> Thanks for your bugreport
>
> Support for apt redirection is available in the
> <email address hidden>/apt--http-authentication--0
>
> baz branch.

Interesting. How does one check this out? (I've only ever used cvs and svn
before.)

Also, on what timeframe will this be distributed with Ubuntu? With Debian?

(In reply to comment #3)
> (In reply to comment #2)
> > Support for apt redirection is available in the
> > <email address hidden>/apt--http-authentication--0
>
> Interesting. How does one check this out? (I've only ever used cvs and svn
> before.)

Sorry, I should have been more verbose. You need to install the package "bazaar".
Then run:
$ baz register-archive http://people.ubuntu.com/~mvo/arch/ubuntu
$ baz get <email address hidden>/apt--http-authentication--0
apt--http-authentication
$ cd apt--http-authentication
$ debian/rules arch-build
and then you find the deb packages in debian/arch-build

> Also, on what timeframe will this be distributed with Ubuntu? With Debian?

I can't give you a timeframe. It depends on what Matt thinks about the code.
Testing is welcome.

Message-ID: <email address hidden>
Date: Thu, 7 Dec 2000 13:51:40 +0000
From: Lee Maguire <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: http method should support HTTP redirects

Package: apt
Version: 0.3.19
Severity: wishlist

The http apt method doesn't appear to support HTTP redirection codes,
i.e. when recieving 301 (Permanent Redirect) or 302 (Temp) code it
gives back "Err".

I can see this facility to be desirable in several instances, including
 - temp redirects when mirrors are in the process of being updated
   or undergoing maintainance.
 - redirects to software that is stored in .deb format, but not in
   an apt-able archive.

See [RFC2068 10.3]

Message-ID: <email address hidden>
Date: 11 Dec 2000 08:01:44 -0500
From: Itai Zukerman <email address hidden>
To: <email address hidden>
Subject: Re: Bug#79002: http method should support HTTP redirects

Looking at the http method, it seems like it would be pretty easy to
enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is
definitely a hack (it messes up concurrent downloads?), and what we
really need, I think, is a new message we can pass back to apt:

  30x URI Redirection

Then, apt can re-issue a 600 to the appropriate method. Is this being
worked on? I need it for a project I'm doing...

-itai

Message-ID: <email address hidden>
Date: Mon, 11 Dec 2000 11:38:02 -0700 (MST)
From: Jason Gunthorpe <email address hidden>
To: Itai Zukerman <email address hidden>, <email address hidden>
cc: <email address hidden>,
        APT Development Team <email address hidden>
Subject: Re: Bug#79002: http method should support HTTP redirects

On 11 Dec 2000, Itai Zukerman wrote:

> Looking at the http method, it seems like it would be pretty easy to
> enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is
> definitely a hack (it messes up concurrent downloads?), and what we
> really need, I think, is a new message we can pass back to apt:
>
> 30x URI Redirection
>
> Then, apt can re-issue a 600 to the appropriate method. Is this being
> worked on? I need it for a project I'm doing...

Doing redirects is extremly risky, you may not get the file you requested
after following the redirect, and it tends to hide misconfigured mirrors.
I am not super interested in having it supported by default.

Generajing redirect messages is probably the best way to do it, but that
is somewhat complicated to get right.

Jason

Message-ID: <email address hidden>
Date: Fri, 25 Jul 2003 08:52:31 -0400
From: Matt Zimmerman <email address hidden>
To: <email address hidden>
Subject: ...

retitle 178854 [methods/http] Should apt's HTTP engine follow 302 redirects?
retitle 79002 [methods/http] http method should support HTTP redirects
merge 178854 79002
thanks

--
 - mdz

Hello,
this feature would allow to provide a "smart" apt selector that would redirect users to a known working and synchronized mirror .
Are the any plans to implement this ?

Thank you

We have a "mirror" method in apt now that supports this kind of redirection. See https://wiki.ubuntu.com/DynamicMirrorDecisions for some background information.

Hi,
I think the "mirror" method Michael Vogt described above is useful in many situation. In other situations, it would be highly preferable to simply have apt honor 3xx status codes and follow redirects. I can see no reason why this should be either hard or insecure. Speaking of security, as long as the packages are signed, the signatures are valid and the keys used for the signatures can be trusted: What are the implications here?

I would like the maintainers of apt/aptitude to reconsider implementing redirection in apt/aptitude.

Thanks!

Some packagers use the opensuse build server to cross distro build and provide packages for Linux (all distros). The build server simply uses redirects to point to mirrored repos.

As long as main apt won't get http redirects we can also provide a patched apt, but it would be nicer to have that feature 'upstream'.

PS: the original posters blog permalink has changed :) to http://blogs.jhu.edu/paulproteus/2005/coral-cache-and-debian-packages

Hello,
we are planning to convert the packages provided on getdeb to a proper repository, one of the adoption blockers is the HTTP redirect support.

Thanks

Has the bug been fixed in jaunty now?

The changelog says so.
http://bazaar.launchpad.net/~ubuntu-core-dev/apt/ubuntu/revision/1688

http://changelogs.ubuntu.com/changelogs/pool/main/a/apt/apt_0.7.20.2ubuntu1/changelog

  * [ABI break] merge support for http redirects, thanks to
     Jeff Licquia and Anthony Towns

It's fixed, the bug should be closed.

This has been implemented in Jaunty (may need some testing) - please file any bugs you may encounter.