I'm trying to follow the "Installing Cross Toolchain on Ubuntu 10.04 (Lucid) and 10.10 (Maverick) Hosts" instructions on wiki.linaro.org (on my Ubuntu 10.04 VM). The first step is:
sudo add-apt-repository ppa:linaro-maintainers/toolchain
But when I run that I get:
Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 110] Connection timed out>
I'm guessing the problem is with my configuration for my employer's proxy server, particularly for HTTPS.
When I opened https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain in Firefox, I got "The connection has timed out". I then went into Firefox Preferences -> Advanced -> Network -> Settings... and set HTTP Proxy to "gateway" and Port to 8080, and checked "Use this proxy server for all protocols". Then the page loaded. This supports my theory.
I've tried setting the http_proxy and https_proxy environment variables (both lower and upper case):
$ set | grep -i proxy
HTTPS_PROXY=https://gateway:8080
HTTP_PROXY=http://gateway:8080
http_proxy=http://gateway:8080
https_proxy=https://gateway:8080
I also tried changing them to:
$ set | grep -i proxy
HTTPS_PROXY=gateway:8080
HTTP_PROXY=gateway:8080
http_proxy=gateway:8080
https_proxy=gateway:8080
And I tried adding this second line to /etc/apt/apt.conf:
Acquire::http::proxy "http://gateway:8080/";
Acquire::https::proxy "https://gateway:8080/";
But I continue to get the same error.
How do I troubleshoot this?
Update: I followed the instructions in the accepted answer to "Problem adding repositories and connecting from terminal behind a proxy" and got further:
$ sudo add-apt-repository ppa:linaro-maintainers/toolchain
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 1DD749B890A6F66D050D985CF1FCBACA7BE1F97B
gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
I wonder if the "HTTP fetch error" means I also need to add "Defaults env_keep = http_proxy" to /etc/sudoers...
Update #2: I added:
Defaults env_keep="http_proxy"
Defaults env_keep="https_proxy"
...as in Comment 18 for bug 516032, but I still get the same "gpgkeys: HTTP fetch error 7: couldn't connect to host" error.
And this is curious:
$ sudo env | grep proxy
https_proxy=https://gateway:8080
...because http_proxy isn't there.
Any advice is appreciated.
Update #3: Since the host of my VM is a laptop, I took it home and tried there (with no proxies):
$ sudo add-apt-repository ppa:linaro-maintainers/toolchain
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 1DD749B890A6F66D050D985CF1FCBACA7BE1F97B
gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com
gpg: key 7BE1F97B: public key "Launchpad Linaro Overlay PPA" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
It worked. So problem is related to proxy configuration. But I suppose I have a workaround.
In addition to configuring proxies, tell
sudoto preserve the environment with the-Eoption:with username and password:
Use the following code in a terminal to add gpg key behind proxy,
And replace uppercase letters accordingly. If you are using a proxy without any user authentication (i.e., user name and password) use
http-proxy=http://PROXY_URL:PORT/instead.For example to have
GPG_KEY=C2514567EEA14886you can use,where,
If you don't have user authentication simply use,
Finally! You need to set https_proxy via:
only set http_proxy is not enough.
And I needed to execute the add-apt-repository command as root, NOT via sudo.
Code:
It seems that the proxy configuration is set up but somehow the server cannot be contacted...
I had a very similar issue which I resolved like this: The corporate proxy allows only port 80 and 443 for security reasons, so event when it is setup, since HKP protocol is using port 11371, it will not let you through.
So, short of SSH-ing out and getting the key from one of your servers outside, downloading it and installing it locally, you can specify the key server from on of the ones listed below and specify the port:
http://sks-keyservers.net/overview-of-pools.php
e.g.:
Boom, Voila!
The reason your
sudoerschange did not work as expected is that instead of:You should have written:
Also make sure the space between
Defaultsandenv_keepis a tab each time.I managed to workaround this by editing
/usr/lib/python3/dist-packages/softwareproperties/ppa.pyand addingunder the following line
More background information
ppa.pyis the python script that is used byadd-apt-repositoryto call gpg. There sometimes seem to be a bug with gpg where it does not use the http_proxy environment variable. This can be confirmed by viewing the file/root/.gnupg/dirmngr.confand checking to see thathonor-http-proxyis not commented out.This four step approach worked for me on an Ubuntu 17.04 VM behind a corporate proxy.
sudo apt-add-repository ppa:brightbox/ruby-ngand let it failsudo apt updateand look for an error message likeThe following signatures couldn't be verified because the public key is not available: NO_PUBKEY F5DA5F09C3173AA6sudo apt-key adv --keyserver-options http-proxy=http://10.0.2.2:3128 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F5DA5F09C3173AA6sudo apt updatewill now workNote that the host VM is running a
CNTLMproxy server on port 3128.This helped me:
I guess that there are some environment variables which are not needed in the command but they do not harm.
What I do is use http via curl instead of trying to proxy apt-key or gpg:
curl -sSL \ 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBBEBDCB318AD50EC6865090613B00F1FD2C19886' \ | sudo apt-key add -
This method should be used instead of the
apt-keycommand line orhttp_proxyorhttps_proxyenvironment variables settings (which are disabled in the newest versions of apt-key).In
/etc/apt/apt.conf.d/01proxyadd something like thisThis will proxy all aptitude downloads, but I think this is the only way to do this on the backend. If your proxy supports it, you can also use a url like
http://my.proxy:port/www.target.site.com/urlwhich I know works forapt-cache-ngI'm not sure if add-apt-repository itsself uses these settings, but if you cannot make that work, you can always add the repository to your
/etc/apt/sources.listor/etc/apt/sources.list.d/*mytoolchain*Since 11.10 there is also a cross-toolchailable in the main repo, just
apt-get install gcc-arm-linux-gnueabihf. There are also cross-toolchains available from emdebian, and some instructions here: http://gsoc.sitedethib.com/posts/apt-get_install_gcc-4.7-arm-linux-gnueabihf/