Curl works improperly when ran via dnf

Rocky Linux General
1

When trying to dnf install some package in Rocky Linux using regular user (in group wheel), dnf won’t be able to download metadata from the regular repositories.

However, when trying to download the same package (or any other package) using root - it works and if I decline the installation and trying again with the regular user - it suddenly works.
See below output to understand the scenario:

Trying to install package with regular user:

[root@<hostname> ~]# su - <regular_user>
[<regular_user>@<hostname> ~]$ sudo dnf install httpd
Rocky Linux 8 - AppStream                                                                                                                                               0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'appstream':
  - Curl error (6): Couldn't resolve host name for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Could not resolve host: mirrors.rockylinux.org]
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Could not resolve host: mirrors.rockylinux.org]
[<regular_user>@<hostname> ~]$ logout

Downloading repo metadata only (using root):

[root@<hostname> ~]# dnf install httpd
Rocky Linux 8 - AppStream                                                                                                                                                50 kB/s | 8.5 MB     02:55
Rocky Linux 8 - BaseOS                                                                                                                                                  721 kB/s | 3.6 MB     00:05
Rocky Linux 8 - Extras                                                                                                                                                  2.6 kB/s |  10 kB     00:03
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                          3.0 MB/s |  11 MB     00:03
Extra Packages for Enterprise Linux Modular 8 - x86_64                                                                                                                  352 kB/s | 980 kB     00:02
Last metadata expiration check: 0:00:01 ago on Sun 19 Dec 2021 01:09:10 PM IST.
Dependencies resolved.
========================================================================================================================================================================================================
 Package                                         Architecture                         Version                                                             Repository                               Size
========================================================================================================================================================================================================
Installing:
 httpd                                           x86_64                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                               1.4 M
Installing dependencies:
 apr                                             x86_64                               1.6.3-12.el8                                                        appstream                               128 k
 apr-util                                        x86_64                               1.6.1-6.el8.1                                                       appstream                               104 k
 httpd-filesystem                                noarch                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                                38 k
 httpd-tools                                     x86_64                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                               106 k
 mod_http2                                       x86_64                               1.15.7-3.module+el8.5.0+695+1fa8055e                                appstream                               153 k
 rocky-logos-httpd                               noarch                               85.0-3.el8                                                          baseos                                   22 k
Installing weak dependencies:
 apr-util-bdb                                    x86_64                               1.6.1-6.el8.1                                                       appstream                                23 k
 apr-util-openssl                                x86_64                               1.6.1-6.el8.1                                                       appstream                                26 k
Enabling module streams:
 httpd                                                                                2.4

Transaction Summary
========================================================================================================================================================================================================
Install  9 Packages

Total download size: 2.0 M
Installed size: 5.4 M
Is this ok [y/N]: n
Operation aborted.

Going back to regular user and trying to install again, now that the metadata is present:

[root@<hostname> ~]# su - <regular_user>
[<regular_user>@<hostname> ~]$ sudo dnf install httpd
Last metadata expiration check: 0:12:50 ago on Sun 19 Dec 2021 01:09:10 PM IST.
Dependencies resolved.
========================================================================================================================================================================================================
 Package                                         Architecture                         Version                                                             Repository                               Size
========================================================================================================================================================================================================
Installing:
 httpd                                           x86_64                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                               1.4 M
Installing dependencies:
 apr                                             x86_64                               1.6.3-12.el8                                                        appstream                               128 k
 apr-util                                        x86_64                               1.6.1-6.el8.1                                                       appstream                               104 k
 httpd-filesystem                                noarch                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                                38 k
 httpd-tools                                     x86_64                               2.4.37-43.module+el8.5.0+714+5ec56ee8                               appstream                               106 k
 mod_http2                                       x86_64                               1.15.7-3.module+el8.5.0+695+1fa8055e                                appstream                               153 k
 rocky-logos-httpd                               noarch                               85.0-3.el8                                                          baseos                                   22 k
Installing weak dependencies:
 apr-util-bdb                                    x86_64                               1.6.1-6.el8.1                                                       appstream                                23 k
 apr-util-openssl                                x86_64                               1.6.1-6.el8.1                                                       appstream                                26 k
Enabling module streams:
 httpd                                                                                2.4

Transaction Summary
========================================================================================================================================================================================================
Install  9 Packages

Total download size: 2.0 M
Installed size: 5.4 M
Is this ok [y/N]:n
Operation aborted.
[<regular_user>@<hostname> ~]$ logout

And if I remove all cached metadata and try again, this will again not work:

[root@<hostname> ~]# dnf clean all
47 files removed
[root@<hostname> ~]# su - <regular_user>
[<regular_user>@<hostname> ~]$ sudo dnf install httpd
Rocky Linux 8 - AppStream                                                                                                                                               0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'appstream':
  - Curl error (6): Couldn't resolve host name for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Could not resolve host: mirrors.rockylinux.org]
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Could not resolve host: mirrors.rockylinux.org]

Note that when using curl on its own (outside of dnf command), there doesn’t seem to be any issue with hostname resolve:

[<regular_user>@<hostname> ~]$ curl mirrors.rockylinux.org
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://mirrors.rockylinux.org/mirrormanager/">here</a>.</p>
</body></html>

Also note that I am using http_proxy, https_proxy and no_proxy (nothing particular to this server, we use the same environment variables in all servers).
I tried putting those in dnf.conf as well, but no change.

Kernel version:

Linux <hostname> 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 20:49:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Please let me know if any additional information is required.

Thanks!

2

If the regular user is a member of the wheel group why do you need to use sudo?
If I remember correctly the definition for wheel in /etc/sudoers.conf is something to the effect all commands:

ALL=NOPASSWD

So the regular user with wheel membership would run all dnf commands w/o sudo.

If you want to use sudo then create the file in /etc/sudoers.d/20_updatesystem with the contents:
username ALL=NOPASSWD: /usr/bin/dnf

with this format no password will be asked for.

3

I think http_proxy etc. variables are not effectively set when running sudo dnf.

For instance:

$ sudo dnf does not give you a login shell .bash_profile is only run with login shells. On the other hand sudo is very picky about what environment variables are passed through. You could try $ sudo -i dnf instead or $ sudo -E dnf.

If you show us how you set http_proxy we might gain a better understanding of what is going on.

for dnf.conf there is a proxy= directive.

1 Like
4

If a regular user runs a command without sudo than the command runs effectively as that unprivileged user, regardless of group membership.

5

Hey @anemarkus,
I initially used the same curl environment variables (like http_proxy) in dnf.conf as well.
Your solution to replace them with proxy= has resolved my issue :slight_smile:
In addition, the reason I saw difference in results between <regular_user> and root was because sudo indeed doesn’t take the other user’s env variables into account.

Thanks a lot!! :slight_smile:

6

FWIW, putting the proxy= values in dnf.conf has other benefits, such as letting it work from cron jobs.