3

I created a debian repository using dpkg-scanpackeges for binary packages and connected it with a site which is using apache2 directory listing. It worked fine. After that, I set a digest authentication for the site. I added the following line to the /etc/apt/sources.list file.

deb http://username:password@subdomain.domain.com ./

I can reach the site with browser using this notation, however, when I try to run sudo apt-get update I am getting "401 Unauthorized" error. Is there any way to make apt-get update command be able to authenticate?

This is the configuration file for apache.

<VirtualHost *:80>
    ServerName subdomain.domain.com
    DocumentRoot /var/www/archive

        <Directory /var/www/archive >
            Options Indexes FollowSymLinks Multiviews
            Order allow,deny
            Allow from all

            AuthType Digest
            AuthName "Restricted Access"
            AuthDigestDomain /
            AuthDigestProvider file
            AuthUserFile /var/www/passwd/archive
            Require valid-user
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
yusufertekin
  • 73
  • 1
  • 6

1 Answers1

0

I've been researching this topic for a while.

It still not being possible to enable digest authentication for debian apt repositories, despite David Purdy reported this as a bug.

This is important for me, because we have a private repository and want to avoid the sending of the credentials as plain text.

What do you think about writing together a paper about this topic?

ncomputers
  • 3,680
  • 1
  • 15
  • 16