内网环境下配置apt

安装 WSL

公司的电脑可以安装 WSL1 或者 WSL2 ，对于 WSL 的版本并没有什么要求。直接从微软应用市场下载安装即可。

问题

在配置编译环境的时候，遇到了 apt 无法更新的问题

sudo apt update
sudo apt upgrade

报错如下：

Ign:1 http://old-releases.ubuntu.com/ubuntu bionic InRelease
Ign:2 http://old-releases.ubuntu.com/ubuntu bionic-updates InRelease
Ign:3 http://old-releases.ubuntu.com/ubuntu bionic-backports InRelease
Ign:4 http://old-releases.ubuntu.com/ubuntu bionic-security InRelease
Err:5 http://old-releases.ubuntu.com/ubuntu bionic Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.124 80]
Err:6 http://old-releases.ubuntu.com/ubuntu bionic-updates Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.124 80]
Err:7 http://old-releases.ubuntu.com/ubuntu bionic-backports Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.124 80]
Err:8 http://old-releases.ubuntu.com/ubuntu bionic-security Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.124 80]
Reading package lists... Done
E: The repository 'http://old-releases.ubuntu.com/ubuntu bionic Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://old-releases.ubuntu.com/ubuntu bionic-updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://old-releases.ubuntu.com/ubuntu bionic-backports Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://old-releases.ubuntu.com/ubuntu bionic-security Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

主要原因有以下几点

1、 WSL 无法访问外网，也就是无法直接访问 ubuntu 的官方软件源。

可以用 wget 命令来测试，如：

wget google.com

如果能下载到谷歌的包，就说明已经通了网，可以往下一步de了。如果不能，可以考虑按照下面的解决方案1配一个代理，然后全局启用。

2、 WSL 能访问官方软件源，但是软件源已经不再支持

举例如下：

在执行

sudo apt update

时提示了下面的报错：

E: The repository 'http://old-releases.ubuntu.com/ubuntu bionic-old-releases Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default
N: See apt-secure(8) manpage for repository creation and user configuration details.

这几类报错的具体解决方案和原因见下面的解决方案2。

3、 公司网安禁止不安全的代理转发

示例1

可以看到，我已经可以通过 wget 直接下载到 http://in.archive.ubuntu.com/ubuntu/dists/xenial/InRelease 的包了，但是还是无法 apt update 。

报错如下：

Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [2578 B]
Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [2578 B]
Err:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [2578 B]
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [2578 B]
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Reading package lists... Done
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is no longer signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)

示例2

在执行

sudo apt update

时提示了下面的报错：

Ign:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Ign:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Ign:3 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Ign:4 http://archive.ubuntu.com/ubuntu bionic-security InRelease
Err:5 http://archive.ubuntu.com/ubuntu bionic Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.81 80]
Err:6 http://archive.ubuntu.com/ubuntu bionic-updates Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.81 80]
Err:7 http://archive.ubuntu.com/ubuntu bionic-backports Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.81 80]
Err:8 http://archive.ubuntu.com/ubuntu bionic-security Release
  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.81 80]
Reading package lists... Done                       
E: The repository 'http://archive.ubuntu.com/ubuntu bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-security Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

这两个报错的具体解决方案和原因见下面的解决方案3。

解决方案

1、配置 WSL 网络代理

WSL1 和 WSL2 在网络代理的配置上稍微有一些区别。原因在于 WSL1 是与 windows 共享网络的，而 WSL2 是使用 Hyper-V 启动了全局虚拟化，与 windows 的网络交换需要使用ip来定位。

因此，WSL2 如果想配置将网络请求转发到系统代理上，需要动态获取 windows 的 ip 进行转发。

我在 windows 上运行了代理软件 clash ， 代理软件的转发端口是 7890 。这可以在 windows 的 设置 -> 网络和internet -> 代理 中找到，如下图：

接着进入到 WSL 系统中，修改系统脚本，添加如下的命令来修改系统的网络代理。这里将大部分应用层的网络协议都走了代理转发，

系统脚本位于，其中 dingning 是我的用户名：

\wsl.localhost\Ubuntu-22.04\home\dingning.profile

如果你是 WSL1 ，那么就添加下面的这两个函数：

function proxy_off(){
        unset http_proxy
        unset https_proxy
        unset ftp_proxy
        unset rsync_proxy
        echo -e "已关闭代理"
}

function proxy_on() {
        export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
        host_ip="127.0.0.1"
        export http_proxy="http://$host_ip:7890"
        export https_proxy=$http_proxy
        export ftp_proxy=$http_proxy
        export rsync_proxy=$http_proxy
        export HTTP_PROXY=$http_proxy
        export HTTPS_PROXY=$http_proxy
        export FTP_PROXY=$http_proxy
        export RSYNC_PROXY=$http_proxy
        echo -e "已开启代理"
}

如果你是 WSL2 ，那么就添加下面的这两个函数：

function proxy_off(){
        unset http_proxy
        unset https_proxy
        unset ftp_proxy
        unset rsync_proxy
        echo -e "已关闭代理"
}

function proxy_on() {
        export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
        host_ip=$(cat /etc/resolv.conf |grep "nameserver" |cut -f 2 -d " ")
        export http_proxy="http://$host_ip:7890"
        export https_proxy=$http_proxy
        export ftp_proxy=$http_proxy
        export rsync_proxy=$http_proxy
        export HTTP_PROXY=$http_proxy
        export HTTPS_PROXY=$http_proxy
        export FTP_PROXY=$http_proxy
        export RSYNC_PROXY=$http_proxy
        echo -e "已开启代理"
}

修改后的文件如下图：

这两个函数实现了将 WSL 上的 HTTP/HTTPS/FTP/RSYNC 四个协议的网络请求都转发到 windows 中网络代理软件的接口的功能，因此实现了访问外网。

接着，你需要将系统源设置为当前修改的文件，并启动或者关闭代理。指令为：

source ~/.profile
proxy_on
proxy_off

启动代理后，你应该就能够访问 google 了，试试上面的 wget 。

脚本来源于：https://www.chuchur.com/article/windows-wsl-proxy

2、修改源

该问题的主要原因是

Ubuntu 18.04 LTS (bionic from 2018-April thus 18.04) is not an old-release, ie. it's currently supported and not EOL (old-releases is for EOL releases).

Ubuntu 18.04 LTS has 5 years of standard support so is supported until 2023-April, then moves to ESM or extended support before finally having it's repositories moved from archive.ubuntu.com to where you're file is looking - old-releases.ubuntu.com

You need to change old-releases.ubuntu.com to archive.ubuntu.com for that entry in your /etc/apt/sources.list file

也就是说当前版本的 Ubuntu 并不是一个不支持版本，它的软件包应该去 archive.ubuntu.com 中找，而不是系统默认的 old-releases.ubuntu.com 。

在其它版本的 Ubuntu 上都有可能会出现相同的问题，这个问题大概率是因为你在为止的情况下修改了 /etc/apt/sources.list 文件 ，所以需要使用恰当的软件包网站源。

你需要修改 /etc/apt/sources.list 文件 ， 将其中全部的 old-releases.ubuntu.com 替换成 archive.ubuntu.com 。如下图：

由于你需要修改系统文件，可能会没有权限，这里是获得权限的指令:

sudo chown -R username /your/dirname

其中 username 是你 WSL 中的用户名，**/your/dirname** 是你修改的文件所在的目录。

借鉴于：https://askubuntu.com/questions/1188970/e-the-repository-http-old-releases-ubuntu-com-ubuntu-bionic-old-releases-rel

3、使用国内 https 镜像

问题2的后半个问题与问题3一样，都是因为公司网关对代理的管控导致的。

报错中的关键信息是：

Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)

和

  SECURITY: URL redirect target contains control characters, rejecting. [IP: 91.189.91.81 80]

查了一下 ip ，发现是英国的。接着查了下共性问题，有同志遇到了相同的问题，这是他的描述：

问了下公司网管说并没有对这个ip进行限制，不过对一些80和8080的网络端口进行限制。

查了下网上的信息，发现也有网友遇到类似的问题，问题的原因都指向：某信服的上网管理软件。

因此他的解决方案是将 apt 源中的所有 http 协议都改为 https 协议。我测试后发现 archive.ubuntu.com 和 old-releases.ubuntu.com 都没有 https 协议下的网站，因此使用官方源的方法是没办法在公司内网环境下解决 apt 软件源的问题了。

Err:5 https://old-releases.ubuntu.com/ubuntu bionic Release
  404  Not Found [IP: 185.125.190.37 443]
Err:6 https://old-releases.ubuntu.com/ubuntu bionic-updates Release
  404  Not Found [IP: 185.125.190.37 443]
Err:7 https://old-releases.ubuntu.com/ubuntu bionic-backports Release
  404  Not Found [IP: 185.125.190.37 443]
Err:8 https://old-releases.ubuntu.com/ubuntu bionic-security Release
  404  Not Found [IP: 185.125.190.37 443]

所以只能通过使用国内的 https 协议下的镜像源来代替了。这是可行的阿里镜像源，直接使用它修改 /etc/apt/sources.list 文件即可:

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb https://mirrors.aliyun.com/ubuntu bionic main restricted
# deb-src http://mirrors.aliyun.com/ubuntu bionic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb https://mirrors.aliyun.com/ubuntu bionic-updates main restricted
# deb-src http://mirrors.aliyun.com/ubuntu bionic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb https://mirrors.aliyun.com/ubuntu bionic universe
# deb-src http://mirrors.aliyun.com/ubuntu bionic universe
deb https://mirrors.aliyun.com/ubuntu bionic-updates universe
# deb-src http://mirrors.aliyun.com/ubuntu bionic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb https://mirrors.aliyun.com/ubuntu bionic multiverse
# deb-src http://mirrors.aliyun.com/ubuntu bionic multiverse
deb https://mirrors.aliyun.com/ubuntu bionic-updates multiverse
# deb-src http://mirrors.aliyun.com/ubuntu bionic-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb https://mirrors.aliyun.com/ubuntu bionic-backports main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu bionic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner

deb https://mirrors.aliyun.com/ubuntu bionic-security main restricted
# deb-src http://mirrors.aliyun.com/ubuntu bionic-security main restricted
deb https://mirrors.aliyun.com/ubuntu bionic-security universe
# deb-src http://mirrors.aliyun.com/ubuntu bionic-security universe
deb https://mirrors.aliyun.com/ubuntu bionic-security multiverse
deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
# deb-src [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
# deb-src http://mirrors.aliyun.com/ubuntu bionic-security multiverse

解决思路借鉴： https://36qu.com/archives/51.html

总结

公司网关对http的代理有拦截，因此 apt 无法 update 的有效解决方法就是换国内镜像源。虽然不优雅，但是也只能这么做了。