diff options
Diffstat (limited to 'scripts/oe-git-proxy')
-rwxr-xr-x | scripts/oe-git-proxy | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy new file mode 100755 index 0000000..1247902 --- /dev/null +++ b/scripts/oe-git-proxy @@ -0,0 +1,159 @@ +#!/bin/bash + +# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses socat +# to make SOCKS5 or HTTPS proxy connections. +# It uses ALL_PROXY or all_proxy or http_proxy to determine the proxy server, +# protocol, and port. +# It uses NO_PROXY to skip using the proxy for a comma delimited list of +# hosts, host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It +# is known to work with both bash and dash shells. +# +# Example ALL_PROXY values: +# ALL_PROXY=socks://socks.example.com:1080 +# ALL_PROXY=https://proxy.example.com:8080 +# +# Copyright (c) 2013, Intel Corporation. +# All rights reserved. +# +# AUTHORS +# Darren Hart <dvhart@linux.intel.com> + +# Locate the netcat binary +SOCAT=$(which socat 2>/dev/null) +if [ $? -ne 0 ]; then + echo "ERROR: socat binary not in PATH" 1>&2 + exit 1 +fi +METHOD="" + +# Test for a valid IPV4 quad with optional bitmask +valid_ipv4() { + echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$" + return $? +} + +# Convert an IPV4 address into a 32bit integer +ipv4_val() { + IP="$1" + SHIFT=24 + VAL=0 + for B in ${IP//./ }; do + VAL=$(($VAL+$(($B<<$SHIFT)))) + SHIFT=$(($SHIFT-8)) + done + echo "$VAL" +} + +# Determine if two IPs are equivalent, or if the CIDR contains the IP +match_ipv4() { + CIDR=$1 + IP=$2 + + if [ -z "${IP%%$CIDR}" ]; then + return 0 + fi + + # Determine the mask bitlength + BITS=${CIDR##*/} + [ "$BITS" != "$CIDR" ] || BITS=32 + if [ -z "$BITS" ]; then + return 1 + fi + + IPVAL=$(ipv4_val $IP) + IP2VAL=$(ipv4_val ${CIDR%%/*}) + + # OR in the unmasked bits + for i in $(seq 0 $((32-$BITS))); do + IP2VAL=$(($IP2VAL|$((1<<$i)))) + IPVAL=$(($IPVAL|$((1<<$i)))) + done + + if [ $IPVAL -eq $IP2VAL ]; then + return 0 + fi + return 1 +} + +# Test to see if GLOB matches HOST +match_host() { + HOST=$1 + GLOB=$2 + + if [ -z "${HOST%%$GLOB}" ]; then + return 0 + fi + + # Match by netmask + if valid_ipv4 $GLOB; then + HOST_IP=$(gethostip -d $HOST) + if valid_ipv4 $HOST_IP; then + match_ipv4 $GLOB $HOST_IP + if [ $? -eq 0 ]; then + return 0 + fi + fi + fi + + return 1 +} + +# If no proxy is set or needed, just connect directly +METHOD="TCP:$1:$2" + +[ -z "${ALL_PROXY}" ] && ALL_PROXY=$all_proxy +[ -z "${ALL_PROXY}" ] && ALL_PROXY=$http_proxy + +if [ -z "$ALL_PROXY" ]; then + exec $SOCAT STDIO $METHOD +fi + +# Connect directly to hosts in NO_PROXY +for H in ${NO_PROXY//,/ }; do + if match_host $1 $H; then + exec $SOCAT STDIO $METHOD + fi +done + +# Proxy is necessary, determine protocol, server, and port +# extract protocol +PROTO=${ALL_PROXY%://*} +# strip protocol:// from string +ALL_PROXY=${ALL_PROXY#*://} +# extract host & port parts: +# 1) drop username/password +PROXY=${ALL_PROXY##*@} +# 2) remove optional trailing /? +PROXY=${PROXY%%/*} +# 3) extract optional port +PORT=${PROXY##*:} +if [ "$PORT" = "$PROXY" ]; then + PORT="" +fi +# 4) remove port +PROXY=${PROXY%%:*} + +# extract username & password +PROXYAUTH="${ALL_PROXY%@*}" +[ "$PROXYAUTH" = "$ALL_PROXY" ] && PROXYAUTH= +[ -n "${PROXYAUTH}" ] && PROXYAUTH=",proxyauth=${PROXYAUTH}" + +if [ "$PROTO" = "socks" ] || [ "$PROTO" = "socks4a" ]; then + if [ -z "$PORT" ]; then + PORT="1080" + fi + METHOD="SOCKS4A:$PROXY:$1:$2,socksport=$PORT" +elif [ "$PROTO" = "socks4" ]; then + if [ -z "$PORT" ]; then + PORT="1080" + fi + METHOD="SOCKS4:$PROXY:$1:$2,socksport=$PORT" +else + # Assume PROXY (http, https, etc) + if [ -z "$PORT" ]; then + PORT="8080" + fi + METHOD="PROXY:$PROXY:$1:$2,proxyport=${PORT}${PROXYAUTH}" +fi + +exec $SOCAT STDIO "$METHOD" |