diff options
author | Darren Hart <dvhart@linux.intel.com> | 2013-02-08 14:27:22 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-02-11 22:53:00 +0000 |
commit | 62867f56da0e0904f0108f113324c2432659fbac (patch) | |
tree | 1f3ffd159d1b3013d87d8e89458106186bd26a42 | |
parent | c485322fa2b89eb90efd88969d0c73575f128af7 (diff) | |
download | openembedded-core-62867f56da0e0904f0108f113324c2432659fbac.tar.gz openembedded-core-62867f56da0e0904f0108f113324c2432659fbac.tar.bz2 openembedded-core-62867f56da0e0904f0108f113324c2432659fbac.zip |
oe-git-proxy: Add a new comprehensive git proxy script
oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
ALL_PROXY to determine the proxy server, protocol, and port. It uses
NO_PROXY to skip using the proxy for a comma delimited list of hosts,
host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
known to work with both bash and dash shells.
V2: Implement recommendations by Enrico Scholz:
o Use exec for the nc calls
o Use "$@" instead of $* to avoid quoting issues inherent with $*
o Use bash explicitly and simplify some of the string manipulations
Also:
o Drop the .sh in the name per Otavio Salvador
o Remove a stray debug statement
V3: Implement recommendations by Otavio Salvador
o GPL license blurb
o Fix minor typo in comment block
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
git-proxy cleanup
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rwxr-xr-x | scripts/oe-git-proxy | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy new file mode 100755 index 0000000000..4c2f17903b --- /dev/null +++ b/scripts/oe-git-proxy @@ -0,0 +1,138 @@ +#!/bin/bash + +# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat +# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the +# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for +# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR +# masks (192.168.1.0/24). It is known to work with both bash and dash shells. +# +# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora. +# +# Example ALL_PROXY values: +# ALL_PROXY=socks://socks.example.com:1080 +# ALL_PROXY=https://proxy.example.com:8080 +# +# Copyright (c) 2013, Intel Corporation. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# AUTHORS +# Darren Hart <dvhart@linux.intel.com> + +# Locate the netcat binary +NC=$(which nc 2>/dev/null) +if [ $? -ne 0 ]; then + echo "ERROR: nc binary not in PATH" + exit 1 +fi +METHOD="" + +# Test for a valid IPV4 quad with optional bitmask +valid_ipv4() { + echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$" + return $? +} + +# Convert an IPV4 address into a 32bit integer +ipv4_val() { + IP="$1" + SHIFT=24 + VAL=0 + for B in ${IP//./ }; do + VAL=$(($VAL+$(($B<<$SHIFT)))) + SHIFT=$(($SHIFT-8)) + done + echo "$VAL" +} + +# Determine if two IPs are equivalent, or if the CIDR contains the IP +match_ipv4() { + CIDR=$1 + IP=$2 + + if [ -z "${IP%%$CIDR}" ]; then + return 0 + fi + + # Determine the mask bitlength + BITS=${CIDR##*/} + if [ -z "$BITS" ]; then + return 1 + fi + + IPVAL=$(ipv4_val $IP) + IP2VAL=$(ipv4_val ${CIDR%%/*}) + + # OR in the unmasked bits + for i in $(seq 0 $((32-$BITS))); do + IP2VAL=$(($IP2VAL|$((1<<$i)))) + IPVAL=$(($IPVAL|$((1<<$i)))) + done + + if [ $IPVAL -eq $IP2VAL ]; then + return 0 + fi + return 1 +} + +# Test to see if GLOB matches HOST +match_host() { + HOST=$1 + GLOB=$2 + + if [ -z "${HOST%%$GLOB}" ]; then + return 0 + fi + + # Match by netmask + if valid_ipv4 $GLOB; then + HOST_IP=$(gethostip -d $HOST) + if valid_ipv4 $HOST_IP; then + match_ipv4 $GLOB $HOST_IP + if [ $? -eq 0 ]; then + return 0 + fi + fi + fi + + return 1 +} + +# If no proxy is set, just connect directly +if [ -z "$ALL_PROXY" ]; then + exec $NC -X connect "$@" +fi + +# Connect directly to hosts in NO_PROXY +for H in ${NO_PROXY//,/ }; do + if match_host $1 $H; then + METHOD="-X connect" + break + fi +done + +if [ -z "$METHOD" ]; then + # strip the protocol and the trailing slash + PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/') + PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/') + if [ "$PROTO" = "socks" ]; then + METHOD="-X 5 -x $PROXY" + elif [ "$PROTO" = "https" ]; then + METHOD="-X connect -x $PROXY" + fi +fi + +exec $NC $METHOD "$@" |