summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Hart <dvhart@linux.intel.com>2013-02-08 14:27:22 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-02-11 22:53:00 +0000
commit62867f56da0e0904f0108f113324c2432659fbac (patch)
tree1f3ffd159d1b3013d87d8e89458106186bd26a42
parentc485322fa2b89eb90efd88969d0c73575f128af7 (diff)
downloadopenembedded-core-62867f56da0e0904f0108f113324c2432659fbac.tar.gz
openembedded-core-62867f56da0e0904f0108f113324c2432659fbac.tar.bz2
openembedded-core-62867f56da0e0904f0108f113324c2432659fbac.zip
oe-git-proxy: Add a new comprehensive git proxy script
oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is known to work with both bash and dash shells. V2: Implement recommendations by Enrico Scholz: o Use exec for the nc calls o Use "$@" instead of $* to avoid quoting issues inherent with $* o Use bash explicitly and simplify some of the string manipulations Also: o Drop the .sh in the name per Otavio Salvador o Remove a stray debug statement V3: Implement recommendations by Otavio Salvador o GPL license blurb o Fix minor typo in comment block Signed-off-by: Darren Hart <dvhart@linux.intel.com> Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Cc: Otavio Salvador <otavio@ossystems.com.br> git-proxy cleanup Signed-off-by: Darren Hart <dvhart@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rwxr-xr-xscripts/oe-git-proxy138
1 files changed, 138 insertions, 0 deletions
diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
new file mode 100755
index 0000000000..4c2f17903b
--- /dev/null
+++ b/scripts/oe-git-proxy
@@ -0,0 +1,138 @@
+#!/bin/bash
+
+# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
+# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
+# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
+# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
+# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
+#
+# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
+#
+# Example ALL_PROXY values:
+# ALL_PROXY=socks://socks.example.com:1080
+# ALL_PROXY=https://proxy.example.com:8080
+#
+# Copyright (c) 2013, Intel Corporation.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# AUTHORS
+# Darren Hart <dvhart@linux.intel.com>
+
+# Locate the netcat binary
+NC=$(which nc 2>/dev/null)
+if [ $? -ne 0 ]; then
+ echo "ERROR: nc binary not in PATH"
+ exit 1
+fi
+METHOD=""
+
+# Test for a valid IPV4 quad with optional bitmask
+valid_ipv4() {
+ echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
+ return $?
+}
+
+# Convert an IPV4 address into a 32bit integer
+ipv4_val() {
+ IP="$1"
+ SHIFT=24
+ VAL=0
+ for B in ${IP//./ }; do
+ VAL=$(($VAL+$(($B<<$SHIFT))))
+ SHIFT=$(($SHIFT-8))
+ done
+ echo "$VAL"
+}
+
+# Determine if two IPs are equivalent, or if the CIDR contains the IP
+match_ipv4() {
+ CIDR=$1
+ IP=$2
+
+ if [ -z "${IP%%$CIDR}" ]; then
+ return 0
+ fi
+
+ # Determine the mask bitlength
+ BITS=${CIDR##*/}
+ if [ -z "$BITS" ]; then
+ return 1
+ fi
+
+ IPVAL=$(ipv4_val $IP)
+ IP2VAL=$(ipv4_val ${CIDR%%/*})
+
+ # OR in the unmasked bits
+ for i in $(seq 0 $((32-$BITS))); do
+ IP2VAL=$(($IP2VAL|$((1<<$i))))
+ IPVAL=$(($IPVAL|$((1<<$i))))
+ done
+
+ if [ $IPVAL -eq $IP2VAL ]; then
+ return 0
+ fi
+ return 1
+}
+
+# Test to see if GLOB matches HOST
+match_host() {
+ HOST=$1
+ GLOB=$2
+
+ if [ -z "${HOST%%$GLOB}" ]; then
+ return 0
+ fi
+
+ # Match by netmask
+ if valid_ipv4 $GLOB; then
+ HOST_IP=$(gethostip -d $HOST)
+ if valid_ipv4 $HOST_IP; then
+ match_ipv4 $GLOB $HOST_IP
+ if [ $? -eq 0 ]; then
+ return 0
+ fi
+ fi
+ fi
+
+ return 1
+}
+
+# If no proxy is set, just connect directly
+if [ -z "$ALL_PROXY" ]; then
+ exec $NC -X connect "$@"
+fi
+
+# Connect directly to hosts in NO_PROXY
+for H in ${NO_PROXY//,/ }; do
+ if match_host $1 $H; then
+ METHOD="-X connect"
+ break
+ fi
+done
+
+if [ -z "$METHOD" ]; then
+ # strip the protocol and the trailing slash
+ PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
+ PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
+ if [ "$PROTO" = "socks" ]; then
+ METHOD="-X 5 -x $PROXY"
+ elif [ "$PROTO" = "https" ]; then
+ METHOD="-X connect -x $PROXY"
+ fi
+fi
+
+exec $NC $METHOD "$@"