[OE-core] [PATCH 7/9] oe-git-proxy: Add a new comprehensive git proxy script

Otavio Salvador otavio at ossystems.com.br
Tue Feb 5 23:51:23 UTC 2013 

On Tue, Feb 5, 2013 at 8:52 PM, Darren Hart <dvhart at linux.intel.com> wrote:
> oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
> uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
> ALL_PROXY to determine the proxy server, protocol, and port. It uses
> NO_PROXY to skip using the proxy for a comma delimited list of hosts,
> host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
> known to work with both bash and dash shells.
>
> V2: Implement recommendations by Enrico Scholz:
>     o Use exec for the nc calls
>     o Use "$@" instead of $* to avoid quoting issues inherent with $*
>     o Use bash explicitly and simplify some of the string manipulations
>     Also:
>     o Drop the .sh in the name per Otavio Salvador
>     o Remove a stray debug statement
>
> Signed-off-by: Darren Hart <dvhart at linux.intel.com>
> Cc: Enrico Scholz <enrico.scholz at sigma-chemnitz.de>
> Cc: Otavio Salvador <otavio at ossystems.com.br>
> ---
>  scripts/oe-git-proxy |  124 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 124 insertions(+), 0 deletions(-)
>  create mode 100755 scripts/oe-git-proxy
>
> diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
> new file mode 100755
> index 0000000..4f1871a
> --- /dev/null
> +++ b/scripts/oe-git-proxy
> @@ -0,0 +1,124 @@
> +#!/bin/bash
> +
> +# oe-git-proxy.sh is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat

Please fix the script name.

> +# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
> +# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
> +# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR masks
> +# (192.168.1.0/24). It is known to work with both bash and dash shells.
> +#
> +# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
> +#
> +# Example ALL_PROXY values:
> +# ALL_PROXY=socks://socks.example.com:1080
> +# ALL_PROXY=https://proxy.example.com:8080
> +#
> +# Copyright (c) 2013, Intel Corporation.
> +# All rights reserved.

And please add a clear license here.

> +# AUTHORS
> +# Darren Hart <dvhart at linux.intel.com>
> +
> +# Locate the netcat binary
> +NC=$(which nc 2>/dev/null)
> +if [ $? -ne 0 ]; then
> +       echo "ERROR: nc binary not in PATH"
> +       exit 1
> +fi
> +METHOD=""
> +
> +# Test for a valid IPV4 quad with optional bitmask
> +valid_ipv4() {
> +       echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
> +       return $?
> +}
> +
> +# Convert an IPV4 address into a 32bit integer
> +ipv4_val() {
> +       IP="$1"
> +       SHIFT=24
> +       VAL=0
> +       for B in ${IP//./ }; do
> +               VAL=$(($VAL+$(($B<<$SHIFT))))
> +               SHIFT=$(($SHIFT-8))
> +       done
> +       echo "$VAL"
> +}
> +
> +# Determine if two IPs are equivalent, or if the CIDR contains the IP
> +match_ipv4() {
> +       CIDR=$1
> +       IP=$2
> +
> +       if [ -z "${IP%%$CIDR}" ]; then
> +               return 0
> +       fi
> +
> +       # Determine the mask bitlength
> +       BITS=${CIDR##*/}
> +       if [ -z "$BITS" ]; then
> +               return 1
> +       fi
> +
> +       IPVAL=$(ipv4_val $IP)
> +       IP2VAL=$(ipv4_val ${CIDR%%/*})
> +
> +       # OR in the unmasked bits
> +       for i in $(seq 0 $((32-$BITS))); do
> +               IP2VAL=$(($IP2VAL|$((1<<$i))))
> +               IPVAL=$(($IPVAL|$((1<<$i))))
> +       done
> +
> +       if [ $IPVAL -eq $IP2VAL ]; then
> +               return 0
> +       fi
> +       return 1
> +}
> +
> +# Test to see if GLOB matches HOST
> +match_host() {
> +       HOST=$1
> +       GLOB=$2
> +
> +       if [ -z "${HOST%%$GLOB}" ]; then
> +               return 0
> +       fi
> +
> +       # Match by netmask
> +       if valid_ipv4 $GLOB; then
> +               HOST_IP=$(gethostip -d $HOST)
> +               if valid_ipv4 $HOST_IP; then
> +                       match_ipv4 $GLOB $HOST_IP
> +                       if [ $? -eq 0 ]; then
> +                               return 0
> +                       fi
> +               fi
> +       fi
> +
> +       return 1
> +}
> +
> +# If no proxy is set, just connect directly
> +if [ -z "$ALL_PROXY" ]; then
> +       exec $NC -X connect "$@"
> +fi
> +
> +# Connect directly to hosts in NO_PROXY
> +for H in ${NO_PROXY//,/ }; do
> +       if match_host $1 $H; then
> +               METHOD="-X connect"
> +               break
> +       fi
> +done
> +
> +if [ -z "$METHOD" ]; then
> +       # strip the protocol and the trailing slash
> +       PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
> +       PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
> +       if [ "$PROTO" = "socks" ]; then
> +               METHOD="-X 5 -x $PROXY"
> +       elif [ "$PROTO" = "https" ]; then
> +               METHOD="-X connect -x $PROXY"
> +       fi
> +fi
> +
> +exec $NC $METHOD "$@"
> --
> 1.7.5.4
>



--
Otavio Salvador                             O.S. Systems
E-mail: otavio at ossystems.com.br  http://www.ossystems.com.br
Mobile: +55 53 9981-7854              http://projetos.ossystems.com.br

More information about the Openembedded-core mailing list