[OE-core] [PATCH 4/7] oe-git-proxy: Add a new comprehensive git proxy script
Darren Hart
dvhart at linux.intel.com
Sat Feb 9 16:59:48 UTC 2013
On 02/08/2013 06:43 PM, Otavio Salvador wrote:
> On Fri, Feb 8, 2013 at 8:27 PM, Darren Hart <dvhart at linux.intel.com> wrote:
>> oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
>> uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
>> ALL_PROXY to determine the proxy server, protocol, and port. It uses
>> NO_PROXY to skip using the proxy for a comma delimited list of hosts,
>> host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
>> known to work with both bash and dash shells.
>>
>> V2: Implement recommendations by Enrico Scholz:
>> o Use exec for the nc calls
>> o Use "$@" instead of $* to avoid quoting issues inherent with $*
>> o Use bash explicitly and simplify some of the string manipulations
>> Also:
>> o Drop the .sh in the name per Otavio Salvador
>> o Remove a stray debug statement
>>
>> V3: Implement recommendations by Otavio Salvador
>> o GPL license blurb
>> o Fix minor typo in comment block
>>
>> Signed-off-by: Darren Hart <dvhart at linux.intel.com>
>> Cc: Enrico Scholz <enrico.scholz at sigma-chemnitz.de>
>> Cc: Otavio Salvador <otavio at ossystems.com.br>
>>
>> git-proxy cleanup
>
> All those comments ought to be bellow --- or those will be included in
> commit log.
>
Which is fine.
>> Signed-off-by: Darren Hart <dvhart at linux.intel.com>
>> ---
>> scripts/oe-git-proxy | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++
>> 1 files changed, 138 insertions(+), 0 deletions(-)
>> create mode 100755 scripts/oe-git-proxy
>>
>> diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
>> new file mode 100755
>> index 0000000..4c2f179
>> --- /dev/null
>> +++ b/scripts/oe-git-proxy
>> @@ -0,0 +1,138 @@
>> +#!/bin/bash
>> +
>> +# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
>> +# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
>> +# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
>> +# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
>> +# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
>> +#
>> +# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
>> +#
>> +# Example ALL_PROXY values:
>> +# ALL_PROXY=socks://socks.example.com:1080
>> +# ALL_PROXY=https://proxy.example.com:8080
>> +#
>> +# Copyright (c) 2013, Intel Corporation.
>> +# All rights reserved.
>> +#
>> +# This program is free software; you can redistribute it and/or modify
>> +# it under the terms of the GNU General Public License as published by
>> +# the Free Software Foundation; either version 2 of the License, or
>> +# (at your option) any later version.
>> +#
>> +# This program is distributed in the hope that it will be useful,
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> +# GNU General Public License for more details.
>> +#
>> +# You should have received a copy of the GNU General Public License
>> +# along with this program; if not, write to the Free Software
>> +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
>> +#
>> +# AUTHORS
>> +# Darren Hart <dvhart at linux.intel.com>
>> +
>> +# Locate the netcat binary
>> +NC=$(which nc 2>/dev/null)
>> +if [ $? -ne 0 ]; then
>> + echo "ERROR: nc binary not in PATH"
>> + exit 1
>> +fi
>> +METHOD=""
>> +
>> +# Test for a valid IPV4 quad with optional bitmask
>> +valid_ipv4() {
>> + echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
>> + return $?
>> +}
>> +
>> +# Convert an IPV4 address into a 32bit integer
>> +ipv4_val() {
>> + IP="$1"
>> + SHIFT=24
>> + VAL=0
>> + for B in ${IP//./ }; do
>> + VAL=$(($VAL+$(($B<<$SHIFT))))
>> + SHIFT=$(($SHIFT-8))
>> + done
>> + echo "$VAL"
>> +}
>> +
>> +# Determine if two IPs are equivalent, or if the CIDR contains the IP
>> +match_ipv4() {
>> + CIDR=$1
>> + IP=$2
>> +
>> + if [ -z "${IP%%$CIDR}" ]; then
>> + return 0
>> + fi
>> +
>> + # Determine the mask bitlength
>> + BITS=${CIDR##*/}
>> + if [ -z "$BITS" ]; then
>> + return 1
>> + fi
>> +
>> + IPVAL=$(ipv4_val $IP)
>> + IP2VAL=$(ipv4_val ${CIDR%%/*})
>> +
>> + # OR in the unmasked bits
>> + for i in $(seq 0 $((32-$BITS))); do
>> + IP2VAL=$(($IP2VAL|$((1<<$i))))
>> + IPVAL=$(($IPVAL|$((1<<$i))))
>> + done
>> +
>> + if [ $IPVAL -eq $IP2VAL ]; then
>> + return 0
>> + fi
>> + return 1
>> +}
>> +
>> +# Test to see if GLOB matches HOST
>> +match_host() {
>> + HOST=$1
>> + GLOB=$2
>> +
>> + if [ -z "${HOST%%$GLOB}" ]; then
>> + return 0
>> + fi
>> +
>> + # Match by netmask
>> + if valid_ipv4 $GLOB; then
>> + HOST_IP=$(gethostip -d $HOST)
>> + if valid_ipv4 $HOST_IP; then
>> + match_ipv4 $GLOB $HOST_IP
>> + if [ $? -eq 0 ]; then
>> + return 0
>> + fi
>> + fi
>> + fi
>> +
>> + return 1
>> +}
>> +
>> +# If no proxy is set, just connect directly
>> +if [ -z "$ALL_PROXY" ]; then
>> + exec $NC -X connect "$@"
>> +fi
>> +
>> +# Connect directly to hosts in NO_PROXY
>> +for H in ${NO_PROXY//,/ }; do
>> + if match_host $1 $H; then
>> + METHOD="-X connect"
>> + break
>> + fi
>> +done
>> +
>> +if [ -z "$METHOD" ]; then
>> + # strip the protocol and the trailing slash
>> + PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
>> + PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
>> + if [ "$PROTO" = "socks" ]; then
>> + METHOD="-X 5 -x $PROXY"
>> + elif [ "$PROTO" = "https" ]; then
>> + METHOD="-X connect -x $PROXY"
>> + fi
>> +fi
>> +
>> +exec $NC $METHOD "$@"
>> --
>> 1.7.5.4
>>
>
>
>
--
Darren Hart
Intel Open Source Technology Center
Yocto Project - Technical Lead - Linux Kernel
More information about the Openembedded-core
mailing list