From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03923132C36 for ; Wed, 24 Jan 2024 21:15:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706130952; cv=none; b=C7IfxQ3wT9k6DfTDEUCdU1wUZgxAVnuAx/nvZmFsMhRZMAmfqawQ6u2APpcxbwylPmlCAyrvAPDbM4QW8r6Goo3VpBwjKhxjlY0j2XUAy3v/dki9TzMAJRbQfXt85f4IUBrr4OQNqBo9kzm46O5xBQ6DriSlpxsGODq+G6FFanw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706130952; c=relaxed/simple; bh=wro16yWmzvSsXk8CE4Ral+64izw/pJydSpJC93vo1fE=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=YCdvWHwm1jgBVMCTfiCEu1MV5NCNXcmlKCvOkNSytUvW1VYl7pg3eIf53bpupPJw4iya8GCBDjqHGXsuVVa3qqsBkpjXYj4Nw4ibBRMIvZoaesigK09PGvEBlg/C8ljo3X0HDpEikL7PlHXUmV52lUatW7BAYUrxGXA9Cy1BfvI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=bSpA3PY3; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="bSpA3PY3" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-Type: Content-ID:Content-Description:In-Reply-To:References; bh=tyNJg1ybuA3nHC17ZT2QGQ7KpMe5/7yA1r9PbOVDxUY=; b=bSpA3PY313/DXRcSueQwlrlRMF WtY+El369ZKBXrTBV7mx+m6HJQtQLnu6F9AaOILN1zLeEdUw48Sovj0DrWi2YuvEDnF3PkD6gLHbn hwF3oxT5/z2xeVJDsoUY+mIh1Iq++aKPnZlPRY2dcxUXyRljr9Y69EqcS8RlfIru8Kwr5yIGInUDb rrldc0t/Qu1L9dLBAHc+lENLSPiMBaqwZ/Rr4QMegeAXKfCMOEn4G2gN3Q9t5Iz0a/F6Za+EAG9td rwoKgCTYhykxDDxfjqAe10Jx75d7N58wrkefWH8qkKnBdCAO5FRxjpFRBIzuxwrnvyamE1useffit Xi+rqVxQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1rSkb7-00574k-2T; Wed, 24 Jan 2024 21:15:49 +0000 From: Luis Chamberlain To: kdevops@lists.linux.dev, da.gomez@samsung.com, p.raghav@samsung.com Cc: Luis Chamberlain Subject: [PATCH] mirror: add a smart git check Date: Wed, 24 Jan 2024 13:15:47 -0800 Message-Id: <20240124211547.1218817-1-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: Luis Chamberlain If you are on a firewall chances are you will fail miserably with the default mirroring options and this is a terrible experience as the git protocol will fail. The git protocol is nice and efficient so we don't want to change the default to https. So add a smart git check on make menuconfig which will test if the git protocol will work, otherwise disable all git options. This incurs a penalty on checking if the git protocol works once on make menuconfig with a timeout of 3 seconds. This hack only works on systems which have netcat installed, otherwise we assume git will work too. Ie, if you want this smart heuristic install netcat. Signed-off-by: Luis Chamberlain --- Thoughts? I think its worth the impact to increase user experience. kconfigs/Kconfig.mirror | 24 +++++++++++++++++++----- scripts/test_git_firewall.sh | 17 +++++++++++++++++ 2 files changed, 36 insertions(+), 5 deletions(-) create mode 100755 scripts/test_git_firewall.sh diff --git a/kconfigs/Kconfig.mirror b/kconfigs/Kconfig.mirror index 1b237c7c32c5..3f0b15859319 100644 --- a/kconfigs/Kconfig.mirror +++ b/kconfigs/Kconfig.mirror @@ -47,9 +47,14 @@ config INSTALL_LOCAL_LINUX_MIRROR first linux-mirror setup and just use USE_LOCAL_LINUX_MIRROR so to make use of the mirror. +config MIRROR_GIT_WORKS + bool + default $(shell, ./scripts/test_git_firewall.sh) + choice prompt "Linux mirror protocol" - default MIRROR_TORVALDS_GIT + default MIRROR_TORVALDS_GIT if MIRROR_GIT_WORKS + default MIRROR_TORVALDS_HTTPS if !MIRROR_GIT_WORKS depends on INSTALL_LOCAL_LINUX_MIRROR config MIRROR_TORVALDS_HTTPS @@ -70,6 +75,7 @@ config MIRROR_TORVALDS_HTTPS_GOOGLE config MIRROR_TORVALDS_GIT bool "Git" + depends on MIRROR_GIT_WORKS help If you enable this option then git:// protocol will be used as the source of the mirror. The URL is: @@ -105,7 +111,8 @@ config MIRROR_KDEVOPS_LINUS_URL choice prompt "Linux Next mirror protocol/source" - default MIRROR_NEXT_GIT + default MIRROR_NEXT_GIT if MIRROR_GIT_WORKS + default MIRROR_NEXT_HTTPS if !MIRROR_GIT_WORKS depends on INSTALL_LOCAL_LINUX_MIRROR config MIRROR_NEXT_HTTPS @@ -126,6 +133,7 @@ config MIRROR_NEXT_HTTPS_GOOGLE config MIRROR_NEXT_GIT bool "Git" + depends on MIRROR_GIT_WORKS help If you enable this option then Git protocol will be used as the source of the mirror. The URL is: @@ -142,7 +150,8 @@ config MIRROR_NEXT_URL choice prompt "Linux mcgrof's linux-next fork protocol/source" - default MIRROR_MCGROF_GIT + default MIRROR_MCGROF_GIT if MIRROR_GIT_WORKS + default MIRROR_MCGROF_HTTPS if !MIRROR_GIT_WORKS depends on INSTALL_LOCAL_LINUX_MIRROR config MIRROR_MCGROF_HTTPS @@ -163,6 +172,7 @@ config MIRROR_MCGROF_HTTPS_GOOGLE config MIRROR_MCGROF_GIT bool "Git" + depends on MIRROR_GIT_WORKS help If you enable this option then Git protocol will be used as the source of the mirror. The URL is: @@ -179,7 +189,8 @@ config MIRROR_MCGROF_URL choice prompt "Linux mcgrof's linux fork protocol/source" - default MIRROR_MCGROF_LINUS_GIT + default MIRROR_MCGROF_LINUS_GIT if MIRROR_GIT_WORKS + default MIRROR_MCGROF_LINUS_HTTPS if !MIRROR_GIT_WORKS depends on INSTALL_LOCAL_LINUX_MIRROR config MIRROR_MCGROF_LINUS_HTTPS @@ -200,6 +211,7 @@ config MIRROR_MCGROF_LINUS_HTTPS_GOOGLE config MIRROR_MCGROF_LINUS_GIT bool "Git" + depends on MIRROR_GIT_WORKS help If you enable this option then Git protocol will be used as the source of the mirror. The URL is: @@ -216,7 +228,8 @@ config MIRROR_MCGROF_LINUS_URL choice prompt "Linux stable mirror protocol/source" - default MIRROR_STABLE_GIT + default MIRROR_STABLE_GIT if MIRROR_GIT_WORKS + default MIRROR_STABLE_HTTPS if !MIRROR_GIT_WORKS depends on INSTALL_LOCAL_LINUX_MIRROR config MIRROR_STABLE_HTTPS @@ -237,6 +250,7 @@ config MIRROR_STABLE_HTTPS_GOOGLE config MIRROR_STABLE_GIT bool "Git" + depends on MIRROR_GIT_WORKS help If you enable this option then Git protocol will be used as the source of the mirror. The URL is: diff --git a/scripts/test_git_firewall.sh b/scripts/test_git_firewall.sh new file mode 100755 index 000000000000..019151d5ab9d --- /dev/null +++ b/scripts/test_git_firewall.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +CUR_VAL=$1 +which nc &> /dev/null +if [[ $? -ne 0 ]]; then + echo y + exit +fi + +# change to port 9419 to verify this will fail if your firewall does not +# allow git access. +nc -v -z -w 3 git.kernel.org 9418 &> /dev/null +if [[ $? -eq 0 ]]; then + echo y +else + echo n +fi -- 2.42.0