Re: [PATCH 4/7] oe-git-proxy: Add a new comprehensive git proxy script

[Darren Hart <dvhart@linux.intel.com>]

On 02/08/2013 06:43 PM, Otavio Salvador wrote:
> On Fri, Feb 8, 2013 at 8:27 PM, Darren Hart <dvhart@linux.intel.com> wrote:
>> oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
>> uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
>> ALL_PROXY to determine the proxy server, protocol, and port. It uses
>> NO_PROXY to skip using the proxy for a comma delimited list of hosts,
>> host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
>> known to work with both bash and dash shells.
>>
>> V2: Implement recommendations by Enrico Scholz:
>>     o Use exec for the nc calls
>>     o Use "$@" instead of $* to avoid quoting issues inherent with $*
>>     o Use bash explicitly and simplify some of the string manipulations
>>     Also:
>>     o Drop the .sh in the name per Otavio Salvador
>>     o Remove a stray debug statement
>>
>> V3: Implement recommendations by Otavio Salvador
>>     o GPL license blurb
>>     o Fix minor typo in comment block
>>
>> Signed-off-by: Darren Hart <dvhart@linux.intel.com>
>> Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
>> Cc: Otavio Salvador <otavio@ossystems.com.br>
>>
>> git-proxy cleanup
> 
> All those comments ought to be bellow --- or those will be included in
> commit log.
> 

Which is fine.


>> Signed-off-by: Darren Hart <dvhart@linux.intel.com>
>> ---
>>  scripts/oe-git-proxy |  138 ++++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 files changed, 138 insertions(+), 0 deletions(-)
>>  create mode 100755 scripts/oe-git-proxy
>>
>> diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
>> new file mode 100755
>> index 0000000..4c2f179
>> --- /dev/null
>> +++ b/scripts/oe-git-proxy
>> @@ -0,0 +1,138 @@
>> +#!/bin/bash
>> +
>> +# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
>> +# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
>> +# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
>> +# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
>> +# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
>> +#
>> +# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
>> +#
>> +# Example ALL_PROXY values:
>> +# ALL_PROXY=socks://socks.example.com:1080
>> +# ALL_PROXY=https://proxy.example.com:8080
>> +#
>> +# Copyright (c) 2013, Intel Corporation.
>> +# All rights reserved.
>> +#
>> +# This program is free software; you can redistribute it and/or modify
>> +# it under the terms of the GNU General Public License as published by
>> +# the Free Software Foundation; either version 2 of the License, or
>> +# (at your option) any later version.
>> +#
>> +# This program is distributed in the hope that it will be useful,
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> +# GNU General Public License for more details.
>> +#
>> +# You should have received a copy of the GNU General Public License
>> +# along with this program; if not, write to the Free Software
>> +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
>> +#
>> +# AUTHORS
>> +# Darren Hart <dvhart@linux.intel.com>
>> +
>> +# Locate the netcat binary
>> +NC=$(which nc 2>/dev/null)
>> +if [ $? -ne 0 ]; then
>> +       echo "ERROR: nc binary not in PATH"
>> +       exit 1
>> +fi
>> +METHOD=""
>> +
>> +# Test for a valid IPV4 quad with optional bitmask
>> +valid_ipv4() {
>> +       echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
>> +       return $?
>> +}
>> +
>> +# Convert an IPV4 address into a 32bit integer
>> +ipv4_val() {
>> +       IP="$1"
>> +       SHIFT=24
>> +       VAL=0
>> +       for B in ${IP//./ }; do
>> +               VAL=$(($VAL+$(($B<<$SHIFT))))
>> +               SHIFT=$(($SHIFT-8))
>> +       done
>> +       echo "$VAL"
>> +}
>> +
>> +# Determine if two IPs are equivalent, or if the CIDR contains the IP
>> +match_ipv4() {
>> +       CIDR=$1
>> +       IP=$2
>> +
>> +       if [ -z "${IP%%$CIDR}" ]; then
>> +               return 0
>> +       fi
>> +
>> +       # Determine the mask bitlength
>> +       BITS=${CIDR##*/}
>> +       if [ -z "$BITS" ]; then
>> +               return 1
>> +       fi
>> +
>> +       IPVAL=$(ipv4_val $IP)
>> +       IP2VAL=$(ipv4_val ${CIDR%%/*})
>> +
>> +       # OR in the unmasked bits
>> +       for i in $(seq 0 $((32-$BITS))); do
>> +               IP2VAL=$(($IP2VAL|$((1<<$i))))
>> +               IPVAL=$(($IPVAL|$((1<<$i))))
>> +       done
>> +
>> +       if [ $IPVAL -eq $IP2VAL ]; then
>> +               return 0
>> +       fi
>> +       return 1
>> +}
>> +
>> +# Test to see if GLOB matches HOST
>> +match_host() {
>> +       HOST=$1
>> +       GLOB=$2
>> +
>> +       if [ -z "${HOST%%$GLOB}" ]; then
>> +               return 0
>> +       fi
>> +
>> +       # Match by netmask
>> +       if valid_ipv4 $GLOB; then
>> +               HOST_IP=$(gethostip -d $HOST)
>> +               if valid_ipv4 $HOST_IP; then
>> +                       match_ipv4 $GLOB $HOST_IP
>> +                       if [ $? -eq 0 ]; then
>> +                               return 0
>> +                       fi
>> +               fi
>> +       fi
>> +
>> +       return 1
>> +}
>> +
>> +# If no proxy is set, just connect directly
>> +if [ -z "$ALL_PROXY" ]; then
>> +       exec $NC -X connect "$@"
>> +fi
>> +
>> +# Connect directly to hosts in NO_PROXY
>> +for H in ${NO_PROXY//,/ }; do
>> +       if match_host $1 $H; then
>> +               METHOD="-X connect"
>> +               break
>> +       fi
>> +done
>> +
>> +if [ -z "$METHOD" ]; then
>> +       # strip the protocol and the trailing slash
>> +       PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
>> +       PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
>> +       if [ "$PROTO" = "socks" ]; then
>> +               METHOD="-X 5 -x $PROXY"
>> +       elif [ "$PROTO" = "https" ]; then
>> +               METHOD="-X connect -x $PROXY"
>> +       fi
>> +fi
>> +
>> +exec $NC $METHOD "$@"
>> --
>> 1.7.5.4
>>
> 
> 
> 

-- 
Darren Hart
Intel Open Source Technology Center
Yocto Project - Technical Lead - Linux Kernel