From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com ([143.182.124.21]) by linuxtogo.org with esmtp (Exim 4.72) (envelope-from ) id 1U4E1t-0005A1-BC for openembedded-core@lists.openembedded.org; Sat, 09 Feb 2013 18:16:08 +0100 Received: from azsmga001.ch.intel.com ([10.2.17.19]) by azsmga101.ch.intel.com with ESMTP; 09 Feb 2013 09:00:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.84,634,1355126400"; d="scan'208";a="254840198" Received: from unknown (HELO envy.home) ([10.255.12.192]) by azsmga001.ch.intel.com with ESMTP; 09 Feb 2013 08:59:49 -0800 Message-ID: <51168084.3080902@linux.intel.com> Date: Sat, 09 Feb 2013 08:59:48 -0800 From: Darren Hart User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Otavio Salvador References: In-Reply-To: X-Enigmail-Version: 1.5 Cc: Enrico Scholz , Poky , Patches and discussions about the oe-core layer Subject: Re: [PATCH 4/7] oe-git-proxy: Add a new comprehensive git proxy script X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2013 17:16:09 -0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 02/08/2013 06:43 PM, Otavio Salvador wrote: > On Fri, Feb 8, 2013 at 8:27 PM, Darren Hart wrote: >> oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It >> uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses >> ALL_PROXY to determine the proxy server, protocol, and port. It uses >> NO_PROXY to skip using the proxy for a comma delimited list of hosts, >> host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is >> known to work with both bash and dash shells. >> >> V2: Implement recommendations by Enrico Scholz: >> o Use exec for the nc calls >> o Use "$@" instead of $* to avoid quoting issues inherent with $* >> o Use bash explicitly and simplify some of the string manipulations >> Also: >> o Drop the .sh in the name per Otavio Salvador >> o Remove a stray debug statement >> >> V3: Implement recommendations by Otavio Salvador >> o GPL license blurb >> o Fix minor typo in comment block >> >> Signed-off-by: Darren Hart >> Cc: Enrico Scholz >> Cc: Otavio Salvador >> >> git-proxy cleanup > > All those comments ought to be bellow --- or those will be included in > commit log. > Which is fine. >> Signed-off-by: Darren Hart >> --- >> scripts/oe-git-proxy | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++ >> 1 files changed, 138 insertions(+), 0 deletions(-) >> create mode 100755 scripts/oe-git-proxy >> >> diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy >> new file mode 100755 >> index 0000000..4c2f179 >> --- /dev/null >> +++ b/scripts/oe-git-proxy >> @@ -0,0 +1,138 @@ >> +#!/bin/bash >> + >> +# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat >> +# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the >> +# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for >> +# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR >> +# masks (192.168.1.0/24). It is known to work with both bash and dash shells. >> +# >> +# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora. >> +# >> +# Example ALL_PROXY values: >> +# ALL_PROXY=socks://socks.example.com:1080 >> +# ALL_PROXY=https://proxy.example.com:8080 >> +# >> +# Copyright (c) 2013, Intel Corporation. >> +# All rights reserved. >> +# >> +# This program is free software; you can redistribute it and/or modify >> +# it under the terms of the GNU General Public License as published by >> +# the Free Software Foundation; either version 2 of the License, or >> +# (at your option) any later version. >> +# >> +# This program is distributed in the hope that it will be useful, >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> +# GNU General Public License for more details. >> +# >> +# You should have received a copy of the GNU General Public License >> +# along with this program; if not, write to the Free Software >> +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. >> +# >> +# AUTHORS >> +# Darren Hart >> + >> +# Locate the netcat binary >> +NC=$(which nc 2>/dev/null) >> +if [ $? -ne 0 ]; then >> + echo "ERROR: nc binary not in PATH" >> + exit 1 >> +fi >> +METHOD="" >> + >> +# Test for a valid IPV4 quad with optional bitmask >> +valid_ipv4() { >> + echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$" >> + return $? >> +} >> + >> +# Convert an IPV4 address into a 32bit integer >> +ipv4_val() { >> + IP="$1" >> + SHIFT=24 >> + VAL=0 >> + for B in ${IP//./ }; do >> + VAL=$(($VAL+$(($B<<$SHIFT)))) >> + SHIFT=$(($SHIFT-8)) >> + done >> + echo "$VAL" >> +} >> + >> +# Determine if two IPs are equivalent, or if the CIDR contains the IP >> +match_ipv4() { >> + CIDR=$1 >> + IP=$2 >> + >> + if [ -z "${IP%%$CIDR}" ]; then >> + return 0 >> + fi >> + >> + # Determine the mask bitlength >> + BITS=${CIDR##*/} >> + if [ -z "$BITS" ]; then >> + return 1 >> + fi >> + >> + IPVAL=$(ipv4_val $IP) >> + IP2VAL=$(ipv4_val ${CIDR%%/*}) >> + >> + # OR in the unmasked bits >> + for i in $(seq 0 $((32-$BITS))); do >> + IP2VAL=$(($IP2VAL|$((1<<$i)))) >> + IPVAL=$(($IPVAL|$((1<<$i)))) >> + done >> + >> + if [ $IPVAL -eq $IP2VAL ]; then >> + return 0 >> + fi >> + return 1 >> +} >> + >> +# Test to see if GLOB matches HOST >> +match_host() { >> + HOST=$1 >> + GLOB=$2 >> + >> + if [ -z "${HOST%%$GLOB}" ]; then >> + return 0 >> + fi >> + >> + # Match by netmask >> + if valid_ipv4 $GLOB; then >> + HOST_IP=$(gethostip -d $HOST) >> + if valid_ipv4 $HOST_IP; then >> + match_ipv4 $GLOB $HOST_IP >> + if [ $? -eq 0 ]; then >> + return 0 >> + fi >> + fi >> + fi >> + >> + return 1 >> +} >> + >> +# If no proxy is set, just connect directly >> +if [ -z "$ALL_PROXY" ]; then >> + exec $NC -X connect "$@" >> +fi >> + >> +# Connect directly to hosts in NO_PROXY >> +for H in ${NO_PROXY//,/ }; do >> + if match_host $1 $H; then >> + METHOD="-X connect" >> + break >> + fi >> +done >> + >> +if [ -z "$METHOD" ]; then >> + # strip the protocol and the trailing slash >> + PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/') >> + PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/') >> + if [ "$PROTO" = "socks" ]; then >> + METHOD="-X 5 -x $PROXY" >> + elif [ "$PROTO" = "https" ]; then >> + METHOD="-X connect -x $PROXY" >> + fi >> +fi >> + >> +exec $NC $METHOD "$@" >> -- >> 1.7.5.4 >> > > > -- Darren Hart Intel Open Source Technology Center Yocto Project - Technical Lead - Linux Kernel