[PATCH 4/7] oe-git-proxy: Add a new comprehensive git proxy script

[Darren Hart <dvhart@linux.intel.com>]

oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
ALL_PROXY to determine the proxy server, protocol, and port. It uses
NO_PROXY to skip using the proxy for a comma delimited list of hosts,
host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
known to work with both bash and dash shells.

V2: Implement recommendations by Enrico Scholz:
    o Use exec for the nc calls
    o Use "$@" instead of $* to avoid quoting issues inherent with $*
    o Use bash explicitly and simplify some of the string manipulations
    Also:
    o Drop the .sh in the name per Otavio Salvador
    o Remove a stray debug statement

V3: Implement recommendations by Otavio Salvador
    o GPL license blurb
    o Fix minor typo in comment block

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>

git-proxy cleanup

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
---
 scripts/oe-git-proxy |  138 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 138 insertions(+), 0 deletions(-)
 create mode 100755 scripts/oe-git-proxy

diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
new file mode 100755
index 0000000..4c2f179
--- /dev/null
+++ b/scripts/oe-git-proxy
@@ -0,0 +1,138 @@
+#!/bin/bash
+
+# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
+# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
+# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
+# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
+# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
+#
+# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
+#
+# Example ALL_PROXY values:
+# ALL_PROXY=socks://socks.example.com:1080
+# ALL_PROXY=https://proxy.example.com:8080
+#
+# Copyright (c) 2013, Intel Corporation.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# AUTHORS
+# Darren Hart <dvhart@linux.intel.com>
+
+# Locate the netcat binary
+NC=$(which nc 2>/dev/null)
+if [ $? -ne 0 ]; then
+	echo "ERROR: nc binary not in PATH"
+	exit 1
+fi
+METHOD=""
+
+# Test for a valid IPV4 quad with optional bitmask
+valid_ipv4() {
+	echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
+	return $?
+}
+
+# Convert an IPV4 address into a 32bit integer
+ipv4_val() {
+	IP="$1"
+	SHIFT=24
+	VAL=0
+	for B in ${IP//./ }; do
+		VAL=$(($VAL+$(($B<<$SHIFT))))
+		SHIFT=$(($SHIFT-8))
+	done
+	echo "$VAL"
+}
+
+# Determine if two IPs are equivalent, or if the CIDR contains the IP
+match_ipv4() {
+	CIDR=$1
+	IP=$2
+
+	if [ -z "${IP%%$CIDR}" ]; then
+		return 0
+	fi
+
+	# Determine the mask bitlength
+	BITS=${CIDR##*/}
+	if [ -z "$BITS" ]; then
+		return 1
+	fi
+
+	IPVAL=$(ipv4_val $IP)
+	IP2VAL=$(ipv4_val ${CIDR%%/*})
+
+	# OR in the unmasked bits
+	for i in $(seq 0 $((32-$BITS))); do
+		IP2VAL=$(($IP2VAL|$((1<<$i))))
+		IPVAL=$(($IPVAL|$((1<<$i))))
+	done
+
+	if [ $IPVAL -eq $IP2VAL ]; then
+		return 0
+	fi
+	return 1
+}
+
+# Test to see if GLOB matches HOST
+match_host() {
+	HOST=$1
+	GLOB=$2
+
+	if [ -z "${HOST%%$GLOB}" ]; then
+		return 0
+	fi
+
+	# Match by netmask
+	if valid_ipv4 $GLOB; then
+		HOST_IP=$(gethostip -d $HOST)
+		if valid_ipv4 $HOST_IP; then
+			match_ipv4 $GLOB $HOST_IP
+			if [ $? -eq 0 ]; then
+				return 0
+			fi
+		fi
+	fi
+
+	return 1
+}
+
+# If no proxy is set, just connect directly
+if [ -z "$ALL_PROXY" ]; then
+	exec $NC -X connect "$@"
+fi
+
+# Connect directly to hosts in NO_PROXY
+for H in ${NO_PROXY//,/ }; do
+	if match_host $1 $H; then
+		METHOD="-X connect"
+		break
+	fi
+done
+
+if [ -z "$METHOD" ]; then
+	# strip the protocol and the trailing slash
+	PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
+	PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
+	if [ "$PROTO" = "socks" ]; then
+		METHOD="-X 5 -x $PROXY"
+	elif [ "$PROTO" = "https" ]; then
+		METHOD="-X connect -x $PROXY"
+	fi
+fi
+
+exec $NC $METHOD "$@"
-- 
1.7.5.4