From b957c775ea41838df5be312550477a524b91304f Mon Sep 17 00:00:00 2001 From: Paul Drews Date: Wed, 20 Mar 2013 08:47:47 -0700 Subject: [PATCH] Add capability to chroot to use proxies for git:// urls This patch installs "socat" and a proxy gateway script into the chroot so that git can use a proxy to access "git://" protocol urls. This is needed when performing builds from behind a firewall that requires a proxy. The script reads the proxy environment variables all_proxy (SOCKS), https_proxy (CONNECT), and http_proxy (CONNECT), in order of preference, and supports no_proxy as a whitelist of target hosts that must NOT go through the proxy. This also updates enter_chroot.sh to automatically use this script as GIT_PROXY_COMMAND when it sees the proxy environment variables set. The "socat" program is added to hard-host-depends as a separate patch. That handles socat installation in case of building a chroot from scratch or upgrading. The proxy-gw script is installed in the src/scripts/bin directory which can be stably referenced within the chroot as /mnt/host/source/src/scripts/bin/. The "/mnt/host/source" portion of this path is obtained from the CHROOT_TRUNK_DIR environment variable which is set to a suitable value by preexisting logic in common.sh. This change became necessary to unbreak builds behind proxies with the recent addition of two ebuilds using egit.eclass with repositories using git:// URLs. Original patch by Paul Drews ; modified version by Josh Triplett . CQ-DEPENDS=I1b01bce6f3e6a562b87f748e61508d142af576d9 BUG=none TEST=git clone git://nv-tegra.nvidia.com/tools/cbootimage.git Change-Id: Ic7fc917d1aa24f408bef6f102b6458114dded694 Reviewed-on: https://gerrit.chromium.org/gerrit/41659 Tested-by: paul drews Reviewed-by: Mike Frysinger Commit-Queue: paul drews --- bin/proxy-gw | 63 +++++++++++++++++++++++++++++++++++++++++ sdk_lib/enter_chroot.sh | 7 +++++ 2 files changed, 70 insertions(+) create mode 100755 bin/proxy-gw diff --git a/bin/proxy-gw b/bin/proxy-gw new file mode 100755 index 0000000000..19fe3da6b8 --- /dev/null +++ b/bin/proxy-gw @@ -0,0 +1,63 @@ +#!/bin/bash +# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# $1 = hostname, $2 = port +# +# Use socat to connect to the specified host and port via one of the proxies +# defined in the environment, if the target host does not appear in the +# no_proxy environment variable. + +DEST_HOST="$1" +DEST_PORT="$2" + +# Determine whether the destination host is in the "no_proxy" list. +use_proxy="true" +GLOBIGNORE="*" +for a_host in ${no_proxy//,/ } ; do + case "${a_host}" in + "*") # A "*" matches all hosts. + use_proxy="false" + break + ;; + .*) # Items of the form ".some.fqdn" imply match-at-end. + if [[ "${DEST_HOST}" == *"${a_host}" ]]; then + use_proxy="false" + break + fi + ;; + ${DEST_HOST}) # Items of the form "some.fqdn" imply exact-match. + use_proxy="false" + break + ;; + esac +done + +if [[ -n "${all_proxy}" ]]; then + PROXY="${all_proxy}" + TYPE=SOCKS4 + PORT_ATTR=socksport +elif [[ -n "${https_proxy}" ]]; then + PROXY="${https_proxy}" + TYPE=PROXY + PORT_ATTR=proxyport +elif [[ -n "${http_proxy}" ]]; then + PROXY="${http_proxy}" + TYPE=PROXY + PORT_ATTR=proxyport +else + use_proxy="false" +fi + +if [[ "${use_proxy}" == "true" ]]; then + PROXY="${PROXY#*://}" + PROXY="${PROXY%%/*}" + PROXY_HOST="${PROXY%%:*}" + PROXY_PORT="${PROXY##*:}" + PARMS="${PROXY_HOST}:${DEST_HOST}:${DEST_PORT},${PORT_ATTR}=${PROXY_PORT}" + socat_args=( "${TYPE}:${PARMS}" ) +else + socat_args=( TCP:"${DEST_HOST}":"${DEST_PORT}" ) +fi +exec socat STDIO "${socat_args[@]}" diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh index e15c7c4533..4234181f1a 100755 --- a/sdk_lib/enter_chroot.sh +++ b/sdk_lib/enter_chroot.sh @@ -460,6 +460,13 @@ for var in "${ENVIRONMENT_WHITELIST[@]}" ; do [ "${!var+set}" = "set" ] && CHROOT_PASSTHRU+=( "${var}=${!var}" ) done +# Set up GIT_PROXY_COMMAND so git:// URLs automatically work behind a proxy. +if [[ -n "${all_proxy}" || -n "${https_proxy}" || -n "${http_proxy}" ]]; then + CHROOT_PASSTHRU+=( + "GIT_PROXY_COMMAND=${CHROOT_TRUNK_DIR}/src/scripts/bin/proxy-gw" + ) +fi + # Run command or interactive shell. Also include the non-chrooted path to # the source trunk for scripts that may need to print it (e.g. # build_image.sh).