oe-git-proxy: Add a new comprehensive git proxy script

oe-git-proxy.sh is a simple tool to be used via GIT_PROXY_COMMAND. It
uses BSD netcat to make SOCKS5 or HTTPS proxy connections. It uses
ALL_PROXY to determine the proxy server, protocol, and port. It uses
NO_PROXY to skip using the proxy for a comma delimited list of hosts,
host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It is
known to work with both bash and dash shells.

V2: Implement recommendations by Enrico Scholz:
    o Use exec for the nc calls
    o Use "$@" instead of $* to avoid quoting issues inherent with $*
    o Use bash explicitly and simplify some of the string manipulations
    Also:
    o Drop the .sh in the name per Otavio Salvador
    o Remove a stray debug statement

V3: Implement recommendations by Otavio Salvador
    o GPL license blurb
    o Fix minor typo in comment block

(From OE-Core rev: 62867f56da0e0904f0108f113324c2432659fbac)

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>

git-proxy cleanup

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 138 insertions, 0 deletions

diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
new file mode 100755
index 0000000000..4c2f17903b
--- /dev/null
+++ b/scripts/oe-git-proxy
@@ -0,0 +1,138 @@
+#!/bin/bash
+
+# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
+# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
+# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
+# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
+# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
+#
+# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
+#
+# Example ALL_PROXY values:
+# ALL_PROXY=socks://socks.example.com:1080
+# ALL_PROXY=https://proxy.example.com:8080
+#
+# Copyright (c) 2013, Intel Corporation.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# AUTHORS
+# Darren Hart <dvhart@linux.intel.com>
+
+# Locate the netcat binary
+NC=$(which nc 2>/dev/null)
+if [ $? -ne 0 ]; then
+        echo "ERROR: nc binary not in PATH"
+        exit 1
+fi
+METHOD=""
+
+# Test for a valid IPV4 quad with optional bitmask
+valid_ipv4() {
+        echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
+        return $?
+}
+
+# Convert an IPV4 address into a 32bit integer
+ipv4_val() {
+        IP="$1"
+        SHIFT=24
+        VAL=0
+        for B in ${IP//./ }; do
+                VAL=$(($VAL+$(($B<<$SHIFT))))
+                SHIFT=$(($SHIFT-8))
+        done
+        echo "$VAL"
+}
+
+# Determine if two IPs are equivalent, or if the CIDR contains the IP
+match_ipv4() {
+        CIDR=$1
+        IP=$2
+
+        if [ -z "${IP%%$CIDR}" ]; then
+                return 0
+        fi
+
+        # Determine the mask bitlength
+        BITS=${CIDR##*/}
+        if [ -z "$BITS" ]; then
+                return 1
+        fi
+
+        IPVAL=$(ipv4_val $IP)
+        IP2VAL=$(ipv4_val ${CIDR%%/*})
+
+        # OR in the unmasked bits
+        for i in $(seq 0 $((32-$BITS))); do
+                IP2VAL=$(($IP2VAL|$((1<<$i))))
+                IPVAL=$(($IPVAL|$((1<<$i))))
+        done
+
+        if [ $IPVAL -eq $IP2VAL ]; then
+                return 0
+        fi
+        return 1
+}
+
+# Test to see if GLOB matches HOST
+match_host() {
+        HOST=$1
+        GLOB=$2
+
+        if [ -z "${HOST%%$GLOB}" ]; then
+                return 0
+        fi
+
+        # Match by netmask
+        if valid_ipv4 $GLOB; then
+                HOST_IP=$(gethostip -d $HOST)
+                if valid_ipv4 $HOST_IP; then
+                        match_ipv4 $GLOB $HOST_IP
+                        if [ $? -eq 0 ]; then
+                                return 0
+                        fi
+                fi
+        fi
+
+        return 1
+}
+
+# If no proxy is set, just connect directly
+if [ -z "$ALL_PROXY" ]; then
+        exec $NC -X connect "$@"
+fi
+
+# Connect directly to hosts in NO_PROXY
+for H in ${NO_PROXY//,/ }; do
+        if match_host $1 $H; then
+                METHOD="-X connect"
+                break
+        fi
+done
+
+if [ -z "$METHOD" ]; then
+        # strip the protocol and the trailing slash
+        PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
+        PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
+        if [ "$PROTO" = "socks" ]; then
+                METHOD="-X 5 -x $PROXY"
+        elif [ "$PROTO" = "https" ]; then
+                METHOD="-X connect -x $PROXY"
+        fi
+fi
+
+exec $NC $METHOD "$@"