From 4bdad68da5e658c16613c38f2d062ad7f1e86ead Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Thu, 5 Oct 2023 09:43:57 +0200 Subject: [PATCH 01/11] Added proxy user + pw detection --- bridgehead | 1 + lib/functions.sh | 11 +++++++++++ lib/monitoring.sh | 4 ++-- lib/prerequisites.sh | 2 +- lib/update-bridgehead.sh | 2 +- 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/bridgehead b/bridgehead index b937635..8db9735 100755 --- a/bridgehead +++ b/bridgehead @@ -65,6 +65,7 @@ loadVars() { fi detectCompose setHostname + setupProxy } case "$ACTION" in diff --git a/lib/functions.sh b/lib/functions.sh index 82a501d..0163b1c 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -9,6 +9,17 @@ detectCompose() { fi } +setupProxy() { + if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then + log "INFO" "Detected proxy user and password" + PROTO="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + URL="$(echo ${HTTP_PROXY_URL/$PROTO/})" + PROXY="$(echo $PROTO$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$URL)" + else + PROXY=$HTTP_PROXY_URL + fi +} + exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/monitoring.sh b/lib/monitoring.sh index c3eb9fc..1b12272 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -47,8 +47,8 @@ function hc_send(){ if [ -n "$2" ]; then MSG="$2\n\nDocker stats:\n$UPTIME" - echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + echo -e "$MSG" | https_proxy=$PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" else - https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + https_proxy=$PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" fi } diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 2665b95..3140a2c 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -68,7 +68,7 @@ source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e -SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" +SERVERTIME="$(https_proxy=$PROXY curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" RET=$? set -e if [ $RET -ne 0 ]; then diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 9958eb5..37ac8cd 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -55,7 +55,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" - OUT=$(retry 5 git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR pull 2>&1) + OUT=$(retry 5 git -c http.proxy=$PROXY -c https.proxy=$PROXY -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$PROXY -c https.proxy=$PROXY -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then report_error log "Unable to update git $DIR: $OUT" From 85446b0a3edd4a1ff4e34d9837a8aa52380c5b1f Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Mon, 9 Oct 2023 09:43:30 +0200 Subject: [PATCH 02/11] Added SECURE_PROXY if the https and http proxy are the same --- lib/functions.sh | 7 ++++++- lib/monitoring.sh | 4 ++-- lib/prerequisites.sh | 2 +- lib/update-bridgehead.sh | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 0163b1c..15d9aed 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -3,7 +3,7 @@ detectCompose() { if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then COMPOSE="docker compose" - else + e COMPOSE="docker-compose" # This is intended to fail on startup in the next prereq check. fi @@ -15,8 +15,13 @@ setupProxy() { PROTO="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" URL="$(echo ${HTTP_PROXY_URL/$PROTO/})" PROXY="$(echo $PROTO$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$URL)" + + SECURE_PROTO="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + SECURE_URL="$(echo ${HTTPS_PROXY_URL/$SECURE_PROTO/})" + SECURE_PROXY="$(echo $SECURE_PROTO$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$SECURE_URL)" else PROXY=$HTTP_PROXY_URL + SECURE_PROXY=$HTTPS_PROXY_URL fi } diff --git a/lib/monitoring.sh b/lib/monitoring.sh index 1b12272..c4b3fad 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -47,8 +47,8 @@ function hc_send(){ if [ -n "$2" ]; then MSG="$2\n\nDocker stats:\n$UPTIME" - echo -e "$MSG" | https_proxy=$PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + echo -e "$MSG" | https_proxy=$SECURE_PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" else - https_proxy=$PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + https_proxy=$SECURE_PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" fi } diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 3140a2c..5a9372f 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -68,7 +68,7 @@ source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e -SERVERTIME="$(https_proxy=$PROXY curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" +SERVERTIME="$(https_proxy=$SECURE_PROXY curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" RET=$? set -e if [ $RET -ne 0 ]; then diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 37ac8cd..5620261 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -55,7 +55,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" - OUT=$(retry 5 git -c http.proxy=$PROXY -c https.proxy=$PROXY -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$PROXY -c https.proxy=$PROXY -C $DIR pull 2>&1) + OUT=$(retry 5 git -c http.proxy=$PROXY -c https.proxy=$SECURE_PROXY -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$PROXY -c https.proxy=$SECURE_PROXY -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then report_error log "Unable to update git $DIR: $OUT" From 68cd62b981396d57b7a387e0bec187b6c52a0742 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Tue, 10 Oct 2023 10:43:22 +0200 Subject: [PATCH 03/11] reaf: var naming for proxy usage in our bridgehead scripts --- lib/functions.sh | 18 +++++++++--------- lib/monitoring.sh | 4 ++-- lib/prerequisites.sh | 2 +- lib/update-bridgehead.sh | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 15d9aed..bc1339e 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -3,7 +3,7 @@ detectCompose() { if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then COMPOSE="docker compose" - e + else COMPOSE="docker-compose" # This is intended to fail on startup in the next prereq check. fi @@ -12,16 +12,16 @@ detectCompose() { setupProxy() { if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then log "INFO" "Detected proxy user and password" - PROTO="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - URL="$(echo ${HTTP_PROXY_URL/$PROTO/})" - PROXY="$(echo $PROTO$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$URL)" + HTTP_PROXY_PROTOCOL="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + HTTP_PROXY_FQDN="$(echo ${HTTP_PROXY_URL/$HTTP_PROXY_PROTOCOL/})" + HTTP_PROXY_FULL_URL="$(echo $HTTP_PROXY_PROTOCOL$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$HTTP_PROXY_FQDN)" - SECURE_PROTO="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - SECURE_URL="$(echo ${HTTPS_PROXY_URL/$SECURE_PROTO/})" - SECURE_PROXY="$(echo $SECURE_PROTO$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$SECURE_URL)" + HTTPS_PROXY_PROTOCOL="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + HTTPS_PROXY_FQDN="$(echo ${HTTPS_PROXY_URL/$HTTPS_PROXY_PROTOCOL/})" + HTTPS_PROXY_FULL_URL="$(echo $HTTPS_PROXY_PROTOCOL$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$HTTPS_PROXY_FQDN)" else - PROXY=$HTTP_PROXY_URL - SECURE_PROXY=$HTTPS_PROXY_URL + HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL + HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL fi } diff --git a/lib/monitoring.sh b/lib/monitoring.sh index c4b3fad..b5466a5 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -47,8 +47,8 @@ function hc_send(){ if [ -n "$2" ]; then MSG="$2\n\nDocker stats:\n$UPTIME" - echo -e "$MSG" | https_proxy=$SECURE_PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + echo -e "$MSG" | https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" else - https_proxy=$SECURE_PROXY curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" fi } diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 5a9372f..10166e0 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -68,7 +68,7 @@ source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e -SERVERTIME="$(https_proxy=$SECURE_PROXY curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" +SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" RET=$? set -e if [ $RET -ne 0 ]; then diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 5620261..0af9ce3 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -55,7 +55,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" - OUT=$(retry 5 git -c http.proxy=$PROXY -c https.proxy=$SECURE_PROXY -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$PROXY -c https.proxy=$SECURE_PROXY -C $DIR pull 2>&1) + OUT=$(retry 5 git -c http.proxy=$HTTP_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTP_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then report_error log "Unable to update git $DIR: $OUT" From 74817a21da95e5d9ef362d96c95a41e054205e37 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 20 Oct 2023 15:59:24 +0200 Subject: [PATCH 04/11] Rewrote proxy detection logic to deal with all combinations of no/authenticated/unauthenticated proxy servers --- lib/functions.sh | 39 +++++++++++++++++++++++++++------------ lib/update-bridgehead.sh | 3 +-- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index bc1339e..1dce2c6 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -10,19 +10,34 @@ detectCompose() { } setupProxy() { - if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then - log "INFO" "Detected proxy user and password" - HTTP_PROXY_PROTOCOL="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - HTTP_PROXY_FQDN="$(echo ${HTTP_PROXY_URL/$HTTP_PROXY_PROTOCOL/})" - HTTP_PROXY_FULL_URL="$(echo $HTTP_PROXY_PROTOCOL$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$HTTP_PROXY_FQDN)" - - HTTPS_PROXY_PROTOCOL="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - HTTPS_PROXY_FQDN="$(echo ${HTTPS_PROXY_URL/$HTTPS_PROXY_PROTOCOL/})" - HTTPS_PROXY_FULL_URL="$(echo $HTTPS_PROXY_PROTOCOL$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$HTTPS_PROXY_FQDN)" - else - HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL - HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL + http="no" + if [ $HTTP_PROXY_URL ]; then + if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then + proto="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + fqdn="$(echo ${HTTP_PROXY_URL/$proto/})" + HTTP_PROXY_FULL_URL="$(echo $proto$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$fqdn)" + http="authenticated" + else + HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL + http="unauthenticated" + fi fi + + https="no" + if [ $HTTPS_PROXY_URL ]; then + if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then + proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" + HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)" + https="authenticated" + else + HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL + https="unauthenticated" + fi + fi + + log INFO "Configuring proxy servers: $http http proxy, $https https proxy" + unset http https fqdn proto } exitIfNotRoot() { diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 0af9ce3..c50b31e 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -50,8 +50,7 @@ for DIR in /etc/bridgehead $(pwd); do git -C $DIR config credential.helper "$CREDHELPER" fi old_git_hash="$(git -C $DIR rev-parse --verify HEAD)" - if [ -z "$HTTP_PROXY_URL" ]; then - log "INFO" "Git is using no proxy!" + if [ -z "$HTTP_PROXY_FULL_URL" ]; then OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" From 9fc8564e4ef280403deb472a40eda255e02d740e Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 20 Oct 2023 16:47:15 +0200 Subject: [PATCH 05/11] Fixed git proxy check --- lib/update-bridgehead.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index c50b31e..1f311c2 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -50,7 +50,8 @@ for DIR in /etc/bridgehead $(pwd); do git -C $DIR config credential.helper "$CREDHELPER" fi old_git_hash="$(git -C $DIR rev-parse --verify HEAD)" - if [ -z "$HTTP_PROXY_FULL_URL" ]; then + if [ -z "$HTTPS_PROXY_FULL_URL" ]; then + log "INFO" "Git is using no proxy!" OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" From e0990d99cb63130b2edb6798ed3a571339d2896e Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Mon, 23 Oct 2023 11:06:59 +0000 Subject: [PATCH 06/11] Comment out HTTP proxy parsing --- lib/functions.sh | 25 ++++++++++++++----------- lib/update-bridgehead.sh | 4 ++-- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 1dce2c6..1dec95b 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -10,18 +10,21 @@ detectCompose() { } setupProxy() { + ### Note: As the current data protection concepts do not allow communication via HTTP, this + ### handling of a proxy for HTTP requests is commented out and will not be used + # http="no" - if [ $HTTP_PROXY_URL ]; then - if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then - proto="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - fqdn="$(echo ${HTTP_PROXY_URL/$proto/})" - HTTP_PROXY_FULL_URL="$(echo $proto$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$fqdn)" - http="authenticated" - else - HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL - http="unauthenticated" - fi - fi + # if [ $HTTP_PROXY_URL ]; then + # if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then + # proto="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + # fqdn="$(echo ${HTTP_PROXY_URL/$proto/})" + # HTTP_PROXY_FULL_URL="$(echo $proto$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$fqdn)" + # http="authenticated" + # else + # HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL + # http="unauthenticated" + # fi + # fi https="no" if [ $HTTPS_PROXY_URL ]; then diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 1f311c2..6c84960 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -54,8 +54,8 @@ for DIR in /etc/bridgehead $(pwd); do log "INFO" "Git is using no proxy!" OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else - log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" - OUT=$(retry 5 git -c http.proxy=$HTTP_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTP_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1) + log "INFO" "Git is using proxy ${HTTPS_PROXY_URL} from ${CONFFILE}" + OUT=$(retry 5 git -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git-c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then report_error log "Unable to update git $DIR: $OUT" From f008b18760cee01a22eaf904921c587346deb5cf Mon Sep 17 00:00:00 2001 From: lablans Date: Tue, 24 Oct 2023 07:01:22 +0000 Subject: [PATCH 07/11] Redo proxy, set HTTPS_PROXY_HOST and HTTPS_PROXY_PORT --- lib/functions.sh | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 1dec95b..6168440 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -10,28 +10,21 @@ detectCompose() { } setupProxy() { - ### Note: As the current data protection concepts do not allow communication via HTTP, this - ### handling of a proxy for HTTP requests is commented out and will not be used - # - http="no" - # if [ $HTTP_PROXY_URL ]; then - # if [[ ! -z "$HTTP_PROXY_USERNAME" && ! -z "$HTTP_PROXY_PASSWORD" ]]; then - # proto="$(echo $HTTP_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - # fqdn="$(echo ${HTTP_PROXY_URL/$proto/})" - # HTTP_PROXY_FULL_URL="$(echo $proto$HTTP_PROXY_USERNAME:$HTTP_PROXY_PASSWORD@$fqdn)" - # http="authenticated" - # else - # HTTP_PROXY_FULL_URL=$HTTP_PROXY_URL - # http="unauthenticated" - # fi - # fi + ### Note: As the current data protection concepts do not allow communication via HTTP, + ### we are not setting a proxy for HTTP requests. - https="no" + local http="no" + local https="no" if [ $HTTPS_PROXY_URL ]; then if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then - proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" - fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" + local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)" + + local hostport=$(echo $HTTPS_PROXY_URL | sed -e s,$proto,,g | cut -d/ -f1) + HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')" + HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" + https="authenticated" else HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL @@ -39,8 +32,7 @@ setupProxy() { fi fi - log INFO "Configuring proxy servers: $http http proxy, $https https proxy" - unset http https fqdn proto + log INFO "Configuring proxy servers: $http http proxy (we're not supporting unencrypted comms), $https https proxy" } exitIfNotRoot() { From bbfc607104c79e7fb681a8bffa9a58729b4974d9 Mon Sep 17 00:00:00 2001 From: lablans Date: Tue, 24 Oct 2023 07:07:06 +0000 Subject: [PATCH 08/11] Always define new vars --- lib/functions.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 6168440..68cd36f 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -16,15 +16,14 @@ setupProxy() { local http="no" local https="no" if [ $HTTPS_PROXY_URL ]; then + local hostport=$(echo $HTTPS_PROXY_URL | sed -e s,$proto,,g | cut -d/ -f1) + HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')" + HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)" - local hostport=$(echo $HTTPS_PROXY_URL | sed -e s,$proto,,g | cut -d/ -f1) - HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')" - HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" - https="authenticated" else HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL From f855a198655196d030a08458d1d1037b7b236d09 Mon Sep 17 00:00:00 2001 From: lablans Date: Tue, 24 Oct 2023 07:12:18 +0000 Subject: [PATCH 09/11] Fix sed (?) --- lib/functions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 68cd36f..2e6a144 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -16,11 +16,11 @@ setupProxy() { local http="no" local https="no" if [ $HTTPS_PROXY_URL ]; then - local hostport=$(echo $HTTPS_PROXY_URL | sed -e s,$proto,,g | cut -d/ -f1) + local hostport=$(echo $HTTPS_PROXY_URL | sed -e "s,$proto,,g" | cut -d/ -f1) HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')" HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then - local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')" local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)" From 392afb6410d10fa77db554051bde18fe87ca83a3 Mon Sep 17 00:00:00 2001 From: lablans Date: Tue, 24 Oct 2023 07:23:24 +0000 Subject: [PATCH 10/11] Fix code --- lib/functions.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index 2e6a144..4d2bb2f 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -16,6 +16,8 @@ setupProxy() { local http="no" local https="no" if [ $HTTPS_PROXY_URL ]; then + local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')" + local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" local hostport=$(echo $HTTPS_PROXY_URL | sed -e "s,$proto,,g" | cut -d/ -f1) HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')" HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" @@ -23,7 +25,6 @@ setupProxy() { local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')" local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})" HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)" - https="authenticated" else HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL @@ -32,6 +33,7 @@ setupProxy() { fi log INFO "Configuring proxy servers: $http http proxy (we're not supporting unencrypted comms), $https https proxy" + export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL } exitIfNotRoot() { From 699d8d6398b941dfc44a8804d6e0854d2c779b9c Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Tue, 24 Oct 2023 10:42:36 +0200 Subject: [PATCH 11/11] fix: git call --- lib/update-bridgehead.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 6c84960..bc6a5f6 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -55,7 +55,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTPS_PROXY_URL} from ${CONFFILE}" - OUT=$(retry 5 git -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git-c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1) + OUT=$(retry 5 git -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then report_error log "Unable to update git $DIR: $OUT"