Simpler handling of http proxies

There are two main scenarios:
1) The host with live-build is configured to use a proxy
   This proxy will automatically be used by live-build
2) The user of live-build explicitly specifies a proxy
2A) With the environment variable 'http_proxy' (preferred)
2B) With the command line option --apt-http-proxy

Any inconsistency in the setting of a proxy results in an error message of 'lb config'
All internal tools (apt/apt-get/aptitude, wget and debootstrap) use the environment variables 'http_proxy' and 'no_proxy', which are passed along to the chroot where needed.

Test scenario:
- A virtual machine with all out-going traffic blocked, except for the proxy.
This commit is contained in:
Roland Clobus 2021-04-07 09:10:29 +02:00
parent da16d81ed3
commit d6a5a1f3cf
No known key found for this signature in database
GPG Key ID: 62C57C6AA61495BD
6 changed files with 95 additions and 13 deletions

View File

@ -29,7 +29,7 @@ Chroot ()
fi fi
done done
${_LINUX32} chroot "${CHROOT}" /usr/bin/env -i HOME="/root" PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" TERM="${TERM}" DEBIAN_FRONTEND="${LB_DEBCONF_FRONTEND}" DEBIAN_PRIORITY="${LB_DEBCONF_PRIORITY}" DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} ${ENV} ${COMMANDS} ${_LINUX32} chroot "${CHROOT}" /usr/bin/env -i HOME="/root" PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" TERM="${TERM}" DEBIAN_FRONTEND="${LB_DEBCONF_FRONTEND}" DEBIAN_PRIORITY="${LB_DEBCONF_PRIORITY}" DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} http_proxy=${http_proxy} no_proxy=${no_proxy} ${ENV} ${COMMANDS}
return ${?} return ${?}
} }

View File

@ -787,4 +787,95 @@ Validate_config_dependencies ()
exit 1 exit 1
fi fi
fi fi
Validate_http_proxy
}
# Retrieve the proxy settings from the host. Check whether conflicts are present with the command line arguments
Validate_http_proxy ()
{
local HOST_AUTO_APT_PROXY=""
local HOST_AUTO_APT_PROXY_LEGACY=""
local HOST_FIXED_APT_PROXY=""
# Fetch the proxy, using the various ways the http proxy can be set in apt
if command -v apt-config >/dev/null; then
local APT_CONFIG_OPTIONS
# apt-config only understands --option (-o) and --config-file (-c) of ${APT_OPTIONS}
# Don't report errors when additional options are provided and don't add additional quotes
APT_CONFIG_OPTIONS=$(getopt --quiet --unquoted --options 'c:o:' --long 'config-file:,option:' -- ${APT_OPTIONS} || true)
# The apt configuration `Acquire::http::Proxy-Auto-Detect` (and the legacy `Acquire::http::ProxyAutoDetect`)
# If the script fails, or the result of the script is `DIRECT` or an empty line, it is considered to be not set (https://sources.debian.org/src/apt/2.3.9/apt-pkg/contrib/proxy.cc/)
local AUTOPROXY
eval "$(apt-config ${APT_CONFIG_OPTIONS} shell AUTOPROXY Acquire::http::Proxy-Auto-Detect)"
if [ -x "${AUTOPROXY}" ]; then
HOST_AUTO_APT_PROXY="$(${AUTOPROXY} || echo '')"
if [ "${HOST_AUTO_APT_PROXY}" = "DIRECT" ]; then
HOST_AUTO_APT_PROXY=""
fi
fi
# Also check the legacy ProxyAutoDetect
eval "$(apt-config ${APT_CONFIG_OPTIONS} shell AUTOPROXY Acquire::http::ProxyAutoDetect)"
if [ -x "$AUTOPROXY" ]; then
HOST_AUTO_APT_PROXY_LEGACY="$(${AUTOPROXY} || echo '')"
if [ "${HOST_AUTO_APT_PROXY_LEGACY}" = "DIRECT" ]; then
HOST_AUTO_APT_PROXY_LEGACY=""
fi
fi
# The apt configuration `Acquire::http::proxy::URL-host` (https://sources.debian.org/src/apt/2.3.9/methods/http.cc/)
# If set to `DIRECT`, it is considered to be not set
# This configuration allows you to specify different proxies for specific URLs
# This setup is too complex for the purpose of live-build and will silently be ignored
# The apt configuration `Acquire::http::Proxy`
eval "$(apt-config ${APT_CONFIG_OPTIONS} shell HOST_FIXED_APT_PROXY Acquire::http::Proxy)"
fi
# Report all detected settings in debug mode
Echo_debug "Detected proxy settings:"
Echo_debug "--apt-http-proxy: ${LB_APT_HTTP_PROXY}"
Echo_debug "HOST Auto APT PROXY: ${HOST_AUTO_APT_PROXY}"
Echo_debug "HOST Auto APT PROXY (legacy): ${HOST_AUTO_APT_PROXY_LEGACY}"
Echo_debug "HOST Fixed APT PROXY: ${HOST_FIXED_APT_PROXY}"
# The environment variable 'http_proxy' is used when no apt option is set
Echo_debug "HOST http_proxy: ${http_proxy}"
# The environment variable 'no_proxy' contains a list of domains that must not be handled by a proxy,
# it overrides all previous settings by apt and 'http_proxy'
Echo_debug "HOST no_proxy: ${no_proxy}"
# Check whether any of the provided proxy values conflicts with another
local LAST_SEEN_PROXY_NAME=""
local LAST_SEEN_PROXY_VALUE=""
Validate_http_proxy_source "apt configuration option Acquire::http::Proxy-Auto-Detect" "${HOST_AUTO_APT_PROXY}"
Validate_http_proxy_source "apt configuration option Acquire::http::ProxyAutoDetect" "${HOST_AUTO_APT_PROXY_LEGACY}"
Validate_http_proxy_source "apt configuration option Acquire::http::Proxy" "${HOST_FIXED_APT_PROXY}"
Validate_http_proxy_source "environment variable http_proxy" "${http_proxy}"
Validate_http_proxy_source "command line option --apt-http-proxy" "${LB_APT_HTTP_PROXY}"
# This is the value to use for the the other scripts in live-build
export http_proxy=${LAST_SEEN_PROXY_VALUE}
if [ ! -z "${http_proxy}" ]; then
Echo_message "Using http proxy: ${http_proxy}"
fi
}
# Check whether a proxy setting conflicts with a previously set proxy setting
Validate_http_proxy_source ()
{
local NAME=${1}
local VALUE=${2}
if [ ! -z "${VALUE}" ]; then
if [ ! -z "${LAST_SEEN_PROXY_VALUE}" ]; then
if [ "${VALUE}" != "${LAST_SEEN_PROXY_VALUE}" ]; then
Echo_error "Inconsistent proxy configuration: the value for ${NAME} (${VALUE}) differs from the value for ${LAST_SEEN_PROXY_NAME} (${LAST_SEEN_PROXY_VALUE})"
exit 1
fi
fi
LAST_SEEN_PROXY_NAME=${NAME}
LAST_SEEN_PROXY_VALUE=${VALUE}
fi
} }

View File

@ -243,7 +243,7 @@ In addition to its specific options \fBlb config\fR understands all generic live
.IP "\fB\-\-apt\fR apt|apt-get|aptitude" 4 .IP "\fB\-\-apt\fR apt|apt-get|aptitude" 4
defines if apt\-get or aptitude is used to install packages when building the image. The default is apt. defines if apt\-get or aptitude is used to install packages when building the image. The default is apt.
.IP "\fB\-\-apt\-http\-proxy\fR \fIURL\fR" 4 .IP "\fB\-\-apt\-http\-proxy\fR \fIURL\fR" 4
sets the HTTP proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by initial debootstrap, and by apt internally within the chroot. It is not used for anything else. sets the proxy for HTTP connections. By default, this is empty. It is recommended to use the environment variable \fBhttp_proxy\fR instead.
.IP "\fB\-\-apt\-indices\fR true|false" 4 .IP "\fB\-\-apt\-indices\fR true|false" 4
defines if the resulting images should have apt indices or not and defaults to true. defines if the resulting images should have apt indices or not and defaults to true.
.IP "\fB\-\-apt\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4 .IP "\fB\-\-apt\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4

View File

@ -86,7 +86,7 @@ then
Print_breakage Print_breakage
Echo_message "Running debootstrap (download-only)..." Echo_message "Running debootstrap (download-only)..."
/usr/bin/env http_proxy="${LB_APT_HTTP_PROXY}" debootstrap ${DEBOOTSTRAP_OPTIONS} --download-only "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} debootstrap ${DEBOOTSTRAP_OPTIONS} --download-only "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT}
# Removing old cache # Removing old cache
rm -f cache/packages.bootstrap/*.deb rm -f cache/packages.bootstrap/*.deb

View File

@ -41,12 +41,6 @@ case "${_ACTION}" in
mkdir -p ${CONFD} mkdir -p ${CONFD}
# Configuring apt http proxy
if [ -n "${LB_APT_HTTP_PROXY}" ]
then
echo "Acquire::http::Proxy \"${LB_APT_HTTP_PROXY}\";" > ${CONFD}/00http-proxy
fi
# Configuring apt pipeline # Configuring apt pipeline
if [ -n "${LB_APT_PIPELINE}" ] if [ -n "${LB_APT_PIPELINE}" ]
then then
@ -150,9 +144,6 @@ case "${_ACTION}" in
# Acquire lock file # Acquire lock file
Acquire_lockfile Acquire_lockfile
# Deconfiguring aptitude http proxy
rm -f ${CONFD}/00http-proxy
# Deconfiguring aptitude pipeline # Deconfiguring aptitude pipeline
rm -f ${CONFD}/00pipeline rm -f ${CONFD}/00pipeline

View File

@ -976,7 +976,7 @@ LB_CONFIGURATION_VERSION="${LB_CONFIGURATION_VERSION}"
# Set package manager # Set package manager
LB_APT="${LB_APT}" LB_APT="${LB_APT}"
# Set apt/aptitude/debootstrap http proxy # Set proxy for HTTP connections
LB_APT_HTTP_PROXY="${LB_APT_HTTP_PROXY}" LB_APT_HTTP_PROXY="${LB_APT_HTTP_PROXY}"
# Set apt/aptitude pipeline depth # Set apt/aptitude pipeline depth