summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-worker.cc10
-rw-r--r--apt-pkg/contrib/proxy.cc52
-rw-r--r--apt-pkg/contrib/proxy.h4
3 files changed, 45 insertions, 21 deletions
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 4c2acb5cc..533089ea5 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -877,14 +877,12 @@ bool pkgAcquire::Worker::QueueItem(pkgAcquire::Queue::QItem *Item)
}
Message += "\nFilename: " + Item->Owner->DestFile;
- // FIXME: We should not hard code proxy protocols here.
- if (URL.Access == "http" || URL.Access == "https")
+ // AutoDetectProxy() checks this already by itself, but we don't want to access unknown configs
+ if (CanURIBeAccessedViaProxy(URL))
{
AutoDetectProxy(URL);
- if (_config->Exists("Acquire::" + URL.Access + "::proxy::" + URL.Host))
- {
- Message += "\nProxy: " + _config->Find("Acquire::" + URL.Access + "::proxy::" + URL.Host);
- }
+ if (auto const proxy = _config->Find("Acquire::" + URL.Access + "::proxy::" + URL.Host); not proxy.empty())
+ Message.append("\nProxy: ").append(proxy);
}
HashStringList const hsl = Item->GetExpectedHashes();
diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc
index a99f44f49..9a9a9f29c 100644
--- a/apt-pkg/contrib/proxy.cc
+++ b/apt-pkg/contrib/proxy.cc
@@ -12,9 +12,11 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
+#include <apt-pkg/string_view.h>
#include <apt-pkg/strutl.h>
#include <algorithm>
+#include <array>
#include <iostream>
#include <fcntl.h>
#include <unistd.h>
@@ -22,6 +24,16 @@
#include "proxy.h"
/*}}}*/
+bool CanURIBeAccessedViaProxy(URI const &URL) /*{{{*/
+{
+ // for some methods a proxy doesn't make sense, so we don't have to fork
+ if (URL.Host.empty() ||
+ APT::String::Startswith(URL.Access, "mirror+") || URL.Access.find("+mirror+") != std::string::npos || APT::String::Endswith(URL.Access, "+mirror"))
+ return false;
+ std::array const noproxy{"file", "copy", "store", "gpgv", "rred", "cdrom", "mirror"};
+ return std::find(noproxy.begin(), noproxy.end(), URL.Access) == noproxy.end();
+}
+ /*}}}*/
// AutoDetectProxy - auto detect proxy /*{{{*/
// ---------------------------------------------------------------------
/* */
@@ -29,16 +41,19 @@ static std::vector<std::string> CompatibleProxies(URI const &URL)
{
if (URL.Access == "http" || URL.Access == "https")
return {"http", "https", "socks5h"};
- return {URL.Access};
+ if (URL.Access == "tor" || URL.Access == "tor+http" || URL.Access == "tor+https")
+ return {"socks5h"};
+ if (URL.Access == "ftp")
+ return {"ftp"};
+ return {};
}
-
bool AutoDetectProxy(URI &URL)
{
- // we support both http/https debug options
- bool Debug = _config->FindB("Debug::Acquire::"+URL.Access,false);
+ if (not CanURIBeAccessedViaProxy(URL))
+ return true;
// the user already explicitly set a proxy for this host
- if(_config->Find("Acquire::"+URL.Access+"::proxy::"+URL.Host, "") != "")
+ if (not _config->Find("Acquire::" + URL.Access + "::proxy::" + URL.Host, "").empty())
return true;
// option is "Acquire::http::Proxy-Auto-Detect" but we allow the old
@@ -49,6 +64,7 @@ bool AutoDetectProxy(URI &URL)
if (AutoDetectProxyCmd.empty())
return true;
+ bool const Debug = _config->FindB("Debug::Acquire::" + URL.Access, false);
if (Debug)
std::clog << "Using auto proxy detect command: " << AutoDetectProxyCmd << std::endl;
@@ -73,7 +89,7 @@ bool AutoDetectProxy(URI &URL)
// and apt will use the generic proxy settings
if (goodread == false)
return true;
- auto const cleanedbuf = _strstrip(buf);
+ APT::StringView const cleanedbuf = _strstrip(buf);
// We warn about this as the implementor probably meant to use DIRECT instead
if (cleanedbuf[0] == '\0')
{
@@ -82,17 +98,25 @@ bool AutoDetectProxy(URI &URL)
}
if (Debug)
- std::clog << "auto detect command returned: '" << cleanedbuf << "'" << std::endl;
+ std::clog << "auto detect command returned: '" << cleanedbuf.data() << "'" << std::endl;
- auto compatibleTypes = CompatibleProxies(URL);
- bool compatible = strcmp(cleanedbuf, "DIRECT") == 0 ||
- compatibleTypes.end() != std::find_if(compatibleTypes.begin(),
- compatibleTypes.end(), [cleanedbuf](std::string &compat) {
- return strstr(cleanedbuf, compat.c_str()) == cleanedbuf;
- });
+ bool compatible = true;
+ if (cleanedbuf != "DIRECT")
+ {
+ if (auto const compatibleTypes = CompatibleProxies(URL); not compatibleTypes.empty())
+ compatible = std::any_of(compatibleTypes.begin(), compatibleTypes.end(),
+ [cleanedbuf](std::string const &compat)
+ {
+ return cleanedbuf.substr(0, compat.size()) == compat;
+ });
+ }
+ else if (URL.Access == "tor" || URL.Access == "tor+http" || URL.Access == "tor+https")
+ compatible = false; // Accepting DIRECT would silently disable tor
if (compatible)
- _config->Set("Acquire::"+URL.Access+"::proxy::"+URL.Host, cleanedbuf);
+ _config->Set("Acquire::"+URL.Access+"::proxy::"+URL.Host, cleanedbuf.data());
+ else
+ _error->Warning("ProxyAutoDetect command returned incompatible proxy '%s' for access type %s", cleanedbuf.data(), URL.Access.c_str());
return true;
}
diff --git a/apt-pkg/contrib/proxy.h b/apt-pkg/contrib/proxy.h
index f6d70ea8b..2a4c19fc8 100644
--- a/apt-pkg/contrib/proxy.h
+++ b/apt-pkg/contrib/proxy.h
@@ -9,8 +9,10 @@
#ifndef PKGLIB_PROXY_H
#define PKGLIB_PROXY_H
+#include <apt-pkg/macros.h>
+
class URI;
APT_PUBLIC bool AutoDetectProxy(URI &URL);
-
+APT_HIDDEN bool CanURIBeAccessedViaProxy(URI const &URL);
#endif