Add ProxyExclude= setting

Allow configuring hostnames which should not go through the proxy.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 60c32c6b40090935c818477665c4a94d4314c170..4649f0c2b5afc1e590cf4cfa43fc39989dc19936 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1718,6 +1718,7 @@ def finalize_default_initrd(
         *(["--tools-tree", str(config.tools_tree)] if config.tools_tree else []),
         *([f"--extra-search-path={p}" for p in config.extra_search_paths]),
         *(["--proxy-url", config.proxy_url] if config.proxy_url else []),
+        *([f"--proxy-exclude={host}" for host in config.proxy_exclude]),
         *(["--proxy-peer-certificate", str(p)] if (p := config.proxy_peer_certificate) else []),
         *(["--proxy-client-certificate", str(p)] if (p := config.proxy_client_certificate) else []),
         *(["--proxy-client-key", str(p)] if (p := config.proxy_client_key) else []),
@@ -4105,6 +4106,7 @@ def finalize_default_tools(args: Args, config: Config, *, resources: Path) -> Co
         *([f"--environment={k}='{v}'" for k, v in config.environment.items()]),
         *([f"--extra-search-path={p}" for p in config.extra_search_paths]),
         *(["--proxy-url", config.proxy_url] if config.proxy_url else []),
+        *([f"--proxy-exclude={host}" for host in config.proxy_exclude]),
         *(["--proxy-peer-certificate", str(p)] if (p := config.proxy_peer_certificate) else []),
         *(["--proxy-client-certificate", str(p)] if (p := config.proxy_client_certificate) else []),
         *(["--proxy-client-key", str(p)] if (p := config.proxy_client_key) else []),

diff --git a/mkosi/config.py b/mkosi/config.py
index b3324e4c59370e5477b309f8d0233e3927870db7..1fe456922e38b3bfae9e215f604f61af58365078 100644 (file)
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -1462,6 +1462,7 @@ class Config:
     key: Optional[str]
 
     proxy_url: Optional[str]
+    proxy_exclude: list[str]
     proxy_peer_certificate: Optional[Path]
     proxy_client_certificate: Optional[Path]
     proxy_client_key: Optional[Path]
@@ -2634,6 +2635,13 @@ SETTINGS = (
         metavar="URL",
         help="Set the proxy to use",
     ),
+    ConfigSetting(
+        dest="proxy_exclude",
+        section="Host",
+        metavar="HOST",
+        parse=config_make_list_parser(delimiter=","),
+        help="Don't use the configured proxy for the specified host(s)",
+    ),
     ConfigSetting(
         dest="proxy_peer_certificate",
         section="Host",
@@ -3727,6 +3735,9 @@ def load_environment(args: argparse.Namespace) -> dict[str, str]:
         for e in ("http_proxy", "https_proxy"):
             env[e] = args.proxy_url
             env[e.upper()] = args.proxy_url
+    if args.proxy_exclude:
+        env["no_proxy"] = ",".join(args.proxy_exclude)
+        env["NO_PROXY"] = ",".join(args.proxy_exclude)
     if args.proxy_peer_certificate:
         env["GIT_PROXY_SSL_CAINFO"] = "/proxy.cacert"
     if args.proxy_client_certificate:

diff --git a/mkosi/distributions/opensuse.py b/mkosi/distributions/opensuse.py
index f652271b10061ff261c85efd4fa052b358600f3e..527ae3b92d86cf12afc77f245ec9f0823ca0b3c0 100644 (file)
--- a/mkosi/distributions/opensuse.py
+++ b/mkosi/distributions/opensuse.py
@@ -166,6 +166,7 @@ def fetch_gpgurls(context: Context, repourl: str) -> tuple[str, ...]:
                 "--no-progress-meter",
                 "--fail",
                 *(["--proxy", context.config.proxy_url] if context.config.proxy_url else []),
+                *(["--noproxy", ",".join(context.config.proxy_exclude)] if context.config.proxy_exclude else []),
                 *(["--proxy-capath", "/proxy.cacert"] if context.config.proxy_peer_certificate else []),
                 *(["--proxy-cert", "/proxy.clientcert"] if context.config.proxy_client_certificate else []),
                 *(["--proxy-key", "/proxy.clientkey"] if context.config.proxy_client_key else []),

diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md
index 819680da967f4b59060874bcc1202b2ddf6ecdcf..e0793e264ae36aa7ec3c2762ddc7e1233cceea48 100644 (file)
--- a/mkosi/resources/mkosi.md
+++ b/mkosi/resources/mkosi.md
@@ -1455,6 +1455,11 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`,
   well-known environment variables to specify the proxy to use for any
   programs it invokes that may need internet access.
 
+`ProxyExclude=`, `--proxy-exclude=`
+
+: Configure hostnames for which requests should not go through the
+  proxy. Takes a comma separated list of hostnames.
+
 `ProxyPeerCertificate=`, `--proxy-peer-certificate=`
 
 : Configure a file containing certificates used to verify the proxy.

diff --git a/tests/test_json.py b/tests/test_json.py
index 72adf3f7cb7cdd46cc76f4b72763bcc30b630aa6..4af13232ba54c7738fce1b630dc930024cf1b871 100644 (file)
--- a/tests/test_json.py
+++ b/tests/test_json.py
@@ -219,6 +219,9 @@ def test_config() -> None:
             "Profile": "profile",
             "ProxyClientCertificate": "/my/client/cert",
             "ProxyClientKey": "/my/client/key",
+            "ProxyExclude": [
+                "www.example.com"
+            ],
             "ProxyPeerCertificate": "/my/peer/cert",
             "ProxyUrl": "https://my/proxy",
             "QemuArgs": [],
@@ -419,6 +422,7 @@ def test_config() -> None:
         profile = "profile",
         proxy_client_certificate = Path("/my/client/cert"),
         proxy_client_key = Path("/my/client/key"),
+        proxy_exclude = ["www.example.com"],
         proxy_peer_certificate = Path("/my/peer/cert"),
         proxy_url = "https://my/proxy",
         qemu_args = [],