From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sat, 13 Apr 2024 17:15:56 +0000 (+0200)
Subject: Add ProxyExclude= setting
X-Git-Tag: v23~4^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28aadd5889f8a4e42ede869e9dc903d916b9481f;p=thirdparty%2Fmkosi.git

Add ProxyExclude= setting

Allow configuring hostnames which should not go through the proxy.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 60c32c6b4..4649f0c2b 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1718,6 +1718,7 @@ def finalize_default_initrd(
         *(["--tools-tree", str(config.tools_tree)] if config.tools_tree else []),
         *([f"--extra-search-path={p}" for p in config.extra_search_paths]),
         *(["--proxy-url", config.proxy_url] if config.proxy_url else []),
+        *([f"--proxy-exclude={host}" for host in config.proxy_exclude]),
         *(["--proxy-peer-certificate", str(p)] if (p := config.proxy_peer_certificate) else []),
         *(["--proxy-client-certificate", str(p)] if (p := config.proxy_client_certificate) else []),
         *(["--proxy-client-key", str(p)] if (p := config.proxy_client_key) else []),
@@ -4105,6 +4106,7 @@ def finalize_default_tools(args: Args, config: Config, *, resources: Path) -> Co
         *([f"--environment={k}='{v}'" for k, v in config.environment.items()]),
         *([f"--extra-search-path={p}" for p in config.extra_search_paths]),
         *(["--proxy-url", config.proxy_url] if config.proxy_url else []),
+        *([f"--proxy-exclude={host}" for host in config.proxy_exclude]),
         *(["--proxy-peer-certificate", str(p)] if (p := config.proxy_peer_certificate) else []),
         *(["--proxy-client-certificate", str(p)] if (p := config.proxy_client_certificate) else []),
         *(["--proxy-client-key", str(p)] if (p := config.proxy_client_key) else []),
diff --git a/mkosi/config.py b/mkosi/config.py
index b3324e4c5..1fe456922 100644
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -1462,6 +1462,7 @@ class Config:
     key: Optional[str]
 
     proxy_url: Optional[str]
+    proxy_exclude: list[str]
     proxy_peer_certificate: Optional[Path]
     proxy_client_certificate: Optional[Path]
     proxy_client_key: Optional[Path]
@@ -2634,6 +2635,13 @@ SETTINGS = (
         metavar="URL",
         help="Set the proxy to use",
     ),
+    ConfigSetting(
+        dest="proxy_exclude",
+        section="Host",
+        metavar="HOST",
+        parse=config_make_list_parser(delimiter=","),
+        help="Don't use the configured proxy for the specified host(s)",
+    ),
     ConfigSetting(
         dest="proxy_peer_certificate",
         section="Host",
@@ -3727,6 +3735,9 @@ def load_environment(args: argparse.Namespace) -> dict[str, str]:
         for e in ("http_proxy", "https_proxy"):
             env[e] = args.proxy_url
             env[e.upper()] = args.proxy_url
+    if args.proxy_exclude:
+        env["no_proxy"] = ",".join(args.proxy_exclude)
+        env["NO_PROXY"] = ",".join(args.proxy_exclude)
     if args.proxy_peer_certificate:
         env["GIT_PROXY_SSL_CAINFO"] = "/proxy.cacert"
     if args.proxy_client_certificate:
diff --git a/mkosi/distributions/opensuse.py b/mkosi/distributions/opensuse.py
index f652271b1..527ae3b92 100644
--- a/mkosi/distributions/opensuse.py
+++ b/mkosi/distributions/opensuse.py
@@ -166,6 +166,7 @@ def fetch_gpgurls(context: Context, repourl: str) -> tuple[str, ...]:
                 "--no-progress-meter",
                 "--fail",
                 *(["--proxy", context.config.proxy_url] if context.config.proxy_url else []),
+                *(["--noproxy", ",".join(context.config.proxy_exclude)] if context.config.proxy_exclude else []),
                 *(["--proxy-capath", "/proxy.cacert"] if context.config.proxy_peer_certificate else []),
                 *(["--proxy-cert", "/proxy.clientcert"] if context.config.proxy_client_certificate else []),
                 *(["--proxy-key", "/proxy.clientkey"] if context.config.proxy_client_key else []),
diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md
index 819680da9..e0793e264 100644
--- a/mkosi/resources/mkosi.md
+++ b/mkosi/resources/mkosi.md
@@ -1455,6 +1455,11 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`,
   well-known environment variables to specify the proxy to use for any
   programs it invokes that may need internet access.
 
+`ProxyExclude=`, `--proxy-exclude=`
+
+: Configure hostnames for which requests should not go through the
+  proxy. Takes a comma separated list of hostnames.
+
 `ProxyPeerCertificate=`, `--proxy-peer-certificate=`
 
 : Configure a file containing certificates used to verify the proxy.
diff --git a/tests/test_json.py b/tests/test_json.py
index 72adf3f7c..4af13232b 100644
--- a/tests/test_json.py
+++ b/tests/test_json.py
@@ -219,6 +219,9 @@ def test_config() -> None:
             "Profile": "profile",
             "ProxyClientCertificate": "/my/client/cert",
             "ProxyClientKey": "/my/client/key",
+            "ProxyExclude": [
+                "www.example.com"
+            ],
             "ProxyPeerCertificate": "/my/peer/cert",
             "ProxyUrl": "https://my/proxy",
             "QemuArgs": [],
@@ -419,6 +422,7 @@ def test_config() -> None:
         profile = "profile",
         proxy_client_certificate = Path("/my/client/cert"),
         proxy_client_key = Path("/my/client/key"),
+        proxy_exclude = ["www.example.com"],
         proxy_peer_certificate = Path("/my/peer/cert"),
         proxy_url = "https://my/proxy",
         qemu_args = [],