Installing updates from behind a firewall

If you are behind a web-proxy then installing packages or updating your system requires that the environment variable http_proxy is defined first – this then tells the system to use a web-proxy. The only problem is that you need to remember how to define the environment variable and if your proxy server requires authentication you also need to include your user name and password making it easy for anyone nearby to see your credentials as you enter them on the command line.

The following script makes the process a bit easier and prevents your password from being displayed on the console. I have tested this script on CentOS 6.5 but it should work on most modern linux distributions including Debian, Ubuntu, RedHat and Raspbian.

To use the it you just call the script and pass it the command you would like to execute. The script will then prompt you for your credentials allowing you to enter your password without it being shown on the screen and then test that the proxy settings work by attempting to connect to the target URL using ‘curl’. If you don’t need to specify a username and password just enter a blank username.

To save time you can define a default proxy server name, username and even password in the script.

#!/bin/sh
#
# sh-html-proxy <command>
#
# Prompts for proxy server credentials (which may be defined in this script)
# and then executes what ever command the user specified.
#
# Demonstrates  how to prompt the user for a password and output an asterisk
# each time they press a key.
#
# This  program  is free software: you can redistribute it and/or modify  it
# under the terms of the GNU General Public License as published by the Free
# Software  Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This  program  is  distributed  in the hope that it will  be  useful,  but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public  License
# for more details.
#
# You  should  have received a copy of the GNU General Public License  along
# with this program. If not, see <http://www.gnu.org/licenses/>
##
# 03 Mar 17   0.1   - Initial version - MEJT
# 08 Mar 17   0.2   - Reads  the password character by character and  echoes
#                     an asterisk - MEJT
# 12 Apr 17   0.3   - Modified fallback to 'ping' the proxy server if 'wget'
#                     or 'curl' are not available - MEJT
#                   - Only  checks connectivity to the internet if a  target
#                     URL is defined - MEJT
#

# Define a target URL to check connectivity through the proxy
#_url="http://archive.debian.org/debian/dists/lenny/" # Debian (lenny)
#_url="http://ftp.uk.debian.org/debian/" Debian (current)
#_url="http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os" # Centos 6
#_url="http://www.mirrorservice.org/" # Kent mirror service

# Define default proxy server, username and password (optional)
_proxy_server="web-proxy.local.net:8080"
_proxy_username=""
_proxy_password=""

_status=0
_PID=0
_timeout=15
_count=0

_string="."

if [[ -z "${_proxy_server// }" ]]; then # Check for empty string (ignoring spaces)
  # while [[ -z "${_proxy_server// }" ]]; do # Loop if no server name
    echo -ne "Proxy Server : "
    read _proxy_server
  # done
fi

if [[ -n "${_proxy_server// }" ]]; then
  if [[ -z "${_proxy_username// }" ]]; then
    # while [[ -z "${_proxy_username// }" ]]; do
      echo -ne "Username : "
      read _proxy_username
    # done
  fi

  if [[ -z "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  #  while [[ -z "${_proxy_password// }" ]]; do
      echo -ne "Password : "
      read -s -n1 _char
      while [ -n "$_char" ]; do
        # if [[ $_char == $'\x7f' ]]; then # backspace was pressed
        if [[ $_char == $'\x7f' ]]; then # backspace was pressed
          if [[ -n $_proxy_password ]]; then
            echo -ne '\b \b'
            _proxy_password=${_proxy_password%?} # Remove last char.
          fi
        else
          echo -ne "*"
          _proxy_password=$_proxy_password$_char
        fi
        read -s -n1 _char
       done
     echo
  #  done
  fi

  if [[ -n "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
    _proxy_username="$_proxy_username:$_proxy_password"
  fi

  if [[ -n "${_proxy_username// }" ]]; then
    _proxy_username="$_proxy_username@"
  fi

  http_proxy="http://$_proxy_username$_proxy_server"
  export http_proxy
fi

if [ -n "$_url" ]; then
  if (type wget >/dev/null 2>&1); then
    wget wget -T $_timeout -q -O - "$_url" &> /dev/null &
    _PID=$!
  elif  (type curl >/dev/null 2>&1); then
    curl "$_url" --max-time $_timeout --ipv4 &>/dev/null &
    _PID=$!
  fi
fi

if [ "$_PID" -gt 0 ]; then # Couldn't find 'wget' or 'curl'
  # Wait for until timeout interval has passed of command completes
  while (ps -p "$_PID" >/dev/null 2>&1); do
    sleep 1
    _timeout=$((_timeout - 1)) # Decrement timeout.
    _count=$((_count + 1)) # Decrement counter.
    _string="$_string."
    echo -ne "Connecting ($_count""s) $_string \r"
  done
  wait $_PID # Get status code from curl command.
else
  _proxy_server=$(echo $_proxy_server |cut -f 1 -d':')
  ping -w $(($_timeout*1000)) -c 1 $_proxy_server >/dev/nul 2>&1
fi

if [ $? -eq 0 ]; then # Check to see if it was successful.
  echo
  "$@"
  _status=$?
else
  echo
  echo "$(basename $0): ($_proxy_server) is unreachable."
  _status=1
fi
#

The following example shows the script being used to configure the proxy before running a command to install ‘nano’ on CentOS 6.5

# ./sh-http-proxy.sh yum install nano
Username : proxyuser
Password :*********
Waiting to connect (1s) ...
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
 * base: centos.bio.lmu.de
 * extras: centos.copahost.com
 * updates: centos.mirror.net-d-sign.de
base                                                     | 3.7 kB     00:00
base/primary_db                                          | 4.7 MB     00:00
extras                                                   | 3.4 kB     00:00
extras/primary_db                                        |  37 kB     00:00
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 5.4 MB     00:00
Resolving Dependencies
--> Running transaction check
--> Package nano.x86_64 0:2.0.9-7.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================
 Package          Arch       Version         Repository                Size
===========================================================================
Installing:
 nano             x86_64     2.0.9-7.el6     base                     436 k

Transaction Summary
===========================================================================
Install       1 Package(s)

Total download size: 436 k
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
nano-2.0.9-7.el6.x86_64.rpm                              | 436 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nano-2.0.9-7.el6.x86_64                                  1/1
  Verifying  : nano-2.0.9-7.el6.x86_64                                  1/1

Installed:
  nano.x86_64 0:2.0.9-7.el6

Complete!

References

Advertisements
This entry was posted in CentOS, Debian, Linux, Programming, Raspbian, RedHat, Ubuntu and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s