Run Proxy-Auto-Detect script from main process

This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.

1 files changed, 12 insertions, 0 deletions

diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 4aa55a743..49d67e370 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -21,6 +21,7 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/hashes.h>
+#include <apt-pkg/proxy.h>
 #include <apt-pkg/strutl.h>
 
 #include <algorithm>
@@ -671,6 +672,17 @@ bool pkgAcquire::Worker::QueueItem(pkgAcquire::Queue::QItem *Item)
    Message += "URI: " + Item->URI;
    Message += "\nFilename: " + Item->Owner->DestFile;
 
+   URI URL = Item->URI;
+   // FIXME: We should not hard code proxy protocols here.
+   if (URL.Access == "http" || URL.Access == "https")
+   {
+      AutoDetectProxy(URL);
+      if (_config->Exists("Acquire::" + URL.Access + "::proxy::" + URL.Host))
+      {
+	 Message += "\nProxy: " + _config->Find("Acquire::" + URL.Access + "::proxy::" + URL.Host);
+      }
+   }
+
    HashStringList const hsl = Item->GetExpectedHashes();
    for (HashStringList::const_iterator hs = hsl.begin(); hs != hsl.end(); ++hs)
       Message += "\nExpected-" + hs->HashType() + ": " + hs->HashValue();