From 1a76517470ebc2dd3f96e39ebe6f3706d6dd78da Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 21 Oct 2017 15:44:43 +0200
Subject: Run Proxy-Auto-Detect script from main process

This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.
---
 apt-pkg/acquire-worker.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'apt-pkg/acquire-worker.cc')

diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 4aa55a743..49d67e370 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -21,6 +21,7 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/hashes.h>
+#include <apt-pkg/proxy.h>
 #include <apt-pkg/strutl.h>
 
 #include <algorithm>
@@ -671,6 +672,17 @@ bool pkgAcquire::Worker::QueueItem(pkgAcquire::Queue::QItem *Item)
    Message += "URI: " + Item->URI;
    Message += "\nFilename: " + Item->Owner->DestFile;
 
+   URI URL = Item->URI;
+   // FIXME: We should not hard code proxy protocols here.
+   if (URL.Access == "http" || URL.Access == "https")
+   {
+      AutoDetectProxy(URL);
+      if (_config->Exists("Acquire::" + URL.Access + "::proxy::" + URL.Host))
+      {
+	 Message += "\nProxy: " + _config->Find("Acquire::" + URL.Access + "::proxy::" + URL.Host);
+      }
+   }
+
    HashStringList const hsl = Item->GetExpectedHashes();
    for (HashStringList::const_iterator hs = hsl.begin(); hs != hsl.end(); ++hs)
       Message += "\nExpected-" + hs->HashType() + ": " + hs->HashValue();
-- 
cgit v1.2.3