From 874f4c0277181bf561d496d44e78271ce06e48c5 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 12 Nov 2025 17:19:41 +0100 Subject: [PATCH 1/3] Support http proxy --- Dockerfile | 4 ++-- entrypoint.sh | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6dbccd8..479ab6f 100755 --- a/Dockerfile +++ b/Dockerfile @@ -12,10 +12,10 @@ RUN cargo install rbw && \ FROM ubuntu RUN apt-get update && \ - apt-get -y install jq curl && \ + apt-get -y install jq curl proxychains && \ rm -rf /var/lib/apt/lists -COPY --from=builder /rbw /rbw-agent /usr/local/bin/ +COPY --from=builder /rbw /rbw-agent /usr/bin/ ADD *.sh / diff --git a/entrypoint.sh b/entrypoint.sh index f2fe155..e21bc29 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,6 +8,25 @@ source ./checkMandVars.sh export PIN=$(mktemp) +for v in http_proxy HTTP_PROXY https_proxy HTTPS_PROXY; do + [ -n "${!v}" ] && export http_proxy="${!v}" && break +done + +if [ -n "$http_proxy" ]; then + hostport="${url#*://}" +cat < /etc/proxychains.conf +strict_chain +proxy_dns + +tcp_read_time_out 15000 +tcp_connect_time_out 8000 + +[ProxyList] +http ${hostport/:/ } +EOF + alias rbw='proxychains rbw' +fi + bw_login() { cat < ${PIN} #!/bin/sh From bf6d0493a85687a65565ea3793877965039c386f Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 12 Nov 2025 17:22:52 +0100 Subject: [PATCH 2/3] Fix CI --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f791d80..7296ddd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,8 +23,8 @@ jobs: with: # The Docker Hub Repository you want eventually push to, e.g samply/share-client image-name: "samply/vaultfetcher" - # Where to push your images ("dockerhub", "ghcr", "both" or "none") - push-to: dockerhub + # Set to none, docker.io or ghcr.io. By default, will push to dockerhub for branches "main" and "develop" and to ghcr for all other branches. + push-to: docker.io # Define special prefixes for docker tags. They will prefix each images tag. # image-tag-prefix: "foo" # Define the build context of your image, typically default '.' will be enough @@ -43,4 +43,4 @@ jobs: # This passes the secrets from calling workflow to the called workflow secrets: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} \ No newline at end of file + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} From a39a56df8a466728f862ef98de3f660567e7b92c Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 12 Nov 2025 18:31:26 +0100 Subject: [PATCH 3/3] More desperate attempts to make rbw use http proxy, see https://github.com/doy/rbw/issues/168 --- entrypoint.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index e21bc29..7b47d7c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,18 +13,22 @@ for v in http_proxy HTTP_PROXY https_proxy HTTPS_PROXY; do done if [ -n "$http_proxy" ]; then - hostport="${url#*://}" + hostport="${http_proxy#*://}" + host="${hostport%%:*}" + port="${hostport##*:}" + ip="$(getent hosts $host | awk '{print $1}')" + echo "Setting up http proxy $http_proxy ($ip $port)" cat < /etc/proxychains.conf strict_chain -proxy_dns +#proxy_dns +quiet_mode tcp_read_time_out 15000 tcp_connect_time_out 8000 [ProxyList] -http ${hostport/:/ } +http $ip $port EOF - alias rbw='proxychains rbw' fi bw_login() { @@ -59,7 +63,11 @@ case "$1" in RESULT="\n" while (( "$#" )); do - read PASS < <(rbw get password $1) + if [[ -n "${http_proxy:-}" ]]; then + read PASS < <(proxychains rbw get password $1 | grep -v -- '^ProxyChains-') + else + read PASS < <(rbw get password $1) + fi if [ -z "$PASS" ]; then echo "ERROR: Password $1 not found in vault. Exiting ..." exit 1 @@ -97,7 +105,11 @@ case "$1" in if [ "$(vault_sealstatus)" == "true" ]; then bw_login echo "Getting unseal key ..." - read UNSEAL_KEY < <(rbw get "Vault Unseal Key") + if [[ -n "${http_proxy:-}" ]]; then + read UNSEAL_KEY < <(proxychains rbw get "Vault Unseal Key" | grep -v -- '^ProxyChains-') + else + read UNSEAL_KEY < <(rbw get "Vault Unseal Key") + fi echo "Got unseal key." bw_logout RUNNING=1