Recommendations when running behind a proxy

Hi Again,

So everything is successfully building again now. I though I would share some advice for running behind a restrictive proxy (i.e. only lets out 80 and SSH). Previously I have been using the http_proxy and ftp_proxy environment variables. This is suboptimal for a number of reasons

  1. Something in the environment handling code in bitbake stopped said variables from making it to wget
  2. I had a http proxy, but not a ftp one, so I still had to change many of the default mirrors in local.conf (GNU_MIRROR=foo)
  3. SVN and git do not pick up that variable correctly, and it doesnt work for git:// and ssh:// protocols anyway

A better solution (if your firewall allows outgoing SSH connections) that works much better, and requires much less configuration changes is to just use socksify. Socksify is an program which routes any other applications network calls through a socks proxy server. In this case the socks proxy server is a ssh tunnel from localhost to another server outside the firewall.

You should configure socksifiy as follows

  1. Install the debian package dante-client (provides socksify)
  2. Add the following to /etc/dante.conf

resolveprotocol: fake
route {
proxyprotocol: socks_v5

  1. In one terminal create a ssh tunnel to your server outside the firewall

ssh -v -ND 9999

Then you only need to change one configuration file in BB/OE, and everything else can continue to work as it used to. Simply change bitbake.conf as follows

FETCHCMD_wget = “/usr/bin/env wget -t 5”

→ Becomes →

FETCHCMD_wget = “socksify wget --no-proxy -t 5”

And so on for the other commands that touch the network. Confirmed working for svn, git, cvs and wget.

Hope this helps