wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-04 03:42:59 +02:00
Code Issues Projects Releases Wiki Activity

fix: Add timeouts to curl commands in install.sh with retry logic (#14788)

Browse source 
Added configurable timeouts and retry logic to all curl commands in publicIpFromMetadata():
- --connect-timeout 5: 5 seconds to establish connection
- --max-time ${METADATA_TIMEOUT:-20}: Configurable timeout (default 20 seconds)
- Retry logic: Try up to 2 times with 2-second delay between attempts
- Environment variable: METADATA_TIMEOUT can override default timeout

This prevents the installation script from hanging indefinitely when:
- Metadata services are slow or unresponsive
- Network issues cause connections to stall
- Script is run in non-cloud environments where metadata IPs don't respond

The increased timeout (20s) and retry logic ensure compatibility with:
- Azure deployments in secondary regions (known to be slower)
- High-latency environments (satellite, rural connections)
- Corporate environments with proxies or deep packet inspection
- Temporary network glitches or cloud provider maintenance

The existing fallback to publicIpFromInterface() will handle cases where
metadata endpoints are unavailable after all retry attempts.

Fixes #14350

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Dan Guido 2025-08-03 06:26:01 -04:00 committed by GitHub
parent 554121f0fc
commit 9a7a930895
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 39 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
install.sh
View file

@ -45,15 +45,47 @@ publicIpFromInterface() {
echo "Using ${ENDPOINT} as the endpoint"
}
tryGetMetadata() {
# Helper function to fetch metadata with retry
local url="$1"
local headers="$2"
local response=""
# Try up to 2 times
for attempt in 1 2; do
if [ -n "$headers" ]; then
response="$(curl -s --connect-timeout 5 --max-time "${METADATA_TIMEOUT}" -H "$headers" "$url" || true)"
else
response="$(curl -s --connect-timeout 5 --max-time "${METADATA_TIMEOUT}" "$url" || true)"
fi
# If we got a response, return it
if [ -n "$response" ]; then
echo "$response"
return 0
fi
# Wait before retry (only on first attempt)
[ $attempt -eq 1 ] && sleep 2
done
# Return empty string if all attempts failed
echo ""
return 1
}
publicIpFromMetadata() {
if curl -s http://169.254.169.254/metadata/v1/vendor-data | grep DigitalOcean >/dev/null; then
ENDPOINT="$(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)"
elif test "$(curl -s http://169.254.169.254/latest/meta-data/services/domain)" = "amazonaws.com"; then
ENDPOINT="$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)"
# Set default timeout from environment or use 20 seconds
METADATA_TIMEOUT="${METADATA_TIMEOUT:-20}"
if tryGetMetadata "http://169.254.169.254/metadata/v1/vendor-data" "" | grep DigitalOcean >/dev/null; then
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address" "")"
elif test "$(tryGetMetadata "http://169.254.169.254/latest/meta-data/services/domain" "")" = "amazonaws.com"; then
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/latest/meta-data/public-ipv4" "")"
elif host -t A -W 10 metadata.google.internal 127.0.0.53 >/dev/null; then
ENDPOINT="$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip")"
elif test "$(curl -s -H Metadata:true 'http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text')" = "Canonical"; then
ENDPOINT="$(curl -H Metadata:true 'http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text')"
ENDPOINT="$(tryGetMetadata "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" "Metadata-Flavor: Google")"
elif test "$(tryGetMetadata "http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text" "Metadata:true")" = "Canonical"; then
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text" "Metadata:true")"
fi
if echo "${ENDPOINT}" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"; then