Honor the same set of proxy environment variables (#10611)

Different parts of the project honor different sets of proxy environment
variables. With this commit all parts of the project will honor the same
set of proxy environment variables.

---------

Co-authored-by: Your Name <you@example.com>
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>

doc/manual/src/installation/env-variables.md

@@ -53,7 +53,8 @@ ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
 
 The Nix installer has special handling for these proxy-related
 environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
-`no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`, `NO_PROXY`.
+`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
+`ALL_PROXY`, `NO_PROXY`.
 
 If any of these variables are set when running the Nix installer, then
 the installer will create an override file at

scripts/install-systemd-multi-user.sh

@@ -35,7 +35,7 @@ escape_systemd_env() {
 
 # Gather all non-empty proxy environment variables into a string
 create_systemd_proxy_env() {
-    vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY"
+    vars="http_proxy https_proxy ftp_proxy all_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY NO_PROXY"
     for v in $vars; do
         if [ "x${!v:-}" != "x" ]; then
             echo "Environment=${v}=$(escape_systemd_env ${!v})"

src/libcmd/network-proxy.cc

@@ -0,0 +1,45 @@
+#include "network-proxy.hh"
+
+#include <algorithm>
+#include <boost/algorithm/string.hpp>
+
+#include "environment-variables.hh"
+
+namespace nix {
+
+static const StringSet lowercaseVariables{"http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"};
+
+static StringSet getAllVariables()
+{
+    StringSet variables = lowercaseVariables;
+    for (const auto & variable : lowercaseVariables) {
+        variables.insert(boost::to_upper_copy(variable));
+    }
+    return variables;
+}
+
+const StringSet networkProxyVariables = getAllVariables();
+
+static StringSet getExcludingNoProxyVariables()
+{
+    static const StringSet excludeVariables{"no_proxy", "NO_PROXY"};
+    StringSet variables;
+    std::set_difference(
+        networkProxyVariables.begin(), networkProxyVariables.end(), excludeVariables.begin(), excludeVariables.end(),
+        std::inserter(variables, variables.begin()));
+    return variables;
+}
+
+static const StringSet excludingNoProxyVariables = getExcludingNoProxyVariables();
+
+bool haveNetworkProxyConnection()
+{
+    for (const auto & variable : excludingNoProxyVariables) {
+        if (getEnv(variable).has_value()) {
+            return true;
+        }
+    }
+    return false;
+}
+
+}

src/libcmd/network-proxy.hh

@@ -0,0 +1,22 @@
+#pragma once
+///@file
+
+#include "types.hh"
+
+namespace nix {
+
+/**
+ * Environment variables relating to network proxying. These are used by
+ * a few misc commands.
+ *
+ * See the Environment section of https://curl.se/docs/manpage.html for details.
+ */
+extern const StringSet networkProxyVariables;
+
+/**
+ * Heuristically check if there is a proxy connection by checking for defined
+ * proxy variables.
+ */
+bool haveNetworkProxyConnection();
+
+}

src/libexpr/fetchurl.nix

@@ -34,6 +34,7 @@ derivation ({
     # derivation like fetchurl is allowed to do so since its result is
     # by definition pure.
     "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
+    "HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
   ];
 
   # To make "nix-prefetch-url" work.

src/nix-build/nix-build.cc

@@ -25,6 +25,7 @@
 #include "attr-path.hh"
 #include "legacy.hh"
 #include "users.hh"
+#include "network-proxy.hh"
 
 using namespace nix;
 using namespace std::string_literals;
@@ -121,8 +122,8 @@ static void main_nix_build(int argc, char * * argv)
         "HOME", "XDG_RUNTIME_DIR", "USER", "LOGNAME", "DISPLAY",
         "WAYLAND_DISPLAY", "WAYLAND_SOCKET", "PATH", "TERM", "IN_NIX_SHELL",
         "NIX_SHELL_PRESERVE_PROMPT", "TZ", "PAGER", "NIX_BUILD_SHELL", "SHLVL",
-        "http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"
     };
+    keepVars.insert(networkProxyVariables.begin(), networkProxyVariables.end());
 
     Strings args;
     for (int i = 1; i < argc; ++i)

src/nix/main.cc

@@ -17,6 +17,7 @@
 #include "memory-source-accessor.hh"
 #include "terminal.hh"
 #include "users.hh"
+#include "network-proxy.hh"
 
 #include <sys/types.h>
 #include <regex>
@@ -41,27 +42,6 @@ void chrootHelper(int argc, char * * argv);
 
 namespace nix {
 
-#ifdef _WIN32
-[[maybe_unused]]
-#endif
-static bool haveProxyEnvironmentVariables()
-{
-    static const std::vector<std::string> proxyVariables = {
-        "http_proxy",
-        "https_proxy",
-        "ftp_proxy",
-        "HTTP_PROXY",
-        "HTTPS_PROXY",
-        "FTP_PROXY"
-    };
-    for (auto & proxyVariable: proxyVariables) {
-        if (getEnv(proxyVariable).has_value()) {
-            return true;
-        }
-    }
-    return false;
-}
-
 /* Check if we have a non-loopback/link-local network interface. */
 static bool haveInternet()
 {
@@ -86,7 +66,7 @@ static bool haveInternet()
         }
     }
 
-    if (haveProxyEnvironmentVariables()) return true;
+    if (haveNetworkProxyConnection()) return true;
 
     return false;
 #else

tests/nixos/nss-preload.nix

@@ -32,6 +32,7 @@ let
 
         impureEnvVars = [
             "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
+            "HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
         ];
 
         urls = [ "http://example.com" ];