Honor the same set of proxy environment variables (#10611)

Different parts of the project honor different sets of proxy environment variables. With this commit all parts of the project will honor the same set of proxy environment variables. --------- Co-authored-by: Your Name <you@example.com> Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-11-09 15:58:05 +02:00 · 2024-05-06 19:39:22 +00:00 · 2024-05-06 19:39:22 +00:00 · b4950404ba
commit b4950404ba
parent da3381d51f
8 changed files with 76 additions and 25 deletions
--- a/doc/manual/src/installation/env-variables.md
+++ b/doc/manual/src/installation/env-variables.md
@ -53,7 +53,8 @@ ssl-cert-file = /etc/ssl/my-certificate-bundle.crt

 The Nix installer has special handling for these proxy-related
 environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
-`no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`, `NO_PROXY`.
+`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
+`ALL_PROXY`, `NO_PROXY`.

 If any of these variables are set when running the Nix installer, then
 the installer will create an override file at
--- a/scripts/install-systemd-multi-user.sh
+++ b/scripts/install-systemd-multi-user.sh
@ -35,7 +35,7 @@ escape_systemd_env() {

 # Gather all non-empty proxy environment variables into a string
 create_systemd_proxy_env() {
-    vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY"
+    vars="http_proxy https_proxy ftp_proxy all_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY NO_PROXY"
    for v in $vars; do
        if [ "x${!v:-}" != "x" ]; then
            echo "Environment=${v}=$(escape_systemd_env ${!v})"
--- a/src/libcmd/network-proxy.cc
+++ b/src/libcmd/network-proxy.cc
@ -0,0 +1,45 @@
+#include "network-proxy.hh"
+
+#include <algorithm>
+#include <boost/algorithm/string.hpp>
+
+#include "environment-variables.hh"
+
+namespace nix {
+
+static const StringSet lowercaseVariables{"http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"};
+
+static StringSet getAllVariables()
+{
+    StringSet variables = lowercaseVariables;
+    for (const auto & variable : lowercaseVariables) {
+        variables.insert(boost::to_upper_copy(variable));
+    }
+    return variables;
+}
+
+const StringSet networkProxyVariables = getAllVariables();
+
+static StringSet getExcludingNoProxyVariables()
+{
+    static const StringSet excludeVariables{"no_proxy", "NO_PROXY"};
+    StringSet variables;
+    std::set_difference(
+        networkProxyVariables.begin(), networkProxyVariables.end(), excludeVariables.begin(), excludeVariables.end(),
+        std::inserter(variables, variables.begin()));
+    return variables;
+}
+
+static const StringSet excludingNoProxyVariables = getExcludingNoProxyVariables();
+
+bool haveNetworkProxyConnection()
+{
+    for (const auto & variable : excludingNoProxyVariables) {
+        if (getEnv(variable).has_value()) {
+            return true;
+        }
+    }
+    return false;
+}
+
+}
--- a/src/libcmd/network-proxy.hh
+++ b/src/libcmd/network-proxy.hh
@ -0,0 +1,22 @@
+#pragma once
+///@file
+
+#include "types.hh"
+
+namespace nix {
+
+/**
+ * Environment variables relating to network proxying. These are used by
+ * a few misc commands.
+ *
+ * See the Environment section of https://curl.se/docs/manpage.html for details.
+ */
+extern const StringSet networkProxyVariables;
+
+/**
+ * Heuristically check if there is a proxy connection by checking for defined
+ * proxy variables.
+ */
+bool haveNetworkProxyConnection();
+
+}
--- a/src/libexpr/fetchurl.nix
+++ b/src/libexpr/fetchurl.nix
@ -34,6 +34,7 @@ derivation ({
    # derivation like fetchurl is allowed to do so since its result is
    # by definition pure.
    "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
+    "HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
  ];

  # To make "nix-prefetch-url" work.
--- a/src/nix-build/nix-build.cc
+++ b/src/nix-build/nix-build.cc
@ -25,6 +25,7 @@
 #include "attr-path.hh"
 #include "legacy.hh"
 #include "users.hh"
+#include "network-proxy.hh"

 using namespace nix;
 using namespace std::string_literals;
@ -121,8 +122,8 @@ static void main_nix_build(int argc, char * * argv)
        "HOME", "XDG_RUNTIME_DIR", "USER", "LOGNAME", "DISPLAY",
        "WAYLAND_DISPLAY", "WAYLAND_SOCKET", "PATH", "TERM", "IN_NIX_SHELL",
        "NIX_SHELL_PRESERVE_PROMPT", "TZ", "PAGER", "NIX_BUILD_SHELL", "SHLVL",
-        "http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"
    };
+    keepVars.insert(networkProxyVariables.begin(), networkProxyVariables.end());

    Strings args;
    for (int i = 1; i < argc; ++i)
--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@ -17,6 +17,7 @@
 #include "memory-source-accessor.hh"
 #include "terminal.hh"
 #include "users.hh"
+#include "network-proxy.hh"

 #include <sys/types.h>
 #include <regex>
@ -41,27 +42,6 @@ void chrootHelper(int argc, char * * argv);

 namespace nix {

-#ifdef _WIN32
-[[maybe_unused]]
-#endif
-static bool haveProxyEnvironmentVariables()
-{
-    static const std::vector<std::string> proxyVariables = {
-        "http_proxy",
-        "https_proxy",
-        "ftp_proxy",
-        "HTTP_PROXY",
-        "HTTPS_PROXY",
-        "FTP_PROXY"
-    };
-    for (auto & proxyVariable: proxyVariables) {
-        if (getEnv(proxyVariable).has_value()) {
-            return true;
-        }
-    }
-    return false;
-}
-
 /* Check if we have a non-loopback/link-local network interface. */
 static bool haveInternet()
 {
@ -86,7 +66,7 @@ static bool haveInternet()
        }
    }

-    if (haveProxyEnvironmentVariables()) return true;
+    if (haveNetworkProxyConnection()) return true;

    return false;
 #else
--- a/tests/nixos/nss-preload.nix
+++ b/tests/nixos/nss-preload.nix
@ -32,6 +32,7 @@ let

        impureEnvVars = [
            "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
+            "HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
        ];

        urls = [ "http://example.com" ];