Honor the same set of proxy environment variables (#10611)

Different parts of the project honor different sets of proxy environment
variables. With this commit all parts of the project will honor the same
set of proxy environment variables.

---------

Co-authored-by: Your Name <you@example.com>
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
This commit is contained in:
ramboman 2024-05-06 19:39:22 +00:00 committed by GitHub
parent da3381d51f
commit b4950404ba
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 76 additions and 25 deletions

View file

@ -53,7 +53,8 @@ ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
The Nix installer has special handling for these proxy-related
environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
`no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`, `NO_PROXY`.
`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
`ALL_PROXY`, `NO_PROXY`.
If any of these variables are set when running the Nix installer, then
the installer will create an override file at

View file

@ -35,7 +35,7 @@ escape_systemd_env() {
# Gather all non-empty proxy environment variables into a string
create_systemd_proxy_env() {
vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY"
vars="http_proxy https_proxy ftp_proxy all_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY NO_PROXY"
for v in $vars; do
if [ "x${!v:-}" != "x" ]; then
echo "Environment=${v}=$(escape_systemd_env ${!v})"

View file

@ -0,0 +1,45 @@
#include "network-proxy.hh"
#include <algorithm>
#include <boost/algorithm/string.hpp>
#include "environment-variables.hh"
namespace nix {
static const StringSet lowercaseVariables{"http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"};
static StringSet getAllVariables()
{
StringSet variables = lowercaseVariables;
for (const auto & variable : lowercaseVariables) {
variables.insert(boost::to_upper_copy(variable));
}
return variables;
}
const StringSet networkProxyVariables = getAllVariables();
static StringSet getExcludingNoProxyVariables()
{
static const StringSet excludeVariables{"no_proxy", "NO_PROXY"};
StringSet variables;
std::set_difference(
networkProxyVariables.begin(), networkProxyVariables.end(), excludeVariables.begin(), excludeVariables.end(),
std::inserter(variables, variables.begin()));
return variables;
}
static const StringSet excludingNoProxyVariables = getExcludingNoProxyVariables();
bool haveNetworkProxyConnection()
{
for (const auto & variable : excludingNoProxyVariables) {
if (getEnv(variable).has_value()) {
return true;
}
}
return false;
}
}

View file

@ -0,0 +1,22 @@
#pragma once
///@file
#include "types.hh"
namespace nix {
/**
* Environment variables relating to network proxying. These are used by
* a few misc commands.
*
* See the Environment section of https://curl.se/docs/manpage.html for details.
*/
extern const StringSet networkProxyVariables;
/**
* Heuristically check if there is a proxy connection by checking for defined
* proxy variables.
*/
bool haveNetworkProxyConnection();
}

View file

@ -34,6 +34,7 @@ derivation ({
# derivation like fetchurl is allowed to do so since its result is
# by definition pure.
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
"HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
];
# To make "nix-prefetch-url" work.

View file

@ -25,6 +25,7 @@
#include "attr-path.hh"
#include "legacy.hh"
#include "users.hh"
#include "network-proxy.hh"
using namespace nix;
using namespace std::string_literals;
@ -121,8 +122,8 @@ static void main_nix_build(int argc, char * * argv)
"HOME", "XDG_RUNTIME_DIR", "USER", "LOGNAME", "DISPLAY",
"WAYLAND_DISPLAY", "WAYLAND_SOCKET", "PATH", "TERM", "IN_NIX_SHELL",
"NIX_SHELL_PRESERVE_PROMPT", "TZ", "PAGER", "NIX_BUILD_SHELL", "SHLVL",
"http_proxy", "https_proxy", "ftp_proxy", "all_proxy", "no_proxy"
};
keepVars.insert(networkProxyVariables.begin(), networkProxyVariables.end());
Strings args;
for (int i = 1; i < argc; ++i)

View file

@ -17,6 +17,7 @@
#include "memory-source-accessor.hh"
#include "terminal.hh"
#include "users.hh"
#include "network-proxy.hh"
#include <sys/types.h>
#include <regex>
@ -41,27 +42,6 @@ void chrootHelper(int argc, char * * argv);
namespace nix {
#ifdef _WIN32
[[maybe_unused]]
#endif
static bool haveProxyEnvironmentVariables()
{
static const std::vector<std::string> proxyVariables = {
"http_proxy",
"https_proxy",
"ftp_proxy",
"HTTP_PROXY",
"HTTPS_PROXY",
"FTP_PROXY"
};
for (auto & proxyVariable: proxyVariables) {
if (getEnv(proxyVariable).has_value()) {
return true;
}
}
return false;
}
/* Check if we have a non-loopback/link-local network interface. */
static bool haveInternet()
{
@ -86,7 +66,7 @@ static bool haveInternet()
}
}
if (haveProxyEnvironmentVariables()) return true;
if (haveNetworkProxyConnection()) return true;
return false;
#else

View file

@ -32,6 +32,7 @@ let
impureEnvVars = [
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
"HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
];
urls = [ "http://example.com" ];