fix git http_proxy ignored #5613
Conversation
Signed-off-by: Steeve Chailloux <[email protected]>
There was a problem hiding this comment.
I guess this is ok for matching HTTP although I'm not sure if HTTP behavior is intentional. I think it would make more sense if these were to be passed from the client (as they are with RUN statements via build-arg).
Maybe we can merge this but then follow up with:
- update HTTP and Git to both use the proxy settings configured from client
- deprecate passthrough of proxy settings from daemon process and remove a couple of releases after.
|
The classic builder used the proxies configured in the daemon environment, not those passed from the CLI; #5329 (comment) Which would match behavior for (say) |
|
|
|
Yeah, there's a wide range of possible combinations possible. My concern here is that there's situations where the daemon runs in a MITM proxy environment (we're currently looking into some of those situations). In such cases, the proxy should be mostly transparent to the user for operations performed by Docker (and BuildKit) itself, but may not be desired automatically for tools running inside containers (including build containers). In such cases using the proxy from the host would work (daemon configured to use a that proxy, and custom root-CA's present on the host), but we (currently at least) have no good options to specify those options from the client; first of all, because the client may not have access to relevant root-CAs, but also because there's no options to send those over or otherwise configure which ones to use (and where / how they must be installed). Perhaps we need more options for this;
|
| @@ -189,6 +189,12 @@ func (cli *GitCLI) Run(ctx context.Context, args ...string) (_ []byte, err error | |||
| "GIT_CONFIG_NOSYSTEM=1", // Disable reading from system gitconfig. | |||
| "HOME=/dev/null", // Disable reading from user gitconfig. | |||
| "LC_ALL=C", // Ensure consistent output. | |||
| "HTTP_PROXY=" + os.Getenv("HTTP_PROXY"), | |||
There was a problem hiding this comment.
Afaics this should define new variables with empty string values if the env value is not defined. os.LookupEnv handles the case of detecting if env is defined or not.
fix #5329
Git commands are executed using os/exec package and therefore do not share environment variables with the main process, That's why
ADDdoesn't honor proxy related environment variables in this context.That said, in a pure HTTP context, like:
ADD https://example.com/archive.zip /usr/src/things/ADDalready respects proxy-related environment variables because it uses net/http package internally.