From 7eb5c0991cc5e6ad7fcef92848157e83e23f5fe8 Mon Sep 17 00:00:00 2001 From: Tim Cuthbertson Date: Fri, 9 Feb 2024 14:20:32 +1100 Subject: [PATCH] doc: add proxy usage to fetchers chapter --- doc/build-helpers/fetchers.chapter.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/build-helpers/fetchers.chapter.md b/doc/build-helpers/fetchers.chapter.md index 2167df3f1748..21cadfaa21fa 100644 --- a/doc/build-helpers/fetchers.chapter.md +++ b/doc/build-helpers/fetchers.chapter.md @@ -157,6 +157,12 @@ Here are security considerations for this scenario: In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content. +## Proxy usage {#sec-pkgs-fetchers-proxy} + +Nixpkgs fetchers can make use of a http(s) proxy. Each fetcher will automatically inherit proxy-related environment variables (`http_proxy`, `https_proxy`, etc) via [impureEnvVars](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-impureEnvVars). + +The environment variable `NIX_SSL_CERT_FILE` is also inherited in fetchers, and can be used to provide a custom certificate bundle to fetchers. This is usually required for a https proxy to work without certificate validation errors. + []{#fetchurl} ## `fetchurl` {#sec-pkgs-fetchers-fetchurl}