yaourt Proxy Settings

In Arch Linux, getting yaourt that is being run as normal user (which is a requirement of the program) to work with proxy was a bit of a challenge.

On my system I have proxy settings setup this way:

/etc/profile.d/proxy.sh
http_proxy=http://proxy.corp.com:8080/
ftp_proxy=http://proxy.corp.com:8080/
all_proxy=socks://proxy.corp.com:8080/
https_proxy=http://proxy.corp.com:8080/
no_proxy=localhost,127.0.0.0/8

export http_proxy;
export ftp_proxy;
export all_proxy;
export https_proxy;
export no_proxy;

When run as normal user yaourt relies on sudo to call pacman to perform package management in the system. The trouble is that when sudo is invoked by yaourt it doesn’t keep your *_proxy variables. The solution is to tell sudo to explicitly keep those variables whenever it’s invoked.

/etc/sudoers
Defaults env_keep += “http_proxy https_proxy ftp_proxy all_proxy no_proxy”

That’s all you need to do.

If you want to understand more about how sudo works with variables read this excerpt from man sudoers:

Command Environment
Since environment variables can influence program behavior, sudoers provides a means to restrict which variables from the user’s environment are inherited by the command to be run.  There are two distinct ways sudoers can deal with environment variables.

By default, the env_reset option is enabled.  This causes commands to be executed with a minimal environment containing TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER and USERNAME in addition to variables from the invoking process permitted by the env_check and env_keep options. This is effectively a whitelist for environment variables.

If, however, the env_reset option is disabled, any variables not explicitly denied by the env_check and env_delete options are inherited from the invoking process.  In this case, env_check and env_delete behave like a blacklist.  Since it is not possible to blacklist all potentially dangerous environment variables, use of the default env_reset behavior is encouraged.

In all cases, environment variables with a value beginning with () are removed as they could be interpreted as bash functions.  The list of environment variables that sudo allows or denies is contained in the output of sudo -V when run as root.

Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of setuid executables, including sudo.  Depending on the operating system this may include _RLD*, DYLD_*, LD_*, LDR_*, LIBPATH, SHLIB_PATH, and others. These type of variables are removed from the environment before sudo even begins execution and, as such, it is not possible for sudo to preserve them.

As a special case, if sudo’s -i option (initial login) is specified, sudoers will initialize the environment regardless of the value of env_reset.  The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user.  On Linux and AIX systems the contents of /etc/environment are also included.  All other environment variables are removed.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s