1 |
Alec Warner <warnera6@×××××××.edu> wrote: |
2 |
> Was talking with Brian about the build environment and how settings |
3 |
> were to be passed into the build environment. |
4 |
> |
5 |
> Essentially three scenarios were presented. |
6 |
> |
7 |
Snip and summary: |
8 |
|
9 |
1) Pass everything |
10 |
|
11 |
2) Blacklist and strip bad stuff |
12 |
|
13 |
3) Whitelist good stuff; strip everything else |
14 |
> |
15 |
> To me 1) is unacceptable and 3) is the best option. Feel free to |
16 |
> shoot these down as you see fit ;) |
17 |
|
18 |
Option 4: Strip everything. |
19 |
|
20 |
Have portage take a snapshot of the environment and keep it in a hash |
21 |
(or whatever Python call associative arrays) when it starts. Nothing in |
22 |
the environment is to be trusted, so flush it. Portage already parses |
23 |
certain environment variables to establish the build environment; have |
24 |
portage parse its snapshot to establish the build environment. Nothing |
25 |
is passed from the original environment; everything passed in the |
26 |
environment is considered to be a "portage variable". This, I suppose, |
27 |
is an extreme case of the whitelist. |
28 |
|
29 |
I don't particularly like option 4, but it is an option. |
30 |
|
31 |
I much prefer option 1. It's more work for the maintainers, but breakage |
32 |
from the environment should be fixed in the Makefile and pushed |
33 |
upstream. |
34 |
|
35 |
-- |
36 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
37 |
^ A unix signature isn't a return address, it's the ASCII equivalent of ^ |
38 |
^ a black velvet clown painting. It's a rectangle of carets surrounding ^ |
39 |
^ a quote from a literary giant of weeniedom like Heinlein or Dr. Who. ^ |
40 |
^ -- Chris Maeda ^ |
41 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
42 |
-- |
43 |
gentoo-portage-dev@g.o mailing list |