Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@×××××.com>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] Environment Whitelisting
Date: Mon, 22 Aug 2005 01:24:41
Message-Id: 43092955.4080606@gmail.com
In Reply to: [gentoo-portage-dev] Environment Whitelisting by Alec Warner
1 Alec Warner wrote:
2 > -----BEGIN PGP SIGNED MESSAGE-----
3 > Hash: SHA1
4 >
5 > Was talking with Brian about the build environment and how settings were
6 > to be passed into the build environment.
7 >
8 > Essentially three scenarios were presented.
9 >
10 > 1) The full environment is passed to the build environment. This was
11 > generally agreed upon to be bad since there are environmental things
12 > that can cause build problems.
13 >
14 > 2) The full environment is parsed via a blacklist to strip out
15 > environment settings that are known to be bad for building packages.
16 > This leads to a clean* build environment. However, maintaining the
17 > blacklist can be a challenge if it grows in size.
18 >
19 > (*) clean, meaining all the bad things we know about are not in the
20 > build environment. This does not account for the bad things we do NOT
21 > know about.
22 >
23 > 3) The full environment is parsed via a whitelist to get a list of
24 > environment settings that are known to be good for building packages.
25 > This leads to a clean build environment, as only whitelisted environment
26 > settings are passed in. However, the whitelist will probably be worse
27 > to maintain than a blacklist.
28 >
29 > Both 2) and 3) above have issues where some build variables are bad for
30 > ebuild X but not ebuild Y. I am unsure how exactly to cover any kind of
31 > situation like that ( and I don't have an example from the tree, save
32 > perhaps LANG=weird-language ).
33 >
34 > To me 1) is unacceptable and 3) is the best option. Feel free to shoot
35 > these down as you see fit ;)
36 >
37
38 IMO the whitelist is a bad thing. I would suggest a blacklist and an override list. The blacklist simply removes known "problem causing" variables. The override list allows known "problem causing" variables to be overridden.
39
40 Zac
41 --
42 gentoo-portage-dev@g.o mailing list
Report Message
Find on MARC Find on Google Groups