| 1 |
On 08/21/05 Alec Warner wrote: |
| 2 |
|
| 3 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 4 |
> Hash: SHA1 |
| 5 |
> |
| 6 |
> Was talking with Brian about the build environment and how settings |
| 7 |
> were to be passed into the build environment. |
| 8 |
> |
| 9 |
> Essentially three scenarios were presented. |
| 10 |
> |
| 11 |
> 1) The full environment is passed to the build environment. This was |
| 12 |
> generally agreed upon to be bad since there are environmental things |
| 13 |
> that can cause build problems. |
| 14 |
> |
| 15 |
> 2) The full environment is parsed via a blacklist to strip out |
| 16 |
> environment settings that are known to be bad for building packages. |
| 17 |
> This leads to a clean* build environment. However, maintaining the |
| 18 |
> blacklist can be a challenge if it grows in size. |
| 19 |
> |
| 20 |
> (*) clean, meaining all the bad things we know about are not in the |
| 21 |
> build environment. This does not account for the bad things we do NOT |
| 22 |
> know about. |
| 23 |
> |
| 24 |
> 3) The full environment is parsed via a whitelist to get a list of |
| 25 |
> environment settings that are known to be good for building packages. |
| 26 |
> This leads to a clean build environment, as only whitelisted |
| 27 |
> environment settings are passed in. However, the whitelist will |
| 28 |
> probably be worse to maintain than a blacklist. |
| 29 |
> |
| 30 |
> Both 2) and 3) above have issues where some build variables are bad |
| 31 |
> for ebuild X but not ebuild Y. I am unsure how exactly to cover any |
| 32 |
> kind of situation like that ( and I don't have an example from the |
| 33 |
> tree, save perhaps LANG=weird-language ). |
| 34 |
> |
| 35 |
> To me 1) is unacceptable and 3) is the best option. Feel free to |
| 36 |
> shoot these down as you see fit ;) |
| 37 |
|
| 38 |
Well, codewise 2) and 3) aren't that different (one is just the |
| 39 |
inversion of the other), so why not implement both, make a config |
| 40 |
setting for it and get empirical data to find the "best" solution? |
| 41 |
Actually don't even need a config switch, just detect if a blacklist or |
| 42 |
a whitelist is present and use them then. |
| 43 |
|
| 44 |
Theoretical discussions about this are pointless IMO without |
| 45 |
numbers/facts to back things up. |
| 46 |
|
| 47 |
Marius |
| 48 |
|
| 49 |
-- |
| 50 |
Public Key at http://www.genone.de/info/gpg-key.pub |
| 51 |
|
| 52 |
In the beginning, there was nothing. And God said, 'Let there be |
| 53 |
Light.' And there was still nothing, but you could see a bit better. |
| 54 |
-- |
| 55 |
gentoo-portage-dev@g.o mailing list |
Archives