1 |
Zac Medico wrote: |
2 |
> Jason Stubbs wrote: |
3 |
> |
4 |
>> On Monday 22 August 2005 12:52, Drake Wyrm wrote: |
5 |
>> |
6 |
>>> Alec Warner <warnera6@×××××××.edu> wrote: |
7 |
>>> |
8 |
>>>> Was talking with Brian about the build environment and how settings |
9 |
>>>> were to be passed into the build environment. |
10 |
>>>> |
11 |
>>>> Essentially three scenarios were presented. |
12 |
>>> |
13 |
>>> |
14 |
>>> Snip and summary: |
15 |
>>> |
16 |
>>> 1) Pass everything |
17 |
>>> |
18 |
>>> 2) Blacklist and strip bad stuff |
19 |
>>> |
20 |
>>> 3) Whitelist good stuff; strip everything else |
21 |
>>> |
22 |
>>> |
23 |
>>>> To me 1) is unacceptable and 3) is the best option. Feel free to |
24 |
>>>> shoot these down as you see fit ;) |
25 |
>>> |
26 |
>>> |
27 |
>>> Option 4: Strip everything. |
28 |
>>> |
29 |
>>> Nothing is passed from the original environment; everything passed in |
30 |
>>> the |
31 |
>>> environment is considered to be a "portage variable". This, I suppose, |
32 |
>>> is an extreme case of the whitelist. |
33 |
>> |
34 |
>> |
35 |
>> |
36 |
>> Well, I'll go against the flow. ;) |
37 |
>> |
38 |
>> My preference would go 4, 3, 2 then 1. While Makefiles and configure |
39 |
>> scripts may be "broken" upstream, how long is it before the breakage |
40 |
>> goes unnoticed? More importantly, what's the chances of a dev finding |
41 |
>> the breakage before users? Cleansing the environment to me is akin to |
42 |
>> using sandbox. It offers protection against misbehaving packages... |
43 |
>> |
44 |
> |
45 |
> Good point. How about if we add environment sandboxing support (in |
46 |
> addition to filesystem sandboxing) to sandbox. With an environment |
47 |
> sandbox, we could detect specifically which variables a build is fragile |
48 |
> with regard to. The sandbox would have both filesystem access and |
49 |
> environment access violation summaries. |
50 |
"environmental sandbox" being similar to sandbox, or the cleansing of |
51 |
the environment? The latter is easy, the former...I am not sure how you |
52 |
begin to detect variable use in bash :/ |
53 |
|
54 |
I am leaning more toward the 2,4,3,1 angle. I find the information that |
55 |
variable X breaks builds more useful than having a clean environment ALL |
56 |
the time. I am satisfied as long as a clean environment is an option |
57 |
for those who wish their environment to be all nice and pretty ;) |
58 |
|
59 |
I don't see exactly the difference between 4) and 3) however...4 seems |
60 |
to be just a python enforced version of 3). |
61 |
|
62 |
-Alec Warner (antarus) |
63 |
-- |
64 |
gentoo-portage-dev@g.o mailing list |