public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
@ 2018-05-02 15:42 Michał Górny
  2018-05-03  5:19 ` Kent Fredric
  2018-05-03  7:03 ` Jason Zaman
  0 siblings, 2 replies; 4+ messages in thread
From: Michał Górny @ 2018-05-02 15:42 UTC (permalink / raw
  To: gentoo-dev; +Cc: Michał Górny

Now that EAPI 7 is accepted and implemented in Portage, provide
the initial environment blacklist for coming EAPI 7 ebuilds.  The list
is based on existing eclasses, xdg-utils mostly.  Rationale is provided
in the comment above ENV_UNSET.
---
 profiles/base/make.defaults | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
index bd038bebf167..c9a964360694 100644
--- a/profiles/base/make.defaults
+++ b/profiles/base/make.defaults
@@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
 CONFIG_PROTECT="/etc"
 CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
 
+# EAPI 7 environment variable blacklist.
+#
+# XDG_* since the values coming from user environment can collide with
+# ebuild-set ${HOME} (e.g. by referring to user's home directory).
+# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
+#
+# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
+# DISPLAY to disconnect from the user's running X server.
+ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
+
 # Variables that are set exclusively by the profile
 # and not by user configuration files.
 PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
-- 
2.17.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
  2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
@ 2018-05-03  5:19 ` Kent Fredric
  2018-05-03  7:03 ` Jason Zaman
  1 sibling, 0 replies; 4+ messages in thread
From: Kent Fredric @ 2018-05-03  5:19 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 818 bytes --]

On Wed,  2 May 2018 17:42:19 +0200
Michał Górny <mgorny@gentoo.org> wrote:

> Now that EAPI 7 is accepted and implemented in Portage, provide
> the initial environment blacklist for coming EAPI 7 ebuilds.  The list
> is based on existing eclasses, xdg-utils mostly.  Rationale is provided
> in the comment above ENV_UNSET.

It may be worth adding the values from perl-functions.eclass's
perl_check_env() test, but I'd have to get a second opinion from
dilfridge.

The only real downside of leveraging this approach is if there's some
unforseen but justifiable excuse to let these ENV vars blead
*intentionally*, it might be a bit of work to subvert.

( reading EAPI7's PMS docs says its a non-aggregated variable and none
of the standard approaches like ENV_UNSET=" -FOO" are documented to
work )

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
  2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
  2018-05-03  5:19 ` Kent Fredric
@ 2018-05-03  7:03 ` Jason Zaman
  2018-05-03  7:38   ` Michał Górny
  1 sibling, 1 reply; 4+ messages in thread
From: Jason Zaman @ 2018-05-03  7:03 UTC (permalink / raw
  To: gentoo-dev; +Cc: Michał Górny

On Wed, May 02, 2018 at 05:42:19PM +0200, Michał Górny wrote:
> Now that EAPI 7 is accepted and implemented in Portage, provide
> the initial environment blacklist for coming EAPI 7 ebuilds.  The list
> is based on existing eclasses, xdg-utils mostly.  Rationale is provided
> in the comment above ENV_UNSET.

What about XAUTHORITY since you're doing DISPLAY?
and maybe SSH_AUTH_SOCK would make sense too?

-- Jason

> ---
>  profiles/base/make.defaults | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
> index bd038bebf167..c9a964360694 100644
> --- a/profiles/base/make.defaults
> +++ b/profiles/base/make.defaults
> @@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
>  CONFIG_PROTECT="/etc"
>  CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
>  
> +# EAPI 7 environment variable blacklist.
> +#
> +# XDG_* since the values coming from user environment can collide with
> +# ebuild-set ${HOME} (e.g. by referring to user's home directory).
> +# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
> +#
> +# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
> +# DISPLAY to disconnect from the user's running X server.
> +ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
> +
>  # Variables that are set exclusively by the profile
>  # and not by user configuration files.
>  PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
> -- 
> 2.17.0
> 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
  2018-05-03  7:03 ` Jason Zaman
@ 2018-05-03  7:38   ` Michał Górny
  0 siblings, 0 replies; 4+ messages in thread
From: Michał Górny @ 2018-05-03  7:38 UTC (permalink / raw
  To: gentoo-dev

W dniu czw, 03.05.2018 o godzinie 15∶03 +0800, użytkownik Jason Zaman
napisał:
> On Wed, May 02, 2018 at 05:42:19PM +0200, Michał Górny wrote:
> > Now that EAPI 7 is accepted and implemented in Portage, provide
> > the initial environment blacklist for coming EAPI 7 ebuilds.  The list
> > is based on existing eclasses, xdg-utils mostly.  Rationale is provided
> > in the comment above ENV_UNSET.
> 
> What about XAUTHORITY since you're doing DISPLAY?

Makes sense.

> and maybe SSH_AUTH_SOCK would make sense too?

Not sure.  Users may actually want the PM to use their SSH keys, e.g.
when accessing private git repositories.

> 
> -- Jason
> 
> > ---
> >  profiles/base/make.defaults | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> > 
> > diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
> > index bd038bebf167..c9a964360694 100644
> > --- a/profiles/base/make.defaults
> > +++ b/profiles/base/make.defaults
> > @@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
> >  CONFIG_PROTECT="/etc"
> >  CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
> >  
> > +# EAPI 7 environment variable blacklist.
> > +#
> > +# XDG_* since the values coming from user environment can collide with
> > +# ebuild-set ${HOME} (e.g. by referring to user's home directory).
> > +# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
> > +#
> > +# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
> > +# DISPLAY to disconnect from the user's running X server.
> > +ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
> > +
> >  # Variables that are set exclusively by the profile
> >  # and not by user configuration files.
> >  PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
> > -- 
> > 2.17.0
> > 
> > 
> 
> 

-- 
Best regards,
Michał Górny



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2018-05-03  7:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
2018-05-03  5:19 ` Kent Fredric
2018-05-03  7:03 ` Jason Zaman
2018-05-03  7:38   ` Michał Górny

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox