* [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
@ 2018-05-02 15:42 Michał Górny
2018-05-03 5:19 ` Kent Fredric
2018-05-03 7:03 ` Jason Zaman
0 siblings, 2 replies; 4+ messages in thread
From: Michał Górny @ 2018-05-02 15:42 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Now that EAPI 7 is accepted and implemented in Portage, provide
the initial environment blacklist for coming EAPI 7 ebuilds. The list
is based on existing eclasses, xdg-utils mostly. Rationale is provided
in the comment above ENV_UNSET.
---
profiles/base/make.defaults | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
index bd038bebf167..c9a964360694 100644
--- a/profiles/base/make.defaults
+++ b/profiles/base/make.defaults
@@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
+# EAPI 7 environment variable blacklist.
+#
+# XDG_* since the values coming from user environment can collide with
+# ebuild-set ${HOME} (e.g. by referring to user's home directory).
+# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
+#
+# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
+# DISPLAY to disconnect from the user's running X server.
+ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
+
# Variables that are set exclusively by the profile
# and not by user configuration files.
PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
--
2.17.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
@ 2018-05-03 5:19 ` Kent Fredric
2018-05-03 7:03 ` Jason Zaman
1 sibling, 0 replies; 4+ messages in thread
From: Kent Fredric @ 2018-05-03 5:19 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 818 bytes --]
On Wed, 2 May 2018 17:42:19 +0200
Michał Górny <mgorny@gentoo.org> wrote:
> Now that EAPI 7 is accepted and implemented in Portage, provide
> the initial environment blacklist for coming EAPI 7 ebuilds. The list
> is based on existing eclasses, xdg-utils mostly. Rationale is provided
> in the comment above ENV_UNSET.
It may be worth adding the values from perl-functions.eclass's
perl_check_env() test, but I'd have to get a second opinion from
dilfridge.
The only real downside of leveraging this approach is if there's some
unforseen but justifiable excuse to let these ENV vars blead
*intentionally*, it might be a bit of work to subvert.
( reading EAPI7's PMS docs says its a non-aggregated variable and none
of the standard approaches like ENV_UNSET=" -FOO" are documented to
work )
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
2018-05-03 5:19 ` Kent Fredric
@ 2018-05-03 7:03 ` Jason Zaman
2018-05-03 7:38 ` Michał Górny
1 sibling, 1 reply; 4+ messages in thread
From: Jason Zaman @ 2018-05-03 7:03 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
On Wed, May 02, 2018 at 05:42:19PM +0200, Michał Górny wrote:
> Now that EAPI 7 is accepted and implemented in Portage, provide
> the initial environment blacklist for coming EAPI 7 ebuilds. The list
> is based on existing eclasses, xdg-utils mostly. Rationale is provided
> in the comment above ENV_UNSET.
What about XAUTHORITY since you're doing DISPLAY?
and maybe SSH_AUTH_SOCK would make sense too?
-- Jason
> ---
> profiles/base/make.defaults | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
> index bd038bebf167..c9a964360694 100644
> --- a/profiles/base/make.defaults
> +++ b/profiles/base/make.defaults
> @@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
> CONFIG_PROTECT="/etc"
> CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
>
> +# EAPI 7 environment variable blacklist.
> +#
> +# XDG_* since the values coming from user environment can collide with
> +# ebuild-set ${HOME} (e.g. by referring to user's home directory).
> +# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
> +#
> +# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
> +# DISPLAY to disconnect from the user's running X server.
> +ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
> +
> # Variables that are set exclusively by the profile
> # and not by user configuration files.
> PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
> --
> 2.17.0
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7)
2018-05-03 7:03 ` Jason Zaman
@ 2018-05-03 7:38 ` Michał Górny
0 siblings, 0 replies; 4+ messages in thread
From: Michał Górny @ 2018-05-03 7:38 UTC (permalink / raw
To: gentoo-dev
W dniu czw, 03.05.2018 o godzinie 15∶03 +0800, użytkownik Jason Zaman
napisał:
> On Wed, May 02, 2018 at 05:42:19PM +0200, Michał Górny wrote:
> > Now that EAPI 7 is accepted and implemented in Portage, provide
> > the initial environment blacklist for coming EAPI 7 ebuilds. The list
> > is based on existing eclasses, xdg-utils mostly. Rationale is provided
> > in the comment above ENV_UNSET.
>
> What about XAUTHORITY since you're doing DISPLAY?
Makes sense.
> and maybe SSH_AUTH_SOCK would make sense too?
Not sure. Users may actually want the PM to use their SSH keys, e.g.
when accessing private git repositories.
>
> -- Jason
>
> > ---
> > profiles/base/make.defaults | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> > diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
> > index bd038bebf167..c9a964360694 100644
> > --- a/profiles/base/make.defaults
> > +++ b/profiles/base/make.defaults
> > @@ -22,6 +22,16 @@ USE_EXPAND_HIDDEN="USERLAND KERNEL ELIBC ABI_MIPS ABI_PPC ABI_S390 ABI_X86 CPU_F
> > CONFIG_PROTECT="/etc"
> > CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
> >
> > +# EAPI 7 environment variable blacklist.
> > +#
> > +# XDG_* since the values coming from user environment can collide with
> > +# ebuild-set ${HOME} (e.g. by referring to user's home directory).
> > +# We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
> > +#
> > +# DBUS_SESSION_BUS_ADDRESS to disconnect from user's session bus.
> > +# DISPLAY to disconnect from the user's running X server.
> > +ENV_UNSET="XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS DISPLAY"
> > +
> > # Variables that are set exclusively by the profile
> > # and not by user configuration files.
> > PROFILE_ONLY_VARIABLES="${PROFILE_ONLY_VARIABLES} ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
> > --
> > 2.17.0
> >
> >
>
>
--
Best regards,
Michał Górny
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-05-03 7:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-05-02 15:42 [gentoo-dev] [RFC PATCH] profiles/base: Set initial ENV_UNSET (EAPI 7) Michał Górny
2018-05-03 5:19 ` Kent Fredric
2018-05-03 7:03 ` Jason Zaman
2018-05-03 7:38 ` Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox