From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C6B951382C5 for ; Wed, 1 Jul 2020 19:05:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 93DA3E08B1; Wed, 1 Jul 2020 19:05:04 +0000 (UTC) Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 641A6E08A6 for ; Wed, 1 Jul 2020 19:05:04 +0000 (UTC) Received: by mail-ej1-f65.google.com with SMTP id dr13so26144184ejc.3 for ; Wed, 01 Jul 2020 12:05:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=oB08/B76kZ2b6r5AtXjl6ehXtMLaXy53GvONpjWMsHg=; b=uLckQs9Y3mVHJUYyJMy4cr7a/H6MIoUhpOy95AHtZwTkpRwDk5ImNoLnQdRuP74fj5 jg2WbVJBmHzuw8RuOPFFNgxZKfzobSHrFq1weoSue6ideuFL37ntAqJFhfr8IOJYnOXM uEO9J6Af16OnkL7vuTlFT28HsEsY56XBVSCGA6S46J450ntM9OBxM18kbGiyhqXpvZUV 7guD5ikEg9kPUjhb9L/1QzxkETlENVz5kXpWSE3JYNx+m1Sni0D2ENrtiSwjJxdRupvF TOzf1aoEtFDT2RQDozfTMmHaupPZcrpF/SNOD4vz66im0vif6yp0Ixr8ddJSgv3cUQ2K rlbw== X-Gm-Message-State: AOAM532fuKhvIXek/qZ+8+GvIcBDPR9DH5oydc6k9Pu0u9d+whOxI5cK nWRJ1PF/X/v8IKHT+VntOy5mQ/gj1YoqXNsvFmFeTg== X-Google-Smtp-Source: ABdhPJx5jco0Pvzag8DjTGemy4Xr2sKo5b04OOPjHEE/+fqhCcLPiboOnzbNWrLZlL39EQexoW/GnvYjOzwoj+YSfPU= X-Received: by 2002:a17:906:7a46:: with SMTP id i6mr23336859ejo.475.1593630302705; Wed, 01 Jul 2020 12:05:02 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <91a59b26-94e1-9494-3f2c-ca75e8ff1426@gentoo.org> <20200630162223.flffq4fu26zjlbce@gentoo.org> In-Reply-To: From: Rich Freeman Date: Wed, 1 Jul 2020 15:04:50 -0400 Message-ID: Subject: Re: [gentoo-dev] RFC: Standard build environment variables To: gentoo-dev Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 248b9fee-e82d-44eb-9d70-e318839e419b X-Archives-Hash: 67790c6e9d0d5daa4ec006fe00e70fe2 On Wed, Jul 1, 2020 at 9:36 AM Michael Orlitzky wrote: > > On 2020-06-30 12:22, Matthew Thode wrote: > > > > I'd like to suggest allowing only approved variables in the build > > environment, having portage unset all variables and setting only what is > > needed (or configured). > > I think this is orthogonal to the problem I'm trying to solve. Even if > all environment variables had to be whitelisted, ebuilds would still > need to know how to use them when they happen to be defined. > Agree. I'm not actually certain what that proposal was intended to convey. Are we talking about: 1. Blocking anything that happens to be in the environment when emerge is run? (Ie 'CFLAGS="-O2" emerge -1 foo'?) 2. Blocking any variable at all that isn't whitelisted by an ebuild or eclass? (ie CFLAGS in make.conf is ignored unless the ebuild whitelists it) I get how environment pollution can cause issues, but #1 is something we've generally supported for a long time, and it is useful for troubleshooting/etc or just trying out different things. Maybe a FEATURE flag could be used to control it to keep newbs out of trouble, and you can just as easily pass that in the environment too. I'm not sure that #2 adds a lot of value. The default phase functions probably already don't work well for exotic build systems, and eclasses can of course take care of remapping for most of the popular ones. For one-offs some flag-o-matic or other eclass functions to aid in remapping variables might be helpful in some cases if there isn't already something there. But in any case it isn't essential to what you're proposing. It does go along with it to a degree and is worth at least thinking about (imo)... -- Rich