From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E7OuN-0006vL-3B for garchives@archives.gentoo.org; Tue, 23 Aug 2005 02:53:03 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7N2pfVT002479; Tue, 23 Aug 2005 02:51:41 GMT Received: from www.opersys.com (opersys.com [64.40.108.71]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7N2peMI005763 for <gentoo-portage-dev@lists.gentoo.org>; Tue, 23 Aug 2005 02:51:40 GMT Received: from [10.10.10.4] (dsl-136-78.aei.ca [66.36.136.78]) by www.opersys.com (8.9.3/8.9.3) with ESMTP id UAA11375 for <gentoo-portage-dev@lists.gentoo.org>; Mon, 22 Aug 2005 20:27:12 -0700 Subject: Re: [gentoo-portage-dev] Environment Whitelisting From: Kristian Benoit <kbenoit@opersys.com> To: gentoo-portage-dev@lists.gentoo.org In-Reply-To: <200508230828.10810.jstubbs@gentoo.org> References: <4308E349.8010107@egr.msu.edu> <20050822233323.276ad887@andy.genone.homeip.net> <20050822214059.GU10816@nightcrawler> <200508230828.10810.jstubbs@gentoo.org> Content-Type: text/plain Date: Mon, 22 Aug 2005 22:46:06 -0400 Message-Id: <1124765166.6502.132.camel@localhost> Precedence: bulk List-Post: <mailto:gentoo-portage-dev@lists.gentoo.org> List-Help: <mailto:gentoo-portage-dev+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-portage-dev+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-portage-dev+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-portage-dev.gentoo.org> X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.1.1 Content-Transfer-Encoding: 7bit X-Archives-Salt: cadd2cf0-cfd0-4276-80f6-13de53f88957 X-Archives-Hash: db1a9d94d7062bef43ea561dc5637d58 On Tue, 2005-08-23 at 08:28 +0900, Jason Stubbs wrote: > On Tuesday 23 August 2005 06:40, Brian Harring wrote: > > On Mon, Aug 22, 2005 at 11:33:23PM +0200, Marius Mauch wrote: > > > Theoretical discussions about this are pointless IMO without > > > numbers/facts to back things up. > > > > I'd posit theroetical discussions about this are pointless without > > getting ebuild dev's to give a yay/nay on whether they want it or not; > > not much for trying to force it down their throats if they don't want > > it (more work, essentially). > > I don't really see what it has to do with ebuild devs... We're talking about > the user's environment leaking into the portage build environment, no? > Environment vars used by ebuilds can/should be set by users in a portage > configuration file rather than being added to the environment. The only > issue i see here is user customizations - fex, a hypothetical colorgcc that > gets its config info from the env. That's exactly what I was saying, we filter the environment to let only portage's variables (USE, FEATURE, ...) pass through. But the user may specify a bunch variables that will pass through. Ex: $ FOO=bar USE=X emerge vim vim's ebuild wont see the variable FOO but will see USE. But if someone run: $ PORTAGE_USER_VARS="FOO" FOO=bar USE=X emerge vim The ebuild will see both FOO and USE. But suppose that foo has 10 depencies and I want FOO to be defined only for vim. I can write /etc/portage/package.env.d/app-editors/vim: BAR=$TMP/bar FOO=$BAR/foo PORTAGE_USER_VARS="$PORTAGE_USER_VARS FOO" Then if I run: $ TMP=/home/me USE=X emerge vim The ebuild will see both USE and FOO but not BAR and TMP. It could also be only one file (/etc/portage/package.env): app-editors/vim "FOO BAR" app-... then FOO and BAR will be defined when running the ebuild if defined in the env. Or: app-editors/vim 'FOO=bar BAR="bla bla"' Which one do you prefer ? I think this give more freedom to the user than white/blacklisting and provide clean environment to the ebuilds. Plus no need for the package managers to manage white/blacklist. Kristian -- gentoo-portage-dev@gentoo.org mailing list