[gentoo-portage-dev] Environment Whitelisting

public inbox for gentoo-portage-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Alec Warner <warnera6@egr.msu.edu>
To: gentoo-portage-dev@lists.gentoo.org
Subject: [gentoo-portage-dev] Environment Whitelisting
Date: Sun, 21 Aug 2005 16:25:45 -0400	[thread overview]
Message-ID: <4308E349.8010107@egr.msu.edu> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Was talking with Brian about the build environment and how settings were
to be passed into the build environment.

Essentially three scenarios were presented.

1)  The full environment is passed to the build environment.  This was
generally agreed upon to be bad since there are environmental things
that can cause build problems.

2)  The full environment is parsed via a blacklist to strip out
environment settings that are known to be bad for building packages.
This leads to a clean* build environment.  However, maintaining the
blacklist can be a challenge if it grows in size.

(*) clean, meaining all the bad things we know about are not in the
build environment.  This does not account for the bad things we do NOT
know about.

3)  The full environment is parsed via a whitelist to get a list of
environment settings that are known to be good for building packages.
This leads to a clean build environment, as only whitelisted environment
settings are passed in.  However, the whitelist will probably be worse
to maintain than a blacklist.

Both 2) and 3) above have issues where some build variables are bad for
ebuild X but not ebuild Y.  I am unsure how exactly to cover any kind of
situation like that ( and I don't have an example from the tree, save
perhaps LANG=weird-language ).

To me 1) is unacceptable and 3) is the best option.  Feel free to shoot
these down as you see fit ;)

- -Alec Warner (antarus)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQwjjSGzglR5RwbyYAQIAeQ//cGJLLF0BKATfaUjAikiKgJ8miHeMBw9p
UMN+xmB3N48Qj8bEC9qhhisSVZGFUVBuucWX5ObKGOG9vQx2Ry/i3NJG0W124s77
f9lLYOcPBOXV6Wo9F4WQ20SZt+0ktoCe2aphC/aVVyiyQhagtqjud50caBcUVfGq
OlpZLLze9LW5SeqRC5N826kZJh63wP/4YOqqRo5DKjIJb/ahFUT0IZqBVWs2OADD
548yRsBsW4G3n8+JxANbGVeFwPACiWc+DFUBU651X36D01+D/M/a5Cp1f+J+Y2IW
AouTkuzxmu8FgiK1+xNN3hOPM+PiqHfcWT7gBa+5Xb+h19mwgJuQAAD7stQNKxZk
GorIA6GubOx+6qQd4nbzdR7bm2/LUhpC2IOQlIwmMwh2RPYnVp7QRILvsFRGPELV
Fb0/enfwD2EzhwJJKkx5LFOdTFA71RP7WICNUJTbntRWp89aspgPg+gB/6gq9s0t
Hf8oRsHR1Xox0NH09oJTTToxakgjdnSrjUAG42ZqDLRvP1x8FmL6BWbYZ9CIXBaJ
r7wxYCwW6pQGcuCAtZCnc9UEIHXTZuy4btxnrfxAwtT10dJub2BrBo4TSZgRQyKu
++N3nxVb0m8qOgRJYsv4hBb0ybJgrDiqCmvfSgSEJAO1+wKPnR8YhEqsOkNBul4Y
sLBvLF9lJl8=
=AXLx
-----END PGP SIGNATURE-----
-- 
gentoo-portage-dev@gentoo.org mailing list

next             reply	other threads:[~2005-08-21 20:26 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-21 20:25 Alec Warner [this message]
2005-08-22  1:24 ` [gentoo-portage-dev] Environment Whitelisting Zac Medico
2005-08-22  3:52 ` [gentoo-portage-dev] " Drake Wyrm
2005-08-22  4:41   ` Zac Medico
2005-08-22 16:29     ` Kristian Benoit
2005-08-22 14:52   ` Jason Stubbs
2005-08-22 18:08     ` Zac Medico
2005-08-22 19:15       ` warnera6
2005-08-22 19:24         ` Zac Medico
2005-08-22 20:58           ` Brian Harring
2005-08-23  1:57           ` Kristian Benoit
2005-08-23  2:15             ` Brian Harring
2005-08-22 21:33 ` [gentoo-portage-dev] " Marius Mauch
2005-08-22 21:40   ` Brian Harring
2005-08-22 21:55     ` warnera6
2005-08-22 21:59     ` Marius Mauch
2005-08-22 22:19       ` Brian Harring
2005-08-22 22:36         ` Alec Warner
2005-08-22 22:41           ` Brian Harring
2005-08-22 23:01             ` [gentoo-portage-dev] Profiles [ was Environmental Whitelisting ] Alec Warner
2005-08-22 23:28     ` [gentoo-portage-dev] Environment Whitelisting Jason Stubbs
2005-08-22 23:56       ` Brian Harring
2005-08-23 10:50         ` Jason Stubbs
2005-08-23  0:27       ` Alec Warner
2005-08-23  2:46       ` Kristian Benoit
2005-08-23  3:40         ` Alec Warner
2005-08-23 16:19           ` Kristian Benoit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4308E349.8010107@egr.msu.edu \
    --to=warnera6@egr.msu.edu \
    --cc=gentoo-portage-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox