From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E713J-0002hI-Cc for garchives@archives.gentoo.org; Mon, 22 Aug 2005 01:24:41 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7M1NUYr015157; Mon, 22 Aug 2005 01:23:30 GMT Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7M1NT7E024518 for ; Mon, 22 Aug 2005 01:23:30 GMT Received: by zproxy.gmail.com with SMTP id v1so680037nzb for ; Sun, 21 Aug 2005 18:24:06 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=go77ISDhSu5S0wmKLQq/4aDyuQ2RiXkx7OZucOcJUiNAcf9XoLgH9e4T6Q9cQP3vop9hRy0ZIoVzqG5QrLRN2LwOy3WjpcVMAlicKyhb736lwq/saWktImQj/H/xHI2jcxlkqKcM/WkmjZ6vSebcXxQxTHFWzb9z1NkVr9VU/Sc= Received: by 10.36.104.1 with SMTP id b1mr3851894nzc; Sun, 21 Aug 2005 18:24:05 -0700 (PDT) Received: from ?192.168.0.2? ([68.101.114.219]) by mx.gmail.com with ESMTP id 7sm1148896nzo.2005.08.21.18.24.04; Sun, 21 Aug 2005 18:24:04 -0700 (PDT) Message-ID: <43092955.4080606@gmail.com> Date: Sun, 21 Aug 2005 18:24:37 -0700 From: Zac Medico User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050804) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] Environment Whitelisting References: <4308E349.8010107@egr.msu.edu> In-Reply-To: <4308E349.8010107@egr.msu.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: d531a9dd-92e1-4fc5-b4b3-f5cb670586b4 X-Archives-Hash: 48f5aec04558b78d000e1052ec3ff4fd Alec Warner wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Was talking with Brian about the build environment and how settings were > to be passed into the build environment. > > Essentially three scenarios were presented. > > 1) The full environment is passed to the build environment. This was > generally agreed upon to be bad since there are environmental things > that can cause build problems. > > 2) The full environment is parsed via a blacklist to strip out > environment settings that are known to be bad for building packages. > This leads to a clean* build environment. However, maintaining the > blacklist can be a challenge if it grows in size. > > (*) clean, meaining all the bad things we know about are not in the > build environment. This does not account for the bad things we do NOT > know about. > > 3) The full environment is parsed via a whitelist to get a list of > environment settings that are known to be good for building packages. > This leads to a clean build environment, as only whitelisted environment > settings are passed in. However, the whitelist will probably be worse > to maintain than a blacklist. > > Both 2) and 3) above have issues where some build variables are bad for > ebuild X but not ebuild Y. I am unsure how exactly to cover any kind of > situation like that ( and I don't have an example from the tree, save > perhaps LANG=weird-language ). > > To me 1) is unacceptable and 3) is the best option. Feel free to shoot > these down as you see fit ;) > IMO the whitelist is a bad thing. I would suggest a blacklist and an override list. The blacklist simply removes known "problem causing" variables. The override list allows known "problem causing" variables to be overridden. Zac -- gentoo-portage-dev@gentoo.org mailing list