commit: 1a4e951b7166b62d7e82b38f35f406b7033854c8
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Fri Jul 18 04:08:35 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jul 22 22:29:34 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=1a4e951b
save-ebuild-env.sh: filter out variables with the SSH_ prefix
Presently, the __save_ebuild_env() function filters out the
'SSH_AGENT_PID' variable. Instead, filter out all variables bearing a
prefix of "SSH_". With this change, I was immediately able to observe an
improvement in "environment.bz2" hygiene. In particular, the
'SSH_CLIENT' and 'SSH_CONNECTION' variables are now excluded.
declare -x SSH_CLIENT="10.0.0.3 56240 22"
declare -x SSH_CONNECTION="10.0.0.3 56240 10.0.0.2 22"
declare -x SSH_TTY="/dev/pts/0"
These variables clearly impact upon the privacy of the user and portage
has no business whatsoever in dumping them into world-readable files
beneath the "/var/db/pkg" directory, nor in incorporating them into
binary packages.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/save-ebuild-env.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/save-ebuild-env.sh b/bin/save-ebuild-env.sh
index 5198f6f9e7..71c4c2e672 100644
--- a/bin/save-ebuild-env.sh
+++ b/bin/save-ebuild-env.sh
@@ -48,8 +48,8 @@ __save_ebuild_env() (
ftp_proxy https_proxy http_proxy no_proxy
# other variables inherited from the calling environment
- CVS_RSH ECHANGELOG_USER GPG_AGENT_INFO SSH_AGENT_PID
- SSH_AUTH_SOCK STY WINDOW XAUTHORITY
+ "${!SSH_@}" CVS_RSH ECHANGELOG_USER GPG_AGENT_INFO STY WINDOW
+ XAUTHORITY
# portage config variables and variables set directly by portage
ACCEPT_LICENSE BUILD_PREFIX COLS DOC_SYMLINKS_DIR DISTDIR
