On Wed, Jul 1, 2020 at 9:36 AM Michael Orlitzky <m...@gentoo.org> wrote: > > On 2020-06-30 12:22, Matthew Thode wrote: > > > > I'd like to suggest allowing only approved variables in the build > > environment, having portage unset all variables and setting only what is > > needed (or configured). > > I think this is orthogonal to the problem I'm trying to solve. Even if > all environment variables had to be whitelisted, ebuilds would still > need to know how to use them when they happen to be defined. >
Agree. I'm not actually certain what that proposal was intended to convey. Are we talking about: 1. Blocking anything that happens to be in the environment when emerge is run? (Ie 'CFLAGS="-O2" emerge -1 foo'?) 2. Blocking any variable at all that isn't whitelisted by an ebuild or eclass? (ie CFLAGS in make.conf is ignored unless the ebuild whitelists it) I get how environment pollution can cause issues, but #1 is something we've generally supported for a long time, and it is useful for troubleshooting/etc or just trying out different things. Maybe a FEATURE flag could be used to control it to keep newbs out of trouble, and you can just as easily pass that in the environment too. I'm not sure that #2 adds a lot of value. The default phase functions probably already don't work well for exotic build systems, and eclasses can of course take care of remapping for most of the popular ones. For one-offs some flag-o-matic or other eclass functions to aid in remapping variables might be helpful in some cases if there isn't already something there. But in any case it isn't essential to what you're proposing. It does go along with it to a degree and is worth at least thinking about (imo)... -- Rich
