Matthias Scheler <tron%netbsd.org@localhost> writes: > On Wed, Jun 05, 2013 at 12:19:30PM +0100, David Brownlee wrote: >> > Log Message: >> > Revert change to "PKG_SETENV": >> > 1.) It breaks the build of "www/firefox" which gets upset if "SHELL" is >> > not defined in the environment. There are probably more packages >> > which similar problems. >> >> I built quite a large chunk of pkgsrc including kde4 and firefox was >> the only package I've hit which failed to build. Can anyone think of >> any reason why SHELL should not be added to ALL_ENV? > > I can't see a reason. Just didn't know how to fix this properly. I think it's buggy to pass the user's value of SHELL, because any package that looks at SHELL in the environment is buggy and should be fixed instead. A workaround is to force it to /bin/sh, where at least there is a repeatable outcome. >> > 2.) It breaks established use case like this one: >> > >> > export ALLOW_VULNERABLE_PACKAGES=yes >> > cd pkgsrc/multimedia/ffmpeg2theora >> > bmake install >> > >> > In this case the value of "ALLOW_VULNERABLE_PACKAGES" will not be >> > passed to the build of "pkgsrc/multimedia/ffmpeg". And the build of >> > this package will fail due to known vulnerabilities. >> >> I think that if there is a list of well defined environment values >> which are expected to be viable to pass into a build then they should >> be documented, and explicitly added to ALL_ENV - whether or not we are >> using SETENV=env -i > > That sounds like a good approach. But based on Greg's objection I'm not > going to commit that right now. I think that "pass into a build" is hard to distinguish from "happen to be set and unintentionally affect the build". For variables whose only purpose is to control pkgsrc, adding them to an allowed list seems like a good plan. So a straw plan: start a whtelist/add to ALL_ENV. Be careful to only add variables which do not mask bugs (e.g. ALLOW_VULNERABLE_PACKAGES ok, http_proxy ok, SHELL not ok). ponder/discuss anything tricky. It could be that packages properly expect SHELL to be a shell that can run comands. In that case, it should probably be forced to the platforms pkgsrc-acceptable version of /bin/sh. add a mk.conf variable PKGSRC_SANITIZE_ENVIRONMENT, defaulting to no, with yes meaning clean everything not in the whitelist. Then people can try this, without yet imposing it on everyone at once.
Attachment:
pgpulNmdE6_IS.pgp
Description: PGP signature