Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize environment variables for build scripts #5282

Open
matklad opened this issue Apr 3, 2018 · 4 comments
Open

Sanitize environment variables for build scripts #5282

matklad opened this issue Apr 3, 2018 · 4 comments
Labels
A-build-scripts Area: build.rs scripts S-triage Status: This issue is waiting on initial triage.

Comments

@matklad
Copy link
Member

matklad commented Apr 3, 2018

Build scripts have access to the parent environment, and this may cause problem because it's not obvious which env vars are actually used by the build script, which hurts reproducible builds.

Perhaps we should use some kind of a whitelist of envvars to pass to build scripts?
@matklad
Copy link
Member Author

matklad commented Apr 3, 2018

cc @jsgf (https://internals.rust-lang.org/t/rfc-implement-a-sandbox-for-environment-variables-and-files/7213)

@jsgf jsgf mentioned this issue Apr 5, 2018
Closed
@jsgf
Copy link
Contributor

jsgf commented Apr 5, 2018

https://github.com/jsgf/rfcs/blob/env-sandbox/text/0000-env-sandboxing.md

@matklad
Copy link
Member Author

matklad commented Apr 9, 2018

Discussed during a meeting: this might be a nice idea in theory, but it really needs some significant design work, to make sure this feature is actually usable.

@kornelski
Copy link
Contributor

kornelski commented Apr 21, 2018
edited
Loading

The "non-obvious" part doesn't have to be solved by blocking env vars, but can be solved by tracking which ones were used.

This is already almost a solved problem, but it's blocked on a showstopping bug: #4587

@matklad matklad removed the Rust-2018 label Jun 26, 2018
@ehuss ehuss added the A-build-scripts Area: build.rs scripts label Nov 18, 2018
@dwijnand dwijnand changed the title Sanitize environemt variables for build scripts Sanitize environment variables for build scripts Feb 11, 2019
@epage epage added the S-triage Status: This issue is waiting on initial triage. label Oct 18, 2023
@fenollp fenollp mentioned this issue Aug 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-build-scripts Area: build.rs scripts S-triage Status: This issue is waiting on initial triage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ehuss @epage @kornelski @jsgf @matklad