From: Andreas Reichel <andreas.reichel.ext@siemens.com>
To: Henning Schild <henning.schild@siemens.com>
Cc: isar-users@googlegroups.com
Subject: Re: [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb
Date: Mon, 11 Sep 2017 12:55:00 +0200 [thread overview]
Message-ID: <20170911105500.GA7040@iiotirae> (raw)
In-Reply-To: <20170908100204.3ba1f0e3@md1em3qc>
On Fri, Sep 08, 2017 at 10:02:04AM +0200, Henning Schild wrote:
> Am Fri, 8 Sep 2017 09:37:38 +0200
> schrieb "[ext] Henning Schild" <henning.schild@siemens.com>:
>
> > Thanks for looking into this and finally finding a solution. More
> > comments inline.
> >
> > Am Thu, 7 Sep 2017 17:03:35 +0200
> > schrieb "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>:
> >
> > > From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> > >
> >
> > I know that the env was already cleared and that it should be safe to
> > use "sudo -E". What about the following?
> >
> > sudo http_proxy=$http_proxy ... no_proxy=$no_proxy multistrap ...
>
> Well this would actually be pretty dangerous. The right side of the 4
> assignments needs to get quoted and we should be safe.
>
> sudo http_proxy="$http_proxy" ... no_proxy="$no_proxy" multistrap ...
>
Why so complicated. As you said, you know that environment is cleared.
So there is no point in hardcoding proxy settings variables here.
> Problem without the quotes, one could put commands into the variables
> and execute them with sudo:
Security concerns are out of topic here. The problem is always given
when using sudo - as already known and already thought about. So in my
opinion it is not useful to introduce variable exports with extra
security concerns here instead of just relying on bitbake's environment
clearing. Because that's what bitbake's implementation is about.
Andreas
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
Andreas.Reichel@tngtech.com, +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
next prev parent reply other threads:[~2017-09-11 10:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 15:03 [PATCH 0/1] Make do_rootfs work with proxy settings Andreas J. Reichel
2017-09-07 15:03 ` [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb Andreas J. Reichel
2017-09-08 7:37 ` Henning Schild
2017-09-08 8:02 ` Henning Schild
2017-09-11 10:55 ` Andreas Reichel [this message]
2017-09-11 16:50 ` Henning Schild
2017-09-11 9:24 ` Andreas Reichel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170911105500.GA7040@iiotirae \
--to=andreas.reichel.ext@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox