From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6463052406736289792 X-Received: by 10.46.21.27 with SMTP id s27mr813728ljd.41.1505127318576; Mon, 11 Sep 2017 03:55:18 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.28.146.131 with SMTP id u125ls335967wmd.0.gmail; Mon, 11 Sep 2017 03:55:18 -0700 (PDT) X-Google-Smtp-Source: AOwi7QAz9f2BkNSD3SKMErBaLwQ96ddcK2y8r7qxkuxl5Wa2cKugzQRNzQJYdw2kE2+/7Qcrtj6C X-Received: by 10.28.212.73 with SMTP id l70mr820537wmg.14.1505127318264; Mon, 11 Sep 2017 03:55:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505127318; cv=none; d=google.com; s=arc-20160816; b=DeSuHqeXRPI0Z7rwTvxYUbj5v8taApJ4HAamf8SsTeZAZl0Hmq2xUfP7eBNj/Nx6Ab LrQo4qug8hsK7oEg1mDxamiaxuN3pYnbrC6Xx/xtfT/aj8iwMisPviYS/25s0j0cZYXu 61XYtisAIWabZrY8wIfiVtoPJT++/+XgakMmqyH4uuYRJOUHM06I/pUNPLJozc/uj1ot u3egtoFj+B1j+F5SbQBtf0bpfIYB9t1zJMOG8npgQqzO9A4AUgEQF+rGahtY+aGbcVp9 BYUDt+Rw4C6pRIYNJMj/gVOiG/O+t+wVnZMzTXyU8/aCoiHAL4x0tZKYOjzmFjoI0oyu Kpag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:content-description :mime-version:references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=WjfPI3RdAMq2lQJeexLDMmmJhw2TErE7p4ey0aHl0mI=; b=ksE5g+2+zmYxjQ4U5E+J2ERtHFbyP9vPElOHqPdcWZDNnp20LNxN4CjAT+oqy6SW4f 1EF+ydq26Q5dB6ncg6NgyxSwLgofKk58xSs5+kT+fOV9auHDoqI+rDEpGU5SgkeQtKh0 eQ0NnkriF+dcxj9dIW9t8GPrvebh4nsecc/21G8QvdXWZMMXcbgU2vxcZXuwb2tNCGuz /cm5EdxmQVc+kB5vb3ATkUaYg74Y/sbZ2etUGJ1MtmXPJ0vjJkuXS5g8CqyRa/tRbYjj blP2sI4gGGdwfc+emQU26YlWTPVljjA3rj8gLvnVA8G2DzeZCBNPxMk92O+GfYHmJ/qr ggHA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of andreas.reichel.ext@siemens.com) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id i90si517377wmh.5.2017.09.11.03.55.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Sep 2017 03:55:18 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of andreas.reichel.ext@siemens.com) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of andreas.reichel.ext@siemens.com) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id v8BAtH2b030532 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 11 Sep 2017 12:55:17 +0200 Received: from iiotirae (golem.ppmd.siemens.net [139.25.69.162]) by mail1.sbs.de (8.15.2/8.15.2) with SMTP id v8BAtHXV026999; Mon, 11 Sep 2017 12:55:17 +0200 Date: Mon, 11 Sep 2017 12:55:00 +0200 From: Andreas Reichel To: Henning Schild Cc: isar-users@googlegroups.com Subject: Re: [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb Message-ID: <20170911105500.GA7040@iiotirae> References: <20170907150335.30970-1-andreas.reichel.ext@siemens.com> <20170907150335.30970-2-andreas.reichel.ext@siemens.com> <20170908093738.609fe0df@md1em3qc> <20170908100204.3ba1f0e3@md1em3qc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: message Content-Disposition: inline In-Reply-To: <20170908100204.3ba1f0e3@md1em3qc> User-Agent: Mutt/1.8.3 (2017-05-23) X-TUID: Wl2o7Dry1HQT On Fri, Sep 08, 2017 at 10:02:04AM +0200, Henning Schild wrote: > Am Fri, 8 Sep 2017 09:37:38 +0200 > schrieb "[ext] Henning Schild" : > > > Thanks for looking into this and finally finding a solution. More > > comments inline. > > > > Am Thu, 7 Sep 2017 17:03:35 +0200 > > schrieb "Andreas J. Reichel" : > > > > > From: Andreas Reichel > > > > > > > I know that the env was already cleared and that it should be safe to > > use "sudo -E". What about the following? > > > > sudo http_proxy=$http_proxy ... no_proxy=$no_proxy multistrap ... > > Well this would actually be pretty dangerous. The right side of the 4 > assignments needs to get quoted and we should be safe. > > sudo http_proxy="$http_proxy" ... no_proxy="$no_proxy" multistrap ... > Why so complicated. As you said, you know that environment is cleared. So there is no point in hardcoding proxy settings variables here. > Problem without the quotes, one could put commands into the variables > and execute them with sudo: Security concerns are out of topic here. The problem is always given when using sudo - as already known and already thought about. So in my opinion it is not useful to introduce variable exports with extra security concerns here instead of just relying on bitbake's environment clearing. Because that's what bitbake's implementation is about. Andreas -- Andreas Reichel Dipl.-Phys. (Univ.) Software Consultant Andreas.Reichel@tngtech.com, +49-174-3180074 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082