From: Henning Schild <henning.schild@siemens.com>
To: Andreas Reichel <andreas.reichel.ext@siemens.com>
Cc: <isar-users@googlegroups.com>
Subject: Re: [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb
Date: Mon, 11 Sep 2017 18:50:54 +0200 [thread overview]
Message-ID: <20170911185054.0fa286c9@md1em3qc> (raw)
In-Reply-To: <20170911105500.GA7040@iiotirae>
Am Mon, 11 Sep 2017 12:55:00 +0200
schrieb Andreas Reichel <andreas.reichel.ext@siemens.com>:
> On Fri, Sep 08, 2017 at 10:02:04AM +0200, Henning Schild wrote:
> > Am Fri, 8 Sep 2017 09:37:38 +0200
> > schrieb "[ext] Henning Schild" <henning.schild@siemens.com>:
> >
> > > Thanks for looking into this and finally finding a solution. More
> > > comments inline.
> > >
> > > Am Thu, 7 Sep 2017 17:03:35 +0200
> > > schrieb "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>:
> > >
> > > > From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> > > >
> > >
> > > I know that the env was already cleared and that it should be
> > > safe to use "sudo -E". What about the following?
> > >
> > > sudo http_proxy=$http_proxy ... no_proxy=$no_proxy
> > > multistrap ...
> >
> > Well this would actually be pretty dangerous. The right side of the
> > 4 assignments needs to get quoted and we should be safe.
> >
> > sudo http_proxy="$http_proxy" ... no_proxy="$no_proxy"
> > multistrap ...
>
> Why so complicated. As you said, you know that environment is cleared.
> So there is no point in hardcoding proxy settings variables here.
From my Mail:
It makes truly clear which variables should be set. There is not risk
to keep anything in addition and the comment can go away.
But yeah, not too important.
Henning
> > Problem without the quotes, one could put commands into the
> > variables and execute them with sudo:
>
> Security concerns are out of topic here. The problem is always given
> when using sudo - as already known and already thought about. So in my
> opinion it is not useful to introduce variable exports with extra
> security concerns here instead of just relying on bitbake's
> environment clearing. Because that's what bitbake's implementation is
> about.
>
> Andreas
>
next prev parent reply other threads:[~2017-09-11 16:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 15:03 [PATCH 0/1] Make do_rootfs work with proxy settings Andreas J. Reichel
2017-09-07 15:03 ` [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb Andreas J. Reichel
2017-09-08 7:37 ` Henning Schild
2017-09-08 8:02 ` Henning Schild
2017-09-11 10:55 ` Andreas Reichel
2017-09-11 16:50 ` Henning Schild [this message]
2017-09-11 9:24 ` Andreas Reichel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170911185054.0fa286c9@md1em3qc \
--to=henning.schild@siemens.com \
--cc=andreas.reichel.ext@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox