From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6463052406736289792 X-Received: by 10.25.228.134 with SMTP id x6mr800649lfi.33.1505148643711; Mon, 11 Sep 2017 09:50:43 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.75.1 with SMTP id y1ls327366lja.28.gmail; Mon, 11 Sep 2017 09:50:43 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCoxfk/u0gw81F2SaVMle69E3Cmd+p1Z7zWAi/eX+v0tljbrDyx1GnxWRgoMUjvkk5W5Ii+ X-Received: by 10.46.83.13 with SMTP id h13mr876300ljb.40.1505148643416; Mon, 11 Sep 2017 09:50:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505148643; cv=none; d=google.com; s=arc-20160816; b=bP7lrn8sxFp0Yc52Bb6ciMFq4o8uVQZnlQ1cM10F12DmQmlmdgYEm+a5H+/4rrHHWe A+TeOVT8ZlgE4u2Ml8OTCMtTg0iDxuzw4uXf/8KdERSf1jShVohBqicPxZdOTkGWxrvr h4WYnY9Nepd/H5ihtGvR3uUVj2tZpuuJdLz2cZ3Dz8FMU9fuHnKlSbkSzZYsHktlROE3 h7q81cAaVUy1Wqww09rT/3VFvGcfI2OzlaPxDQ8VW9s1UkoFo8ZJLMtimP4uhcMt+Ti+ 4lCQ2mOdtBc2bcplpUpuS1WsHWjHV5Gluy7tZBwQHY0InMaUbnAE5DU3pG3NTsU1mvLp YxbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:arc-authentication-results; bh=aX1EvyM9+lE0W4vR7MYwVwqVRENmHI81GuEMTYI0Ev8=; b=BkhZjrwtyTg81oo/3+ngJl5bTNUs5Uugnfb/d55mShV1tC2DPnUatb09lazxlEPRO5 sPzffg0WUDajqE/x+PLDfImZOpeUFL0Bu2WxCWMgYVs+ryOzQymoYo2CvR1oGb0W+Spf bYijZwK3l68ZEfZhNUuL75UJ8s3IQtTAUQtQ76UbHlRr54q+CwD6WdofFkWnvP0yW5ga IB/aeLW0jtOZPs9wKekys9LBIWXRejU8UstlB0rwNhDisrW0fTeqMnu7upAEjTvaPupX pKRkl89f1EFdCl+UgqfwAtTwzSynbOkl9tH4VK4anKmO8k+a+5YH+Eq9W1czu1izX4No +QjA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id 74si643274wmf.8.2017.09.11.09.50.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Sep 2017 09:50:43 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) smtp.mailfrom=henning.schild@siemens.com Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id v8BGoh5o016791 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 11 Sep 2017 18:50:43 +0200 Received: from md1em3qc ([139.25.68.40]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id v8BGohS3002701; Mon, 11 Sep 2017 18:50:43 +0200 Date: Mon, 11 Sep 2017 18:50:54 +0200 From: Henning Schild To: Andreas Reichel Cc: Subject: Re: [PATCH 1/1] Add proxy support to isar-image-*.bb and buildchroot.bb Message-ID: <20170911185054.0fa286c9@md1em3qc> In-Reply-To: <20170911105500.GA7040@iiotirae> References: <20170907150335.30970-1-andreas.reichel.ext@siemens.com> <20170907150335.30970-2-andreas.reichel.ext@siemens.com> <20170908093738.609fe0df@md1em3qc> <20170908100204.3ba1f0e3@md1em3qc> <20170911105500.GA7040@iiotirae> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-TUID: Tt8yfTXa+ZdU Am Mon, 11 Sep 2017 12:55:00 +0200 schrieb Andreas Reichel : > On Fri, Sep 08, 2017 at 10:02:04AM +0200, Henning Schild wrote: > > Am Fri, 8 Sep 2017 09:37:38 +0200 > > schrieb "[ext] Henning Schild" : > > =20 > > > Thanks for looking into this and finally finding a solution. More > > > comments inline. > > >=20 > > > Am Thu, 7 Sep 2017 17:03:35 +0200 > > > schrieb "Andreas J. Reichel" : > > > =20 > > > > From: Andreas Reichel > > > > =20 > > >=20 > > > I know that the env was already cleared and that it should be > > > safe to use "sudo -E". What about the following? > > >=20 > > > sudo http_proxy=3D$http_proxy ... no_proxy=3D$no_proxy > > > multistrap ... =20 > >=20 > > Well this would actually be pretty dangerous. The right side of the > > 4 assignments needs to get quoted and we should be safe. > >=20 > > sudo http_proxy=3D"$http_proxy" ... no_proxy=3D"$no_proxy" > > multistrap ...=20 >=20 > Why so complicated. As you said, you know that environment is cleared. > So there is no point in hardcoding proxy settings variables here. =46rom my Mail: It makes truly clear which variables should be set. There is not risk to keep anything in addition and the comment can go away. But yeah, not too important. Henning > > Problem without the quotes, one could put commands into the > > variables and execute them with sudo: =20 >=20 > Security concerns are out of topic here. The problem is always given > when using sudo - as already known and already thought about. So in my > opinion it is not useful to introduce variable exports with extra > security concerns here instead of just relying on bitbake's > environment clearing. Because that's what bitbake's implementation is > about. >=20 > Andreas >=20