On 2020-06-30 12:22, Matthew Thode wrote: > > I'd like to suggest allowing only approved variables in the build > environment, having portage unset all variables and setting only what is > needed (or configured).
I think this is orthogonal to the problem I'm trying to solve. Even if all environment variables had to be whitelisted, ebuilds would still need to know how to use them when they happen to be defined. I basically just want to write down things like "If set, CC is assumed to contain the name of a compiler driver such as /usr/bin/gcc." That way ebuilds can be written to pass $CC to the build system in places that are expecting a compiler driver. Conversely, if LD is documented to contain a dynamic linker such as /bin/ld, then ebuilds must mangle LD whenever the upstream build system (e.g. pari, perl) interprets it otherwise. These meanings are already enshrined in the tc-getFOO() functions and the various de-facto standards, but there's no user or developer documentation promising that the variables will be used in any particular way.