Merge lp:~roadmr/checkbox/bug-185833-environ-in-power-management into lp:checkbox

+1

I'm somewhat puzzled by this. I why are we not exporting CHECKBOX_DATA to all scripts?

checkbox uses a sudo-spawned backend to run jobs which specify a particular user. The backend is launched once at the beginning of the run. As you know, sudo strips most environment variables for security reasons. Checkbox can send specific environment variables to be set by the backend prior to running a job. These are specified with the environ: key.

The reason why we don't just export everything is the same reason why sudo doesn't do it, we try to be as granular as possible, so we only export the variables each job needs.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W dniu 03.12.2012 16:40, Daniel Manrique pisze:
> checkbox uses a sudo-spawned backend to run jobs which specify a
> particular user. The backend is launched once at the beginning of
> the run. As you know, sudo strips most environment variables for
> security reasons. Checkbox can send specific environment variables
> to be set by the backend prior to running a job. These are
> specified with the environ: key.
>
> The reason why we don't just export everything is the same reason
> why sudo doesn't do it, we try to be as granular as possible, so we
> only export the variables each job needs.

sure but this is not random_env, let's export all $CHECKBOX_*
automatically for the least-surprise rule. IIRC without sudo they are
available already.

Thanks
ZK

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQvM9GAAoJEOvx/vtfL8ZXVSEP/23pq1NO8Ad09eRxI0ii0bAz
p63ixz9/Q95Taulz5C2lW0XDXI5si+BXH4/3xWjyrJX2dwxO7yqTr1QVhafPHEk9
6rK9DndzSvEV8iGWD1f40UPbQiIChkbDHv0Rg4CPAYcNmjiCiqGauBkVNNML/5hl
J1PoRZ5PGHkAJvKiVf1d6/sJI3h6mXZ09WA/B6z2xerNkWqrOhOGYN/iBVhXTVzq
hC2ayJMhX0HI6eDutumWTPhEokdqKMA8fCUoDkWN6c+SCMd1JubzkFzo0AMayPY9
s+U6uuUN0SQJLcPuc/jKt/Pk/6m8X3+ENIMPv5CoOjxCVPjhyVVoYSHFn+CVMUiM
3xUtV46zJ/ltjkurb1sV8bxvtRKR5LHq+SX5YzES1RQXHdpG10ZXaLJNtOBTvcZ/
K8MiKhpE+1Z8HF7IO8PdftN5CoPAw8vVKzaLxd86ZzIXl93+II9OTy7irC2NAF7b
ldhnGo1UP/Vl/4WsYT/XKdtldTGCOS+o5/9z0Q/kAYFpsJsRhzhitKLDa5EsuxHm
KP/YZh4L2V4h5p5V3aoR1Bwgz63lbSGj4xOwgUKety+VrtqzanxalnMyjH9FSe0m
tgQeDdPLjbRNe7V/0ygbJL3f8pIlQLpcuuxsIg5ove3WQ7OytyxUJgoTYPxx7mff
k4kKHzbZMMxHMRLd8zhR
=ouMB
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12-12-03 11:11 AM, Zygmunt Krynicki wrote:
> W dniu 03.12.2012 16:40, Daniel Manrique pisze:
>> checkbox uses a sudo-spawned backend to run jobs which specify a
>> particular user. The backend is launched once at the beginning of the
>> run. As you know, sudo strips most environment variables for security
>> reasons. Checkbox can send specific environment variables to be set by
>> the backend prior to running a job. These are specified with the environ:
>> key.
>
>> The reason why we don't just export everything is the same reason why
>> sudo doesn't do it, we try to be as granular as possible, so we only
>> export the variables each job needs.
>
> sure but this is not random_env, let's export all $CHECKBOX_* automatically
> for the least-surprise rule. IIRC without sudo they are available already.

Doing this for $CHECKBOX_* actually makes sense, I'd be all for it.

>
> Thanks ZK
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQvNEnAAoJELLN2o+BkKXQ0KEIAJFcJ+1/G9+LQjJ49G9Z0+Gg
rHsWqgS/mlgPM3ieqGavoRWHoJSNM7/fd2R5rMfM+xFnCwC9ErRiyWKVOGolLNZC
Nj35WNfQuXaNI4jX77C+mThlbdO3VCUTVXsecHS7L0aiVRFRAfKhvBaL7e6wnVrV
p3mbxi1VZosby4gQygk62Hv+TWxp1PZRx2UEI12pJo7zbFYDdaLdaw+8n1DtaiEL
5RMXhnl1cMdEirUMuU7JykHXmLPi3g5nBGBeds7LZv0TQYIWFIQkQ9fY7QVaV4gX
dOPFtVX2UB8t25cfRXGc4rFmUQVQtu9w54TvduwZp9lI7aK4vzI4tYT+4Wrpeso=
=SmkQ
-----END PGP SIGNATURE-----