From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fis Trivial Subject: Export environment variables only in `guix environment`. Date: Mon, 29 Jan 2018 22:29:09 +0000 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35851) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egHvP-0007Je-RF for guix-devel@gnu.org; Mon, 29 Jan 2018 17:29:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egHvL-0007gb-Ma for guix-devel@gnu.org; Mon, 29 Jan 2018 17:29:15 -0500 Received: from mail-oln040092009027.outbound.protection.outlook.com ([40.92.9.27]:35129 helo=NAM04-BN3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egHvL-0007g5-9b for guix-devel@gnu.org; Mon, 29 Jan 2018 17:29:11 -0500 Content-Language: en-US List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel * Problem The exported environment variables can cause various problems in foreign distribution(1)(2). And besides, The long list of environment variables(4) injected into user's login shell makes the user's environment impure. So, I believe that if I want to run guix safely on a foreign distributions,= I need to eliminate the need for exporting environment variables from guix to= my login shell. * From nix I tried nix and found that they actually don't export any library related environment variable by default, the only non-prefixed env in their profile= file is $PATH, so the above mentioned problem cannot arise on the nix side. But = the simple solution isn't perfect either. In short, one cannot access any libr= ary installed by nix without launching `nix-shell`(much like `guix environment`= ). Even worse, you need to specify all the needed libraries before launching i= t, which is extremely inconvenient, especially when you use interpreters like python shell. That's not good for Unix, where casual programming is a daily practice. Around the problem, they also have some discussions, for details, please re= fer to(1). So, I am thinking if we can come to a middle land, that we *ONLY* source th= ose exported environment variables when launching `guix environment` or `guix container`, and let the behavior controllable by command arguments. F= or example: `guix environment --export-all-envs` or `guix environment --export GI_TYPELIB_PATH` [1]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30093 [2]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30229 [3]: https://github.com/NixOS/nixpkgs/issues/10597 [4]: The envs exported by guix on my system, copied from ~/.guix-profile/et= c/profile export PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603ma56fm-= profile}/bin:${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603ma56fm-pr= ofile}/sbin${PATH:+:}$PATH" export C_INCLUDE_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70= 603ma56fm-profile}/include${C_INCLUDE_PATH:+:}$C_INCLUDE_PATH" export CPLUS_INCLUDE_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1k= ra70603ma56fm-profile}/include${CPLUS_INCLUDE_PATH:+:}$CPLUS_INCLUDE_PATH" export LIBRARY_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra7060= 3ma56fm-profile}/lib:${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603m= a56fm-profile}/lib64${LIBRARY_PATH:+:}$LIBRARY_PATH" export XDG_DATA_DIRS=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra706= 03ma56fm-profile}/share${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS" export GIO_EXTRA_MODULES=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kr= a70603ma56fm-profile}/lib/gio/modules${GIO_EXTRA_MODULES:+:}$GIO_EXTRA_MODU= LES" export GI_TYPELIB_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra7= 0603ma56fm-profile}/lib/girepository-1.0${GI_TYPELIB_PATH:+:}$GI_TYPELIB_PA= TH" export PYTHONPATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603m= a56fm-profile}/lib/python3.5/site-packages${PYTHONPATH:+:}$PYTHONPATH" export GUIX_GTK3_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70= 603ma56fm-profile}/lib/gtk-3.0${GUIX_GTK3_PATH:+:}$GUIX_GTK3_PATH" export PERL5LIB=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603ma5= 6fm-profile}/lib/perl5/site_perl${PERL5LIB:+:}$PERL5LIB" export GUILE_LOAD_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra7= 0603ma56fm-profile}/share/guile/site/2.2${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PA= TH" export GUILE_LOAD_COMPILED_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcx= b2yw1kra70603ma56fm-profile}/share/guile/site/2.2${GUILE_LOAD_COMPILED_PATH= :+:}$GUILE_LOAD_COMPILED_PATH" export CMAKE_PREFIX_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kr= a70603ma56fm-profile}/${CMAKE_PREFIX_PATH:+:}$CMAKE_PREFIX_PATH" export PKG_CONFIG_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra7= 0603ma56fm-profile}/lib/pkgconfig:${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb= 2yw1kra70603ma56fm-profile}/share/pkgconfig${PKG_CONFIG_PATH:+:}$PKG_CONFIG= _PATH" export CPATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra70603ma56fm= -profile}/include${CPATH:+:}$CPATH" export SSL_CERT_DIR=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra7060= 3ma56fm-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR" export GHC_PACKAGE_PATH=3D"${GUIX_PROFILE:-/gnu/store/5myb7fcfvlmcxb2yw1kra= 70603ma56fm-profile}/lib/ghc-8.0.2/package.conf.d${GHC_PACKAGE_PATH:+:}$GHC= _PACKAGE_PATH"