systemctl: deprecate blanket import-environment

Importing the full environment is convenient, but it doesn't work too well in
practice, because we get a metric ton of shell-specific crap that should never
end up in the global environment block:

$ systemctl --user show-environment
...
SHELL=/bin/zsh
AUTOJUMP_ERROR_PATH=/home/zbyszek/.local/share/autojump/errors.log
AUTOJUMP_SOURCED=1
CONDA_SHLVL=0
CVS_RSH=ssh
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
DESKTOP_SESSION=gnome
DISPLAY=:0
FPATH=/usr/share/Modules/init/zsh-functions:/usr/local/share/zsh/site-functions:/usr/share/zsh/site-functions:/usr/share/zsh/5.8/functions
GDMSESSION=gnome
GDM_LANG=en_US.UTF-8
GNOME_SETUP_DISPLAY=:1
GUESTFISH_INIT=$'\\e[1;34m'
GUESTFISH_OUTPUT=$'\\e[0m'
GUESTFISH_PS1=$'\\[\\e[1;32m\\]><fs>\\[\\e[0;31m\\] '
GUESTFISH_RESTORE=$'\\e[0m'
HISTCONTROL=ignoredups
HISTSIZE=1000
LOADEDMODULES=
OLDPWD=/home/zbyszek
PWD=/home/zbyszek
QTDIR=/usr/lib64/qt-3.3
QTINC=/usr/lib64/qt-3.3/include
QTLIB=/usr/lib64/qt-3.3/lib
QT_IM_MODULE=ibus
SDL_VIDEO_MINIMIZE_ON_FOCUS_LOSS=0
SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2612,unix/unix:/tmp/.ICE-unix/2612
SHLVL=0
STEAM_FRAME_FORCE_CLOSE=1
TERM=xterm-256color
USERNAME=zbyszek
WISECONFIGDIR=/usr/share/wise2/
...

Plenty of shell-specific and terminal-specific stuff that have no global
significance.

Let's start warning when this is used to push people towards importing only
specific variables.

Putative NEWS entry:
  * systemctl import-environment will now emit a warning when called without
    any arguments (i.e. to import the full environment block of the called
    program). This command will usually be invoked from a shell, which means
    that it'll inherit a bunch of variables which are specific to that shell,
    and usually to the tty the shell is connected to, and don't have any
    meaning in the global context of the system or user service manager.
    Instead, only specific variables should be imported into the manager
    environment block.

    Similarly, programs which update the manager environment block by directly
    calling the D-Bus API of the manager, should also push specific variables,
    and not the full inherited environment.

diff --git a/man/systemctl.xml b/man/systemctl.xml
index 47bb608459c96a07e5af4e239c66c2eacf11a90d..27207fcf49f1802db3d01bba716caff3bc82cb47 100644 (file)
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -1118,7 +1118,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
         <varlistentry>
           <term>
             <command>import-environment</command>
-            <optional><replaceable>VARIABLE…</replaceable></optional>
+            <replaceable>VARIABLE…</replaceable>
           </term>
 
           <listitem>
@@ -1129,6 +1129,11 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
             arguments are passed, the entire environment block inherited by the <command>systemctl</command>
             process is imported. In this mode, any inherited invalid environment variables are quietly
             ignored.</para>
+
+            <para>Importing of the full inherited environment block (calling this command without any
+            arguments) is deprecated. A shell will set dozens of variables which only make sense locally and
+            are only meant for processes which are descendants of the shell. Such variables in the global
+            environment block are confusing to other processes.</para>
           </listitem>
         </varlistentry>
       </variablelist>

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index a9d863bfda80f32b935eff982946ae0d65d712b9..ed8ab6205c3aa1befcb939b3497040faee62da58 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2854,7 +2854,8 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
     configuration, with just a few environment variables. The user manager inherits environment variables as
     any other system service, but in addition may receive additional environment variables from PAM, and,
     typically, additional imported variables when the user starts a graphical session. It is recommended to
-    keep the environment blocks in both the system and user managers managers lean.</para>
+    keep the environment blocks in both the system and user managers managers lean. Importing all variables
+    inherited by the graphical session or by one of the user shells is strongly discouraged.</para>
 
     <para>Hint: <command>systemd-run -P env</command> and <command>systemd-run --user -P env</command> print
     the effective system and user service environment blocks.</para>

diff --git a/src/systemctl/systemctl-set-environment.c b/src/systemctl/systemctl-set-environment.c
index b68e6f6f66ed1e3af21dcc2ecc241dcaaaa335be..3be2c57778eaee183766fc7f87e6603413972af6 100644 (file)
--- a/src/systemctl/systemctl-set-environment.c
+++ b/src/systemctl/systemctl-set-environment.c
@@ -119,9 +119,9 @@ int import_environment(int argc, char *argv[], void *userdata) {
                 return bus_log_create_error(r);
 
         if (argc < 2) {
-                _cleanup_strv_free_ char **copy = NULL;
+                log_warning("Calling import-environment without a list of variable names is deprecated.");
 
-                copy = strv_copy(environ);
+                _cleanup_strv_free_ char **copy = strv_copy(environ);
                 if (!copy)
                         return log_oom();
 

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 9a934badce114aa06ab63217bce8df5ac51efadb..7fe1e4e65b478048861bb57257b151e80aa6f869 100644 (file)
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -193,7 +193,7 @@ static int systemctl_help(void) {
                "  show-environment                    Dump environment\n"
                "  set-environment VARIABLE=VALUE...   Set one or more environment variables\n"
                "  unset-environment VARIABLE...       Unset one or more environment variables\n"
-               "  import-environment [VARIABLE...]    Import all or some environment variables\n"
+               "  import-environment VARIABLE...      Import all or some environment variables\n"
                "\n%3$sManager State Commands:%4$s\n"
                "  daemon-reload                       Reload systemd manager configuration\n"
                "  daemon-reexec                       Reexecute systemd manager\n"