do not leak PATH, LD_LIBRARY_PATH, and TMPDIR into the shell environment by default

[benjaminp]

BazelConfiguration.setupShellEnvironement makes the default shell environment inherit the PATH, LD_LIBRARY_PATH, and TMPDIR environmental variables from the server environment (i.e., what they are at server startup time). I can see why this might be useful, but I don't think it should be the default behavior. I observed that this behavior was a source of indeterminism when building the same code on different machines; the build products were the same, but as environment affects the action key, remote caching across the machines didn't work. Why not be hermetic by default and have users who need to change these variables pass, e.g., --action_env=PATH?

If the behavior can't be changed, I would at least like a way to unset those environmental variables in the shell environment from the command line. AFAICT, with --action_env currently, the best you can do is set them to an empty string.

[iirina]

@gregestren can you take a look at this? Thanks.

[ulfjack]

This is definitely on our todo list, but I'm not sure when we'll get to it. Adding 1.0 as the expected milestone, because it needs to be fixed by then (although earlier would be better).

[AustinSchuh]

There's a pretty easy workaround.

Modify //tools/bazel in your repo to set the environment when it executes Bazel. We do something like:

ENVIRONMENT_VARIABLES=()
ENVIRONMENT_VARIABLES+=(HOSTNAME="${HOSTNAME}")
ENVIRONMENT_VARIABLES+=(SHELL="${SHELL}")
ENVIRONMENT_VARIABLES+=(USER="${USER}")
ENVIRONMENT_VARIABLES+=(PATH="${PATH}")
ENVIRONMENT_VARIABLES+=(LANG="${LANG}")
ENVIRONMENT_VARIABLES+=(HOME="${HOME}")
ENVIRONMENT_VARIABLES+=(LOGNAME="${LOGNAME}")
ENVIRONMENT_VARIABLES+=(TERM="${TERM}")

if [[ ! -z "${DISPLAY+x}" ]]; then
  ENVIRONMENT_VARIABLES+=(DISPLAY="${DISPLAY}")
fi

exec -a "${VERSION_BAZEL}" env -i \
    "${ENVIRONMENT_VARIABLES[@]}" \
    "${VERSION_BAZEL}-real" "$@"

That lets us control which version of bazel is in use for each revision of the repository, and the environment. That makes it easy to handle compatibility.