[GN] Sanitize environment variables when running ninja from Xcode.

tools/gn/xcode_writer.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "tools/gn/xcode_writer.h"
 
 #include <iomanip>
 #include <map>
 #include <memory>
 #include <sstream>
@@ skipping 13 matching lines @@
 #include "tools/gn/filesystem_utils.h"
 #include "tools/gn/settings.h"
 #include "tools/gn/source_file.h"
 #include "tools/gn/target.h"
 #include "tools/gn/value.h"
 #include "tools/gn/variables.h"
 #include "tools/gn/xcode_object.h"
 
 namespace {
 
+struct SafeEnvironmentVariableInfo {
+  const char* name;
+  bool capture_at_generation;
+};
+
+SafeEnvironmentVariableInfo kSafeEnvironmentVariables[] = {
+    {"HOME", true}, {"LANG", true},    {"PATH", true},

[Dirk Pranke, 2016/12/01 20:53:22]

nit: weird indentation.

+    {"USER", true}, {"TMPDIR", false},
+};
+
 XcodeWriter::TargetOsType GetTargetOs(const Args& args) {
   const Value* target_os_value = args.GetArgOverride(variables::kTargetOs);
   if (target_os_value) {
     if (target_os_value->type() == Value::STRING) {
       if (target_os_value->string_value() == "ios")
         return XcodeWriter::WRITER_TARGET_OS_IOS;
     }
   }
   return XcodeWriter::WRITER_TARGET_OS_MACOS;
 }
 
 std::string GetBuildScript(const std::string& target_name,
-                           const std::string& build_path,
-                           const std::string& ninja_extra_args) {
+                           const std::string& ninja_extra_args,
+                           base::Environment* environment) {
   std::stringstream script;
   script << "echo note: \"Compile and copy " << target_name << " via ninja\"\n"
          << "exec ";
-  if (!build_path.empty())
-    script << "env PATH=\"" << build_path << "\" ";
+
+  // Launch ninja with a sanitized environment (Xcode sets many environment
+  // variable overridding settings, including the SDK, thus breaking hermetic
+  // build).
+  script << "env -i ";
+  for (size_t i = 0; i < arraysize(kSafeEnvironmentVariables); ++i) {

[Dirk Pranke, 2016/12/01 20:53:22]

Can you replace this with a range-based loop? I.e., `for (const auto& variable:
kSafeEnvironmentVariables)` or some such?

+    const auto& variable = kSafeEnvironmentVariables[i];
+    script << variable.name << "=\"";
+
+    std::string value;
+    if (variable.capture_at_generation)
+      environment->GetVar(variable.name, &value);
+
+    if (!value.empty())
+      script << value;
+    else
+      script << "$" << variable.name;
+    script << "\" ";
+  }
+
   script << "ninja -C .";
   if (!ninja_extra_args.empty())
     script << " " << ninja_extra_args;
   if (!target_name.empty())
     script << " " << target_name;
   script << "\nexit 1\n";
   return script.str();
 }
 
 class CollectPBXObjectsPerClassHelper : public PBXObjectVisitor {
@@ skipping 183 matching lines @@
     const std::string& config_name,
     const std::string& root_target,
     const std::string& ninja_extra_args,
     const BuildSettings* build_settings,
     TargetOsType target_os) {
   std::unique_ptr<PBXProject> main_project(
       new PBXProject("products", config_name, source_path, attributes));
 
   std::string build_path;
   std::unique_ptr<base::Environment> env(base::Environment::Create());
-  env->GetVar("PATH", &build_path);
 
   main_project->AddAggregateTarget(
-      "All", GetBuildScript(root_target, build_path, ninja_extra_args));
+      "All", GetBuildScript(root_target, ninja_extra_args, env.get()));
 
   for (const Target* target : targets) {
     switch (target->output_type()) {
       case Target::EXECUTABLE:
         if (target_os == XcodeWriter::WRITER_TARGET_OS_IOS)
           continue;
 
         main_project->AddNativeTarget(
             target->label().name(), "compiled.mach-o.executable",
             target->output_name().empty() ? target->label().name()
                                           : target->output_name(),
             "com.apple.product-type.tool",
-            GetBuildScript(target->label().name(), build_path,
-                           ninja_extra_args));
+            GetBuildScript(target->label().name(), ninja_extra_args,
+                           env.get()));
         break;
 
       case Target::CREATE_BUNDLE:
         if (target->bundle_data().product_type().empty())
           continue;
 
         main_project->AddNativeTarget(
             target->label().name(), std::string(),
             RebasePath(target->bundle_data()
                            .GetBundleRootDirOutput(target->settings())
                            .value(),
                        build_settings->build_dir()),
             target->bundle_data().product_type(),
-            GetBuildScript(target->label().name(), build_path,
-                           ninja_extra_args));
+            GetBuildScript(target->label().name(), ninja_extra_args,
+                           env.get()));
         break;
 
       default:
         break;
     }
   }
 
   projects_.push_back(std::move(main_project));
 }
 
@@ skipping 102 matching lines @@
     for (auto* object : pair.second) {
       object->Print(out, 2);
     }
     out << "/* End " << ToString(pair.first) << " section */\n";
   }
 
   out << "\t};\n"
       << "\trootObject = " << project->Reference() << ";\n"
       << "}\n";
 }