From 7550017f97d7892f8b7d26074046a87144f491dd Mon Sep 17 00:00:00 2001
From: Tim Schumacher <timschumi@gmx.de>
Date: Thu, 19 May 2022 23:28:43 +0200
Subject: [PATCH] Ports: Sanitize environment before handling Ports

This keeps users from leaking their host environment variables (CFLAGS,
etc.) into Ports, and it keeps us from leaking Port-specific settings
into their dependencies.
---
 Meta/lint-ports.py     | 1 +
 Ports/.port_include.sh | 6 ++++++
 Ports/.strip_env.sh    | 8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100755 Ports/.strip_env.sh

diff --git a/Meta/lint-ports.py b/Meta/lint-ports.py
index 2d852bf46c..e24160ef35 100755
--- a/Meta/lint-ports.py
+++ b/Meta/lint-ports.py
@@ -21,6 +21,7 @@ PORT_TABLE_FILE = 'AvailablePorts.md'
 IGNORE_FILES = {
     '.gitignore',
     '.port_include.sh',
+    '.strip_env.sh',
     PORT_TABLE_FILE,
     'build_all.sh',
     'build_installed.sh',
diff --git a/Ports/.port_include.sh b/Ports/.port_include.sh
index 31bec3dc2d..78c6d89d3b 100755
--- a/Ports/.port_include.sh
+++ b/Ports/.port_include.sh
@@ -2,6 +2,12 @@
 set -eu
 
 SCRIPT="$(dirname "${0}")"
+
+if [ -z "${SERENITY_STRIPPED_ENV:-}" ]; then
+    exec "${SCRIPT}/.strip_env.sh" "${@}"
+fi
+unset SERENITY_STRIPPED_ENV
+
 export MAKEJOBS="${MAKEJOBS:-$(nproc)}"
 
 maybe_source() {
diff --git a/Ports/.strip_env.sh b/Ports/.strip_env.sh
new file mode 100755
index 0000000000..54265ae791
--- /dev/null
+++ b/Ports/.strip_env.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+exec env -i SERENITY_STRIPPED_ENV=1 \
+    MAKEJOBS="${MAKEJOBS:-}" \
+    IN_SERENITY_PORT_DEV="${IN_SERENITY_PORT_DEV:-}" \
+    SERENITY_ARCH="${SERENITY_ARCH:-}" \
+    SERENITY_TOOLCHAIN="${SERENITY_TOOLCHAIN:-}" \
+    "${@}"