poudriere and networking

Kimo Rosenbaum kimor79 at yahoo.com
Fri Oct 11 16:58:29 UTC 2013 

I don't quite agree with that being the default but I understand. The patch works as intended. Thanks!


Thanks
Kimo



----- Original Message -----
> From: Bryan Drewery <bdrewery at FreeBSD.org>
> To: Kimo Rosenbaum <kimor79 at yahoo.com>; "freebsd-ports at freebsd.org" <freebsd-ports at freebsd.org>
> Cc: 
> Sent: Friday, October 11, 2013 4:14 AM
> Subject: Re: poudriere and networking
> 
> On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
>>  Hello,
>> 
>>  I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm 
> trying to build a private port which requires downloading files after the 
> extract target. However, it seems as though networking isn't available after 
> post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing 
> /etc/resolv.conf in post-patch shows the correct contents. The build is able to 
> run the fetch but once past post-fetch I can't do any DNS lookups nor ping 
> anything external. The host itself can do those things. Also when I enter the 
> jail via jexec I can perform those things.
>> 
>>  Any ideas?
>> 
>>  Thanks
>>  Kimo
> 
> This is done for security. During build, the code running is untrusted.
> We don't want it to reach out and scan/infect your network during a build.
> 
> I do understand you're building a private port though. I would add a
> flag to override this per port, but I worry some porter would put it in
> their FreeBSD port where it does not belong.
> 
> You can apply a patch like this to your
> /usr/local/share/poudriere/common.sh to work around the issue:
> 
>>  --- src/share/poudriere/common.sh
>>  +++ src/share/poudriere/common.sh
>>  @@ -1402,14 +1402,10 @@
>>                                  fi
>>                                  return 1
>>                          fi
>>                  fi
>> 
>>  -               if [ "${phase}" = "checksum" ]; 
> then
>>  -                       jstop
>>  -                       jstart 0
> 
>>  -               fi
>>                  print_phase_footer
>> 
>>                  if [ "${phase}" = "checksum" ]; 
> then
>>                          mkdir -p ${mnt}/portdistfiles
>>                          echo "DISTDIR=/portdistfiles" >> 
> ${mnt}/etc/make.conf
> 
> 
> -- 
> Regards,
> Bryan Drewery
>

More information about the freebsd-ports mailing list