poudriere and networking

Alexander Yerenkow yerenkow at gmail.com
Fri Oct 11 17:10:31 UTC 2013 

I'd suggest to you anyway investigate what are downloaded, and why;
If it's some static files - you could try to add them to distfiles, and
replace places where they are trying download from web to file;
e.g.
find somewhere
http://site/your.file
and try to replace it with
file://$DISTFILES/your.file




2013/10/11 Kimo Rosenbaum <kimor79 at yahoo.com>

> I don't quite agree with that being the default but I understand. The
> patch works as intended. Thanks!
>
>
> Thanks
> Kimo
>
>
>
> ----- Original Message -----
> > From: Bryan Drewery <bdrewery at FreeBSD.org>
> > To: Kimo Rosenbaum <kimor79 at yahoo.com>; "freebsd-ports at freebsd.org" <
> freebsd-ports at freebsd.org>
> > Cc:
> > Sent: Friday, October 11, 2013 4:14 AM
> > Subject: Re: poudriere and networking
> >
> > On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
> >>  Hello,
> >>
> >>  I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm
> > trying to build a private port which requires downloading files after the
> > extract target. However, it seems as though networking isn't available
> after
> > post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing
> > /etc/resolv.conf in post-patch shows the correct contents. The build is
> able to
> > run the fetch but once past post-fetch I can't do any DNS lookups nor
> ping
> > anything external. The host itself can do those things. Also when I
> enter the
> > jail via jexec I can perform those things.
> >>
> >>  Any ideas?
> >>
> >>  Thanks
> >>  Kimo
> >
> > This is done for security. During build, the code running is untrusted.
> > We don't want it to reach out and scan/infect your network during a
> build.
> >
> > I do understand you're building a private port though. I would add a
> > flag to override this per port, but I worry some porter would put it in
> > their FreeBSD port where it does not belong.
> >
> > You can apply a patch like this to your
> > /usr/local/share/poudriere/common.sh to work around the issue:
> >
> >>  --- src/share/poudriere/common.sh
> >>  +++ src/share/poudriere/common.sh
> >>  @@ -1402,14 +1402,10 @@
> >>                                  fi
> >>                                  return 1
> >>                          fi
> >>                  fi
> >>
> >>  -               if [ "${phase}" = "checksum" ];
> > then
> >>  -                       jstop
> >>  -                       jstart 0
> >
> >>  -               fi
> >>                  print_phase_footer
> >>
> >>                  if [ "${phase}" = "checksum" ];
> > then
> >>                          mkdir -p ${mnt}/portdistfiles
> >>                          echo "DISTDIR=/portdistfiles" >>
> > ${mnt}/etc/make.conf
> >
> >
> > --
> > Regards,
> > Bryan Drewery
> >
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>



-- 
Regards,
Alexander Yerenkow

More information about the freebsd-ports mailing list