Date: Fri, 11 Oct 2013 06:14:48 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Kimo Rosenbaum <kimor79@yahoo.com>, "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: poudriere and networking Message-ID: <5257DDA8.5080202@FreeBSD.org> In-Reply-To: <1381473199.36649.YahooMailNeo@web142801.mail.bf1.yahoo.com> References: <1381473199.36649.YahooMailNeo@web142801.mail.bf1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5poXjuH55Ef2I8vp6EXxRcpIGpr21Hx77
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
> Hello,
>=20
> I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying =
to build a private port which requires downloading files after the extrac=
t target. However, it seems as though networking isn't available after po=
st-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/re=
solv.conf in post-patch shows the correct contents. The build is able to =
run the fetch but once past post-fetch I can't do any DNS lookups nor pin=
g anything external. The host itself can do those things. Also when I ent=
er the jail via jexec I can perform those things.
>=20
> Any ideas?
>=20
> Thanks
> Kimo
This is done for security. During build, the code running is untrusted.
We don't want it to reach out and scan/infect your network during a build=
=2E
I do understand you're building a private port though. I would add a
flag to override this per port, but I worry some porter would put it in
their FreeBSD port where it does not belong.
You can apply a patch like this to your
/usr/local/share/poudriere/common.sh to work around the issue:
> --- src/share/poudriere/common.sh
> +++ src/share/poudriere/common.sh
> @@ -1402,14 +1402,10 @@
> fi
> return 1
> fi
> fi
>=20
> - if [ "${phase}" =3D "checksum" ]; then
> - jstop
> - jstart 0
> - fi
> print_phase_footer
>=20
> if [ "${phase}" =3D "checksum" ]; then
> mkdir -p ${mnt}/portdistfiles
> echo "DISTDIR=3D/portdistfiles" >> ${mnt}/etc/m=
ake.conf
--=20
Regards,
Bryan Drewery
--5poXjuH55Ef2I8vp6EXxRcpIGpr21Hx77
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSV92tAAoJEG54KsA8mwz5t7gP/3tGsIe4sEzbvi+cAVFu4346
r8PCxNc84GyXPwb+zppImkcxR0ZosQhjkgK2Eu6Q4K15eJoe8LoyKdlo//1BqnUU
8+ln7dX/MC8Fv7oHRyRfy9TDXev4kc57dhg9sgphlABlt6ObPN1ReN6G0/pWixay
+5rn0vop2b0D6xjeAx/vSujYMqKeA74+05dtIXtZ0YrEm9/pBF8yq3faXioKmQSI
+PYxqvZaK5L5nACtI7VA6QKfJTKViYTqS34zvUMm3CwMjrT3bPQqxxwFpHYVYWlF
tVPXA2/1lTwrfk1wdDeiVEO8odITW9GA4RprvgNqTIDtE6/dgHuyHR3wOjxpYMn9
i0EILFzERyMjG84wa586fDiDSyOXFhnZhlUaA8qhvz2jBvvyxLevbOU9fds15WDI
7ZdOJop4nB7guDoozt8uUBPZ3S+qO8yERtHTljItIGS2kIWWi4NKUAH9OdENErhX
vj1gvL5M1u+M2DZLXaYRYCTs40nDcxGe3r1Z8uD/BUT6o2rkMo1hwkeqjSFVZBpv
Qvrg7zLEYfX/86p323sIWvSn2ENDPE1QEKSPJNvNQn/LUcBgXFi3lTdkdZdDAWKT
fbpOqhIkieye3N7UeLbFIpoUHYCSxJ/tm3SzOsPmjEUrOLr6l9SGHVwVMlu0jpvj
MCYbSu89cSkG4uqHawcd
=ieN1
-----END PGP SIGNATURE-----
--5poXjuH55Ef2I8vp6EXxRcpIGpr21Hx77--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5257DDA8.5080202>