Date: Fri, 11 Dec 2015 15:55:22 +0000 From: Malcolm Matalka <mmatalka@gmail.com> To: Piotr Florczyk <piotr.florczyk@gemius.com> Cc: freebsd-ports@freebsd.org Subject: Re: poudriere, Go and networking Message-ID: <86mvthrndh.fsf@gmail.com> In-Reply-To: <566AE71B.3080201@gemius.com> (Piotr Florczyk's message of "Fri, 11 Dec 2015 16:09:15 %2B0100") References: <374B9F2C-11B4-44F6-9FF6-E4687ECF9CB2@gemius.com> <20151211143601.GI35480@home.opsec.eu> <566AE71B.3080201@gemius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Piotr Florczyk <piotr.florczyk@gemius.com> writes: > W dniu 11.12.2015 o 15:36, Kurt Jaeger pisze: >> Hi! >> >>> Recently I had to package couple of programs written in Go and godep is >>> becoming the standard for dependency tracking in Go projects. >>> For example I currently had to package telegraf. Here is the thing. Poudriere >>> disables networking after fetch phase and I don't know before extract >>> phase what dependencies are inside. >> >> We recently upgraded maven, the java-world 'make and godep' and all >> the ports that need maven to build have the same problem, see: >> >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188110#c37 >> >>> So here is the question: would it be possible to have networking >>> enabled during extract phase ? >>> Or maybe there is another solution (some flag in ports maybe that >>> I'm missing ?) >> >> I think we need some fancy fetch target per distfile which basically >> uses technology-dependend (maven, godep, etc) ways to trigger >> the 'fetch' during the fetch-phase. Probably some sort >> of base-fetch vrs. dep-fetch ? >> > New target might not be needed but I think this is good idea. Altough it does not solve my problem with poudriere. In my case, the soonest I > can fetch dependencies is in post-extract target. So if poudriere didn't cut off networking at this stage we wouldn't need any changes and > every one would be happy. This sounds like it would be a security hole to let a package download extra things that the FreeBSD package system does not know about and cannot validate. > Even if we come up with proper solution it will require cutting off network at some later stage than post-extract. In my opinion we might > aswell move it to that point right now. Perhaps you should make a tool which takes a go project as input and a FreeBSD package as output? > > -- > Regards, > Piotr Florczyk > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86mvthrndh.fsf>