Date: Thu, 7 Jun 2012 00:03:52 -0500 From: Mark Linimon <linimon@lonesome.com> To: ports@FreeBSD.org Subject: RFC: ports failing in jails Message-ID: <20120607050351.GA11949@lonesome.com>
next in thread | raw e-mail | index | archive | help
I'd like to request the assistance of our committers and maintainers in fixing a new failure mode of ports which are built in jails. We have recently made the port-building code more restrictive about when builds may access the net. Access to the net is now denied except in the "fetch" phase. This should help us identify ports that either have latent bugs (missing dependencies that are being handled by some kind of auto-fetch code), or are doing some kind of annoying "phone home" action. At best the latter will create non-reproducible packages; at worst they will allow another means of attack. We first tested this on pointyhat-west, which we are using for both -exp runs and the pkgng packages. (The change has also been migrated to redports and poudriere; IIUC the patch for the ports tinderbox is currently being tested.) As bapt, miwi, and I have been trying to analyze the results of these runs, we keep tripping over these failures. There are too many for us to tackle, so we'd like your help. I've been trying to collect them on the following page: http://wiki.freebsd.org/PortsFailingInJails Note that ATM the failures are a moving target, so some of these failures may have already been fixed. If that is the case, please make a note of them in the "already fixed" section, so that when reviewing errorlogs we will know to skip over those. Thanks. mcl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120607050351.GA11949>