From owner-freebsd-ports@FreeBSD.ORG  Thu Jun  7 05:03:54 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C9799106566B
	for <ports@FreeBSD.org>; Thu,  7 Jun 2012 05:03:54 +0000 (UTC)
	(envelope-from linimon@lonesome.com)
Received: from mail.soaustin.net (pancho.soaustin.net [76.74.250.40])
	by mx1.freebsd.org (Postfix) with ESMTP id AB3CD8FC12
	for <ports@FreeBSD.org>; Thu,  7 Jun 2012 05:03:54 +0000 (UTC)
Received: by mail.soaustin.net (Postfix, from userid 502)
	id 6CABC56239; Thu,  7 Jun 2012 00:03:52 -0500 (CDT)
Date: Thu, 7 Jun 2012 00:03:52 -0500
From: Mark Linimon <linimon@lonesome.com>
To: ports@FreeBSD.org
Message-ID: <20120607050351.GA11949@lonesome.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: 
Subject: RFC: ports failing in jails
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2012 05:03:54 -0000

I'd like to request the assistance of our committers and maintainers in
fixing a new failure mode of ports which are built in jails.

We have recently made the port-building code more restrictive about when
builds may access the net.  Access to the net is now denied except in the
"fetch" phase.  This should help us identify ports that either have
latent bugs (missing dependencies that are being handled by some kind
of auto-fetch code), or are doing some kind of annoying "phone home"
action.  At best the latter will create non-reproducible packages; at
worst they will allow another means of attack.

We first tested this on pointyhat-west, which we are using for both -exp
runs and the pkgng packages.  (The change has also been migrated to redports
and poudriere; IIUC the patch for the ports tinderbox is currently being
tested.)

As bapt, miwi, and I have been trying to analyze the results of these
runs, we keep tripping over these failures.  There are too many for us
to tackle, so we'd like your help.

I've been trying to collect them on the following page:

  http://wiki.freebsd.org/PortsFailingInJails

Note that ATM the failures are a moving target, so some of these failures
may have already been fixed.  If that is the case, please make a note of
them in the "already fixed" section, so that when reviewing errorlogs we
will know to skip over those.

Thanks.

mcl