Date: Fri, 11 Oct 2013 09:58:20 -0700 (PDT) From: Kimo Rosenbaum <kimor79@yahoo.com> To: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Cc: Bryan Drewery <bdrewery@FreeBSD.org> Subject: Re: poudriere and networking Message-ID: <1381510700.37006.YahooMailNeo@web142806.mail.bf1.yahoo.com> In-Reply-To: <5257DDA8.5080202@FreeBSD.org> References: <1381473199.36649.YahooMailNeo@web142801.mail.bf1.yahoo.com> <5257DDA8.5080202@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't quite agree with that being the default but I understand. The patch=
works as intended. Thanks!=0A=0A=0AThanks=0AKimo=0A=0A=0A=0A----- Original=
Message -----=0A> From: Bryan Drewery <bdrewery@FreeBSD.org>=0A> To: Kimo =
Rosenbaum <kimor79@yahoo.com>; "freebsd-ports@freebsd.org" <freebsd-ports@f=
reebsd.org>=0A> Cc: =0A> Sent: Friday, October 11, 2013 4:14 AM=0A> Subject=
: Re: poudriere and networking=0A> =0A> On 10/11/2013 1:33 AM, Kimo Rosenba=
um wrote:=0A>> Hello,=0A>> =0A>> I'm running poudriere-devel-3.0.99.20130=
927 on 9.1-RELEASE. I'm =0A> trying to build a private port which requires =
downloading files after the =0A> extract target. However, it seems as thoug=
h networking isn't available after =0A> post-fetch. I do have RESOLV_CONF s=
et in poudriere.conf and cat'ing =0A> /etc/resolv.conf in post-patch shows =
the correct contents. The build is able to =0A> run the fetch but once past=
post-fetch I can't do any DNS lookups nor ping =0A> anything external. The=
host itself can do those things. Also when I enter the =0A> jail via jexec=
I can perform those things.=0A>> =0A>> Any ideas?=0A>> =0A>> Thanks=0A>>=
Kimo=0A> =0A> This is done for security. During build, the code running i=
s untrusted.=0A> We don't want it to reach out and scan/infect your network=
during a build.=0A> =0A> I do understand you're building a private port th=
ough. I would add a=0A> flag to override this per port, but I worry some po=
rter would put it in=0A> their FreeBSD port where it does not belong.=0A> =
=0A> You can apply a patch like this to your=0A> /usr/local/share/poudriere=
/common.sh to work around the issue:=0A> =0A>> --- src/share/poudriere/com=
mon.sh=0A>> +++ src/share/poudriere/common.sh=0A>> @@ -1402,14 +1402,10 @=
@=0A>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 fi=
=0A>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 retu=
rn 1=0A>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 fi=0A>> =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 fi=0A>> =0A>> -=A0 =A0 =A0 =A0 =A0 =A0 =A0 if [ =
"${phase}" =3D "checksum" ]; =0A> then=0A>> -=A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 jstop=0A>> -=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
jstart 0=0A> =0A>> -=A0 =A0 =A0 =A0 =A0 =A0 =A0 fi=0A>> =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 print_phase_footer=0A>> =0A>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 if [ "${phase}" =3D "checksum" ]; =0A> then=0A>> =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 mkdir -p ${mnt}/portdistfiles=0A>> =A0 =A0 =A0=
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo "DISTDIR=3D/portdistfiles" >> =
=0A> ${mnt}/etc/make.conf=0A> =0A> =0A> -- =0A> Regards,=0A> Bryan Drewery=
=0A>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1381510700.37006.YahooMailNeo>