poudriere and networking
Bryan Drewery
bdrewery at FreeBSD.org
Fri Oct 11 11:15:00 UTC 2013
On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
> Hello,
>
> I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things.
>
> Any ideas?
>
> Thanks
> Kimo
This is done for security. During build, the code running is untrusted.
We don't want it to reach out and scan/infect your network during a build.
I do understand you're building a private port though. I would add a
flag to override this per port, but I worry some porter would put it in
their FreeBSD port where it does not belong.
You can apply a patch like this to your
/usr/local/share/poudriere/common.sh to work around the issue:
> --- src/share/poudriere/common.sh
> +++ src/share/poudriere/common.sh
> @@ -1402,14 +1402,10 @@
> fi
> return 1
> fi
> fi
>
> - if [ "${phase}" = "checksum" ]; then
> - jstop
> - jstart 0
> - fi
> print_phase_footer
>
> if [ "${phase}" = "checksum" ]; then
> mkdir -p ${mnt}/portdistfiles
> echo "DISTDIR=/portdistfiles" >> ${mnt}/etc/make.conf
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20131011/8f249cb0/attachment.sig>
More information about the freebsd-ports
mailing list