poudriere and networking
Kimo Rosenbaum
kimor79 at yahoo.com
Fri Oct 11 17:42:48 UTC 2013
Oh, I know what's being downloaded and why. This is for several ruby apps which have conflicting gems dependencies so we're doing `bundle install --deployment` during do-build to install the gems into ${WRKSRC}/vendor/bundle/. And then from pkg point of view the package just has many many many files. I could download the gems as distfiles but it's a lot of hoops to jump through just to figure out what to download when doing it in do-build already does it.
Thanks
Kimo
>________________________________
> From: Alexander Yerenkow <yerenkow at gmail.com>
>To: Kimo Rosenbaum <kimor79 at yahoo.com>
>Cc: "freebsd-ports at freebsd.org" <freebsd-ports at freebsd.org>; Bryan Drewery <bdrewery at freebsd.org>
>Sent: Friday, October 11, 2013 10:10 AM
>Subject: Re: poudriere and networking
>
>
>
>I'd suggest to you anyway investigate what are downloaded, and why;
>If it's some static files - you could try to add them to distfiles, and replace places where they are trying download from web to file;
>e.g.
>find somewhere
>http://site/your.file
>and try to replace it with
>file://$DISTFILES/your.file
>
>
>
>
>
>
>
>2013/10/11 Kimo Rosenbaum <kimor79 at yahoo.com>
>
>I don't quite agree with that being the default but I understand. The patch works as intended. Thanks!
>>
>>
>>Thanks
>>Kimo
>>
>>
>>
>>
>>----- Original Message -----
>>> From: Bryan Drewery <bdrewery at FreeBSD.org>
>>> To: Kimo Rosenbaum <kimor79 at yahoo.com>; "freebsd-ports at freebsd.org" <freebsd-ports at freebsd.org>
>>> Cc:
>>> Sent: Friday, October 11, 2013 4:14 AM
>>> Subject: Re: poudriere and networking
>>>
>>> On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
>>>> Hello,
>>>>
>>>> I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm
>>> trying to build a private port which requires downloading files after the
>>> extract target. However, it seems as though networking isn't available after
>>> post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing
>>> /etc/resolv.conf in post-patch shows the correct contents. The build is able to
>>> run the fetch but once past post-fetch I can't do any DNS lookups nor ping
>>> anything external. The host itself can do those things. Also when I enter the
>>> jail via jexec I can perform those things.
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks
>>>> Kimo
>>>
>>> This is done for security. During build, the code running is untrusted.
>>> We don't want it to reach out and scan/infect your network during a build.
>>>
>>> I do understand you're building a private port though. I would add a
>>> flag to override this per port, but I worry some porter would put it in
>>> their FreeBSD port where it does not belong.
>>>
>>> You can apply a patch like this to your
>>> /usr/local/share/poudriere/common.sh to work around the issue:
>>>
>>>> --- src/share/poudriere/common.sh
>>>> +++ src/share/poudriere/common.sh
>>>> @@ -1402,14 +1402,10 @@
>>>> fi
>>>> return 1
>>>> fi
>>>> fi
>>>>
>>>> - if [ "${phase}" = "checksum" ];
>>> then
>>>> - jstop
>>>> - jstart 0
>>>
>>>> - fi
>>>> print_phase_footer
>>>>
>>>> if [ "${phase}" = "checksum" ];
>>> then
>>>> mkdir -p ${mnt}/portdistfiles
>>>> echo "DISTDIR=/portdistfiles" >>
>>> ${mnt}/etc/make.conf
>>>
>>>
>>> --
>>> Regards,
>>> Bryan Drewery
>>>
>>
>>_______________________________________________
>>freebsd-ports at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>>To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>>
>>
>
>
>
>--
>Regards,
>Alexander Yerenkow
>
>
More information about the freebsd-ports
mailing list