1 |
Dnia 2014-05-12, o godz. 13:22:20 |
2 |
"Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> napisał(a): |
3 |
|
4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
5 |
> Hash: SHA1 |
6 |
> |
7 |
> On 05/12/2014 01:08 PM, Michał Górny wrote: |
8 |
> > Dnia 2014-05-12, o godz. 12:07:11 |
9 |
> > "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> napisał(a): |
10 |
> > |
11 |
> >> What about talking to local network resources? In my metasploit ebuild |
12 |
> >> it has tests available which talk to a local database and are perfectly |
13 |
> >> safe, however, if postgresql is started on the system the tests don't |
14 |
> >> work, the ebuild needs to start it's own postgresql to run the tests. |
15 |
> > |
16 |
> > How can you assume that the tests are perfectly safe? What do the tests |
17 |
> > do exactly? |
18 |
> > |
19 |
> |
20 |
> As stated just below, the tests are not poorly written. All testing is |
21 |
> done in a test DB which is different from the production DB. |
22 |
|
23 |
I don't know postgresql well enough but does the test db reside |
24 |
in temporary build directory? That is, can you guarantee that: |
25 |
|
26 |
1) it will never ever collide with user's database, |
27 |
|
28 |
2) it will be properly cleaned up even if the test suite terminates |
29 |
unexpectedly? |
30 |
|
31 |
> > I wouldn't call spawning a daemon that close to insanity. For those who |
32 |
> > haven't seen such a thing yet -- dev-python/pymongo is an example where |
33 |
> > I fixed a similar issue (writing into production database). Though it's |
34 |
> > bit hacky since I needed a way to bind to a random free port -- with |
35 |
> > network namespaces it'd be easier as Rich noted, since the ebuild would |
36 |
> > have all ports free. |
37 |
> > |
38 |
> That would be nice, can we do the network namespaces so that I at least |
39 |
> don't have to bind to a random port? That alone would be a major |
40 |
> improvement in usability. |
41 |
|
42 |
FEATURES=network-sandbox == network namespaces. |
43 |
|
44 |
I'd say a reasonable assumption would be to Gentoo-reserve a port range |
45 |
for ebuild use, and use a port in that range. When network-sandbox |
46 |
becomes the default, it will be perfectly safe. Before that, it will be |
47 |
reasonably safe :). |
48 |
|
49 |
-- |
50 |
Best regards, |
51 |
Michał Górny |