Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o, Mike Frysinger <vapier@g.o>
Subject: Re: [gentoo-portage-dev] [PATCH] ebuild: allow RESTRICT=network-sandbox in ebuilds
Date: Tue, 16 Jan 2018 22:16:47
Message-Id: 65a5ebf5-0064-fda6-fc8e-982365703afe@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH] ebuild: allow RESTRICT=network-sandbox in ebuilds by Mike Frysinger
1 On 01/16/2018 01:46 PM, Mike Frysinger wrote:
2 > From: Mike Frysinger <vapier@××××××××.org>
3 >
4 > Some ebuilds are a bit hard to fix their use of the network in src
5 > phases, so allow them to disable things. This allows us to turn off
6 > access by default and for the vast majority while we work out how to
7 > fix the few broken packages.
8 >
9 > URL: https://crbug.com/731905
10 > ---
11 > man/ebuild.5 | 4 ++++
12 > pym/portage/package/ebuild/doebuild.py | 3 ++-
13 > 2 files changed, 6 insertions(+), 1 deletion(-)
14 >
15 > diff --git a/man/ebuild.5 b/man/ebuild.5
16 > index 42a0599fe3a9..a8fc3f86b68a 100644
17 > --- a/man/ebuild.5
18 > +++ b/man/ebuild.5
19 > @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit.
20 > .I mirror
21 > files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR.
22 > .TP
23 > +.I network-sandbox
24
25 Please use network\-sandbox so that it renders as a minus glyph as
26 described in the grof_char man page:
27
28 http://man7.org/linux/man-pages/man7/groff_char.7.html
29
30 > +Disables the network namespace for specific packages.
31 > +Should not be used in the main Gentoo tree.
32 > +.TP
33 > .I preserve\-libs
34 > Disables preserve\-libs for specific packages. Note than when a package is
35 > merged, RESTRICT=preserve\-libs applies if either the new instance or the
36 > diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
37 > index 0be148fd408e..f75f11a1a424 100644
38 > --- a/pym/portage/package/ebuild/doebuild.py
39 > +++ b/pym/portage/package/ebuild/doebuild.py
40 > @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs):
41 > kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \
42 > phase in _ipc_phases
43 > kwargs['networked'] = 'network-sandbox' not in settings.features or \
44 > - phase in _networked_phases
45 > + phase in _networked_phases or \
46 > + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split()
47 >
48 > if phase == 'depend':
49 > kwargs['droppriv'] = 'userpriv' in settings.features
50 >
51
52 Looks good.
53 --
54 Thanks,
55 Zac

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups