Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o, Mike Frysinger <vapier@g.o>
Subject: Re: [gentoo-portage-dev] [PATCH v2] ebuild: allow RESTRICT=network-sandbox in ebuilds
Date: Tue, 16 Jan 2018 23:39:12
Message-Id: 0028ad75-1d61-f423-bc08-f5b8ca566ee5@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH v2] ebuild: allow RESTRICT=network-sandbox in ebuilds by Mike Frysinger
1 On 01/16/2018 02:19 PM, Mike Frysinger wrote:
2 > From: Mike Frysinger <vapier@××××××××.org>
3 >
4 > Some ebuilds are a bit hard to fix their use of the network in src
5 > phases, so allow them to disable things. This allows us to turn off
6 > access by default and for the vast majority while we work out how to
7 > fix the few broken packages.
8 >
9 > URL: https://crbug.com/731905
10 > ---
11 > man/ebuild.5 | 4 ++++
12 > pym/portage/package/ebuild/doebuild.py | 3 ++-
13 > 2 files changed, 6 insertions(+), 1 deletion(-)
14 >
15 > diff --git a/man/ebuild.5 b/man/ebuild.5
16 > index 42a0599fe3a9..1f2d4219e93e 100644
17 > --- a/man/ebuild.5
18 > +++ b/man/ebuild.5
19 > @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit.
20 > .I mirror
21 > files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR.
22 > .TP
23 > +.I network\-sandbox
24 > +Disables the network namespace for specific packages.
25 > +Should not be used in the main Gentoo tree.
26 > +.TP
27 > .I preserve\-libs
28 > Disables preserve\-libs for specific packages. Note than when a package is
29 > merged, RESTRICT=preserve\-libs applies if either the new instance or the
30 > diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
31 > index 0be148fd408e..f75f11a1a424 100644
32 > --- a/pym/portage/package/ebuild/doebuild.py
33 > +++ b/pym/portage/package/ebuild/doebuild.py
34 > @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs):
35 > kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \
36 > phase in _ipc_phases
37 > kwargs['networked'] = 'network-sandbox' not in settings.features or \
38 > - phase in _networked_phases
39 > + phase in _networked_phases or \
40 > + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split()
41 >
42 > if phase == 'depend':
43 > kwargs['droppriv'] = 'userpriv' in settings.features
44 >
45
46 Thanks, looks perfect now.
47 --
48 Thanks,
49 Zac

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups