Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-portage-dev@l.g.o
Subject: [gentoo-portage-dev] [PATCH] ebuild: allow RESTRICT=network-sandbox in ebuilds
Date: Tue, 16 Jan 2018 21:46:48
Message-Id: 20180116214644.5058-1-vapier@gentoo.org
1 From: Mike Frysinger <vapier@××××××××.org>
2
3 Some ebuilds are a bit hard to fix their use of the network in src
4 phases, so allow them to disable things. This allows us to turn off
5 access by default and for the vast majority while we work out how to
6 fix the few broken packages.
7
8 URL: https://crbug.com/731905
9 ---
10 man/ebuild.5 | 4 ++++
11 pym/portage/package/ebuild/doebuild.py | 3 ++-
12 2 files changed, 6 insertions(+), 1 deletion(-)
13
14 diff --git a/man/ebuild.5 b/man/ebuild.5
15 index 42a0599fe3a9..a8fc3f86b68a 100644
16 --- a/man/ebuild.5
17 +++ b/man/ebuild.5
18 @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit.
19 .I mirror
20 files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR.
21 .TP
22 +.I network-sandbox
23 +Disables the network namespace for specific packages.
24 +Should not be used in the main Gentoo tree.
25 +.TP
26 .I preserve\-libs
27 Disables preserve\-libs for specific packages. Note than when a package is
28 merged, RESTRICT=preserve\-libs applies if either the new instance or the
29 diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
30 index 0be148fd408e..f75f11a1a424 100644
31 --- a/pym/portage/package/ebuild/doebuild.py
32 +++ b/pym/portage/package/ebuild/doebuild.py
33 @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs):
34 kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \
35 phase in _ipc_phases
36 kwargs['networked'] = 'network-sandbox' not in settings.features or \
37 - phase in _networked_phases
38 + phase in _networked_phases or \
39 + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split()
40
41 if phase == 'depend':
42 kwargs['droppriv'] = 'userpriv' in settings.features
43 --
44 2.15.1

Replies

Subject Author
Re: [gentoo-portage-dev] [PATCH] ebuild: allow RESTRICT=network-sandbox in ebuilds Zac Medico <zmedico@g.o>
[gentoo-portage-dev] [PATCH v2] ebuild: allow RESTRICT=network-sandbox in ebuilds Mike Frysinger <vapier@g.o>
Re: [gentoo-portage-dev] [PATCH] ebuild: allow RESTRICT=network-sandbox in ebuilds Mike Gilbert <floppym@g.o>
Report Message
Find on MARC Find on Google Groups