[packages/rpm-build-tools] Lets test disabling network by default for rpmbuild tool.

arekm arekm at pld-linux.org
Sat Oct 5 14:51:44 CEST 2024 

commit ad779e1ed2eb82ec7b20383430971bb8299b7c78
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sat Oct 5 14:05:32 2024 +0200

    Lets test disabling network by default for rpmbuild tool.

 builder.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
---
diff --git a/builder.sh b/builder.sh
index 5134c13..832478d 100755
--- a/builder.sh
+++ b/builder.sh
@@ -149,6 +149,9 @@ TRY_UPGRADE=""
 # should the specfile be restored if upgrade failed?
 REVERT_BROKEN_UPGRADE="yes"
 
+# disable network for rpm build tool
+NONETWORK="unshare --user --net --map-current-user"
+
 if rpm --specsrpm 2>/dev/null; then
 	FETCH_BUILD_REQUIRES_RPMSPECSRPM="yes"
 	FETCH_BUILD_REQUIRES_RPMSPEC_BINARY="no"
@@ -362,6 +365,7 @@ Usage: builder [--all-branches] [-D|--debug] [-V|--version] [--short-version]  [
 -bl                 - execute the %files phase of <package>.spec
 -bs                 - get all files from PLD repo or HTTP/FTP and only pack
                       them into src.rpm,
+--bnet				- enable network access for rpm build tool
 --short-circuit     - short-circuit build
 -B, --branch        - add branch
 -c,
@@ -1711,7 +1715,7 @@ build_package() {
 	local specdir=$(insert_gitlog $SPECFILE)
 	ulimit -c unlimited
 	# FIXME: eval here is exactly why?
-	PATH=$CLEAN_PATH eval teeboth "'$logfile'" ${TIME_COMMAND} ${NICE_COMMAND} $RPMBUILD $TARGET_SWITCH $BUILD_SWITCH -v $QUIET $CLEAN $RPMOPTS $RPMBUILDOPTS $BCOND --define \'_specdir $PACKAGE_DIR\' --define \'_sourcedir $PACKAGE_DIR\' $specdir/$SPECFILE
+	PATH=$CLEAN_PATH eval teeboth "'$logfile'" ${TIME_COMMAND} ${NICE_COMMAND} ${NONETWORK} $RPMBUILD $TARGET_SWITCH $BUILD_SWITCH -v $QUIET $CLEAN $RPMOPTS $RPMBUILDOPTS $BCOND --define \'_specdir $PACKAGE_DIR\' --define \'_sourcedir $PACKAGE_DIR\' $specdir/$SPECFILE
 	retval=$?
 	rm -r $specdir
 
@@ -2244,6 +2248,9 @@ while [ $# -gt 0 ]; do
 			NOSRCS="yes"
 			ALWAYS_CVSUP="no"
 			shift;;
+		--bnet )
+			NONETWORK="";
+			shift;;
 		-pm | --prefer-mirrors )
 			PREFMIRRORS="yes"
 			shift;;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rpm-build-tools.git/commitdiff/ad779e1ed2eb82ec7b20383430971bb8299b7c78

More information about the pld-cvs-commit mailing list