no-network build policy rules
Arkadiusz Miśkiewicz
arekm at maven.pl
Mon Oct 27 10:50:54 CET 2025
On 27/10/2025 01:33, Jan Palus wrote:
> On 26.10.2025 16:16, Jakub Bogusz wrote:
>> I found that there are different meanings of "no network usage":
>> 1) builders cannot use external resources/hosts, which is enforced by
>> non-functional resolv.conf
>> 2) but `unshare --net` introduced recently in builder script does even
>> more: it disables the use of localhost connections (binding/connecting
>> to lo interface/127.0.0.1/8 addresses)
>>
>> Many more test suites rely on loopback connections working than using
>> external resources, so there are many (esp. python or perl modules,
>> openssl, openssh, git etc.) packages which can be built fine on builders,
>> but not with builder script (without --bnet).
>>
>> How should be packages (and their default tests options) prepared, to
>> compy with 1) or 2)?
>
> My attempt at adding ip address to loopback interface landed on
> `netns-with-lo-addr` branch. I'm not particularly proud of it but it
> seems to work. I would appreciate second look and comments.
Seems to be working. It would be probably best to try to move that to
external wrapper like pld-nonetwork.(py|sh)
Wrapper could be then be used in builder script but also in
PLD_Builder/rpm_builder.py:build_rpm(() call as our binary builders do
not use builder script.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list