Package: pbuilder Version: 0.229.3 Severity: wishlist Tags: patch Hi Mattia & Co,
the announcement of the latest Policy had me review the way we set up the network for disconnected-network builds in the chroot, and found it was doing quite well already. I’m attaching a patch that makes sure /etc/hosts is also cleaned up. You might wish to apply it with the next upload. Otherwise, I think we’re good. -- System Information: Debian Release: buster/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), (100, 'experimental') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.17.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages pbuilder depends on: ii debconf [debconf-2.0] 1.5.69 ii debootstrap 1.0.106 ii dpkg-dev 1.19.0.5 Versions of packages pbuilder recommends: ii devscripts 2.18.3 ii eatmydata 105-6 ii fakeroot 1.23-1 ii iproute2 4.17.0-2 ii net-tools 1.60+git20161116.90da8a0-3 ii sudo 1.8.23-2 Versions of packages pbuilder suggests: ii cowdancer 0.87+b1 pn gdebi-core <none> -- debconf information excluded
From 2e734501b8da2c2072efce3963e452cae91183f9 Mon Sep 17 00:00:00 2001 From: mirabilos <[email protected]> Date: Fri, 3 Aug 2018 00:27:47 +0200 Subject: [PATCH] Create consistent /etc/hosts in build chroots with USENETWORK=no MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Policy 4.2.0.0 §4.9 explicitly allows loopback access. We already set up the build chroot in a way that ifconfig shows: lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 We already also clean resolv.conf; add a clean hosts file to that which ships 127.0.0.1 as localhost and ::1 as localhost6 to avoid trouble. (It also ships a couple other standard IPv6-related en‐ tries; these are optional, but don’t hurt.) This patch also adds rm statements to make sure hardlinks on the replaced files are broken up. Signed-off-by: mirabilos <[email protected]> --- pbuilder-buildpackage | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pbuilder-buildpackage b/pbuilder-buildpackage index 8c4e8027..c9addaf8 100755 --- a/pbuilder-buildpackage +++ b/pbuilder-buildpackage @@ -184,7 +184,20 @@ unset DISPLAY if [ "$USENETWORK" = "no" ]; then # empty /etc/resolv.conf, so software trying to resolv addresses even when # no network is possible doesn't choke. - echo > "$BUILDPLACE/etc/resolv.conf" + rm -f "$BUILDPLACE/etc/resolv.conf" # break hardlinks + : > "$BUILDPLACE/etc/resolv.conf" + # loopback access only + rm -f "$BUILDPLACE/etc/hosts" # break hardlinks + cat > "$BUILDPLACE/etc/hosts" <<'EOF' + 127.0.0.1 localhost localhost.localdomain + + ::1 ip6-localhost ip6-loopback localhost6 localhost6.localdomain6 + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + ff02::3 ip6-allhosts +EOF fi ( -- 2.18.0
