Dnia 2014-05-12, o godz. 13:22:20 "Rick \"Zero_Chaos\" Farina" <[email protected]> napisał(a):
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/12/2014 01:08 PM, Michał Górny wrote: > > Dnia 2014-05-12, o godz. 12:07:11 > > "Rick \"Zero_Chaos\" Farina" <[email protected]> napisał(a): > > > >> What about talking to local network resources? In my metasploit ebuild > >> it has tests available which talk to a local database and are perfectly > >> safe, however, if postgresql is started on the system the tests don't > >> work, the ebuild needs to start it's own postgresql to run the tests. > > > > How can you assume that the tests are perfectly safe? What do the tests > > do exactly? > > > > As stated just below, the tests are not poorly written. All testing is > done in a test DB which is different from the production DB. I don't know postgresql well enough but does the test db reside in temporary build directory? That is, can you guarantee that: 1) it will never ever collide with user's database, 2) it will be properly cleaned up even if the test suite terminates unexpectedly? > > I wouldn't call spawning a daemon that close to insanity. For those who > > haven't seen such a thing yet -- dev-python/pymongo is an example where > > I fixed a similar issue (writing into production database). Though it's > > bit hacky since I needed a way to bind to a random free port -- with > > network namespaces it'd be easier as Rich noted, since the ebuild would > > have all ports free. > > > That would be nice, can we do the network namespaces so that I at least > don't have to bind to a random port? That alone would be a major > improvement in usability. FEATURES=network-sandbox == network namespaces. I'd say a reasonable assumption would be to Gentoo-reserve a port range for ebuild use, and use a port in that range. When network-sandbox becomes the default, it will be perfectly safe. Before that, it will be reasonably safe :). -- Best regards, Michał Górny
signature.asc
Description: PGP signature
