On 01/16/2018 02:19 PM, Mike Frysinger wrote: > From: Mike Frysinger <vap...@chromium.org> > > Some ebuilds are a bit hard to fix their use of the network in src > phases, so allow them to disable things. This allows us to turn off > access by default and for the vast majority while we work out how to > fix the few broken packages. > > URL: https://crbug.com/731905 > --- > man/ebuild.5 | 4 ++++ > pym/portage/package/ebuild/doebuild.py | 3 ++- > 2 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/man/ebuild.5 b/man/ebuild.5 > index 42a0599fe3a9..1f2d4219e93e 100644 > --- a/man/ebuild.5 > +++ b/man/ebuild.5 > @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit. > .I mirror > files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR. > .TP > +.I network\-sandbox > +Disables the network namespace for specific packages. > +Should not be used in the main Gentoo tree. > +.TP > .I preserve\-libs > Disables preserve\-libs for specific packages. Note than when a package is > merged, RESTRICT=preserve\-libs applies if either the new instance or the > diff --git a/pym/portage/package/ebuild/doebuild.py > b/pym/portage/package/ebuild/doebuild.py > index 0be148fd408e..f75f11a1a424 100644 > --- a/pym/portage/package/ebuild/doebuild.py > +++ b/pym/portage/package/ebuild/doebuild.py > @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, > **kwargs): > kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \ > phase in _ipc_phases > kwargs['networked'] = 'network-sandbox' not in settings.features or \ > - phase in _networked_phases > + phase in _networked_phases or \ > + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split() > > if phase == 'depend': > kwargs['droppriv'] = 'userpriv' in settings.features >
Thanks, looks perfect now. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature
