>>>>> On Mon, 29 Jul 2019, Zac Medico wrote: > This will enable network-sandbox for all of _networked_phases, but > Michał only suggested to do it for src_unpack.
Right. Patch v2 below.
From 6e929fac0a3f5f0bcfe85152c0931cb20d579881 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <u...@gentoo.org>
Date: Mon, 29 Jul 2019 14:22:57 +0200
Subject: [PATCH] doebuild.py: Override network-sandbox in unpack only for live
ebuilds.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Suggested-by: Michał Górny <mgo...@gentoo.org>
Signed-off-by: Ulrich Müller <u...@gentoo.org>
---
lib/portage/package/ebuild/doebuild.py | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/lib/portage/package/ebuild/doebuild.py
b/lib/portage/package/ebuild/doebuild.py
index 67867d33e..6f980f87d 100644
--- a/lib/portage/package/ebuild/doebuild.py
+++ b/lib/portage/package/ebuild/doebuild.py
@@ -115,13 +115,6 @@ _ipc_phases = frozenset([
_global_pid_phases = frozenset([
'config', 'depend', 'preinst', 'prerm', 'postinst', 'postrm'])
-# phases in which networking access is allowed
-_networked_phases = frozenset([
- # for VCS fetching
- "unpack",
- # + for network-bound IPC
-] + list(_ipc_phases))
-
_phase_func_map = {
"config": "pkg_config",
"setup": "pkg_setup",
@@ -156,7 +149,9 @@ def _doebuild_spawn(phase, settings, actionmap=None,
**kwargs):
phase in _ipc_phases
kwargs['mountns'] = 'mount-sandbox' in settings.features
kwargs['networked'] = 'network-sandbox' not in settings.features or \
- phase in _networked_phases or \
+ (phase == 'unpack' and \
+ 'live' in settings.configdict['pkg'].get('PROPERTIES',
'').split()) or \
+ phase in _ipc_phases or \
'network-sandbox' in settings['PORTAGE_RESTRICT'].split()
kwargs['pidns'] = ('pid-sandbox' in settings.features and
phase not in _global_pid_phases)
--
2.22.0
signature.asc
Description: PGP signature
