poudriere and networking

2013-10-11 Thread Kimo Rosenbaum 
Hello,

I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build 
a private port which requires downloading files after the extract target. 
However, it seems as though networking isn't available after post-fetch. I do 
have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in 
post-patch shows the correct contents. The build is able to run the fetch but 
once past post-fetch I can't do any DNS lookups nor ping anything external. The 
host itself can do those things. Also when I enter the jail via jexec I can 
perform those things.

Any ideas?

Thanks
Kimo

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: poudriere and networking

2013-10-11 Thread Alexander Yerenkow 
I had exactly same issue with JBoss. Since build was made by maven - which
downloads required files to local cache dir I had to:
- Create clean dir with all downloaded
- make archive with all files, add it to port.
- specify to maven build that all files in WRKDIR somewhere, so maven not
download anything.

There's no other way currently, since accessing internet while building
treated as incorrect behavior of port and are not tolerated.
Maybe this will help you find solution.


2013/10/11 Kimo Rosenbaum kimo...@yahoo.com

 Hello,

 I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to
 build a private port which requires downloading files after the extract
 target. However, it seems as though networking isn't available after
 post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing
 /etc/resolv.conf in post-patch shows the correct contents. The build is
 able to run the fetch but once past post-fetch I can't do any DNS lookups
 nor ping anything external. The host itself can do those things. Also when
 I enter the jail via jexec I can perform those things.

 Any ideas?

 Thanks
 Kimo

 ___
 freebsd-ports@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-ports
 To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org




-- 
Regards,
Alexander Yerenkow
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: poudriere and networking

2013-10-11 Thread Bryan Drewery 
On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
 Hello,
 
 I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to 
 build a private port which requires downloading files after the extract 
 target. However, it seems as though networking isn't available after 
 post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing 
 /etc/resolv.conf in post-patch shows the correct contents. The build is able 
 to run the fetch but once past post-fetch I can't do any DNS lookups nor ping 
 anything external. The host itself can do those things. Also when I enter the 
 jail via jexec I can perform those things.
 
 Any ideas?
 
 Thanks
 Kimo

This is done for security. During build, the code running is untrusted.
We don't want it to reach out and scan/infect your network during a build.

I do understand you're building a private port though. I would add a
flag to override this per port, but I worry some porter would put it in
their FreeBSD port where it does not belong.

You can apply a patch like this to your
/usr/local/share/poudriere/common.sh to work around the issue:

 --- src/share/poudriere/common.sh
 +++ src/share/poudriere/common.sh
 @@ -1402,14 +1402,10 @@
 fi
 return 1
 fi
 fi
 
 -   if [ ${phase} = checksum ]; then
 -   jstop
 -   jstart 0
 -   fi
 print_phase_footer
 
 if [ ${phase} = checksum ]; then
 mkdir -p ${mnt}/portdistfiles
 echo DISTDIR=/portdistfiles  ${mnt}/etc/make.conf


-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature

Re: poudriere and networking

2013-10-11 Thread Kimo Rosenbaum 
I don't quite agree with that being the default but I understand. The patch 
works as intended. Thanks!


Thanks
Kimo



- Original Message -
 From: Bryan Drewery bdrew...@freebsd.org
 To: Kimo Rosenbaum kimo...@yahoo.com; freebsd-ports@freebsd.org 
 freebsd-ports@freebsd.org
 Cc: 
 Sent: Friday, October 11, 2013 4:14 AM
 Subject: Re: poudriere and networking
 
 On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
  Hello,
 
  I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm 
 trying to build a private port which requires downloading files after the 
 extract target. However, it seems as though networking isn't available after 
 post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing 
 /etc/resolv.conf in post-patch shows the correct contents. The build is able 
 to 
 run the fetch but once past post-fetch I can't do any DNS lookups nor ping 
 anything external. The host itself can do those things. Also when I enter the 
 jail via jexec I can perform those things.
 
  Any ideas?
 
  Thanks
  Kimo
 
 This is done for security. During build, the code running is untrusted.
 We don't want it to reach out and scan/infect your network during a build.
 
 I do understand you're building a private port though. I would add a
 flag to override this per port, but I worry some porter would put it in
 their FreeBSD port where it does not belong.
 
 You can apply a patch like this to your
 /usr/local/share/poudriere/common.sh to work around the issue:
 
  --- src/share/poudriere/common.sh
  +++ src/share/poudriere/common.sh
  @@ -1402,14 +1402,10 @@
                                  fi
                                  return 1
                          fi
                  fi
 
  -               if [ ${phase} = checksum ]; 
 then
  -                       jstop
  -                       jstart 0
 
  -               fi
                  print_phase_footer
 
                  if [ ${phase} = checksum ]; 
 then
                          mkdir -p ${mnt}/portdistfiles
                          echo DISTDIR=/portdistfiles  
 ${mnt}/etc/make.conf
 
 
 -- 
 Regards,
 Bryan Drewery
 
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: poudriere and networking

2013-10-11 Thread Kimo Rosenbaum 
Oh, I know what's being downloaded and why. This is for several ruby apps which 
have conflicting gems dependencies so we're doing `bundle install --deployment` 
during do-build to install the gems into ${WRKSRC}/vendor/bundle/. And then 
from pkg point of view the package just has many many many files. I could 
download the gems as distfiles but it's a lot of hoops to jump through just to 
figure out what to download when doing it in do-build already does it.


Thanks
Kimo



 From: Alexander Yerenkow yeren...@gmail.com
To: Kimo Rosenbaum kimo...@yahoo.com 
Cc: freebsd-ports@freebsd.org freebsd-ports@freebsd.org; Bryan Drewery 
bdrew...@freebsd.org 
Sent: Friday, October 11, 2013 10:10 AM
Subject: Re: poudriere and networking
 


I'd suggest to you anyway investigate what are downloaded, and why;
If it's some static files - you could try to add them to distfiles, and 
replace places where they are trying download from web to file;
e.g.
find somewhere 
http://site/your.file
and try to replace it with
file://$DISTFILES/your.file







2013/10/11 Kimo Rosenbaum kimo...@yahoo.com

I don't quite agree with that being the default but I understand. The patch 
works as intended. Thanks!


Thanks
Kimo




- Original Message -
 From: Bryan Drewery bdrew...@freebsd.org
 To: Kimo Rosenbaum kimo...@yahoo.com; freebsd-ports@freebsd.org 
 freebsd-ports@freebsd.org
 Cc:
 Sent: Friday, October 11, 2013 4:14 AM
 Subject: Re: poudriere and networking

 On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote:
  Hello,

  I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm
 trying to build a private port which requires downloading files after the
 extract target. However, it seems as though networking isn't available after
 post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing
 /etc/resolv.conf in post-patch shows the correct contents. The build is 
 able to
 run the fetch but once past post-fetch I can't do any DNS lookups nor ping
 anything external. The host itself can do those things. Also when I enter 
 the
 jail via jexec I can perform those things.

  Any ideas?

  Thanks
  Kimo

 This is done for security. During build, the code running is untrusted.
 We don't want it to reach out and scan/infect your network during a build.

 I do understand you're building a private port though. I would add a
 flag to override this per port, but I worry some porter would put it in
 their FreeBSD port where it does not belong.

 You can apply a patch like this to your
 /usr/local/share/poudriere/common.sh to work around the issue:

  --- src/share/poudriere/common.sh
  +++ src/share/poudriere/common.sh
  @@ -1402,14 +1402,10 @@
                                  fi
                                  return 1
                          fi
                  fi

  -               if [ ${phase} = checksum ];
 then
  -                       jstop
  -                       jstart 0

  -               fi
                  print_phase_footer

                  if [ ${phase} = checksum ];
 then
                          mkdir -p ${mnt}/portdistfiles
                          echo DISTDIR=/portdistfiles 
 ${mnt}/etc/make.conf


 --
 Regards,
 Bryan Drewery


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org





-- 
Regards,
Alexander Yerenkow 


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org