poudriere and networking
Hello, I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things. Any ideas? Thanks Kimo ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: poudriere and networking
I had exactly same issue with JBoss. Since build was made by maven - which downloads required files to local cache dir I had to: - Create clean dir with all downloaded - make archive with all files, add it to port. - specify to maven build that all files in WRKDIR somewhere, so maven not download anything. There's no other way currently, since accessing internet while building treated as incorrect behavior of port and are not tolerated. Maybe this will help you find solution. 2013/10/11 Kimo Rosenbaum kimo...@yahoo.com Hello, I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things. Any ideas? Thanks Kimo ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org -- Regards, Alexander Yerenkow ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: poudriere and networking
On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote: Hello, I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things. Any ideas? Thanks Kimo This is done for security. During build, the code running is untrusted. We don't want it to reach out and scan/infect your network during a build. I do understand you're building a private port though. I would add a flag to override this per port, but I worry some porter would put it in their FreeBSD port where it does not belong. You can apply a patch like this to your /usr/local/share/poudriere/common.sh to work around the issue: --- src/share/poudriere/common.sh +++ src/share/poudriere/common.sh @@ -1402,14 +1402,10 @@ fi return 1 fi fi - if [ ${phase} = checksum ]; then - jstop - jstart 0 - fi print_phase_footer if [ ${phase} = checksum ]; then mkdir -p ${mnt}/portdistfiles echo DISTDIR=/portdistfiles ${mnt}/etc/make.conf -- Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
Re: poudriere and networking
I don't quite agree with that being the default but I understand. The patch works as intended. Thanks! Thanks Kimo - Original Message - From: Bryan Drewery bdrew...@freebsd.org To: Kimo Rosenbaum kimo...@yahoo.com; freebsd-ports@freebsd.org freebsd-ports@freebsd.org Cc: Sent: Friday, October 11, 2013 4:14 AM Subject: Re: poudriere and networking On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote: Hello, I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things. Any ideas? Thanks Kimo This is done for security. During build, the code running is untrusted. We don't want it to reach out and scan/infect your network during a build. I do understand you're building a private port though. I would add a flag to override this per port, but I worry some porter would put it in their FreeBSD port where it does not belong. You can apply a patch like this to your /usr/local/share/poudriere/common.sh to work around the issue: --- src/share/poudriere/common.sh +++ src/share/poudriere/common.sh @@ -1402,14 +1402,10 @@ fi return 1 fi fi - if [ ${phase} = checksum ]; then - jstop - jstart 0 - fi print_phase_footer if [ ${phase} = checksum ]; then mkdir -p ${mnt}/portdistfiles echo DISTDIR=/portdistfiles ${mnt}/etc/make.conf -- Regards, Bryan Drewery ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: poudriere and networking
Oh, I know what's being downloaded and why. This is for several ruby apps which have conflicting gems dependencies so we're doing `bundle install --deployment` during do-build to install the gems into ${WRKSRC}/vendor/bundle/. And then from pkg point of view the package just has many many many files. I could download the gems as distfiles but it's a lot of hoops to jump through just to figure out what to download when doing it in do-build already does it. Thanks Kimo From: Alexander Yerenkow yeren...@gmail.com To: Kimo Rosenbaum kimo...@yahoo.com Cc: freebsd-ports@freebsd.org freebsd-ports@freebsd.org; Bryan Drewery bdrew...@freebsd.org Sent: Friday, October 11, 2013 10:10 AM Subject: Re: poudriere and networking I'd suggest to you anyway investigate what are downloaded, and why; If it's some static files - you could try to add them to distfiles, and replace places where they are trying download from web to file; e.g. find somewhere http://site/your.file and try to replace it with file://$DISTFILES/your.file 2013/10/11 Kimo Rosenbaum kimo...@yahoo.com I don't quite agree with that being the default but I understand. The patch works as intended. Thanks! Thanks Kimo - Original Message - From: Bryan Drewery bdrew...@freebsd.org To: Kimo Rosenbaum kimo...@yahoo.com; freebsd-ports@freebsd.org freebsd-ports@freebsd.org Cc: Sent: Friday, October 11, 2013 4:14 AM Subject: Re: poudriere and networking On 10/11/2013 1:33 AM, Kimo Rosenbaum wrote: Hello, I'm running poudriere-devel-3.0.99.20130927 on 9.1-RELEASE. I'm trying to build a private port which requires downloading files after the extract target. However, it seems as though networking isn't available after post-fetch. I do have RESOLV_CONF set in poudriere.conf and cat'ing /etc/resolv.conf in post-patch shows the correct contents. The build is able to run the fetch but once past post-fetch I can't do any DNS lookups nor ping anything external. The host itself can do those things. Also when I enter the jail via jexec I can perform those things. Any ideas? Thanks Kimo This is done for security. During build, the code running is untrusted. We don't want it to reach out and scan/infect your network during a build. I do understand you're building a private port though. I would add a flag to override this per port, but I worry some porter would put it in their FreeBSD port where it does not belong. You can apply a patch like this to your /usr/local/share/poudriere/common.sh to work around the issue: --- src/share/poudriere/common.sh +++ src/share/poudriere/common.sh @@ -1402,14 +1402,10 @@ fi return 1 fi fi - if [ ${phase} = checksum ]; then - jstop - jstart 0 - fi print_phase_footer if [ ${phase} = checksum ]; then mkdir -p ${mnt}/portdistfiles echo DISTDIR=/portdistfiles ${mnt}/etc/make.conf -- Regards, Bryan Drewery ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org -- Regards, Alexander Yerenkow ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org