[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#851556: autopkgtest: please add Restrictions for network access, or Features for lack of network access



Package: autopkgtest
Version: 4.3
Severity: wishlist
Tags: patch

There is some controversy over the extent to which it is OK for
packages to touch the network at build-time, in terms of privacy
(leaking information), determinism of builds, robustness against network
services failing and so on. (See also #833503, #850988). autopkgtest's
Restrictions and Features mechanisms give it the opportunity to do better:
one interpretation can be the default, and the other can be selected
by selectively ignoring requirements or requiring features.

As background for this, I recently implemented tests in libnss-mdns[1]
which add and remove packages, which was necessary to test the postinst
and its interactions with libnss-resolve. #786039 suggests that this is
considered to be OK in autopkgtest.

[1] https://anonscm.debian.org/cgit/collab-maint/nss-mdns.git/tree/debian/tests

I attach some initial patches for discussion, based on the
assumption that Restrictions are the right way to do it. This could be
used in conjunction with the patches on #850494, for example running
"autopkgtest --ignore-restrictions=uses-network ..." on CI infrastructure
whose privacy is unimportant.

The uses-network restriction could potentially be supplemented with
less "powerful" uses-dns and uses-web restrictions, if people think
that's valuable. The nss-mdns tests would only need uses-dns and
reconfigures-apt in that case.

If you think it is normally OK for a test to access the network or
reconfigure apt, then this could be recast in terms of Features,
with a corresponding --require-features command-line option - but
I'd like it to be explicit one way or the other.

    S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-doc-Define-new-uses-network-restriction.patch
Type: text/x-diff
Size: 1145 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/autopkgtest-devel/attachments/20170116/d63f9739/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-doc-Add-restrictions-for-using-or-reconfiguring-apt.patch
Type: text/x-diff
Size: 2236 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/autopkgtest-devel/attachments/20170116/d63f9739/attachment-0003.patch>


Reply to: