Quoting Mattia Rizzolo (2021-09-14 15:34:36) > On Tue, Sep 14, 2021 at 10:05:01AM +0200, Johannes Schauer Marin Rodrigues wrote: > > Hi, > > > > Quoting Mattia Rizzolo (2021-09-06 16:39:39) > > > As the pbuilder maintainer, I've been asked to make it serve a non-working > > > /etc/resolv.conf just to make that bug above moot, so I'm quite biased on the > > > matter myself :) > > > > sbuild already disables network access for all chroot backends that support it. > > As several people already stated, this is *not* about network access. Yes, I mention it for context. > > Schroot, the default chroot backend, currently doesn't allow this. See > > #802849. > > Likewise pbuilder, yes. > > > The only chroot backend that allows disabling the network is the unshare > > backend. It does so, by unsharing the network namespace, only bringing up the > > loopback interface and writing an empty /etc/resolv.conf. > > So you ship an *empty* /etc/resolv.conf? Then I suppose you also can't build > packages using dnspython in their tests with your configuration? Correct. This currently fails: sbuild -d unstable --chroot-mode=unshare python-oslo.rootwrap The error message is the same as for the package mentioned in #989171, namely: https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/python-oslo.rootwrap.html This is why I'm writing about sbuild. I wonder if it's a bug for sbuild to write out an empty /etc/resolv.conf. Thanks! cheers, josch
Attachment:
signature.asc
Description: signature