[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Require packages to build without any configured DNS

On September 14, 2021 5:16:51 PM UTC, Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:
>Quoting Mattia Rizzolo (2021-09-14 15:34:36)
>> On Tue, Sep 14, 2021 at 10:05:01AM +0200, Johannes Schauer Marin Rodrigues wrote:
>> > Hi,
>> > 
>> > Quoting Mattia Rizzolo (2021-09-06 16:39:39)
>> > > As the pbuilder maintainer, I've been asked to make it serve a non-working
>> > > /etc/resolv.conf just to make that bug above moot, so I'm quite biased on the
>> > > matter myself :)
>> > 
>> > sbuild already disables network access for all chroot backends that support it.
>> As several people already stated, this is *not* about network access.
>Yes, I mention it for context.
>> > Schroot, the default chroot backend, currently doesn't allow this. See
>> > #802849.
>> Likewise pbuilder, yes.
>> > The only chroot backend that allows disabling the network is the unshare
>> > backend. It does so, by unsharing the network namespace, only bringing up the
>> > loopback interface and writing an empty /etc/resolv.conf.
>> So you ship an *empty* /etc/resolv.conf?  Then I suppose you also can't build
>> packages using dnspython in their tests with your configuration?
>Correct. This currently fails:
>sbuild -d unstable --chroot-mode=unshare python-oslo.rootwrap
>The error message is the same as for the package mentioned in #989171, namely:
>This is why I'm writing about sbuild. I wonder if it's a bug for sbuild to
>write out an empty /etc/resolv.conf.

At least based on the error text, I think it would be the same whether it was empty or missing:

"Resolver configuration could not be read or specified no nameserver"

As far as I can tell, dnspython is behaving reasonably.  I don't think we should make it so it is an error for a package to complain it can't function.

Scott K

Reply to: