Re: Require packages to build without any configured DNS
On September 14, 2021 5:16:51 PM UTC, Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:
>Quoting Mattia Rizzolo (2021-09-14 15:34:36)
>> On Tue, Sep 14, 2021 at 10:05:01AM +0200, Johannes Schauer Marin Rodrigues wrote:
>> > Hi,
>> >
>> > Quoting Mattia Rizzolo (2021-09-06 16:39:39)
>> > > As the pbuilder maintainer, I've been asked to make it serve a non-working
>> > > /etc/resolv.conf just to make that bug above moot, so I'm quite biased on the
>> > > matter myself :)
>> >
>> > sbuild already disables network access for all chroot backends that support it.
>>
>> As several people already stated, this is *not* about network access.
>
>Yes, I mention it for context.
>
>> > Schroot, the default chroot backend, currently doesn't allow this. See
>> > #802849.
>>
>> Likewise pbuilder, yes.
>>
>> > The only chroot backend that allows disabling the network is the unshare
>> > backend. It does so, by unsharing the network namespace, only bringing up the
>> > loopback interface and writing an empty /etc/resolv.conf.
>>
>> So you ship an *empty* /etc/resolv.conf? Then I suppose you also can't build
>> packages using dnspython in their tests with your configuration?
>
>Correct. This currently fails:
>
>sbuild -d unstable --chroot-mode=unshare python-oslo.rootwrap
>
>The error message is the same as for the package mentioned in #989171, namely:
>
>https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/python-oslo.rootwrap.html
>
>This is why I'm writing about sbuild. I wonder if it's a bug for sbuild to
>write out an empty /etc/resolv.conf.
At least based on the error text, I think it would be the same whether it was empty or missing:
"Resolver configuration could not be read or specified no nameserver"
As far as I can tell, dnspython is behaving reasonably. I don't think we should make it so it is an error for a package to complain it can't function.
Scott K
Reply to: