[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Java buildd service

On Tue, Jul 10, 2007 at 09:46:32AM +0100, Paul Cager wrote:
> Is it possible to set up the build environment so that access to the
> network will fail (after downloading the Build-depends of course)? I'm
> thinking of packages that attempt to download binary blobs (e.g.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424466).

No, pbuilder uses apt to download build dependencies that are not in its
cache. My special setup even updates the apt lists always to allow build
ing with just build other packages (build-dependencies).

I have thought about this problem and I think the we should have a
preloadable library (packaged as deb) that prevents all network
operations. This should be easy to do with re-implementing the socket()
function from glibc. Then its still possible to ioctls into the kernel
to do create a socket but thats unlikely occur. Then something like

  nonet debuild ....

should be possible to build without network access without breaking your
system. This can then be built into our buildd.

I'm investigating this solution more.

 .''`.  | Michael Koch <konqueror@gmx.de>
: :' :  | Free Java Developer <http://www.classpath.org>
`. `'   |
  `-    | 1024D/BAC5 4B28 D436 95E6 F2E0 BD11 5923 A008 2763 483B

Reply to: