Bug#905401: permit access to apt repositories during builds
Package: debian-policy
Version: 4.2.0.1
Tags: patch
Apropos of discussion in #813471:
Paul writes:
> In addition, d-i relies on access to the apt repo for the system.
> I can imagine other uses of that, so I added a carve-out for that.
In general I think this should be done by saying that packages may
access the apt repository. Binaries, and sources, because packages
cannot depend on each others' sources and implementing that is a lot
of work.
See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813471#126
for a more extended rationale for permitting access to sources
as well as binaries.
diff --git a/policy/ch-source.rst b/policy/ch-source.rst
index d6a21b8..2d6f9ea 100644
--- a/policy/ch-source.rst
+++ b/policy/ch-source.rst
@@ -288,6 +288,13 @@ For packages in the main archive, no required targets may attempt
network access, except, via the loopback interface, to services on the
build host that have been started by the build.
+Nevertheless, required targets may use ``apt`` to access the apt
+repositories provided by the build environment (which are those which
+were used to resolve the package's build-dependencies). If
+appropriate, :ref:`Built-Using <s-built-using>`` must then be
+declared. It is permitted to download both binaries and/or sources.
+However, this facility should not normally be used.
+
The targets are as follows:
``build`` (required)
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: