Bug#905401: permit access to apt repositories during builds
Ian Jackson writes:
> Apropos of discussion in #813471:
> Paul writes:
>> In addition, d-i relies on access to the apt repo for the system.
>> I can imagine other uses of that, so I added a carve-out for that.
>
> In general I think this should be done by saying that packages may
> access the apt repository. Binaries, and sources, because packages
> cannot depend on each others' sources and implementing that is a lot
> of work.
We should aim that packages do *not* need to do this; d-i does it
because no better way was implemented (yet). So I don't think allowing
this in Policy for the future is a good idea; documenting that some
packages currently have to do this might be okay.
> See
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813471#162
> for a more extended rationale for permitting access to sources
> as well as binaries.
I don't think that is a good reason to access source packages: it makes
it not obvious what the build dependencies are when they are hidden in
some "apt-get source" call somewhere in the package.
> diff --git a/policy/ch-source.rst b/policy/ch-source.rst
> index d6a21b8..2d6f9ea 100644
> --- a/policy/ch-source.rst
> +++ b/policy/ch-source.rst
> @@ -288,6 +288,13 @@ For packages in the main archive, no required targets may attempt
> network access, except, via the loopback interface, to services on the
> build host that have been started by the build.
>
> +Nevertheless, required targets may use ``apt`` to access the apt
> +repositories provided by the build environment (which are those which
> +were used to resolve the package's build-dependencies). If
> +appropriate, :ref:`Built-Using <s-built-using>`` must then be
> +declared. It is permitted to download both binaries and/or sources.
> +However, this facility should not normally be used.
> +
> The targets are as follows:
>
> ``build`` (required)
As I said above, I think this is not a good idea.
Ansgar
Reply to: