[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using ‘export http_proxy = http://127.0.9.1:9/’ to fail noisily on dependency problems

On Saturday, October 12, 2013 11:26:28 Thomas Goirand wrote:
> On 10/12/2013 01:26 AM, Barry Warsaw wrote:
> > On Oct 11, 2013, at 07:23 PM, Julian Taylor wrote:
> >> It is better if one disables internet access of package builds
> >> completely.
> >> With pbuilder and iptables this is very easy, just run this when booting:
> >> 
> >> iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT
> >> --reject-with icmp-port-unreachable ip6tables -I OUTPUT ! -d ::1 -m
> >> owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable
> >> 
> >> (It works because pbuilder builds as user 1234, won't work for --login
> >> sessions)> 
> > And if you don't use pbuilder? :)
> > 
> > -Barry
> 
> Well, if you don't, you should! :)
> </troll>

IIRC Barry uses sbuild, so I think you missed his point.

Scott K
Reply to: