Bug#769687: no network is a common condition

Holger Levsen holger at layer-acht.org
Tue Nov 18 13:34:50 UTC 2014


On Dienstag, 18. November 2014, Martin Pitt wrote:
> autopkgtest does not use any specific mirror. It's just calling
> "apt-get download", and thus it's using whichever deb source you have
> in sources.list. If that is a file:// source, then it won't hit the
> network indeed.

ok, that's definitly better than I feared.

> This is exclusively a problem if you have some kind of
> build environment...

there are more problems: if the archive is broken, your package fails to 
build. That's wrong. (You're package aint broken, the archive is, so it's 
wrong if your build fails due to this.)

> where you put exactly the build deps into
> /var/cache/apt/archives/, and then build in an environment without any
> network access to pull other packages from. That's why the bug is
> still open, but pbuilder, sbuild, cowbuilder, plain debuild etc. all
> don't work that way. (Hence "unusual environment").
> Out of interest, what are you using as a build env?

I usually use pbuilder or (p)debuild, but here I'm mostly arguing out of 
principle/pure interest ;-) I saw the bug when looking at RC bugs 
affecting/fixed in jessie. Besides that, I have previously thought about this 
problem in at least these contexts:

a.) do piuparts tests without network available
b.) do re(producible) builds with network disabled - see [1] for more info
c.) debian-edu-doc had a similar problem which I fixed in 1.6~20141005~8.0 - 
so fairly recently.

I'm also pretty sure I have seen serious bugs about package builds needing 
network access in the past. 

> > we've discussed this briefly on #debian-devel today and now there is
> > #770016 "Clarify network access for building packages in main" against
> > debian-policy to document this properly.
> Independently of this, that's a good idea to document, thanks!


I do agree that running autopkgtest and using "apt-get download" is slightly 
special/different but then I presume autopkgtests should *not* be run as part 
of the build but as a special step, like lintian.


[1] https://jenkins.debian.net/userContent/reproducible.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/autopkgtest-devel/attachments/20141118/b3f11ace/attachment.sig>

More information about the autopkgtest-devel mailing list