Bug#753944: Re: Bug#753944: pbuilder: USENETWORK=no breaks package builds

[Dominique Dumont]

On Sunday 06 July 2014 18:02:10 gregor herrmann wrote:
> > This is a bug in your package… network access is generally
> > not available during package builds on Debian buildds either,
> > and so should it be for cowbuilder too.
> 
> That doesn't match my understanding and experience. AFAIK, there is
> no internet access (available|allowed) but connections to localhost
> are fine.

Agreed.

If pbuilder/cowbuilder denies access to localhost by default, I think the 
following may happen:

- people using pbuilder will set USENETWORK to yes (heck, we may even have to 
set this in debian-perl documents for newbies). This setting will become 
common knowledge, so you'll be back to square one

or

- people will disable tests using local network (which would be a shame since 
buildd allow it). End user will find more network related bugs. Even more so 
on non common archs

or

- people will use alternative like sbuild.


A middle ground may comes from gregoa's setup:
- pbuilder has USENETWORK=yes
- a set of ip table rules denies internet access

I guess that this set of ip tables rules could be applied with a new value to 
USENETWORK ("local" ?) I would not mind this value becomes the default.

Thoughts ?

All the best
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20140711/7ab0e33d/attachment.sig>