On 11.10.2013 17:04, Barry Warsaw wrote:
> On Oct 11, 2013, at 12:21 PM, Piotr Ożarowski wrote:
>
>> Note that pybuild is doing it by default (if http{,s}_proxy is not set),
>> so with --buildsystem=pybuild you will expose missing build dependencies
>> *and* let get-orig-source work (pybuild doesn't set http_proxy in this
>> target). If you for some reason need network during build (f.e. tests
>> setup a HTTP server), just set http_proxy to empty string, in src:flask
>> I do this:
>>
>> override_dh_auto_test:
>> http_proxy='' dh_auto_test
>
> Ah yes of course. I've had to override it in get-orig-source and occasionally
> in the tests. Really happy to hear that pybuild DTRT.
>
> -Barry
>
>
while I think doing it in the helper tools is a good idea, one shouldn't rely
on it.
It is better if one disables internet access of package builds completely.
With pbuilder and iptables this is very easy, just run this when booting:
iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT
--reject-with icmp-port-unreachable
ip6tables -I OUTPUT ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with
icmp6-port-unreachable
(It works because pbuilder builds as user 1234, won't work for --login sessions)
--
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52583425.6010...@googlemail.com
