Ports are not allowed network access during build. This is enforced on
the main bulk build machines and for users with PORTS_PRIVSEP=Yes and
the default pf.conf "block..user _pbuild" rule, but not everybody has
that.
Would it be OK to poison GOPROXY in the environment so that dev's who
don't enforce blocking network access also see a failure? It looks like
this:
go: github.com/BurntSushi/toml@v0.3.1: invalid proxy URL scheme (must be https,
http, file): ports://should.not_fetch_at_buildtime/
Index: go.port.mk
===================================================================
RCS file: /cvs/ports/lang/go/go.port.mk,v
retrieving revision 1.23
diff -u -p -r1.23 go.port.mk
--- go.port.mk 4 Sep 2019 12:22:03 -0000 1.23
+++ go.port.mk 13 Sep 2019 11:38:34 -0000
@@ -24,6 +24,10 @@ MODGO_WORKSPACE ?= ${WRKDIR}/go
MODGO_GOCACHE ?= ${WRKDIR}/go-cache
MODGO_GOPATH ?= ${MODGO_WORKSPACE}:${MODGO_PACKAGE_PATH}
MAKE_ENV += GOCACHE="${MODGO_GOCACHE}" GOPATH="${MODGO_GOPATH}"
+# ports are not allowed to fetch from the network at build time; point
+# GOPROXY at an unreachable host so that failures are also visible to
+# dev's who don't have PORTS_PRIVSEP and a "deny .. _pbuild" PF rule.
+MAKE_ENV += GOPROXY=invalid://ports.should.not.fetch.at.buildtime/
MODGO_CMD ?= ${SETENV} ${MAKE_ENV} go
MODGO_BUILD_CMD = ${MODGO_CMD} install ${MODGO_FLAGS}
MODGO_TEST_CMD = ${MODGO_CMD} test ${MODGO_FLAGS} ${MODGO_TEST_FLAGS}
