commit 56ba67b3b6345fc70d42567d03b0ff841fe38d3e Author: Nicolas Vigier boklm@torproject.org Date: Wed Mar 13 13:20:33 2019 +0100
Bug 25623: Disable network during build --- projects/common/how-to-create-gradle-dependencies-list.txt | 3 ++- projects/common/runc-config.json | 6 ++++++ rbm.conf | 9 +++++++++ 3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/projects/common/how-to-create-gradle-dependencies-list.txt b/projects/common/how-to-create-gradle-dependencies-list.txt index ef816d0..d980ba2 100644 --- a/projects/common/how-to-create-gradle-dependencies-list.txt +++ b/projects/common/how-to-create-gradle-dependencies-list.txt @@ -6,7 +6,8 @@ file:
export GRADLE_MAVEN_REPOSITORIES="file://$rootdir/[% c('input_files_by_name/gradle-dependencies') %]"
-and rerun the build. +then allow network access during the build by setting +var/container/disable_network/build to 0 in rbm.conf, and rerun the build.
Dependent artifacts will show up as downloads in the logs. You can pull out these dependencies into a list with the following command (replacing diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json index e75c13d..60dfa6c 100644 --- a/projects/common/runc-config.json +++ b/projects/common/runc-config.json @@ -238,6 +238,12 @@ { "type": "uts" }, +[% IF c("var/container/disable_network/" _ c("exec_name")) -%] + { + "type": "network", + "path": "/var/run/netns/rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]" + }, +[% END -%] { "type": "mount" } diff --git a/rbm.conf b/rbm.conf index 32b1f37..f31e5db 100644 --- a/rbm.conf +++ b/rbm.conf @@ -51,6 +51,9 @@ var: container: dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' user: rbm + disable_network: + # disable network in the build scripts + build: 1 input_files_list: | [% FOREACH file IN c("input_files_by_name").keys.sort -%] [% c("input_files_by_name/" _ file) %] @@ -408,7 +411,13 @@ runc: cat > '[% c("var/container/dir") %]'/config.json << EOF [% INCLUDE 'runc-config.json' %] EOF + [% IF c("var/container/disable_network/" _ c("exec_name")) -%] + sudo ip netns add 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]' + [% END -%] sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %] + [% IF c("var/container/disable_network/" _ c("exec_name")) -%] + sudo ip netns delete 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]' + [% END -%]
remote_put: | #!/bin/sh