From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9D6D0138206 for ; Wed, 17 Jan 2018 18:41:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E19D0E09A2; Wed, 17 Jan 2018 18:41:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BE6B7E09A2 for ; Wed, 17 Jan 2018 18:41:39 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 83C11335C0C for ; Wed, 17 Jan 2018 18:41:38 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D0A231D2 for ; Wed, 17 Jan 2018 18:41:35 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1516214488.d56707b9d3451810562fc1e763d4916ab02dd54e.vapier@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: man/, pym/portage/package/ebuild/ X-VCS-Repository: proj/portage X-VCS-Files: man/ebuild.5 pym/portage/package/ebuild/doebuild.py X-VCS-Directories: pym/portage/package/ebuild/ man/ X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: d56707b9d3451810562fc1e763d4916ab02dd54e X-VCS-Branch: master Date: Wed, 17 Jan 2018 18:41:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a6a854dc-7671-44ed-9b6e-6fd99645b2cb X-Archives-Hash: 1ce08d01f881106201bb9ca7ff6c36ba commit: d56707b9d3451810562fc1e763d4916ab02dd54e Author: Mike Frysinger chromium org> AuthorDate: Fri Jun 16 04:31:13 2017 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 17 18:41:28 2018 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=d56707b9 ebuild: allow RESTRICT=network-sandbox in ebuilds Some ebuilds are a bit hard to fix their use of the network in src phases, so allow them to disable things. This allows us to turn off access by default and for the vast majority while we work out how to fix the few broken packages. URL: https://crbug.com/731905 man/ebuild.5 | 4 ++++ pym/portage/package/ebuild/doebuild.py | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/man/ebuild.5 b/man/ebuild.5 index 270e47fe8..71e754d48 100644 --- a/man/ebuild.5 +++ b/man/ebuild.5 @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit. .I mirror files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR. .TP +.I network\-sandbox +Disables the network namespace for specific packages. +Should not be used in the main Gentoo tree. +.TP .I preserve\-libs Disables preserve\-libs for specific packages. Note than when a package is merged, RESTRICT=preserve\-libs applies if either the new instance or the diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 0be148fd4..f75f11a1a 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs): kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \ phase in _ipc_phases kwargs['networked'] = 'network-sandbox' not in settings.features or \ - phase in _networked_phases + phase in _networked_phases or \ + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split() if phase == 'depend': kwargs['droppriv'] = 'userpriv' in settings.features