From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 200BE138A1A for ; Sun, 25 Jan 2015 14:01:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5EE5BE0904; Sun, 25 Jan 2015 14:01:37 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A7435E0904 for ; Sun, 25 Jan 2015 14:01:36 +0000 (UTC) Received: from pomiot.lan (mgorny-1-pt.tunnel.tserv28.waw1.ipv6.he.net [IPv6:2001:470:70:353::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id D5A693406C3; Sun, 25 Jan 2015 14:01:34 +0000 (UTC) Date: Sun, 25 Jan 2015 15:01:29 +0100 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] [PATCH] Support escaping network-sandbox through SOCKSv5 proxy Message-ID: <20150125150129.4af7868a@pomiot.lan> In-Reply-To: <1422185394-6403-1-git-send-email-mgorny@gentoo.org> References: <1422185394-6403-1-git-send-email-mgorny@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/63uYksDPZ2motS=5bHYc6vy"; protocol="application/pgp-signature" X-Archives-Salt: 388a228f-bee2-4d4b-8309-2e0c4d6204f1 X-Archives-Hash: 617fc159388ffcbf03bc660503a7f754 --Sig_/63uYksDPZ2motS=5bHYc6vy Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dnia 2015-01-25, o godz. 12:29:54 Micha=C5=82 G=C3=B3rny napisa=C5=82(a): > Add a minimal SOCKSv5-over-UNIX-socket proxy to Portage, and start it > whenever ebuilds are started with network-sandbox enabled. Pass the > socket address in PORTAGE_SOCKS5_PROXY and DISTCC_SOCKS_PROXY variables. > The proxy can be used to escape the network sandbox whenever network > access is really desired, e.g. in distcc. >=20 > The proxy currently supports IPv4 only, and does not report bound > address (reports 0.0.0.0:0). No authentication is supported (UNIX > sockets provide a security layer). Resubmitted with a number of fixes as: [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/63uYksDPZ2motS=5bHYc6vy Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJUxPc5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZO5DYP/2FV/KAC/puxGVOdzj98RSWG Q0rmX1BpgwwyR6VOZYZ4JLes+/UaGvdD5IFvWlNCUJM1fuMfnFK9Srodv6SZQDn1 6hHQ6qoMCxdZ0kazqJnrQOFCn/+07rkNKDj4AWVg+85jxVdp73+xl3nc24Npqjdd vlPeGnJ0C/D1lhzOh2vu/sI84jVHG+jeG7+ki6lLjYSHK6AGp5Rj+pLP/7VuGEMd jgQNFdx40Txkk6l9WkZnUde40Kg6tJ7bkVPJJLrfl6Pam7mwKTnBQzT7gCrtZiUk d8nWHmqUi8fsIQJVblgQ6UbzaNKdetAie71cRu50F+YAuMcVmD7TwuUrxfKZcVZk n3tbssr/bfxVuOSYTUusOJUulmT0VUbHNIziNh1TSUWOVN7lJ2mp+RHi2KeoJ27b jhz0n428t+bWfHnPWvUDZSEirZFigoZhH6enzqYUJyEsgIhfG1Nvlaxce62+bdLG W07gJNTtFfvaMQCma41sUJRn6ZYDab4kDyreMSzmm7dqsHOeLjmB9iTRndUw+g5l uf794ydRamMOMbXcU8/E8240rTxuzOgElsdWir3V2fQ3Q/G7GZfYDVLsnUbbk28B aoO/Eg4tPqw+/0LG0iPCDdvsGALT8PNZwD8G1kOzWltsAJcfecqR8nXyZzSdUy0D Nk+YvGzJnmMHgQgLzzu/ =Vaei -----END PGP SIGNATURE----- --Sig_/63uYksDPZ2motS=5bHYc6vy--