Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build process should not require a network connection #304

Open
adrelanos opened this issue Mar 6, 2024 · 1 comment
Open

build process should not require a network connection #304

adrelanos opened this issue Mar 6, 2024 · 1 comment

Comments

@adrelanos
Copy link 

dpkg-buildpackage -b -d --no-sign

go: downloading golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
go: downloading github.com/arduino/go-paths-helper v1.12.0
go: downloading github.com/pkg/errors v0.9.1

This is probably a blocker for apparmor.d be eligible to be added to packages.debian.org.

Quote https://wiki.debian.org/buildd

no network -- most buildds will have no network access available. Your package build+test process must not attempt to use the network or assume that any network interface is available.

More references:

Ubuntu might inherit the same policy.

Fedora has a similar policy. Quote https://docs.fedoraproject.org/en-US/packaging-guidelines/#_build_time_network_access

Packages in the Fedora buildsystem are built in a mock chroot with no access to the internet. Packages must not depend or or use any network resources that they don’t themselves create (i.e., for tests). In no cases should source code be downloaded from any external sources, only from the lookaside cache and/or the Fedora git repository.

It can be assumed that many other distributions have similar policies.

Embedded code copies are also not permissible in Debian as per:
https://wiki.debian.org/EmbeddedCopies

So what is the right way to package this? I don't know. For Debian, most likely, all build and runtime dependencies would need to be packages and uploaded to packages.debian.org separately. Ideally, apparmor.d would not require any dependencies unavailable from official distribution package repositories.

For Kicksecure, Whonix, the same policies have been inherited.
@roddhjav
Copy link
Owner

roddhjav commented Mar 6, 2024
edited

I am well aware of this. However, there is a (heavily used) golang dependency that is not packaged in Debian (despite being on debian salsa): golang-github-arduino-go-paths-helper

I also need to ensure the go code is built with dh-golang and not manually as it is currently done. PR is welcome...

@adrelanos adrelanos mentioned this issue Mar 7, 2024
Open
@adrelanos adrelanos mentioned this issue Apr 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adrelanos @roddhjav