From b62279a911eabaa7f2b5223f3736d90004ab7f74 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sat, 21 May 2016 20:30:18 +0900 Subject: disable Sbuild.blockNetwork Doesn't seem to have the desired effect at present. --- src/Propellor/Property/Sbuild.hs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'src/Propellor/Property/Sbuild.hs') diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index ecf33712..5c592238 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -13,7 +13,6 @@ Suggested usage in @config.hs@: > & Sbuild.updatedFor (System (Debian Unstable) "i386") `period` Weekly 1 > & Sbuild.usableBy (User "spwhitton") > & Sbuild.shareAptCache -> & Sbuild.blockNetwork > & Schroot.overlaysInTmpfs In @~/.sbuildrc@: @@ -50,7 +49,7 @@ module Propellor.Property.Sbuild ( updated, updatedFor, -- * Global sbuild configuration - blockNetwork, + -- blockNetwork, installed, keypairGenerated, shareAptCache, @@ -257,16 +256,17 @@ ccachePrepared = propertyList "sbuild group ccache configured" $ props & File.mode "/var/cache/ccache-sbuild/sbuild-setup" (combineModes (readModes ++ executeModes)) --- | Block network access during builds --- --- This is a hack from until #802850 and --- #802849 are resolved. -blockNetwork :: Property Linux -blockNetwork = Firewall.rule Firewall.OUTPUT Firewall.Filter Firewall.DROP - (Firewall.GroupOwner (Group "sbuild") - <> Firewall.NotDestination - [Firewall.IPWithNumMask (IPv4 "127.0.0.1") 8]) - `requires` installed -- sbuild group must exist +-- This doesn't seem to work with the current version of sbuild +-- -- | Block network access during builds +-- -- +-- -- This is a hack from until #802850 and +-- -- #802849 are resolved. +-- blockNetwork :: Property Linux +-- blockNetwork = Firewall.rule Firewall.OUTPUT Firewall.Filter Firewall.DROP +-- (Firewall.GroupOwner (Group "sbuild") +-- <> Firewall.NotDestination +-- [Firewall.IPWithNumMask (IPv4 "127.0.0.1") 8]) +-- `requires` installed -- sbuild group must exist -- ==== utility functions ==== -- cgit v1.2.3