Portage seems to have gained support for RESTRICT=network-sandbox. This is unacceptable for two reasons: 1. By setting network-sandbox, user explicitly prohibits network usage. It is unacceptable for the package manager to silently override that and use network against user's wishes. 2. Network-sandbox is not a problem, it only triggers a problem of using network. By overriding it you don't fix tests or whatever, you only make them pass for you and fail randomly in the future depending on network available, stability and/or changes on remote end. So please remove support for this RESTRICT and remove its usage from your ebuilds.
RESTRICT=network-sandbox was introduced in: https://gitweb.gentoo.org/proj/portage.git/commit/?id=d56707b9d3451810562fc1e763d4916ab02dd54e commit d56707b9d3451810562fc1e763d4916ab02dd54e Author: Mike Frysinger <vapier@chromium.org> AuthorDate: 2017-06-16 04:31:13 +0000 Commit: Mike Frysinger <vapier@gentoo.org> CommitDate: 2018-01-17 18:41:28 +0000 ebuild: allow RESTRICT=network-sandbox in ebuilds Some ebuilds are a bit hard to fix their use of the network in src phases, so allow them to disable things. This allows us to turn off access by default and for the vast majority while we work out how to fix the few broken packages. URL: https://crbug.com/731905 Description in ebuild(5) man page contains: "Should not be used in the main Gentoo tree." If it is disallowed in repository gentoo, maybe repoman should print a warning or an error when it is used?
I think this feature should be kept in portage. The QA team can ban it in the Gentoo repository without removing it from the package manager. > Network-sandbox is not a problem, it only triggers a problem of using network. network-sandbox can also trigger failures for tests that do not actually use the network. See bug 690758 comment 6 for example.
(In reply to Arfrever Frehtes Taifersar Arahesis from comment #1) > Description in ebuild(5) man page contains: > "Should not be used in the main Gentoo tree." Oh, that is good enough for me. > > If it is disallowed in repository gentoo, maybe repoman should print a > warning or an error when it is used? Yeah, that would be nice. I will make pkgcheck warn on it as invalid RESTRICT value when it stops complaining about preserve-libs.
Let's add a new metadata/layout.conf setting to control this.
(In reply to Zac Medico from comment #4) > Let's add a new metadata/layout.conf setting to control this. This doesn't belong in layout.conf. RepoMan was supposed to have its own configuration files, so I suppose they are the place to control it.
(In reply to Michał Górny from comment #5) > (In reply to Zac Medico from comment #4) > > Let's add a new metadata/layout.conf setting to control this. > > This doesn't belong in layout.conf. RepoMan was supposed to have its own > configuration files, so I suppose they are the place to control it. Hmm, actually if this is about having whitelist of restrict values, then it's probably fine.
Will you submit a patch to gentoo-dev adding the new keys to layout.conf or should I do it? We can update PMs from there.
Probably same for properties.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/gentoolkit.git/commit/?id=8eeb4ee67da8ce2143f26f07545e666b3a4ad610 commit 8eeb4ee67da8ce2143f26f07545e666b3a4ad610 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-07-29 00:48:07 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-07-29 00:50:23 +0000 filter_flags: handle default IUSE correctly with reduce_flag Fix comparisons to use the result of reduce_flag. Bug: https://bugs.gentoo.org/690786 Signed-off-by: Zac Medico <zmedico@gentoo.org> pym/gentoolkit/flag.py | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-)
(In reply to Larry the Git Cow from comment #9) That was intended to reference bug 634824.
(In reply to Michał Górny from comment #7) > Will you submit a patch to gentoo-dev adding the new keys to layout.conf or > should I do it? We can update PMs from there. How does this look? I've taken the existing RESTRICT values from repoman/cnf/repository/qa_data.yaml: > properties-whitelist = interactive live > restrict-whitelist = binchecks bindist fetch installsources mirror preserve-libs primaryuri splitdebug strip test userpriv
Probably good. I'd name it 'allowed' instead of 'whitelist' (since the latter makes me think of blacklisting).
Patch to metadata/layout.conf sent for review: https://archives.gentoo.org/gentoo-dev/message/78d57aaa0311bacc054fef350ccb276a
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c92ab3ce076c9fb710c6cdcba71bae224215f20 commit 5c92ab3ce076c9fb710c6cdcba71bae224215f20 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-07-29 06:57:22 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-08-05 20:39:03 +0000 metadata/layout.conf: Allow specific PROPERTIES and RESTRICT values Bug: https://bugs.gentoo.org/690786 Signed-off-by: Zac Medico <zmedico@gentoo.org> metadata/layout.conf | 4 ++++ 1 file changed, 4 insertions(+)
Patch for repoman: https://archives.gentoo.org/gentoo-portage-dev/message/1285ed1bfe73388ed7cf95642da440b0 https://github.com/gentoo/portage/pull/443
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=be21bd79e63282e48d9202d18b89bfd132aa4b2f commit be21bd79e63282e48d9202d18b89bfd132aa4b2f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-08-06 03:38:10 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-08-19 01:48:48 +0000 repoman: support metadata/layout.conf restrict-allowed Bug: https://bugs.gentoo.org/690786 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/repository/config.py | 8 +++++++- repoman/lib/repoman/modules/scan/metadata/restrict.py | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08557524dc6c8eec3a366e43ab2587d2cdd8f133 commit 08557524dc6c8eec3a366e43ab2587d2cdd8f133 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-08-19 04:24:07 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-08-19 05:06:15 +0000 sys-apps/portage: Bump to version 2.3.72 #463952 glsa-check: install in /usr/bin #646090 preserve-libs: get dep graph from EROOT #690484 detect internal collisions for /usr merge #690786 repoman: support metadata/layout.conf restrict-allowed #691776 unpack: Unconditionally die if an unpacker returns an error #691638 Show get/setfattr stderr #692024 econf: Unconditionally die on error in EAPIs 0 to 3 #692262 QA Notice: EXPORT_FUNCTIONS is called before inherit in kernel-2.eclass #692412 emerge IndexError for ambiguous package atom with pypy Bug: https://bugs.gentoo.org/691278 Bug: https://bugs.gentoo.org/463952 Bug: https://bugs.gentoo.org/646090 Bug: https://bugs.gentoo.org/690484 Bug: https://bugs.gentoo.org/690786 Bug: https://bugs.gentoo.org/691776 Bug: https://bugs.gentoo.org/691638 Bug: https://bugs.gentoo.org/692024 Bug: https://bugs.gentoo.org/692262 Bug: https://bugs.gentoo.org/692412 Package-Manager: Portage-2.3.71, Repoman-2.3.17 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-2.3.72.ebuild | 264 +++++++++++++++++++++++++++++++++ 2 files changed, 265 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=453c02fa66c76e776d789cb2edc1768396eb0c6d commit 453c02fa66c76e776d789cb2edc1768396eb0c6d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-08-24 01:57:02 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-08-24 02:10:47 +0000 RepoConfig: add properties-allowed attribute Bug: https://bugs.gentoo.org/690786 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/repository/config.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b90833cb908ee9a64c7293feadb16294ee5adff commit 2b90833cb908ee9a64c7293feadb16294ee5adff Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-11-08 21:58:22 -0800 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-11-08 21:59:23 -0800 app-portage/repoman: Bump to version 2.3.18 #690786 Support metadata/layout.conf restrict-allowed #699514 Detect dosym absolute paths starting with ${D}, ${ED} etc. #699508 Fix unsafe string interpolation. Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-portage/repoman/Manifest | 1 + app-portage/repoman/repoman-2.3.18.ebuild | 63 +++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+)
