Bug#830186: marked as done (sphinx: intersphinx mapping extension causes network access during package builds)

[Debian Bug Tracking System]

Your message dated Thu, 7 Jul 2016 22:55:33 +0300
with message-id <20160707195533.ga12...@mitya57.me>
and subject line Re: Bug#830186: sphinx: intersphinx mapping extension causes 
network access during package builds
has caused the Debian Bug report #830186,
regarding sphinx: intersphinx mapping extension causes network access during 
package builds
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
830186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830186
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: sphinx
Version: 1.4.4-3
Severity: serious
Justification: Policy 4.9
User: la...@debian.org
Usertags: network-access

Hi,

According to Debian Policy 4.9, packages may not attempt network
access during the build. However, the intersphinx mapping extension
causes attempted network access in almost all of Sphinx' reverse
build- dependencies.

(Note that the network access does not cause a FTBFS if internet is
disabled, but it may cause a package to contain different contents
and is thus non-reproducible.)

I've filed this against Sphinx, but I think a fix will require at
least two changes:

 - A patch to Sphinx to disable network access based on some
   flag/environment variable.

 - dh-python (etc.) updated to set this specific flag.

Filed as "serious" given that I could /technically/ file RC bugs
against all of Sphinx's reverse dependencies but this seems less
anti-social…


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- End Message ---

--- Begin Message ---

Hi Chris,

On Thu, Jul 07, 2016 at 09:48:44PM +0200, Chris Lamb wrote:
> Hi Dmitry,
>
> > You say that we can read some flag set by dh-python. However, dh-python
> > (aka pybuild) already sets http{,s}_proxy environment variables which
> > disable network access for Sphinx. So packages using dh-python are already
> > safe.
>
> Ah, nice. I'll go ahead and file bugs against the individual packages :)

Thanks! Do you have a list of such packages? I can try to look at those which
are maintained by DPMT or PAPT.

Closing this bug in the meantime.

--
Dmitry Shachnev

signature.asc
Description: PGP signature

--- End Message ---