commit: d56707b9d3451810562fc1e763d4916ab02dd54e Author: Mike Frysinger <vapier <AT> chromium <DOT> org> AuthorDate: Fri Jun 16 04:31:13 2017 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Wed Jan 17 18:41:28 2018 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=d56707b9
ebuild: allow RESTRICT=network-sandbox in ebuilds Some ebuilds are a bit hard to fix their use of the network in src phases, so allow them to disable things. This allows us to turn off access by default and for the vast majority while we work out how to fix the few broken packages. URL: https://crbug.com/731905 man/ebuild.5 | 4 ++++ pym/portage/package/ebuild/doebuild.py | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/man/ebuild.5 b/man/ebuild.5 index 270e47fe8..71e754d48 100644 --- a/man/ebuild.5 +++ b/man/ebuild.5 @@ -689,6 +689,10 @@ binaries that are not compatible with debugedit. .I mirror files in \fBSRC_URI\fR will not be downloaded from the \fBGENTOO_MIRRORS\fR. .TP +.I network\-sandbox +Disables the network namespace for specific packages. +Should not be used in the main Gentoo tree. +.TP .I preserve\-libs Disables preserve\-libs for specific packages. Note than when a package is merged, RESTRICT=preserve\-libs applies if either the new instance or the diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 0be148fd4..f75f11a1a 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -148,7 +148,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs): kwargs['ipc'] = 'ipc-sandbox' not in settings.features or \ phase in _ipc_phases kwargs['networked'] = 'network-sandbox' not in settings.features or \ - phase in _networked_phases + phase in _networked_phases or \ + 'network-sandbox' in settings['PORTAGE_RESTRICT'].split() if phase == 'depend': kwargs['droppriv'] = 'userpriv' in settings.features
