From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7172560304523444224 X-Received: by 2002:a17:906:30c1:b0:7b7:eaa9:c1cb with SMTP id b1-20020a17090630c100b007b7eaa9c1cbmr12844061ejb.745.1671204460110; Fri, 16 Dec 2022 07:27:40 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:907:2131:b0:7ad:9efd:4692 with SMTP id qo17-20020a170907213100b007ad9efd4692ls1806017ejb.4.-pod-prod-gmail; Fri, 16 Dec 2022 07:27:39 -0800 (PST) X-Google-Smtp-Source: AA0mqf4mXzAGzEafNEMbwLoEdGL/y1jZ7Xd4f6wKltCf+z25cLWTSIEAdCA8AvebVsxxI0tnRIvI X-Received: by 2002:a17:907:2985:b0:7c0:f907:89a2 with SMTP id eu5-20020a170907298500b007c0f90789a2mr23465161ejc.61.1671204459073; Fri, 16 Dec 2022 07:27:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1671204459; cv=pass; d=google.com; s=arc-20160816; b=nSS1ENMRcKAwyoOKQKhebJWgrWTJxCDr/VhsH9z7mB2u4K0Hq4LcTiv3jE5EtoipXk i9N8+HYLVyDbnPvKn8Jrz123IuzXCmeEw/NYlOnVNefiIwcLlRVdzETZ3md4K+LUiTNL ARPkfdBsJQt23WItVTy+OAf1aVDQVIt0GvfBKyYpWJSzA37DdElNsIdJOtrBFcB9+elP eYNnyCyEPgntM53w1l8rA0EEAULo/w9g9gg4FV8cfzbJI3zmVoXWkfwkhR0+DV+aH6Z+ 1uxrQKqoKus1SLP3+cn2l3ew2Pw7IZGXACKNVWB9IdVQlwy113aQq0LBaNdq0YGGmtrt UFHw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=YRJBfiRRO+gUi/HSXhdHgk8NczrszyPOsajohi/wVQU=; b=eCKq7oZ4k69Do9dchEa8UJuJSgjUGLLp5c73D3OnttCjfxXrwv2a+gDxJrocHdhkd1 qoNzOKKrWYHAfbyE0aG2ykfPsZL2OVO4ybwp3cJPhgvt0ZjUcMNcN/DJz2ffh8gY/pW5 Gk7+Bl6mRoJdtL0ibCV8hHZjvZlmcNqcfC49/rpvRUQZ16KTw0nAC+y2IGGMkaFsbbeM 0MDugAPRTiH647hBDcMsyRpeFMXteI8nEfz9pS8hMQW/GXF8SNUdDYUphz5XyvuLzD35 kvtq0nxcga0yTdlHgGiu8sSVLtR38NdnRCGeEeNnHK2+fmRRMEjIoXhQ32TTS4N66x1n 6TnA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HUOs0RLa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.14.45 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on2045.outbound.protection.outlook.com. [40.107.14.45]) by gmr-mx.google.com with ESMTPS id hx9-20020a170906846900b007ba8b8a416fsi132532ejc.2.2022.12.16.07.27.38 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Dec 2022 07:27:39 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 40.107.14.45 as permitted sender) client-ip=40.107.14.45; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HUOs0RLa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.14.45 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V3+OdkaZAzFd9Fez+6u3lBOde7K4vnLHc0buNriZAoLxpRXwk6I77VkKqTqyYlRLuIfDTxGm3DkDhDkX941v6s+ENaTQ7RfATu3W0iHXuX3Og/bejipnSQ0lEFpF1lC5kvaC/Gp6AnQb1oDAIjmPG+Bk6jgt6EAQ54tYW+pEsuw6dCbppPsW3HrBVhVY8y2kfmjuWhDLAlHLJdEFsDDXoUs+kTRlwlEPlYrtAkEGZiMci6XaHkHEjVZFw7gh8ZSyBFCw5YKYYQMFaVzbjKINX8eBdlyV7bUIcqKaNmlyXlzcX22exVL2IQiGkMZXbLakVLMKsZqmKm/OhdaC6H+Fng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YRJBfiRRO+gUi/HSXhdHgk8NczrszyPOsajohi/wVQU=; b=k5GGh9UBA1Ge/J2rQY1Nhepdz09nCqcUb6acXRc5VOMqc3CJlUiS84LgiXoTwcCuAOCP6CkV5k468rMl6Oe4oy4dFOEfkF2pUDRCazG9Fp/Z/GPqoA0n441KznUkf1hksHvuZTC+Ps4xTIaPYIHnaSjkz7vkQXqvTXhppsaa0oArUmMc1jvIlXB20DBaMeVQqVs6Copo+QW68xLxx+usi8lEVtHG+jWYYXpLMK9JG1f1gIawgbXha83B008W0wV3dp7qOXZBjaCC6wOPM4sP54LwK5BfvsInfh4CBzB8JfYInab4BThKL71t5pg9EJgG+XLVhMCjLk3PTEqnQ2u9SA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YRJBfiRRO+gUi/HSXhdHgk8NczrszyPOsajohi/wVQU=; b=HUOs0RLaED/CN6TpxfEKV6+hCI8TLF+9BoSbNCBL2apEIfzr6lPxW+yld7Z2ES3c6MrKOiSBFy8Idaq7dSFoFhFs8MSzwyS6y63MufjBihLPh+wRk6V6vQO9lEdZahXdz1JoUzxqBZ46vSJfUSERrl0cYnCNk50RBTL1aJuvUa+mROaqDdSXU/LoufKYP9g1abihMdAvTV/j1RYZd1QPHBNTV3hdat2G3zhZAShrDPAqWY8Qh6KrnVgZYZMpjlTSartj4cg3x1aJPhoWoyQxvoTshwCf9BqeeiOdnE5ZTmnDkI8bCD0qa6rJUIhMvFChTh+J0JiZmfrv8ouW05UTBQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by AS4PR10MB5419.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4bd::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11; Fri, 16 Dec 2022 15:27:37 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79%3]) with mapi id 15.20.5924.012; Fri, 16 Dec 2022 15:27:37 +0000 Date: Fri, 16 Dec 2022 16:27:30 +0100 From: Henning Schild To: "Schmidt, Adriaan (T CED SES-DE)" Cc: Anton Mikanovich , "isar-users@googlegroups.com" Subject: Re: [PATCH v6 10/21] meta: mark network and sudo tasks Message-ID: <20221216162730.5f6e5ae4@md1za8fc.ad001.siemens.net> In-Reply-To: References: <20221213125305.10984-1-amikan@ilbers.de> <20221213125305.10984-11-amikan@ilbers.de> <20221216154901.34c1c2bd@md1za8fc.ad001.siemens.net> <8cac9912-2ba4-b86b-1229-ba5d59412764@ilbers.de> <20221216160445.36cfc275@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH2PR03CA0015.namprd03.prod.outlook.com (2603:10b6:610:59::25) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|AS4PR10MB5419:EE_ X-MS-Office365-Filtering-Correlation-Id: ca9c99d3-c37e-41e9-3b06-08dadf7a100b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NkJ2dj3q+lnPRxg+6Xsi0X5+YhKxUjSpu3T1824Nhn8d9Axisw7WTK3mH8iI5mMeLDnOHJ7f44DYVLkEP5wpmrY1nuiuuUO3JnWiAqau41/rNkg2Di7A6u0R06/iGd4Jlml4P3W37Nejf7umE6fNXA/7mrweOoW0hXe5ZIC8CN9kyZVubaCfwLwFdp6FY8lCOM9o62tVgEgcDb4FSw9xp2EiHohccRwbvTVjmOoDM19zwfx9MI8D5WfCrsVOOeLCWxmNWxvmAtcf8HDxv3hXI9RVEQp/S2DYx0s0zz2HbUEMxpVPVvMc69q0FKE1kWV/yyROrlqoFlGw9Fw8i2ZuzSkx0fApV/3Oo/RgsI3VvkZJ+TYTp4hr81PmjM23B+B3MCdJsmRUuTzshluJ9MdKO6mn/eBiYNJJofuwjshKm+d7hnT3IBdxydOeVl0VB2wij6jDlwLpBnrZWvxxNgayjT6LOxhd4zloGy2FIDja5JbA6hpefSEeFdX/Q1qToFj3Cc4KiUOuVvQveIyxg5Yyv9Pk2zdjj0yrLcCfzURTAN4uPQSW9i3XMyddiWx95tvb1bWz/93PetXkc+qD8JQdE8Pmngu6oTq5B9wV6rg1R6kUgCvYGjocEGeEn58FADwg3943llY8g/rA22uUoYnICQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(136003)(376002)(39860400002)(366004)(396003)(346002)(451199015)(66899015)(83380400001)(8936002)(6862004)(5660300002)(1076003)(38100700002)(66556008)(66476007)(66946007)(316002)(82960400001)(186003)(2906002)(44832011)(6666004)(8676002)(4326008)(6512007)(9686003)(6506007)(86362001)(41300700001)(6636002)(54906003)(6486002)(478600001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lOteR1DnKEVKetFfxFO/K0jaeOvWF6XxusICCNmsjB6w30yIgUf4NYKr6i1a?= =?us-ascii?Q?qRaxjlh89ZdCZUFX7Vztg6/eE5sX7U/DRqE23AQVjcPtmfxQzSEX986iTSDl?= =?us-ascii?Q?YmH911dqq3mv3c1dylQqMmPsAAibosbqOYR9TI3eTzI21chabJwWDTXFd9ox?= =?us-ascii?Q?SZiq4Pae3ndStZu9cKVyPDOn67qVP4gGo6Bu3VMPKBd0guu7A5LopenlEDRM?= =?us-ascii?Q?bujhbSyJ5e3ei/6DwRGHHRDvK3JItXsUjFcBSZ3Uh+XGJ1H6pBhqHFs78SfE?= =?us-ascii?Q?j4TxZKDFLVrdmqNUFwfTXv+x8z/mVjhqQhdAUWv6prKGHenCZ99qEHHQOlhJ?= =?us-ascii?Q?d5+o1CtiMTnd+u20zrKpJW4LiPP2lOFL24/qXtm480eAl+MNdai151v1kiX6?= =?us-ascii?Q?gTNEwagcVQxGKyEPabTcNrTak9N+NwsCdQ53Hufdm9kiN4MT6ixxJGONqSBe?= =?us-ascii?Q?fnBGloet/ZqOSIyEdFloLqgDrDZ+ph34p3wlm2nC/b6z7HxCA7rxdzyFrNcW?= =?us-ascii?Q?5/HMvT+nJpoPAYrbCkxO5IuyymgyQU9nUTVYBKzE6iK2Dgdp3Dw690RR9HYk?= =?us-ascii?Q?mBj2Fb2xv7ufu/bf1nyROEEOWctEJ5oYyIRIH++tfj7G/UlgfnPRSQPgnHy6?= =?us-ascii?Q?NQAyvp875HnkFpvAgfBg3fF0qGiImWOYEHk7kcKiF8RM9u5QX2NR+pHfwcyM?= =?us-ascii?Q?Uf1jbR6QjFrFOWwFqHPvMwvhMJVwG33xuCk+p92uDQktbB2h9bRgluWhSpwa?= =?us-ascii?Q?/6VVIvZCNxdVEtnOf9EsTSThhTJA0Ye38w9ResQB+ytKfFJBTtNLByFVPhqQ?= =?us-ascii?Q?OzzT+0hKyYw2Se2kQnVL9pedWRpzE3oOSKCL4pxLYG8aTXVI186M+WP0VVW4?= =?us-ascii?Q?bhfsu8u2OFmh3V3Uu9je4P2DcFyzorpgxG57DKWIR5kcnqDH+eJEYxFMs6LZ?= =?us-ascii?Q?BuHXvnRHCnSPmju5qI4x9de7qLxIu36rV9hZQjwDD5aY+Qp0ovGk/ML3bzDN?= =?us-ascii?Q?v1CKMBNLCXnLCbYxdnMUJ/Oazsm6s9kiAfC+7nrZB8cf11S8cXea+gOR/Wqk?= =?us-ascii?Q?tlDDZro0VIc4WidkEdIlhJ9jJRnj54k/XxrLDo7DdczH+RcTlJlBLjW8lX6e?= =?us-ascii?Q?HgiBw7tuBVJyNzOcQv2YIDE5iX30iC5FGotxWybn+WC0jh2A6MglOlvBTiHD?= =?us-ascii?Q?7l06/Yhr4uUO6/fZsv5AwIH5+zk1Cpm7hAAM1Nw6G+6HzBWHZVMG62HDjW21?= =?us-ascii?Q?stshXA2wbX91epSLB6RHOBOSjAVeh4KuptuyUA8ln7gb4tiTKgvnYzqCleV6?= =?us-ascii?Q?B4cqt0U9yqHlYBcBlu08t9JvUzZb/C1jHYUoLzkdUtgsAEZFuGLcIR7gNFaS?= =?us-ascii?Q?IIBxxW6vM8pAY9C0GedSfhBMm138eCTkim5gCOqFYYrWC6gX+OUiCkkp+H/g?= =?us-ascii?Q?VFUqd+OvFzJOs4EtVMw5quvHtylygGoK+sOTA0Hie2KbmbCEhii1hmKGSrBX?= =?us-ascii?Q?h10Sn44V5Jut7+a23ODJLe/93KYUy43OqMkhFNJ/WXenDFFnN6n/XiQtTJN3?= =?us-ascii?Q?hh2M9YNzdD0qsDYZOZnFtpxsg6DYuHyDMIzqx5/zNnNybUckFRazyr/OMqpA?= =?us-ascii?Q?DSvG3CJriqINEl+3xC7SA8fZwUKzGl2Qgvo58tVyKhirvLvAGySAUPJr/MpW?= =?us-ascii?Q?uOIiUQ=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca9c99d3-c37e-41e9-3b06-08dadf7a100b X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Dec 2022 15:27:37.7334 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4DZJbSoy749R4hhiA1jDYsAlB8ZDU4ePHIfAPjlqsLOleG1547dnipBLsPmLtU/4WNlpr4BrqUuX9fFBRbiWBop7OIH/J3MXEaAJeSax5+A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5419 X-TUID: W2H9VorV89pO Am Fri, 16 Dec 2022 16:09:44 +0100 schrieb "Schmidt, Adriaan (T CED SES-DE)" : > Henning Schild, Freitag, 16. Dezember 2022 16:05: > > Am Fri, 16 Dec 2022 17:52:22 +0300 > > schrieb Anton Mikanovich : > > > > > 16.12.2022 17:49, Henning Schild wrote: > > > > Am Tue, 13 Dec 2022 15:52:54 +0300 > > > > schrieb Anton Mikanovich : > > > > > > > >> Network access from tasks is now disabled by default. This > > > >> means that tasks accessing the network need to be marked as > > > >> such with the network flag. > > > > Will these tasks really somehow be blocked from the network? > > > > > > > > We do use BB_NO_NETWORK in several places. Especially in > > > > isar_export_proxies we use it to block network with a > > > > deadend_proxy. That might not be needed any longer. > > > > > > > > Any maybe we find a way to automatically call > > > > isar_export_proxies when we set [network] = 1 in any given > > > > task. Otherwise we kind of have two lines marking a task as > > > > network user, and it is easy to forget the proxies since not > > > > everyone has to deal with them. > > > > > > > > Henning > > > > > > Untagged tasks will not be blocked, but failed during the build > > > instead. So this will not cover BB_NO_NETWORK use case. > > > > Can you explain what you mean with "failed during the build". If it > > gets killed the moment it tries to network ... that is what i called > > "blocking". > > Quoting from an email I sent earlier this year: > > - new task flag "[network]", which is needed on tasks requiring > network access. If it is not set, networking is disabled by cloning > into a new namespace. The current bitbake implementation creates a > new namespace for network and user, with the latter breaking use of > sudo. p1 would be the corresponding upstream change in bitbake to > make sudo work, as an alternative to adding "[network] = 1" to all > tasks (which I tested, and which also works). Ouch. The network part is nice, but sudo really is not. Maybe we need I_USE_SUDO = 1 I USE_NETWORK = 1 I_USE_SUDO_AND_NETWORK = 1 and try to set [network] accordingly ... in the end it will always be 1 but we remember why we set it to 1. Henning > Adriaan > > > And for the proxy that this is kind of what we want with this > > deadend. Make sure a task does not access the network when we want > > to run the whole build offline. We make it fail ... we block it. > > > > Henning > > >