From: "Schmidt, Adriaan" <adriaan.schmidt@siemens.com>
To: "Schild, Henning" <henning.schild@siemens.com>,
Anton Mikanovich <amikan@ilbers.de>
Cc: "isar-users@googlegroups.com" <isar-users@googlegroups.com>
Subject: RE: [PATCH v6 10/21] meta: mark network and sudo tasks
Date: Fri, 16 Dec 2022 15:09:44 +0000 [thread overview]
Message-ID: <AS4PR10MB5318D23A856A7F7DE97C5704EDE69@AS4PR10MB5318.EURPRD10.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <20221216160445.36cfc275@md1za8fc.ad001.siemens.net>
Henning Schild, Freitag, 16. Dezember 2022 16:05:
> Am Fri, 16 Dec 2022 17:52:22 +0300
> schrieb Anton Mikanovich <amikan@ilbers.de>:
>
> > 16.12.2022 17:49, Henning Schild wrote:
> > > Am Tue, 13 Dec 2022 15:52:54 +0300
> > > schrieb Anton Mikanovich <amikan@ilbers.de>:
> > >
> > >> Network access from tasks is now disabled by default. This means
> > >> that tasks accessing the network need to be marked as such with
> > >> the network flag.
> > > Will these tasks really somehow be blocked from the network?
> > >
> > > We do use BB_NO_NETWORK in several places. Especially in
> > > isar_export_proxies we use it to block network with a deadend_proxy.
> > > That might not be needed any longer.
> > >
> > > Any maybe we find a way to automatically call isar_export_proxies
> > > when we set [network] = 1 in any given task. Otherwise we kind of
> > > have two lines marking a task as network user, and it is easy to
> > > forget the proxies since not everyone has to deal with them.
> > >
> > > Henning
> >
> > Untagged tasks will not be blocked, but failed during the build
> > instead. So this will not cover BB_NO_NETWORK use case.
>
> Can you explain what you mean with "failed during the build". If it
> gets killed the moment it tries to network ... that is what i called
> "blocking".
Quoting from an email I sent earlier this year:
- new task flag "[network]", which is needed on tasks requiring network
access. If it is not set, networking is disabled by cloning into a new
namespace. The current bitbake implementation creates a new namespace for
network and user, with the latter breaking use of sudo. p1 would be
the corresponding upstream change in bitbake to make sudo work, as an alternative
to adding "[network] = 1" to all tasks (which I tested, and which also works).
Adriaan
> And for the proxy that this is kind of what we want with this deadend.
> Make sure a task does not access the network when we want to run the
> whole build offline. We make it fail ... we block it.
>
> Henning
>
next prev parent reply other threads:[~2022-12-16 15:09 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-13 12:52 [PATCH v6 00/21] Migrate to Bitbake 2.0 Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 01/21] meta: change deprecated parse calls Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 02/21] scripts/contrib: Add override conversion script Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 03/21] scripts/contrib: configure " Anton Mikanovich
2022-12-16 14:38 ` Henning Schild
2022-12-16 14:49 ` Anton Mikanovich
2022-12-16 15:00 ` Henning Schild
2022-12-13 12:52 ` [PATCH v6 04/21] meta-isar: set default branch names Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 05/21] meta: remove non recommended syntax Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 06/21] bitbake: Update to Bitbake 2.0.5 Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 07/21] doc: require zstd tool Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 08/21] meta: update bitbake variables Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 09/21] bitbake.conf: align hash vars with openembedded Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 10/21] meta: mark network and sudo tasks Anton Mikanovich
2022-12-16 14:49 ` Henning Schild
2022-12-16 14:52 ` Anton Mikanovich
2022-12-16 15:04 ` Henning Schild
2022-12-16 15:09 ` Schmidt, Adriaan [this message]
2022-12-16 15:27 ` Henning Schild
2022-12-13 12:52 ` [PATCH v6 11/21] meta: update overrides syntax Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 12/21] sstate: update bbclass Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 13/21] bitbake.conf: declare default XZ and ZSTD options Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 14/21] Revert "devshell: Use different termination test to avoid warnings" Anton Mikanovich
2022-12-13 12:52 ` [PATCH v6 15/21] meta: align with OE-core libraries update Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 16/21] Revert "Revert "devshell: Use different termination test to avoid warnings"" Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 17/21] CI: Adopt tests to syntax change Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 18/21] isar-sstate: adopt sstate maintenance script Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 19/21] RECIPE-API-CHANGELOG: Add tips after bitbake version update Anton Mikanovich
2022-12-16 15:18 ` Schmidt, Adriaan
2022-12-13 12:53 ` [PATCH v6 20/21] Revert "bitbake: Make 3.6.0 the minimum python version" Anton Mikanovich
2022-12-13 14:23 ` Schmidt, Adriaan
2022-12-16 14:33 ` Henning Schild
2022-12-16 14:45 ` Anton Mikanovich
2022-12-17 3:55 ` Moessbauer, Felix
2022-12-19 7:37 ` Anton Mikanovich
2022-12-13 12:53 ` [PATCH v6 21/21] Revert "utils/ply: Change md5 usages to work on FIPS enabled hosts" Anton Mikanovich
2022-12-16 14:57 ` [PATCH v6 00/21] Migrate to Bitbake 2.0 Henning Schild
2022-12-16 15:19 ` Schmidt, Adriaan
2022-12-23 18:10 ` Anton Mikanovich
2022-12-19 7:44 ` Moessbauer, Felix
2022-12-20 6:16 ` Anton Mikanovich
2022-12-20 19:33 ` Roberto A. Foglietta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AS4PR10MB5318D23A856A7F7DE97C5704EDE69@AS4PR10MB5318.EURPRD10.PROD.OUTLOOK.COM \
--to=adriaan.schmidt@siemens.com \
--cc=amikan@ilbers.de \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox