Received: from vps892.directvps.nl (ikke.info [178.21.113.177]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id C32BE782C2F for <~alpine/devel@lists.alpinelinux.org>; Sat, 22 Feb 2020 19:50:19 +0000 (UTC) Received: by vps892.directvps.nl (Postfix, from userid 1008) id 47A8D4400E1; Sat, 22 Feb 2020 20:50:18 +0100 (CET) Date: Sat, 22 Feb 2020 20:50:18 +0100 From: Kevin Daudt To: Rasmus Thomsen Cc: ~alpine/devel@lists.alpinelinux.org Subject: Re: options="net" Message-ID: <20200222195018.GC1247035@alpha> References: <66ae88ace2c6c1a53a940e5ccb2f38980eb1c90a.camel@cogitri.dev> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <66ae88ace2c6c1a53a940e5ccb2f38980eb1c90a.camel@cogitri.dev> On Sat, Feb 22, 2020 at 01:35:41PM +0000, Rasmus Thomsen wrote: > Hello list, > > I've noticed that many aports that do need net access don't specify > options="net" (basically all of Rust packages AFAICS, I think most Go > packages too at least), so rootbld isn't that nice to use as of now. Do > we have a roadmap for switching over the builders or at least CI over > to rootbld? CI itself would not benefit from the concept of a rootbld, because they already start with a clean image every time. So the part of a rootbld we want to test is whether build() works without network (unless option="net" is set). rootbld uses bubblewrap, which does not run without modification in containers ("bwrap: capset failed: Operation not permitted"), but I believe clandmeter managed to get it working in his LXC container. I'm not sure if we want to go this route with docker containers though (it means we need to make sure the CI containers get certain capabilities). > > Regards, > > Rasmus >