Hello list,
I've noticed that many aports that do need net access don't specify
options="net" (basically all of Rust packages AFAICS, I think most Go
packages too at least), so rootbld isn't that nice to use as of now. Do
we have a roadmap for switching over the builders or at least CI over
to rootbld?
Regards,
Rasmus
Rasmus,
Does this apply for any package that pulls in resources outside of the
source, or including the source?
I assume since you mentioned rust it's for pulling things like cargo
packages or quicklisp packages during build (like my next browser package
does).
-Will Sinatra
On Sat, Feb 22, 2020, 8:36 AM Rasmus Thomsen <oss@cogitri.dev> wrote:
> Hello list,>> I've noticed that many aports that do need net access don't specify> options="net" (basically all of Rust packages AFAICS, I think most Go> packages too at least), so rootbld isn't that nice to use as of now. Do> we have a roadmap for switching over the builders or at least CI over> to rootbld?>> Regards,>> Rasmus>>
On Sat, 2020-02-22 at 09:09 -0500, Will Sinatra wrote:
> Rasmus,> > Does this apply for any package that pulls in resources outside of> the source, or including the source?> > I assume since you mentioned rust it's for pulling things like cargo> packages or quicklisp packages during build (like my next browser> package does).> > -Will Sinatra> > On Sat, Feb 22, 2020, 8:36 AM Rasmus Thomsen <oss@cogitri.dev> wrote:> > Hello list,> > > > I've noticed that many aports that do need net access don't specify> > options="net" (basically all of Rust packages AFAICS, I think most> > Go> > packages too at least), so rootbld isn't that nice to use as of> > now. Do> > we have a roadmap for switching over the builders or at least CI> > over> > to rootbld?> > > > Regards,> > > > Rasmus> >
Hello Will,
options="net" is only required if your APKBUILD downloads something
from the network, see
https://wiki.alpinelinux.org/wiki/APKBUILD_Reference#options:
net: Allows network access when run in fakeroot.
So e.g. Rust packages which use cargo but don't vendor the source of
the crates they need in their tarball need options="net" since cargo
will attempt to download the missing crates from the network. It's not
required if you copy files from your $srcdir (e.g. .desktop
files/patches).
Regards,
Rasmus
On Sat, Feb 22, 2020 at 01:35:41PM +0000, Rasmus Thomsen wrote:
> Hello list,> > I've noticed that many aports that do need net access don't specify> options="net" (basically all of Rust packages AFAICS, I think most Go> packages too at least), so rootbld isn't that nice to use as of now. Do> we have a roadmap for switching over the builders or at least CI over> to rootbld?
CI itself would not benefit from the concept of a rootbld, because they
already start with a clean image every time.
So the part of a rootbld we want to test is whether build() works
without network (unless option="net" is set).
rootbld uses bubblewrap, which does not run without modification in
containers ("bwrap: capset failed: Operation not permitted"), but I
believe clandmeter managed to get it working in his LXC container.
I'm not sure if we want to go this route with docker containers though
(it means we need to make sure the CI containers get certain
capabilities).
> > Regards,> > Rasmus>