diff options
| author | Oliver Smith <osmith@sysmocom.de> | 2023-10-05 18:47:11 +0200 |
|---|---|---|
| committer | Oliver Smith <osmith@sysmocom.de> | 2023-10-06 14:05:51 +0200 |
| commit | 15777116dd4942c47ca7c8f22a4801d2c4a3fb0e (patch) | |
| tree | 94aa2a1198b1b207e6596bd382eb7f654d9f4b4d /scripts/obs | |
| parent | 2e809f463789f4dd444c6fed31c944a72c728766 (diff) | |
obs: build_binpkg: no network during build
Simulate that we don't have network during package builds in gerrit
verifications, like it is the case when the packages will be built by
OBS.
I've also considered using network namespaces via "unshare -n" or
bubblewrap, but it wouldn't be possible to create a loopback device
inside the network namespace inside docker (maybe with --privileged, but
not worth it) and e.g. the osmo-mgw tests rely on lo.
Depends: osmo-epdg I2bb0b5f608cd5d9a24c2a367425c524447bd002c
Change-Id: I00282552e9988d66fdc269c6230f0e1432ace360
Diffstat (limited to 'scripts/obs')
| -rwxr-xr-x | scripts/obs/build_binpkg.py | 3 | ||||
| -rw-r--r-- | scripts/obs/data/build_binpkg.Dockerfile | 2 | ||||
| -rwxr-xr-x | scripts/obs/data/build_deb.sh | 5 | ||||
| -rwxr-xr-x | scripts/obs/data/build_rpm.sh | 4 |
4 files changed, 14 insertions, 0 deletions
diff --git a/scripts/obs/build_binpkg.py b/scripts/obs/build_binpkg.py index f3b4bcf..ae2fe53 100755 --- a/scripts/obs/build_binpkg.py +++ b/scripts/obs/build_binpkg.py @@ -76,6 +76,9 @@ def main(): env["RUN_SHELL_ON_ERROR"] = "1" docker_args += ["-i", "-t"] + # Add capability needed for building without network + docker_args += ["--cap-add=NET_ADMIN"] + script_path = "data/build.sh" if not distro.startswith("debian:") and not distro.startswith("ubuntu:"): diff --git a/scripts/obs/data/build_binpkg.Dockerfile b/scripts/obs/data/build_binpkg.Dockerfile index 4d4b185..55bfe0c 100644 --- a/scripts/obs/data/build_binpkg.Dockerfile +++ b/scripts/obs/data/build_binpkg.Dockerfile @@ -28,6 +28,7 @@ RUN case "$DISTRO" in \ fakeroot \ git \ gnupg2 \ + iproute2 \ && \ apt-get clean \ ;; \ @@ -40,6 +41,7 @@ RUN case "$DISTRO" in \ gcc \ gcc-c++ \ glibc-devel \ + iproute \ libtool \ make \ redhat-rpm-config \ diff --git a/scripts/obs/data/build_deb.sh b/scripts/obs/data/build_deb.sh index 11eb36f..931919d 100755 --- a/scripts/obs/data/build_deb.sh +++ b/scripts/obs/data/build_deb.sh @@ -11,6 +11,11 @@ cd _temp/binpkgs/* $apt_get update $apt_get build-dep . + +if [ -n "$INSIDE_DOCKER" ]; then + ip link set eth0 down +fi + su "$BUILDUSER" -c "dpkg-buildpackage -us -uc -j$JOBS" # Show contents diff --git a/scripts/obs/data/build_rpm.sh b/scripts/obs/data/build_rpm.sh index 63c3638..a73d164 100755 --- a/scripts/obs/data/build_rpm.sh +++ b/scripts/obs/data/build_rpm.sh @@ -26,6 +26,10 @@ dnf makecache --refresh $yum_builddep "/home/$BUILDUSER/rpmbuild/SPECS/$spec" +if [ -n "$INSIDE_DOCKER" ]; then + ip link set eth0 down +fi + su "$BUILDUSER" -c "rpmbuild -bb ~/rpmbuild/SPECS/$spec" # Make built rpms available outside of docker |