Debian Bug report logs - #1068197
debian-installer: accesses the internet during build

Package: src:debian-installer; Maintainer for src:debian-installer is Debian Install System Team <[email protected]>;

Affects: buildd.debian.org

Reported by: Aurelien Jarno <[email protected]>

Date: Mon, 1 Apr 2024 16:57:04 UTC

Severity: serious

Tags: ftbfs

Full log

Message #12 received at [email protected] (full text, mbox, reply):

Received: (at 1068197) by bugs.debian.org; 1 Apr 2024 18:32:44 +0000
From [email protected] Mon Apr 01 18:32:44 2024
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
	(2021-04-09) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-113.2 required=4.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,
	HAS_BUG_NUMBER,PGPSIGNATURE,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,
	USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST autolearn=ham
	autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 81; spammy,
	0. spammytokens:
	hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
	0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
	0.000-+--H*RT:108, 0.000-+--H*RT:311
Return-path: <[email protected]>
Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:41314)
	from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=stravinsky.debian.org,[email protected] (verified)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1rrMSZ-00BkWu-RG
	for [email protected]; Mon, 01 Apr 2024 18:32:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.stravinsky; h=X-Debian-User:In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=svzBAE1x90NRfoaSh4lCRAtxrcByX/OoTZEAYCYbp9Q=; b=Dvd5tqWyNoWedrGrzL0sJCz9rF
	zjXOWpqo8eMCI2ex2WkzOIGIlnL/1qR13FXBCZb2U56ukyxwLPvC/RQy2Yfp8t+XWyWQ6J2VtnL5Y
	TDoJW+dkuiIl2cpGoDsyXgmPdpxC3Oj0nXX3QvyHJIAdyapjROxD6lOsYdYo9SgIdEUuAzoS/MML8
	m40sJJTt9R4LL8+WZ9mg0YyT4pQrZM0qxOGQPO11VOmmE7DEpXhn7Z5tl8fylKj01ye8e+PCIetci
	rhWX85g1YNq4efD2RInXEzB0veyOGWQQc4vXbrK5tN5KrMNKm5FUza3MkIjCkxP0EKEUumpMWif/7
	7Luesuqw==;
Received: from authenticated user
	by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1rrMSX-00An5u-CK; Mon, 01 Apr 2024 18:32:41 +0000
Date: Mon, 1 Apr 2024 20:32:39 +0200
From: Cyril Brulebois <[email protected]>
To: Jonathan Carter <[email protected]>
Cc: [email protected]
Subject: Re: Bug#1068197: debian-installer: accesses the internet during build
Message-ID: <[email protected]>
Organization: Debian
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="w2gilnf4knnpilhk"
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debian-User: kibi

[Message part 1 (text/plain, inline)]
[ Switching from ML to bug. ]

Hi Jonathan,

Jonathan Carter <[email protected]> (2024-04-01):
> On 2024/04/01 18:55, Aurelien Jarno wrote:
> > debian-installer attemps network access during build, although only to
> > the mirrors listed in /etc/apt/sources.list and in a secure way. This is
> > forbidden by Policy 4.9:
> > 
> >    For packages in the main archive, required targets must not attempt
> >    network access, except, via the loopback interface, to services on the
> >    build host that have been started by the build.
> > 
> > In addition this brings constraints to the build daemons infrastructure.
> 
> As far as I know, this doesn't happen until after d-i asked the question "Do
> you want to use a network mirror?" and the user answered "Yes", in which
> case I think that would count as informed consent.

This isn't about d-i runtime, this is about src:debian-installer's
*build* requiring network access, which is a very well known problem
(even though there are no obvious solutions, at least that I'm aware
of), and that's now getting in the way of changes being considered 
regarding the buildd network.


Cheers,
-- 
Cyril Brulebois ([email protected])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 08:13:13 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.