Ubuntu CI Services

Tests allowed to access network in builds on Jenkins

Bug #1262863 reported by dobey on 2013-12-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu CI Services	New	Undecided	Unassigned

Bug Description

The pbuilder chroots which the are used for testing package builds in PS Jenkins do not block network access to the child processes of dpkg-buildpackage (or debian/rules). This means that the tests can pass and allow branches to be merged, even when they should be blocked. This results in FTFBS issues when the packages are then pushed into the daily-build PPA for testing prior to release into the archive, as Launchpad builders do block network access in sbuild.

Revision history for this message

dobey (dobey) wrote on 2013-12-19:

One possible solution is to use an Apparmor profile to run the package build contained and disallow network access.

Revision history for this message

dobey (dobey) wrote on 2014-01-17:

Another possible solution would be an LD_PRELOAD lib that overrides gethostbyname() and similar calls, which is loaded when running debuild in the pbuilder in jenkins.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.