osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ci/+/34676?usp=email )

Change subject: obs: build_binpkg: no network during build ......................................................................

obs: build_binpkg: no network during build

Simulate that we don't have network during package builds in gerrit verifications, like it is the case when the packages will be built by OBS.

I've also considered using network namespaces via "unshare -n" or bubblewrap, but it wouldn't be possible to create a loopback device inside the network namespace inside docker (maybe with --privileged, but not worth it) and e.g. the osmo-mgw tests rely on lo.

Depends: osmo-epdg I2bb0b5f608cd5d9a24c2a367425c524447bd002c Change-Id: I00282552e9988d66fdc269c6230f0e1432ace360 --- M scripts/obs/build_binpkg.py M scripts/obs/data/build_binpkg.Dockerfile M scripts/obs/data/build_deb.sh M scripts/obs/data/build_rpm.sh 4 files changed, 33 insertions(+), 0 deletions(-)

Approvals: Jenkins Builder: Verified osmith: Looks good to me, approved pespin: Looks good to me, but someone else must approve fixeria: Looks good to me, but someone else must approve

diff --git a/scripts/obs/build_binpkg.py b/scripts/obs/build_binpkg.py index f3b4bcf..ae2fe53 100755 --- a/scripts/obs/build_binpkg.py +++ b/scripts/obs/build_binpkg.py @@ -76,6 +76,9 @@ env["RUN_SHELL_ON_ERROR"] = "1" docker_args += ["-i", "-t"]

+ # Add capability needed for building without network + docker_args += ["--cap-add=NET_ADMIN"] + script_path = "data/build.sh"

if not distro.startswith("debian:") and not distro.startswith("ubuntu:"): diff --git a/scripts/obs/data/build_binpkg.Dockerfile b/scripts/obs/data/build_binpkg.Dockerfile index 4d4b185..55bfe0c 100644 --- a/scripts/obs/data/build_binpkg.Dockerfile +++ b/scripts/obs/data/build_binpkg.Dockerfile @@ -28,6 +28,7 @@ fakeroot \ git \ gnupg2 \ + iproute2 \ && \ apt-get clean \ ;; \ @@ -40,6 +41,7 @@ gcc \ gcc-c++ \ glibc-devel \ + iproute \ libtool \ make \ redhat-rpm-config \ diff --git a/scripts/obs/data/build_deb.sh b/scripts/obs/data/build_deb.sh index 11eb36f..931919d 100755 --- a/scripts/obs/data/build_deb.sh +++ b/scripts/obs/data/build_deb.sh @@ -11,6 +11,11 @@

$apt_get update $apt_get build-dep . + +if [ -n "$INSIDE_DOCKER" ]; then + ip link set eth0 down +fi + su "$BUILDUSER" -c "dpkg-buildpackage -us -uc -j$JOBS"

# Show contents diff --git a/scripts/obs/data/build_rpm.sh b/scripts/obs/data/build_rpm.sh index 63c3638..a73d164 100755 --- a/scripts/obs/data/build_rpm.sh +++ b/scripts/obs/data/build_rpm.sh @@ -26,6 +26,10 @@

$yum_builddep "/home/$BUILDUSER/rpmbuild/SPECS/$spec"

+if [ -n "$INSIDE_DOCKER" ]; then + ip link set eth0 down +fi + su "$BUILDUSER" -c "rpmbuild -bb ~/rpmbuild/SPECS/$spec"

# Make built rpms available outside of docker