On Sat, Jun 03, 2023 at 12:58:17PM +0200, gregor herrmann wrote: > On Fri, 02 Jun 2023 21:40:10 -0700, Steve Langasek wrote: > > > While this is not a build failure, it does mean building the package has a > > dependency on software outside of main, which I believe is a serious policy > > violation. > > The network access during build is a policy violation in itself: > > 4.9 > … > For packages in the main archive, required targets must not > attempt network access, except, via the loopback interface, to > services on the build host that have been started by the build.
For posterity, I tested locally using network namespaces and described here [1]. Specifically: # create a chroot including the build-deps # (maybe there's an easier way?) sudo sbuild-createchroot --no-deb-src --chroot-mode=schroot \ --chroot-prefix=1037064 \ --include=debhelper,default-jdk,junit4,libeclipse-sisu-maven-plugin-java,libmaven-parent-java,libmaven-resolver-transport-http-java,libmaven-shared-utils-java,libmodello-maven-plugin-java,maven-debian-helper \ unstable /data/chroot/1037064-amd64-sbuild http://localhost:3142/debian # create the namespace sudo ip netns add no-net # build sudo ip netns exec no-net sbuild --no-apt-update --no-apt-upgrade \ --no-apt-distupgrade --no-run-lintian --chroot=1037064-amd64-sbuild # clean up /usr/sbin/sbuild-destroychroot 1037064-amd64-sbuild [1] https://wiki.debian.org/sbuild#Disabling_network_access_for_dpkg-buildpackage
