Quoting Chow Loong Jin (2018-05-03 06:27:01) > On Wed, May 02, 2018 at 11:23:56AM +0200, Thomas Goirand wrote: > > [...] > > Frankly, I don't see the point in writing this kind of software. Sbuild > > works super well with the overlay backend, and already has throw-able > > chroots in tmpfs. Adding docker into this doesn't add any new feature, > > and in some way, is less flexible than the already existing sbuild. > > Something that comes to mind is network isolation, which sbuild still > doesn't seem to have proper support[1] for: > > [1] > https://wiki.debian.org/sbuild#Disabling_network_access_for_dpkg-buildpackage
sbuild cannot have or not have support for network isolation. Network isolation is a feature of the backend and not of sbuild. In this case, the default sbuild backend (schroot) does not have support for it yet. The bug is even linked in the wiki section you quote. If you want network isolation today, just pick one of the other backends that sbuild supports via autopkgtest (the lxc backend probably supports network isolation). If you want network isolation with the schroot backend, then you have to improve schroot and not sbuild. I also think that, if you want a docker builder today, it would be *much* easier to just add a docker backend to an existing package building software like pbuilder or sbuild and thus avoid re-implementing all the "package building" logic and focus on the docker specific things instead. Thanks! cheers, josch
signature.asc
Description: signature
