Ports are not allowed network access during build. This is enforced on the main bulk build machines and for users with PORTS_PRIVSEP=Yes and the default pf.conf "block..user _pbuild" rule, but not everybody has that.
Would it be OK to poison GOPROXY in the environment so that dev's who don't enforce blocking network access also see a failure? It looks like this: go: github.com/BurntSushi/[email protected]: invalid proxy URL scheme (must be https, http, file): ports://should.not_fetch_at_buildtime/ Index: go.port.mk =================================================================== RCS file: /cvs/ports/lang/go/go.port.mk,v retrieving revision 1.23 diff -u -p -r1.23 go.port.mk --- go.port.mk 4 Sep 2019 12:22:03 -0000 1.23 +++ go.port.mk 13 Sep 2019 11:38:34 -0000 @@ -24,6 +24,10 @@ MODGO_WORKSPACE ?= ${WRKDIR}/go MODGO_GOCACHE ?= ${WRKDIR}/go-cache MODGO_GOPATH ?= ${MODGO_WORKSPACE}:${MODGO_PACKAGE_PATH} MAKE_ENV += GOCACHE="${MODGO_GOCACHE}" GOPATH="${MODGO_GOPATH}" +# ports are not allowed to fetch from the network at build time; point +# GOPROXY at an unreachable host so that failures are also visible to +# dev's who don't have PORTS_PRIVSEP and a "deny .. _pbuild" PF rule. +MAKE_ENV += GOPROXY=invalid://ports.should.not.fetch.at.buildtime/ MODGO_CMD ?= ${SETENV} ${MAKE_ENV} go MODGO_BUILD_CMD = ${MODGO_CMD} install ${MODGO_FLAGS} MODGO_TEST_CMD = ${MODGO_CMD} test ${MODGO_FLAGS} ${MODGO_TEST_FLAGS}
