* [Buildroot] [PATCH 0/2] utils/docker-run network improvements
@ 2023-10-31 10:22 yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 1/2] utils/docker: use host's network setup yann.morin
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: yann.morin @ 2023-10-31 10:22 UTC (permalink / raw)
To: buildroot; +Cc: Yann E . MORIN, Ricardo Martincoski
From: "Yann E. MORIN" <yann.morin@orange.com>
Hello All!
Make our utils/docker-run wrapper easier to use in corporate networks:
- don't create a private, NATed network
- expose the user's proxy variables in the container
Regards,
Yann E. MORIN.
The following changes since commit bc8d214e988b95b125ad2b9409286cbf820370b0
package/python-django: bump version to 4.2.6 (2023-10-22 20:37:13 +0200)
are available as patches in this mail series,
for you to apply patches up to 31538ce771c6cd9f4719a969740b6ff04e3c8e62
utils/docker-run: propagate user's proxy settings (2023-10-31 11:21:03 +0100)
----------------------------------------------------------------
Yann E. MORIN (2):
utils/docker: use host's network setup
utils/docker-run: propagate user's proxy settings
utils/docker-run | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--
____________
.-----------------.--------------------: _ :------------------.
| Yann E. MORIN | Real-Time Embedded | __/ ) | /"\ ASCII RIBBON |
| | Software Designer | _/ - /' | \ / CAMPAIGN |
| +33 638.411.245 '--------------------: (_ `--, | X AGAINST |
| yann.morin (at) orange.com |_=" ,--' | / \ HTML MAIL |
'--------------------------------------:______/_____:------------------'
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/2] utils/docker: use host's network setup
2023-10-31 10:22 [Buildroot] [PATCH 0/2] utils/docker-run network improvements yann.morin
@ 2023-10-31 10:22 ` yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 2/2] utils/docker-run: propagate user's proxy settings yann.morin
2023-11-04 17:44 ` [Buildroot] [PATCH 0/2] utils/docker-run network improvements Thomas Petazzoni via buildroot
2 siblings, 0 replies; 4+ messages in thread
From: yann.morin @ 2023-10-31 10:22 UTC (permalink / raw)
To: buildroot; +Cc: yann.morin, Ricardo Martincoski
From: "Yann E. MORIN" <yann.morin@orange.com>
Our utils/docker-run wrapper is needed to provide a reproducible build
environment: tools, variables, etc... but is not meant for isolation. As
such, we do not care what the network configuration is used.
In some settings (e.g. enterprise networks), it is often the case that a
VPN is in use, especially in those wonderful times of widespread remote
work.
Letting Docker decide on the network setup, will most usually lead to it
creating a private network that is NATed onto the principal network
interface, leading to non-functional network in the container when a VPN
is in use.
As such, always use the host network configuration, and do not let
Docker create a private network for the container.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
---
utils/docker-run | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils/docker-run b/utils/docker-run
index 848e9b3840..464cbf691f 100755
--- a/utils/docker-run
+++ b/utils/docker-run
@@ -21,6 +21,7 @@ declare -a docker_opts=(
--user "$(id -u):$(id -g)"
--workdir "$(pwd)"
--security-opt label=disable
+ --network host
)
declare -a mountpoints=(
--
2.34.1
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] utils/docker-run: propagate user's proxy settings
2023-10-31 10:22 [Buildroot] [PATCH 0/2] utils/docker-run network improvements yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 1/2] utils/docker: use host's network setup yann.morin
@ 2023-10-31 10:22 ` yann.morin
2023-11-04 17:44 ` [Buildroot] [PATCH 0/2] utils/docker-run network improvements Thomas Petazzoni via buildroot
2 siblings, 0 replies; 4+ messages in thread
From: yann.morin @ 2023-10-31 10:22 UTC (permalink / raw)
To: buildroot; +Cc: yann.morin, Ricardo Martincoski
From: "Yann E. MORIN" <yann.morin@orange.com>
When dealing in enterprise-grade networks, it is more often than not the
case that the wider internet is unreachable but through proxies.
There is a usual set of variables that users can set in the environment
to point various tools (curl, git...) to use those proxies.
Propagate those variables inside the container.
Note that there are a few tools (e.g. cvs, svn) that may not recognise
those variables; instead, they require custom setup that is too complex
to handle, so is left as an exercise to interested parties.
Similarly, there exists another type of proxy, socks4 or socks5, that
also requires custom setup that is not trivial to replicate in a
container, so is also left out as an exrcise for interested parties.
In the large majority of cases, those few variables are enough to Make
Things Work™.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
---
utils/docker-run | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/utils/docker-run b/utils/docker-run
index 464cbf691f..79694474c1 100755
--- a/utils/docker-run
+++ b/utils/docker-run
@@ -29,6 +29,26 @@ declare -a mountpoints=(
"$(pwd)"
)
+# curl lists (and recognises and uses) other types of *_proxy variables,
+# but only those make sense for Buildroot:
+for env in all_proxy http_proxy https_proxy ftp_proxy no_proxy; do
+ if [ "${!env}" ]; then
+ docker_opts+=( --env "${env}" )
+ # The lower-case variant takes precedence on the upper-case one
+ # (dixit curl)
+ continue
+ fi
+ # http_proxy is only lower-case (dixit curl)
+ if [ "${env}" = http_proxy ]; then
+ continue
+ fi
+ # All the others also exist in the upper-case variant
+ env="${env^^}"
+ if [ "${!env}" ]; then
+ docker_opts+=( --env "${env}" )
+ fi
+done
+
# Empty GIT_DIR means that we are not in a workdir, *and* git is too old
# to know about worktrees, so we're not in a worktree either. So it means
# we're in the main git working copy, and thus we don't need to mount the
--
2.34.1
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 0/2] utils/docker-run network improvements
2023-10-31 10:22 [Buildroot] [PATCH 0/2] utils/docker-run network improvements yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 1/2] utils/docker: use host's network setup yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 2/2] utils/docker-run: propagate user's proxy settings yann.morin
@ 2023-11-04 17:44 ` Thomas Petazzoni via buildroot
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-11-04 17:44 UTC (permalink / raw)
To: yann.morin; +Cc: Ricardo Martincoski, buildroot
On Tue, 31 Oct 2023 11:22:14 +0100
<yann.morin@orange.com> wrote:
> Yann E. MORIN (2):
> utils/docker: use host's network setup
> utils/docker-run: propagate user's proxy settings
Both applied with minor tweaks to the commit logs. Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-04 17:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-31 10:22 [Buildroot] [PATCH 0/2] utils/docker-run network improvements yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 1/2] utils/docker: use host's network setup yann.morin
2023-10-31 10:22 ` [Buildroot] [PATCH 2/2] utils/docker-run: propagate user's proxy settings yann.morin
2023-11-04 17:44 ` [Buildroot] [PATCH 0/2] utils/docker-run network improvements Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox