From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 6 Aug 2024 13:38:30 +0000 (+0000)
Subject: make.sh: Entirely disable network access in the build environment
X-Git-Tag: v2.29-core188~10^2~192
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91942800f96fbac354eba56714814831badfc88e;p=ipfire-2.x.git

make.sh: Entirely disable network access in the build environment

Except when in the shell.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/make.sh b/make.sh
index f5dc2a6491..6cd8b53af8 100755
--- a/make.sh
+++ b/make.sh
@@ -514,7 +514,7 @@ entershell() {
 	local PS1="ipfire build chroot (${BUILD_ARCH}) \u:\w\$ "
 
 	# Run an interactive shell
-	execute --chroot --interactive bash -i
+	execute --chroot --interactive --network bash -i
 }
 
 lfsmakecommoncheck() {
@@ -547,6 +547,7 @@ execute() {
 	local command=()
 	local interactive="false"
 	local timer
+	local network="false"
 
 	# Collect environment variables
 	local -A environ=(
@@ -685,6 +686,10 @@ execute() {
 				)
 				;;
 
+			--network)
+				network="true"
+				;;
+
 			--timer=*)
 				timer="${1#--timer=}"
 				;;
@@ -740,6 +745,11 @@ execute() {
 		esac
 	fi
 
+	# Network
+	if [ "${network}" = "false" ]; then
+		unshare+=( "--net" )
+	fi
+
 	local execute=()
 	local env