From 91942800f96fbac354eba56714814831badfc88e Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 6 Aug 2024 13:38:30 +0000
Subject: [PATCH] make.sh: Entirely disable network access in the build
 environment

Except when in the shell.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/make.sh b/make.sh
index f5dc2a6491..6cd8b53af8 100755
--- a/make.sh
+++ b/make.sh
@@ -514,7 +514,7 @@ entershell() {
 	local PS1="ipfire build chroot (${BUILD_ARCH}) \u:\w\$ "
 
 	# Run an interactive shell
-	execute --chroot --interactive bash -i
+	execute --chroot --interactive --network bash -i
 }
 
 lfsmakecommoncheck() {
@@ -547,6 +547,7 @@ execute() {
 	local command=()
 	local interactive="false"
 	local timer
+	local network="false"
 
 	# Collect environment variables
 	local -A environ=(
@@ -685,6 +686,10 @@ execute() {
 				)
 				;;
 
+			--network)
+				network="true"
+				;;
+
 			--timer=*)
 				timer="${1#--timer=}"
 				;;
@@ -740,6 +745,11 @@ execute() {
 		esac
 	fi
 
+	# Network
+	if [ "${network}" = "false" ]; then
+		unshare+=( "--net" )
+	fi
+
 	local execute=()
 	local env
 
-- 
2.47.3