Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5.2
-
None
Description
While building the latest 10.5 git head I noticed that if requires Internet access during the build. If there is no Internet, it will fail with:
-- Using src='http://ftp.pcre.org/pub/pcre/pcre2-10.34.zip'
|
CMake Error at pcre2-stamp/download-pcre2.cmake:159 (message):
|
Each download failed!
|
|
|
error: downloading 'http://ftp.pcre.org/pub/pcre/pcre2-10.34.zip' failed
|
status_code: 6
|
status_string: "Couldn't resolve host name"
|
log:
|
--- LOG BEGIN ---
|
Could not resolve host: ftp.pcre.org
|
Requiring mandatory Internet access for a build is bad practice and universally forbidden across all Linux distributions and all places that care about security and reliability.
All build dependencies should be stated explicitly in the build dependencies, and there should be no need to access the public Internet during the download. If there are any such extra steps, they should be strictly optional. Preferably though there would be no such step at all anywhere.
I could also go into detail to explain how this feature can be used moderately easily to backdoor all MariaDB 10.5 builds and completely compromise the supply chain security, but I assume all involved parties understand this anyway and this feature was just some temporary misjudgment.
