:: [devuan-dev] package mirror server …
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKatolaZ at <-
MKatolaZ at ->
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: devuan-dev
Subject: [devuan-dev] package mirror server -- RFC
This is a small Request For Comments about the rsync mirror setup. As
we discussed, the whole system will be based on two elements:

1) a machine with amprolla3, that merges the upstream repos

2) a rsync server from which mirrors pull the merged repos

Only the rsync mirror needs to be available from the outside. In
particular, it will regularly receive pushes from the amprolla3
machine. In this way, there is a clear separation between the amprolla
machine (which has the distro signing key, and thus is a fragile
component) and the place from which mirrors pull stuff.

The conf I am setting up is as follows:

+ rsync-push from amprolla3: 

    - user: mirror
    - group: mirrors
    - pushing to: /home/mirror/devuan/
    - all the files under /home/mirror/devuan are no more than 0644
    - all the folders under /home/mirror/devuan are no more than 0755


+ rsync-pull config 

  option a) (granular logging and control on single mirrors)
      - each mirror is associated to a user
      - all the mirror users belong to the same group (mirrors)
      - mirror users have access through ssh-key  to a restricted shell (rbash)
      - the restricted shell can execute **only** rsync
      - each mirror user has a symlink to /home/mirror/devuan in their homedir
      - mirror users can only rsync files in the $HOME/devuan dir


  option b) (slightly smoother for management, but we loose some info about access
             and single actions)
      - all the mirrors share the same user belonging to the "mirrors" group
      - the rest as above


======

Unless there are strong opinions to proceed differently, I would
probably start with the option (b) for the moment, and then maybe go
to option (a) if we really end up having *many* mirrors. But I would
be happy to hear any comment on this setup.

HND

KatolaZ 

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]

This message was posted to the following mailing lists:
devuan-dev
Mailing List Info | Nearby Messages		<-Re: [devuan-dev] Status of my action pointsRe: [devuan-dev] package mirror server -- RFC->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)