Ricardo Wurmus writes:

> I’m aware.  I lived with the firewall for ~7 years and would like to
> make sure that people who are subjected to the firewall can use Guix
> without being restricted.

Alas, why does this happen everywhere in this decade...

>> We hope there's a way like rsync to sync /gnu/store with upstream, so
>> that we can provide a faster cache for Chinese users.
>
> I think it may be best to just sync the cache of nars and narinfos.

Yes it's better to just sync the necessary parts.

> Would rsync over SSH be sufficient or does it have to be rsyncd on the
> default rsync port?  (SSH will be easier for me because then I don’t
> need to apply for another port to be opened at the institute firewall.)

I think SSH will be interfered frequently by the firewall, because many
people use SSH for anti-circumvention. It's better to use rsyncd.
Considering there's verification, so the encryption is unnecessary.

> I’ve also been looking into our options for restricting rsync access via
> chroot or namespaces.  Looks like the easiest way to do this is to have
> an rsync user account that is restricted to a chroot with access to the
> nar cache.

I think it can be configured as anonymouse read-only authority. And
open the necessary directories.


Best regards.

--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058