From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nala Ginrut Subject: Re: Support rsync to help Chinese users to setup mirrors Date: Fri, 09 Aug 2019 13:52:51 +0800 Message-ID: <87ef1usx58.fsf@debian> References: <87y30d2lxi.fsf@debian> <87zhktrmm6.fsf@elephly.net> <871ry4t3ya.fsf@debian> <87lfw5h4fu.fsf@debian> <87muglxvvv.fsf@elephly.net> <87h86sngnh.fsf@debian> <87tvarx4w0.fsf@elephly.net> <87k1bn8p0f.fsf@debian> <87imr7wdae.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:37821) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvxpg-0007EX-H9 for guix-devel@gnu.org; Fri, 09 Aug 2019 01:52:57 -0400 In-reply-to: <87imr7wdae.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: guix-devel@gnu.org, Nala Ginrut --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ricardo Wurmus writes: > I=E2=80=99m aware. I lived with the firewall for ~7 years and would like= to > make sure that people who are subjected to the firewall can use Guix > without being restricted. Alas, why does this happen everywhere in this decade... >> We hope there's a way like rsync to sync /gnu/store with upstream, so >> that we can provide a faster cache for Chinese users. > > I think it may be best to just sync the cache of nars and narinfos. Yes it's better to just sync the necessary parts. > Would rsync over SSH be sufficient or does it have to be rsyncd on the > default rsync port? (SSH will be easier for me because then I don=E2=80= =99t > need to apply for another port to be opened at the institute firewall.) I think SSH will be interfered frequently by the firewall, because many people use SSH for anti-circumvention. It's better to use rsyncd. Considering there's verification, so the encryption is unnecessary. > I=E2=80=99ve also been looking into our options for restricting rsync acc= ess via > chroot or namespaces. Looks like the easiest way to do this is to have > an rsync user account that is restricted to a chroot with access to the > nar cache. I think it can be configured as anonymouse read-only authority. And open the necessary directories. Best regards. =2D- GNU Powered it GPL Protected it GOD Blessed it HFG - NalaGinrut Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9TtMVpW15NVgk0MkhGlncoRqAFgFAl1NCjMACgkQhGlncoRq AFhj2w/+LZZBKf/6JkAv7njm78Ag4WaM/0wkJk0+7ChTdP1103ykH9FRwOznDjPZ eRR4bpvi8TIFA1f2EQ1Lx4iAHMwMcesbQ4qjg/cgc5rRZ1r70jWA82bTH1nCjqAf Dski8qCie1DVrOCO5GWGcysP74PjgIdtiTPB5WpB45P4Op0fGqM0vX72iUUuV2rt B8JKn6k3H5y5DZ+Hg7EbEW1PC44sAkt8n7B4fvUb5/0wu5kQ2Ltxtbz9hMOhHaTo qIGqA05fRUj22IKEguI8wM0lT0bvcUyYnqlohpatVPOetRi3IL4U/pe0LcNbaxXg 85dlMe8uq083takE6N8PqYmpXiLVO+FYxvXyK6uhqgzhzydb+DMyDz4+Y57DmKyy BpheUSx/rfa2O15Xn8uMt7UvFld+XYecG2O3AqXlnpvt6ZAZYrJJ45xpc0X8d7Tc TFWDNmE4FvXX/pwaSs0T7TZjMIMgQaO5qzFmKKGJiWd2Gem9fXLeAaIO9EgNox5V +EQPKuL5v0RQrREszzIL6MRb8XBRCBndHIpUtfQaxFBjD0KhNaIaNB9wC5tzxGUu Mh7D+/4qv3VWvqm6LdwoRAIShKpdO7qXR8Bm087Faplp5Q6La6D0kyAp1XSbPBGa UAzxbSS7fgPu64kRkmgk4TOrYNqDShz3JP3mIQIKuuEFRB0TszI= =eqRj -----END PGP SIGNATURE----- --=-=-=--