From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: Re: Support rsync to help Chinese users to setup mirrors Date: Thu, 08 Aug 2019 23:35:53 +0200 Message-ID: <87imr7wdae.fsf@elephly.net> References: <87y30d2lxi.fsf@debian> <87zhktrmm6.fsf@elephly.net> <871ry4t3ya.fsf@debian> <87lfw5h4fu.fsf@debian> <87muglxvvv.fsf@elephly.net> <87h86sngnh.fsf@debian> <87tvarx4w0.fsf@elephly.net> <87k1bn8p0f.fsf@debian> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:41464) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvq4s-0001QK-OC for guix-devel@gnu.org; Thu, 08 Aug 2019 17:36:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvq4r-00063m-7A for guix-devel@gnu.org; Thu, 08 Aug 2019 17:36:06 -0400 In-reply-to: <87k1bn8p0f.fsf@debian> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Nala Ginrut Cc: guix-devel@gnu.org Hi, > There is the national firewall in China, so common users have difficult > to download Guix packages in a fair speed. This may hardly understand by > people outside China, but that is the fact. I=E2=80=99m aware. I lived with the firewall for ~7 years and would like to make sure that people who are subjected to the firewall can use Guix without being restricted. > We hope there's a way like rsync to sync /gnu/store with upstream, so > that we can provide a faster cache for Chinese users. I think it may be best to just sync the cache of nars and narinfos. Would rsync over SSH be sufficient or does it have to be rsyncd on the default rsync port? (SSH will be easier for me because then I don=E2=80=99t need to apply for another port to be opened at the institute firewall.) I=E2=80=99ve also been looking into our options for restricting rsync acces= s via chroot or namespaces. Looks like the easiest way to do this is to have an rsync user account that is restricted to a chroot with access to the nar cache. -- Ricardo