On Tue, Aug 19, 2008 at 05:39:04PM +0200, Bernhard R. Link wrote: > * Ryan Hass <r...@dakim.com> [080819 01:44]: > > My initial goal is to push updated dists via rsync to a server which > > resides outside the network DMZ. > > Nice. Please note that I also plan to add some native suppot for this > (or generally running reprepro and its database on one computer and > having the pool and/or dists directories on less trusted computers).
Please consider an option to have a _copy_ of the pool/dist directories elsewhere. I would like to have a master repository on a protected host which is rsynced to the web server "outside", so that I have an uncompromised copy to re-sync in case of a compromised web server. > > Ideally, the new post-processing hooks would be called only when all the > > changed components have successfully been processed, the .new files have > > been moved/renamed, > > What do you plan to rsync? Just the dists/$codename directories or also > the pool? i.e. wouldn't an single script to be call once everything is > done perhaps with a list of successfully exported distributions more > sense? (I think it might also possible to give it a list of > added/removed pool files without too much implementation work). I would probably rsync over either the entire reprepro tree or just the dists and pool directories. > Moving the .new files to their final places is the very last step. > Then everthing should be in place and everything is done before > so that every user of the repository that does an hypothetical > atomic apt-get update apt-get install cycle will always see an welformed > repository (unless when hitting exactly the moment when renaming files). > > The only thing happening after that is removing files from pool/ that > are no longer needed due to the new dists files. To keep the rsync copy always consistent, it would probably be a good idea to have the hook called three times: - insert new files into pool - call hook - update dists directory - call hook - delete obsolete files from pool - call hook This could also be handled locally by the hook script, as if a Debian mirror is mirrored: - rsync pool - rsync dists - rsync --delete pool So there is probably no need for elaborate handling inside reprepro. The cause for the hook being needed inside reprepro is that there are packages, such as mini-buildd, that call reprepro themselves, thus precluding a wrapper from being used. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
