On Mon, Jan 09, 2017 at 03:47:42PM +0100, Kamil Cholewi??ski wrote: > On Mon, 09 Jan 2017, Stuart Henderson <[email protected]> wrote: > > Performance won't be ideal though, there's no pipelining or session > > resumption - it needs to do a full TLS negotiation for each package > > fetched (note that pkg_add -u fetches at least the start of the tgz > > for *every* package which you have installed on the system). > > Perhaps an index/manifest file, like apt does? > http://cdn.debian.net/debian/dists/stable/main/
No way. Keeping this synchronized is a major pain. I've tried in the past using http 1.1 within pkg_add itself (using Byte-Range to avoid grabbing full files), didn't work very well, because the webservers were semi-randomly hanging, leading to things taking majorly more time actually. As far as session resumption, if you can get ftp(1) to keep credentials around, why not ? Another possibility would be to have "anonymous" limited ssh connections. pkg_add works like a charm thru ssh, talking to an ad-hoc server. If some enterprising soul can rewrite the server-side code (see /usr/src/sbin/pkg_add/OpenBSD/PackageRepository/SCP.pm) so that it can be used "securely" (e.g., not have to trust the user) that might be somewhat simpler (though that means more services on the server).
