Page 6 of 9 « First 45 6 78 Last »
Reply
Thread Tools
misterc's Avatar
misterc is offline misterc
2011-07-25 , 21:48
Posts: 1,625 | Thanked: 998 times | Joined on Aug 2010
#51
Originally Posted by davedickson View Post
Would setting the new server to be on the DMZ be an option?

I did this with my Xbox at one point when I was having trouble with multi-player - and basically assigning a static IP to the Xbox and then assigning that specific IP to be the DMZ server on my router allowed ALL traffic to and from the Xbox without any firewall at all.

Now as far as I, personally, would be concerned this wouldn't be an issue, as there would be a clean install of a Linux distro on the server and the only data would be community related.

However if people (end up) relying on mirrors etc allowing all traffic to the server puts it at risk of being tampered with, which wouldn't affect me personally, but may affect others, if you see what I mean.

I guess my question is, is assigning a community type web/repo server to DMZ secure enough?? In fact is assigning DMZ to any mirror, Debian etc, secure enough?
this would indeed be a DMZ.
and using either a vsftpd or https you can set quite a bit of security even in a DMZ.
and it is not like you allow visitors to do anything but to download stuff.
even apt should be able to live with that.
but as i said, i'm zypper guy, thus can't make any promise regarding apt.
only a rsync script is allowed to update the contend in normal operations, respectively if you host the primary repository, you can do updates from your "private" LAN only, connecting to the SAN.

EDIT: apologies, i neglected that you were replying to farmatito.
the solution i described in my previous posts is indeed a DMZ (the SAN, thus).
Last edited by misterc; 2011-07-25 at 21:55.
 
davedickson is offline davedickson
2011-07-26 , 07:40
Posts: 248 | Thanked: 66 times | Joined on Oct 2009 @ Birmingham
#52
Originally Posted by misterc View Post
this would indeed be a DMZ.
and using either a vsftpd or https you can set quite a bit of security even in a DMZ.
and it is not like you allow visitors to do anything but to download stuff.
even apt should be able to live with that.
but as i said, i'm zypper guy, thus can't make any promise regarding apt.
only a rsync script is allowed to update the contend in normal operations, respectively if you host the primary repository, you can do updates from your "private" LAN only, connecting to the SAN.

EDIT: apologies, i neglected that you were replying to farmatito.
the solution i described in my previous posts is indeed a DMZ (the SAN, thus).
I see, sorry I missed that SAN post.

Ok well if DMZ is fine for the server, then thats makes the private vs public issues go away And also SO much easier to set up!

Ok well I am going to have a go at putting the server together today - I'm just starting out with an old 750GB drive from an external hard-drive - as I am still using the other drives (getting data off them).

Does anyone know, can you sync from one repo (as in sync with the debian armel) as well as syncing with other repos as well as adding you own packages etc

Also what is the best way to handle the new replacement open-source packages for the closed packages? Put them in a different sub catalog rather than in the main repo? If they are together in the same repo then are there conflicts?

For give me if that makes no sense but as I said my knowledge is lacking a bit.
Last edited by davedickson; 2011-07-26 at 07:45.
 
pali is offline pali
2011-07-26 , 09:16
Posts: 2,145 | Thanked: 8,424 times | Joined on May 2010
#53
Originally Posted by farmatito View Post
Ok, will let them untouched for now.
You can change color of line using:
Code:
|- style="background-color:#A0E75A;"
See wiki page
Last edited by pali; 2011-07-26 at 10:33.
 
misterc's Avatar
misterc is offline misterc
2011-07-31 , 21:01
Posts: 1,625 | Thanked: 998 times | Joined on Aug 2010
#54
back
& looks like i'm still able to log in & post a reply

Originally Posted by davedickson View Post
I see, sorry I missed that SAN post.

Ok well if DMZ is fine for the server, then thats makes the private vs public issues go away And also SO much easier to set up!

Ok well I am going to have a go at putting the server together today - I'm just starting out with an old 750GB drive from an external hard-drive - as I am still using the other drives (getting data off them).
great
hope the set up is going okay; not familiar with SAN config myself, thus don't know in how far it is possible to simply replace one HD with another. if the OS is installed on it, obviously you'd have to image it & clone it on the replacement HD.

Does anyone know, can you sync from one repo (as in sync with the debian armel) as well as syncing with other repos as well as adding you own packages etc

Also what is the best way to handle the new replacement open-source packages for the closed packages? Put them in a different sub catalog rather than in the main repo? If they are together in the same repo then are there conflicts?

For give me if that makes no sense but as I said my knowledge is lacking a bit.
important questions, indeed, but of technical nature.
came across a post on the council thread about... "creating and / or managing distributions..." which ends up @ Why MeeGo - Cordia, what's lack in Maemo

there seems to be a number of projects busy with making an open source OS available based on Maemo or MeeGo.

question is: do we want (and do we have the developer skills) to add another one?
only scratched a couple of them, still would like to check out what's being talked about (and what the issues may be) before (possibly) formulating a vision for an open sourced version of Maemo...
 
skykooler is offline skykooler
2011-07-31 , 21:20
Posts: 482 | Thanked: 550 times | Joined on Oct 2010
#55
If this creates a <6 GB repository - would it be possible to download to MyDocs on the N900 and then install all applications locally? Sort of like the apt-on-cd thing.
 
misterc's Avatar
misterc is offline misterc
2011-08-14 , 20:18
Posts: 1,625 | Thanked: 998 times | Joined on Aug 2010
#56
Originally Posted by skykooler View Post
If this creates a <6 GB repository - would it be possible to download to MyDocs on the N900 and then install all applications locally? Sort of like the apt-on-cd thing.
i tried this today.
doesn't work on /home/user/Mydocs because the /etc/fstab entry for it includes a noexec option which means
  • (for sure) the scripts won't run
  • /etc/fstab gets regenerated @ each boot, thus
    • one has to overwrite it after every boot
    • unmount & remount /dev/mmcblk0p1
  • (not sure) dpkg / apt-get / HAM / FAMwork properly from vfat / with noexec

as i have a test N900 with a 8GB mSDHC card, i formated that ext3.

furthermore i modified Pali's download.sh to download_armel.sh
Code:
[...]
	INDEXES="binary-all binary-armel"
[...]
in order to get only the files needed for runtime on the N900

i tested this on the N900 & got 2.2 GB downloaded (in /media/mmc1/src/maemo)

next, i used the sources.list files from HAM with all the repositories i know about for the download.

sources_armel.list
Code:
deb https://downloads.maemo.nokia.com/fremantle/ssu/apps/ ./
deb https://downloads.maemo.nokia.com/fremantle/ssu/mr0/ ./
#deb https://downloads.maemo.nokia.com/fremantle1.2/ovi/ ./
deb http://repository.maemo.org/extras/ fremantle-1.3 free non-free
deb http://repository.maemo.org/extras-devel/ fremantle free non-free
deb http://repository.maemo.org/extras-testing/ fremantle free non-free
deb http://moff.mozilla.com/latest-beta/maemo/multi/ fremantle release
download_armel.sh
Code:
SOURCES="./sources_armel.list"
[...]
	INDEXES="binary-all binary-armel"
[...]
i'm currently doing an update of an earlier download (armel, i386 & sources (freemantle PR1.3 only) with extras, extras-dev and extras-testing for armel. this will be a pretty useless directory structure but it confirmed that the scripts handle other repositories as well.

based on that Debian Repository HOWTO (Obsolete Documentation) i still need to figure out how to
  • structure the directories (possibly by making copies of download.sh in different sub-directories)
  • update sources.list in such a way that one can easily pick between freemantle, extra & (possibly) CSSU when doing a local install (with HAM / FAM)

as alluded above, still need to get the CSSU repositories & see how the download goes.

Pali's scripts run like (swiss) clockwork & so far took everything i threw @ them
  • deleted a package & let the script run again => downloaded only the missing package
  • messing around with sources.list & architectures


@Pali

1st of all, thank you very much for those scripts

2nd would you mind if i upload
  • one or a set of modified download.sh (with corresponding sources.list)
  • a sources.list for local use
?

it is definitely not in a developer spirit but solely for (dumb ) end-users
it may also be a life saver of sort for those ppl who don't have a Linux / GNU machine but only windooooz ; they can still use the scripts on the N900 (with less space requirements) & getting a real local repository... everywhere you go you always take the weather with you, right?
aaaa, repository, of course ¦-)
 
momcilo is offline momcilo
2011-08-15 , 11:21
Posts: 673 | Thanked: 856 times | Joined on Mar 2006
#57
@pali

I am currently mirroring official repositories for N800/N810 using apt-mirror.

Can you tell me if there are any benefits in using your scripts instead?

Thank you.
__________________
http://gpl-violations.org/faq/violation-faq.html
 
pali is offline pali
2011-08-15 , 11:41
Posts: 2,145 | Thanked: 8,424 times | Joined on May 2010
#58
My mirroring solution is small shell script, no big monstrum. Of cource apt-mirror is better for this, but apt-mirror has problem with downloads.maemo.nokia.com (does not support https + auth-no-challenge).

And my package contains scripts which generate list of free, non-free and lang package. This apt-mirror does not support. These scripts was used to generatae wiki page http://wiki.maemo.org/Fremantle_closed_packages

---

If somebody has good looking patch for https support (with auth-no-challenge support) in apt-mirror please sent it to upstream :-)

---

@momcilo:
Is your mirror server public?

@misterc:
You can publish your modified version. No problem. Scripts are licensed under GPL v3. I used scripts only for local dump and for generating wiki page. So all what I needed I have :-) I will not touch my scripts anymore, so if you want, you can create gitorious/garage/launchpad/... project and everyone can working on it.

---

What would be nice: if somebody who has server can mirror repositores. One day Nokia will stop Maemo apt repositories.
 

The Following 3 Users Say Thank You to pali For This Useful Post:
momcilo is offline momcilo
2011-08-15 , 11:58
Posts: 673 | Thanked: 856 times | Joined on Mar 2006
#59
Originally Posted by pali View Post
@momcilo:
Is your mirror server public?
No it is the personal copy as a part of doomsday preparations. I am mirroring armel and sources, i386 follows.
I plan to update it once a week. I am still wating to see what would the future actions of Council on that matter.

I've wrote a script that generates mirror.list from .install downloaded from: http://www.gronmayer.com/it/

Btw: You have checked with the apt-mirror from the latest sources? I will try it as well.
__________________
http://gpl-violations.org/faq/violation-faq.html
 

The Following User Says Thank You to momcilo For This Useful Post:
misterc's Avatar
misterc is offline misterc
2011-08-15 , 12:54
Posts: 1,625 | Thanked: 998 times | Joined on Aug 2010
#60
just wondering;
started the download of all NOKIA and extras repositories about 20 hrs ago
(limited to 5 Mbps, which is the primary limiting factor)
so far, only with extras and extras-dev (only for binary-all and binary-armel) i'm nearly @ 30 GB

are the community repositories going to remain available after 31st of Dec 2012 18:25 (which TZ, btw?) or will they go down as well and need thus to be backed up as well?
 
Reply
Page 6 of 9 « First 45 6 78 Last »

Tags
apt-mirror, closed packages, futureproofing, orphaned, repository dump

« Previous Thread | Next Thread »
Thread Tools

 
Forum Jump


All times are GMT. The time now is 06:40.

Contact Us - Home - Archive - Top