Re: How to share the apt cache

On Thu, 2006-06-15 at 10:02 -0300, Jorge Peixoto de Morais Neto wrote:
Hi. We use Debian on a number of machines, and, to avoid downloading
the same packages multiple times, we download debian cd images (which
are kept updated with jigdo) to a server and set sources.list to point
(only) to this images.

But this has obvious problems.
What is the "correct" way to share the apt cache? I think we should
keep /var/cache/apt/archives in the server and mount it with nfs in
the other computers. But I'm not shure this is the "correct" way; I
don't know enough about the behaviour of apt to be sure that this
won't bring an obscure problem. What should I do?

I do exactly that to keep my 2 Debian systems up to date. this approach
is not the only one, there are a few proxy servers dedicated to apt
repositories: apt-cacher/apt-proxy/approx. a brief comparison:

nfs shared:
+ much more economic on diskspace usage
+ simple to set up, no need to change sources.list
- small security issue: all clients with unique packages need r/w access
to the master apt cache, with root access (no_root_squash). secure apt
may be enough to render a security breach useless though
- for 'apt-get autoclean' to work the way you'd want it to, the machine
on wich it is issued must have a complete sources.list, covering all
repositories used anywhere on the network. don't forget to 'apt-get
update' right before that either... (this problem gets worse when your
network uses more than 1 architecture!)

apt proxies:
+ proven setup, no known security issues
+ no extra hassle for networks containing multiple architectures
+ no 'apt-get clean' oops-moments
- huge combined diskspace usage: every package appears once in the cache
plus once on every machine (though mounting /var/cache/apt/archives in
tmpfs and regularly 'apt-get clean'ing may help)
- all sources.list must be adapted, unless your network router can
redirect http traffic to a transparent proxy

good luck!

--
Joris


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: dist-upgrade and sources.list
    ... > packages, but apt-get will ignore the ones not matching your version. ... etch and one with sid then apt will download four package lists. ... And on dist-upgrade: this is not meant just to upgrade to a new ...
    (Debian-User)
  • Re: Problem installing packages with apt-get, aptitude and dselect
    ... My problem occurs with apt-get, aptitude, dselect, synaptic or any other ... I can manually download packages and successfully install/upgrade them ... found it to work successfully because it uses dpkg directly and not apt. ...
    (Debian-User)
  • Re: [SLE] apt: unsigned/unknown signature packages
    ... I'm afraid it is not because of unsigned packages. ... I think it may be apt-get. ... some of the packages apt said were unsigned/unknown and no problems at all. ... any apt guru telling us what's the matter ...
    (SuSE)
  • Re: APT-GET UPGRADE VS DIST-UPGRADE
    ... dselect uses apt too, but it is ... > packages, that's another issue. ... You're right -- I've never used dselect with apt-get. ...
    (Debian-User)
  • Re: just a warning?
    ... since apt will be running the current release of apt regardless of the ... packages from each of the servers listed in /etc/apt/sources.list, ... functional, determines the URLs for those package files, downloads ... lists the following for version 0.6.43.3: ...
    (Ubuntu)