#devuan

/

      • guru1323
        -far
      • Vizva has quit
      • DocScrutinizer05
        I'd trust in devuan for servers a year or two before I'd even ponder to try it for desktop
      • after all server is easypeasy compared to the desktop dependency mess
      • guru1323
        i don't feel the same way, i don't know much about the dev team and we have mission critical data on there
      • i can easily wipeout a desktop
      • parazyd
        afaik all our servers run devuan
      • DocScrutinizer05
        I know a bit about the problems immanent in removing systemd, and which impact that has
      • removing systemd and dbus can only make a server more stable ;-D
      • guru1323
        long as the team can keep up with security updates i'm happy
      • DocScrutinizer05
        and the number of packages involved is limited, while for desktop it seems there is no end
      • security updates are original debian, unless a particular update imvolves a package that needed patching to get rid of systemd
      • guru1323
        ah
      • DocScrutinizer05
        at least afaik, please anybody correct me when I'm wrong
      • parazyd
        not only security, but all packages are debian's now unless we have removed systemd or systemd-sysv
      • guru1323
        seems like things will grow a bit more complicated as you fork
      • parazyd
        we have a couple of packages that aren't in devuan though
      • DocScrutinizer05
        [2017-06-10 Sat 22:39:30] * DocScrutinizer05 wonders how security patches to systemd would get hindered to infest devuan
      • [2017-06-10 Sat 22:40:15] <DocScrutinizer05> well, prolly since you don't have systemd, you don't get any security patches to it either ;-)
      • [2017-06-10 Sat 22:40:35] <jaromil> parazyd is almost done with the third rewrite of amprolla (we are testing it already) and after that we'll have an alert mechanism to detect forked packages that need security updates, so we can apply them timely
      • guru1323
        thanks :)
      • parazyd
        guru1323: it's mostly keeping up with the updates, so time-consuming, but not hard work
      • guru1323
        hopefully you have some sound financial backing to keep this thing going
      • DocScrutinizer05
        prolly not (yet)
      • parazyd
        no actual sponsorship from anyone yet
      • guru1323
        =[
      • DocScrutinizer05
        the last few annual financial reports were not like there's funding abundance
      • parazyd
        but there's a concrete userbase i believe. so something will come up if needed
      • DocScrutinizer05: that's right
      • DocScrutinizer05
        FSF should support dyne
      • *ought*
      • but seems RMS doesn't see the problem in systemd cabal
      • parazyd
        neither does torvalds, while they're not trying to push code into the kernel
      • DocScrutinizer05
        Linus is pretty numb as long as it's not about his beloved kernel
      • Humpelstilzchen has quit
      • Humpelstilzchen joined the channel
      • ... but RMS... quite strange how he's not going to rage against RH/Poettering raping his GNU userland
      • about Linus, see:
      • !poettering
      • infobot
        'sth is poettering' means it acts invasive, possessive, destructive, and generally in an egocentric exacerbating negative way. ``this cancer is extremely poettering'', or you look here for Linus' notion on what's poettering: http://lkml.iu.edu/hypermail/linux/kernel/1404...., or http://lkml.iu.edu/hypermail/linux/kernel/1404...., or see ~systemd cabal
      • detha
        <hat type=tinfoil>how much does RH pump into the FSF?</hat>
      • DocScrutinizer05
        good question
      • actually the entity to scrutinize is freedesktop.org
      • detha
        parazyd: do the changes to amprolla affect the nginx rewrites on the repository servers?
      • DocScrutinizer05
        >> It was founded by Havoc Pennington from Red Hat in March 2000. The project's servers are hosted by Portland State University, which in turn are sponsored by HP, Intel and Google<<
      • parazyd
        detha: what changes?
      • Humpelstilzchen has quit
      • detha
        3rd rewrite, etc
      • DocScrutinizer05
      • infobot
        At https://en.wikipedia.org/wiki/Freedesktop.org (URL), Wikipedia explains: "{{Redirect|XDG|the game development division External Development Group|THQ#Divisions{{!}}THQ}} {{primary sources|date=September 2012}} {{lowercase|title=freedesktop.org}} {{Infobox website | name = | logo = Freedesktop-logo.svg | screenshot = | collapsible = | collapsetext = | caption = | url = {{URL|www.freedesktop.org}} | slogan = | commercial = No | type = Software ...
      • parazyd
        detha: i renamed DEBIAN-SECURITY to DEBIAN-SEC, but that's that
      • can easily be reverted
      • nothing else changed i think
      • detha
        parazyd: the reason I am asking is that I have a sort of reverse of those rewrites running here. I have a local debian mirror, but no devuan mirror
      • parazyd
      • detha
        ah. that would need an update here yes, thnks
      • Humpelstilzchen joined the channel
      • parazyd
        detha: keep in mind this version is not in production yet
      • detha
        parazyd: no problem, adding RewriteRule ^/merged/pool/DEBIAN-SEC/(.*)$ http://localmirror/debian/debian-security/pool/$1 [R,L] to the apache conf shouldn't break anything now, and will take over when it goes into production
      • parazyd
        indeed
      • Chanku has quit
      • detha
        on that topic, is there any chance of an rsync-able version of the packages in the near future?
      • Humpelstilzchen has quit
      • DocScrutinizer05
        if, then only for those forked packages that are actually hosted by devuan
      • detha
        Even if it was only the metadata I would be happy. With my setup, apt-get update on a debian VM is fast, on a devuan VM one waits. And waits.
      • aitor joined the channel
      • aitor
        moin
      • DocScrutinizer05
        ooh, you should make sure the debian(!) mirrors devuan amprolla redirects your apt to are "replaced" (etc/hosts? whatever) by your local debian mirror
      • detha: see !amprolla
      • detha
        They are. But to run devuan, one needs the metadata from devuan. And that I can only redirect to WAN
      • DocScrutinizer05
        a local devuan mirror won't help much
      • aitor
        i used some scripts depending on reprepro for a complete repository in the past
      • the downside: reprepro is not compatible with the git source format
      • detha
        DocScrutinizer05: on a 2Mb/s connection, it will.
      • aitor
        often used in devuan, but still not officially aproved in debian
      • detha
        At night, I have plenty bandwidth. In the day, contention brings it down to 2 - 2.5Mb/s
      • aitor
        brb
      • aitor has quit
      • DocScrutinizer05
        detha: there's only the few forked packages plus the metadata that actually come from devuan servers, but the way amprolla works it will pull all the rest from debian mirrors and not from your local debian mirror
      • ooh wait, apt-get update is about metadata only, right?
      • detha
        yup
      • DocScrutinizer05
        so why not run apt-get update instead of a rsync in the low-congestion time?
      • detha
        what I have at the moment is roughly http://paste.debian.net/971951/
      • because the apt-get runs in a newly booted VM, that didn't exist last night yet
      • ipe joined the channel
      • DocScrutinizer05
        hmmm. Transparent buffering proxy then, maybe
      • don't know if varnish or nginx could do that, or if there's another package for that purpose
      • detha
        squid helps a bit, except with the first run on a day
      • zyliwax
        i wonder if plain "apt" has any improvements over "apt-get"
      • i'm personally dubious about how it could have an advantage in this specific area but it'd be what i'd try here
      • detha
        hmm. worth a try, but I suspect it will still need up-to-date metadata
      • Irrwahn joined the channel
      • zyliwax
        fwiw my apt upgrade completes at a very acceptable speed
      • ruenoak joined the channel
      • detha
        upgrade is not the problem - the first update is
      • zyliwax
        i have no benchmark against a debian system but ~22 seconds is fine for my purposes
      • oh yeah i meant to say update there my bad
      • ah just the first update? i was thinking of subsequent updates here -- but you should only need to do the first update once? it's a hurdle sure but not one you have to repeat
      • detha
        I repeat that one often, as in 'Oh, let me try what happens with routing this way, let me create a linux VM, and two BSD VMs'
      • parazyd
        rsync mirrors aren't offered by debian?
      • banshi joined the channel
      • detha
        parazyd: rsync debian.mirror.ac.za::debian/
      • Vizva joined the channel
      • parazyd
        so what's causing issues?
      • detha
        not an issue, more an annoyance
      • fsmithred joined the channel
      • banshi has quit
      • pitchum joined the channel
      • Besnik_b joined the channel
      • zyliwax has quit
      • banshi joined the channel
      • Vizva has quit
      • kelsoo has quit
      • zyliwax joined the channel
      • banshi has quit
      • DocScrutinizer05
        parazyd: download of particularly Packages.gz, if it changed
      • which aiui is what apt-get update does
      • Besnik_b has quit
      • a buffering transparent proxy and a cronjob doing the download (either by apt-get update, or even via wget -O /dev/null) a few minutes after aprolla built those metadata anew, should fix this issue for all local installs and updates
      • no matter on which local system that apt-get update cronjob runs, as long as it connects to internet via the proxy
      • I think subsequent updates are faster since apt-get is smart enough to only download the header and notice the file didn't change from the already downloaded version
      • just like a proxy would do
      • parazyd
        why not just run amprolla yourself?
      • ah forget it, gpg
      • only if you wish to sign your own mirror, but that will only work for public key holders then
      • rrq has quit
      • DocScrutinizer05
        anyway I wonder what takes *that* long, https://packages.devuan.org/merged/dists/jessie... 9044193; https://packages.devuan.org/merged/dists/jessie... 8920485. Even with as "slow" as 2Mbit, this is a matter of max 90s
      • parazyd
        i reckon it does gpg verification and checksumming beforehand
      • DocScrutinizer05
        of course rsync would be smaaaart since it's supposed to only transmit deltas. So does git which uses rsync afaik
      • any checksumming is invariant by internet access bandwidth, so should slow down debian even from local mirror likewise
      • I strongly recommend the transparent buffering proxy approach
      • parazyd
        i think you're also not considering all the hops between you and packages.devuan.org
      • DocScrutinizer05
        those hops only happen once, on DNS resolving
      • parazyd
        i thought the problem is only the first time
      • DocScrutinizer05
        yes
      • since >>[2017-06-18 Sun 11:53:47] <DocScrutinizer05> I think subsequent updates are faster since apt-get is smart enough to only download the header and notice the file didn't change from the already downloaded version<<
      • parazyd shrugs
      • parazyd
        i don't know much about apt's architecture
      • DocScrutinizer05
        I know a lot about apt-get update, from maemo HAM ;-D
      • parazyd
        :)
      • DocScrutinizer05
        the terrible time hog in HAM was internal data tree building etc
      • freemangordon fixed that by some optimizing in maemo HAM's apt-worker-thread, which did a magic speedup of factor 30
      • !speedyham
      • infobot
        speedyham is probably 30 times faster than HAM https://github.com/community-ssu/hildon-applica..., now included in CSSU.
      • parazyd
        yeah ham had a bunch of accessible metadata
      • DocScrutinizer05
        we had fun times in administration when we serviced the repo calls for the weekly HAM update of a 30k devices via a single 100MBit (or less) backbone
      • parazyd
        never tried speedyham, i usually resort to the terminal
      • cioran89_ has quit
      • cioran89_ joined the channel