From owner-freebsd-current@FreeBSD.ORG Sat Nov 2 08:35:33 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 0027F80C for ; Sat, 2 Nov 2013 08:35:32 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7D69F28EB for ; Sat, 2 Nov 2013 08:35:32 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id rA28ZRSo072619 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 2 Nov 2013 08:35:28 GMT (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk rA28ZRSo072619 Authentication-Results: smtp.infracaninophile.co.uk/rA28ZRSo072619; dkim=none reason="no signature"; dkim-adsp=none (unprotected policy) Message-ID: <5274B947.7030607@FreeBSD.org> Date: Sat, 02 Nov 2013 08:35:19 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Official FreeBSD Binary Packages now available for pkgng References: <5271BC11.1010303@FreeBSD.org> <5272D0DE.4080209@FreeBSD.org> <52745B7F.2080608@vangyzen.net> In-Reply-To: <52745B7F.2080608@vangyzen.net> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5BliR9DC0I0V5IKWLpSKP3m4LjMsSPmNV" X-Virus-Scanned: clamav-milter 0.97.8 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Nov 2013 08:35:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5BliR9DC0I0V5IKWLpSKP3m4LjMsSPmNV Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/11/2013 01:55, Eric van Gyzen wrote: > This kind of proxy configuration is not uncommon. It would be awesome > if this would Just Work. It would remove an impediment to adoption, > which is especially important in the kind of environments that have thi= s > kind of proxy configuration. >=20 > Simply adding the mirrors' A (and AAAA) records to pkg.freebsd.org migh= t > suffice. You seem hung up on the idea that pkg.freebsd.org should resolve to a list of IP addresses. It doesn't and for very good reasons. Admittedly, using eg. 'http://' as the URL scheme for PACKAGESITE URLs was an error -- it contravenes RFC 2616 -- which is why we will be switching to a new 'pkg+http://' (or 'pkg+https://', 'pkg+ftp://', etc.) set of URL schemes with pkg-1.2.x There certainly are all of the necessary A and AAAA records in the DNS for the real servers that host the repositories. If I understand what you're complaining about is that you see behavious like the following: * You download package foo-1.2.3.txz from pkg.freebsd.org * Internally, that gets resolved to an HTTP request to eg. pkg0.isc.freebsd.org * Your web proxy caches this package * On another host, you also want to download foo-1.2.3.txz * This time the SRV record gets resolved to a different mirror, say pkg1.nyi.freebsd.org * Your proxy has no way of knowing that foo-1.2.3.txz from pkg1.nyi is exactly the same file as foo-1.2.3.txz from pkg0.isc so it downloads the whole package all over again. Yes, this is certainly undesirable behaviour. I need to run some tests to determine if this is actually what does happen in practice. If so, I've an idea about how this problem might be addressed, but it will require some changes to the repository configuration. In the mean time, I suggest just choosing which ever of the pkg.freebsd.org repositories is closest to you and using it directly -- e= g. cat < /usr/local/etc/pkg/repos/myrepo.conf pkg0.isc { url: http://pkg0.isc.freebsd.org/${ABI}/latest enabled: yes mirror_type: none } EOF Obviously, substitute which ever one of pkg0.isc.freebsd.org (US West) pkg1.nyi.freebsd.org (US East) pkg0.bme.freebsd.org (Europe) is appropriate. And be prepared to deal with that specific mirror being down or replaced by some other server. > Alternatively, running an HTTP-redirection service on a host named > pkg.freebsd.org would offer as much flexibility as the SRV records, if > not more. However, it would require maintenance of yet another central= > service. This is already supported in pkg when using the HTTP mirror type. This would entail significantly more administrative effort and hardware requirement to maintain and keep consistent in the specific case of pkg.freebsd.org which is exactly why the SRV mirror type was selected. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --5BliR9DC0I0V5IKWLpSKP3m4LjMsSPmNV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSdLlPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATwPEP/jADR4XJauG9PcgzfMwuA0tz Gd0LMKmWfSbJpBtsQKAMS3rSqV6TTqupRPo0+CDvs32EE5sVnz/rBmTwUNt6HNOC i1zRTfHXDizsa/NnLBj4C2OW+9yLtCJ74vnrVITc7m4gyS7w2vwJdYwHcvMqxBgg /jF0TNOUAJ9v9N4mDjkpsyfULT3JB3QrQH1gW2dpBJq694/p+EpsM151uP/Ba+Fs AxYl91Zc44+xBpSsJBqnjro2Wofx0+jqBacMU2I1XUKiXcCMZjtceUEKeWCKK8Oq KOzXhy5UecJ6KsJ18d06HlcIktHvAlGXMR+BnWRDG9TUENJw6avjfAcPEnQSok2d w1UajESP3mMMeCe32lqsTqsGR3CCzm87EsEmIL/tVx6diglz/mJZildX0AOkugKp fuoUkJtQ9tHL2xGtzfFwYtytJ/PZss7dZBGJMXMNeCmuk1W8g2xjtYX3mdCHUrlU 3mF4UPbSXdZC90ERqCd+pf5NgQJY8ydmYboK/2bEAct77hGzj9j8HBpl+5fHYcpL gGrmzyk02e/MfFoEhrirpj/qJ/we1qk9hdrTloJ1Nw33OhSue4jdsrCu2vcI7BMD K03PzvPaUqvPiTu/ifikzbjm4B0iwB43NxE97M7zkApHY1k7kSS1lowcRftLEO6K 6KPwxO16qoCT9uKc4Av7 =sSMM -----END PGP SIGNATURE----- --5BliR9DC0I0V5IKWLpSKP3m4LjMsSPmNV--