From owner-freebsd-questions@freebsd.org Sat Aug 13 13:20:30 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4473CBB8D8B for ; Sat, 13 Aug 2016 13:20:30 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E36741228 for ; Sat, 13 Aug 2016 13:20:29 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x231.google.com with SMTP id i5so23684618wmg.0 for ; Sat, 13 Aug 2016 06:20:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=w3jOj8JOzu1260oIh5HiuReOVKZSdq2LysUGfHJqdQ8=; b=UW4eCC8Xu7eBGwJaKbysSSdB3C4x/svfvPoK2JHAfc0L4U2CN1SmrJtKZlFZX/LwWS e0T8NQz3C3EyTRlmCZnaUa97b+y1dGxyzfkcvuZtsK92O+3b2D/dFe//bxzYqozPZlmb 1oi96yTm0Q3wpKe9HQbTM2nuwdNYXWXbBDdPM/Ue5XB50GAS3lm/Ji5lzl+dOLBBZiVs XaRSAUY3xnDOvTq3itfyuWoTXoQRJmLkYp1S32I0VV8TuoS1ugcrv9GfNpIXAARi2W9b Mte3hCVLgUMRTgRS1vJ5+144uDpm3WX5wN+XxgbJnO915CbirlYFBCXt8Pby/5VZwbNY P1NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w3jOj8JOzu1260oIh5HiuReOVKZSdq2LysUGfHJqdQ8=; b=YrrlL6ierd9RSYdM/1Xnf1b1hIutJSyWDXPFAchurRbGhpy1h31FKJUgVj93ox7MTp 4Ijwg8CPwE3nV3l8tlgqFM9C99UVGCPFavM7zAz/1MOZB3a6aVqHYf5DVBCh2lHuXw/j eBtBHo4Gp0WCy2w0dx9hMfOtmyeZjOaM3VvGdmh05PebLn4XmQVKX8fLfdrptBSBWq2O 3N4L9fIEL+oZSDg2ZQF8CY8I6f+vHWa3rnohBP/5p0tpnbVYbGd/Wgt80kLndvmwjmQd lRcgT3KlbxZYQr9+oLInsTvEdTwFxrcohj2PkkF+nwyYI+iwodmU2LGlo+/IN9sG04h7 mDEA== X-Gm-Message-State: AEkooutnZP6zIawQ6DExVSClWUIDcq1Ik4j2NF5QJCLQQy2OcNCLsZreduxfQI4w4/KmYA== X-Received: by 10.194.114.135 with SMTP id jg7mr20134715wjb.166.1471094427981; Sat, 13 Aug 2016 06:20:27 -0700 (PDT) Received: from gumby.homeunix.com ([81.171.97.93]) by smtp.gmail.com with ESMTPSA id c16sm7202668wme.4.2016.08.13.06.20.26 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Aug 2016 06:20:26 -0700 (PDT) Date: Sat, 13 Aug 2016 14:20:23 +0100 From: RW To: freebsd-questions@freebsd.org Subject: Re: freebsd-update's "Fetching patches" phase? Message-ID: <20160813142023.620de294@gumby.homeunix.com> In-Reply-To: <823dd643595a5be72671fd5d9c7199b0@acheronmedia.com> References: <823dd643595a5be72671fd5d9c7199b0@acheronmedia.com> X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.29; amd64-portbld-freebsd10.3) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Aug 2016 13:20:30 -0000 On Sat, 13 Aug 2016 12:28:43 +0200 Vlad K. wrote: > Hello list, > > what's the freebsd-update "Fetching patches" phase for? That's where the updates are downloaded. > I've set up a central reverse proxy cache for all my servers to speed > things up, See below. > and looking at how it behaves I've noticed that the > "Fetching patches" phase is resulting with 404s for each link > attempted. > > Now, I don't know if this is because it's still not final -RELEASE > version, It might be because of the MITM vulnerability in freebsd-update. > but it does look incredibly inefficient. Upgrading from > -BETA4 to -RC1 queried over 9000 (heh) URLs It is efficient because it's very heavily pipelined. If your proxy doesn't have good support for this it could slow things down when the patch files are first fetched. If you use a proxy each client should be have HTTP_PROXY set to the same thing as this is used the seed the random selection of origin servers. If you intercept the connections it wont cache well.