Date: Mon, 24 Jan 2022 14:00:21 +0100 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Vincent Hoffman-Kazlauskas <vince@unsane.co.uk> Cc: ports@freebsd.org Subject: Re: [HEADSUP] Deprecation of the ftp support in pkg Message-ID: <20220124130021.pb4xkqudtfdpuv76@aniel.nours.eu> In-Reply-To: <77575554-ac59-746c-c506-fd33fb4bc206@unsane.co.uk> References: <20220120142519.a5juoe75oppmnyby@aniel.nours.eu> <f1aca07d3cedd30b9a1df6624e950ffb@bsdforge.com> <e10f85c4-ed28-4475-bcbf-d4e572a6b954@FreeBSD.org> <d284c4d5d415fc17d3d7fbed354ddc77@bsdforge.com> <c93d717c-a62e-44ab-b5bf-f109810d65c4@FreeBSD.org> <a517d06c2faeed9883d5da787e4307ed@bsdforge.com> <DEF3FF17-5F38-4E1E-A55C-7E7472826AB9@punkt.de> <c36969e9fdd1772788562a06f4d53189@bsdforge.com> <20220124085941.lklzatk6u7dnqbuj@aniel.nours.eu> <77575554-ac59-746c-c506-fd33fb4bc206@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 24, 2022 at 12:10:11PM +0000, Vincent Hoffman-Kazlauskas wrote:
>
>
> On 24/01/2022 08:59, Baptiste Daroussin wrote:
> > On Mon, Jan 24, 2022 at 12:12:20AM -0800, Chris wrote:
> > > On 2022-01-23 10:19, Patrick M. Hausen wrote:
> > > > Hi all,
> > > >
>
> <snip>
>
> > >
> >
> > based on the discussion I am adding right now, a new protocol: tcp:// which uses
> > the protocol we made on top of ssh way simple than ftp and capsicumized on the
> > server side), but without the requirement for a ssh connection.
> >
> > This will enable people with performance concern but still willing to have data
> > encrypted to use spiped or socat for example as a transport.
> >
> > And for other a simple inetd will work.
> >
> > on inetd.conf
> >
> > pkg stream tcp nowait nobody /usr/local/sbin/pkg -- -o SSH_RESTRICT_DIR=/mypackages ssh
> >
> >
> > and define in /etc/services "pkg" to the port you want pkg to be serving its
> > files to.
> >
> > for the repo on the pkg side:
> >
> > tcp://url:port/mypackages
> >
> > What do you think?
> >
> Not having a preference re: ftp I think this tcp:// option looks very
> useful. As an aside has anyone written up how to setup a repo over ssh? I've
> had a quick google with no luck. I'm sure its not too tricky and an hour or
> so I could work it out but if anyone has already done it that would be
> great.
>
> Thanks,
> Vince
on the client side one need a to be allow to ssh to the server, for the given
user (it exists technics to allow anonssh, like it is done for git on the
freebsd infrastructure if needed).
on the server side one need pkg to be installed (reminder pkg works on linux and
osx if needed so the server does not need to be a freebsd server)
in the pkg.conf of the server side I do recommand setting SSH_RESTRICT_DIR to a
path "upper" from the path of the packages.
Let say the packages are in /usr/local/freebsd/packages/<ABI>
one can set SSH_RESTRICT_DIR to /usr/local/packages
on the client side:
myrepo: {
url: ssh://user@host/${ABI}
}
that is all.
the doc part of the url represent the path under this SSH_RESTRICT_DIR (relative
to).
Note that pkg will open that directory if on freebsd can use capcisum to get
restricted to it.
Under linux and osx, it will make sure via path comparison to never escape it.
Now with the new tcp:// which I just committed it is exactly the same except
that one does not need to setup ssh.
Best regards,
Bapt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220124130021.pb4xkqudtfdpuv76>