1 |
On Wed, Oct 21, 2009 at 09:27:15PM +0300, Gokdeniz Karadag wrote: |
2 |
> FYI, that file had been there since I started mirroring gentoo ~1.5 years ago. |
3 |
> There is no read permission, as a result it does not become public, but gives |
4 |
> annoying message at every sync. I just --excluded that file to get rid of the |
5 |
> error message. |
6 |
The file is meant to go out to your mirrors, and give a 403 when anybody |
7 |
tries to access it. darkside (our new mirroradmin) is working on |
8 |
updating the checker scripts to make sure it exists and returns an error |
9 |
on your mirrors. |
10 |
|
11 |
It's got the same permissions that we use for staging content. |
12 |
|
13 |
Specifically |
14 |
1. Place content on mirror, with permissions to distribute TO mirror |
15 |
only. Permissions on files is 0600, dirs 0700, user/group = |
16 |
rsync:root. |
17 |
2. Wait for content to hit mirrors. |
18 |
3. Change permissions to 0644 / 0755. |
19 |
|
20 |
Additionally, you run your rsync fetch as root or rsync, and you serve |
21 |
the files as some unprivileged uid (NOT user=rsync). |
22 |
|
23 |
The OSU mirror that feeds all of your mirrors was supposed to be |
24 |
explicitly configured that you could fetch from it always, but it seems |
25 |
that is broken. |
26 |
|
27 |
-- |
28 |
Robin Hugh Johnson |
29 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
30 |
E-Mail : robbat2@g.o |
31 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |