1 |
--- Daniel da Veiga <danieldaveiga@×××××.com> wrote: |
2 |
> On Jan 8, 2008 7:13 PM, BRM <bm_witness@×××××.com> wrote: |
3 |
> > --- Per-Erik Westerberg <per-erik.westerberg@××××××××.net> wrote: |
4 |
> > > tor 2008-01-03 klockan 13:16 -0800 skrev BRM: |
5 |
> > > > I have a couple Sparc systems. One has been running Gentoo for |
6 |
> a |
7 |
> > > long |
8 |
> > > > time - installed using Gentoo 2006, not updated since due to |
9 |
> the |
10 |
> > > issue |
11 |
> > > > I'm about the discuss - and the other is a near identical |
12 |
> system |
13 |
> > > that |
14 |
> > > > might get Gentoo 2007 installed. Both are on two separate |
15 |
> networks |
16 |
> > > and |
17 |
> > > > have no communication between them. |
18 |
> > > > |
19 |
> > > > The first system does have some Internet access through a |
20 |
> firewall, |
21 |
> > > but |
22 |
> > > > it doesn't really work, at least for this purpose; so it's just |
23 |
> as |
24 |
> > > good |
25 |
> > > > as not having any access at all for this purpose. |
26 |
> > <snip> |
27 |
> > > > In either case, I can't update portage using the normal method |
28 |
> of |
29 |
> > > > 'emerge --sync'. So, I'm trying to figure out a solution that |
30 |
> would |
31 |
> > > > enable me to update the systems. Under Slackware, I'd just |
32 |
> point |
33 |
> > > > pkgtool to the CD media and install from that, just like during |
34 |
> > > > installation. Is there a similar approach for Gentoo? How do I |
35 |
> > > overcome |
36 |
> > > > the source mirror issue too so that the systems don't try to |
37 |
> > > download |
38 |
> > > > stuff from the web? |
39 |
> > > > |
40 |
> > > Have you tried to use a proxy (adjust accordingly)? |
41 |
> > > export http_proxy=http://proxy.company.com:8080 |
42 |
> > > export ftp_proxy=http://proxy.company.com:8080 |
43 |
> > > export RSYNC_PROXY=proxy.company.com:8080 |
44 |
> > |
45 |
> > Yes, I tried using the proxy on the one system. (The other system |
46 |
> won't |
47 |
> > even have that as an option.) The problem came there that the proxy |
48 |
> is |
49 |
> > an authenticated proxy, primarily designed to work with Windows. It |
50 |
> > works fine from Firefox/Netscape in X Windows, but causes problems |
51 |
> for |
52 |
> > command-line tools and console browsers. So, in addition to my |
53 |
> trying |
54 |
> > to find a solution where a proxy is not an option, it is, for all |
55 |
> > intents and purposes, a non-option any way. |
56 |
> > |
57 |
> If you really don't wanna use the network, you can easily transfer a |
58 |
> tarball and rsync locally (gentoo forums have little nifty scripts |
59 |
> for |
60 |
> syncing locally and emerging metadata). The foruns also have lots of |
61 |
> scripts designed to create a list of needed distfiles and download |
62 |
> them at another machine, you can transfer this and update. With a |
63 |
> little set of scripts you can automate the whole process using the |
64 |
> network, or require minor user intervention to transfer the list and |
65 |
> later the files to and from a networkless machine. |
66 |
|
67 |
Any that you recommend? This sounds like what I want. |
68 |
|
69 |
> > Additionally, because it is an authenticated proxy, it is not an |
70 |
> ideal |
71 |
> > solution as it would leave the username/password for a user in |
72 |
> plain |
73 |
> > site of all users on the system as the info would be either in the |
74 |
> > environment variables and/or the command-line options of a program. |
75 |
> So, |
76 |
> > from a security stand-point, it's not an option either since it |
77 |
> > sometimes takes a day or so to perform updates. |
78 |
> There's no problem in using an authenticated proxy for |
79 |
> emerge-webrsync, as you can keep a script in a directory with |
80 |
> restricted permissions, only root would be able to see it anyway, and |
81 |
> you can use this machine as an rsync and distfiles mirror for any |
82 |
> other in the network, crontab would work as well, as only the user |
83 |
> who |
84 |
> creates it can see it (if you set it). You can even set a special |
85 |
> username/password at your proxy that can only access rsync port and |
86 |
> mirrors for distfiles for increased security. |
87 |
> |
88 |
> OK, those are some of MANY options available. Gentoo is very |
89 |
> flexible, |
90 |
> even in a controlled environment. |
91 |
|
92 |
True - gentoo is very flexible, and its emerging management is why I |
93 |
chose it for the first system behind the proxy. When I had originally |
94 |
set up the system, the proxies weren't authenticated and things worked. |
95 |
Unfortunately, I don't have any control of the proxies and the only |
96 |
thing I can do is use my own username and password - thus putting some |
97 |
personal liability on the line as the company would hold me |
98 |
responsible. I am aware I can do a restricted script - but I still end |
99 |
up with the problem (which is documented) that someone could possibly |
100 |
sniff the environment of the script and get the username/password, or |
101 |
sniff the program names - as listed by 'ps' and other sources (e.g. the |
102 |
kernel) - and get it there too, depending on how ftp/wget/etc. are |
103 |
called. |
104 |
|
105 |
Unfortunately, the system behind the proxy may have other issues. |
106 |
Apparently some of the primary software for the system (Apache, |
107 |
Subversion, Trac) didn't ever get emerged. I know I can list it as |
108 |
already provided, but that would cause a problem with updating that |
109 |
software via emerging, no? (Which is what I really want!) So, the |
110 |
system may need a complete rebuild to do it right, and I'm not sure how |
111 |
I would be able to do that at the moment for a number of reasons beyond |
112 |
the scope of my problem here. So that system will likely sit as it is |
113 |
for a long time to come... |
114 |
|
115 |
Any how...I still have another system that has not yet been setup that |
116 |
I need to figure this out for - and that one won't likely have Internet |
117 |
access at all, so the proxy issue doesn't matter. |
118 |
|
119 |
Thanks! |
120 |
|
121 |
Ben |
122 |
-- |
123 |
gentoo-user@l.g.o mailing list |