On Thu, 2006-06-15 at 10:02 -0300, Jorge Peixoto de Morais Neto wrote: > Hi. We use Debian on a number of machines, and, to avoid downloading > the same packages multiple times, we download debian cd images (which > are kept updated with jigdo) to a server and set sources.list to point > (only) to this images. > > But this has obvious problems. > What is the "correct" way to share the apt cache? I think we should > keep /var/cache/apt/archives in the server and mount it with nfs in > the other computers. But I'm not shure this is the "correct" way; I > don't know enough about the behaviour of apt to be sure that this > won't bring an obscure problem. What should I do?
I do exactly that to keep my 2 Debian systems up to date. this approach is not the only one, there are a few proxy servers dedicated to apt repositories: apt-cacher/apt-proxy/approx. a brief comparison: nfs shared: + much more economic on diskspace usage + simple to set up, no need to change sources.list - small security issue: all clients with unique packages need r/w access to the master apt cache, with root access (no_root_squash). secure apt may be enough to render a security breach useless though - for 'apt-get autoclean' to work the way you'd want it to, the machine on wich it is issued must have a complete sources.list, covering all repositories used anywhere on the network. don't forget to 'apt-get update' right before that either... (this problem gets worse when your network uses more than 1 architecture!) apt proxies: + proven setup, no known security issues + no extra hassle for networks containing multiple architectures + no 'apt-get clean' oops-moments - huge combined diskspace usage: every package appears once in the cache plus once on every machine (though mounting /var/cache/apt/archives in tmpfs and regularly 'apt-get clean'ing may help) - all sources.list must be adapted, unless your network router can redirect http traffic to a transparent proxy good luck! -- Joris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
