351
352
critical failure since APT (client) can expect it while checking for
352
353
existence of remote files and change its behaviour accordingly.
355
And finally, there is an optional third field in the `Remap'
356
directives which can contain extra flags to modify downloading
357
behavior in the scope of that particular cache repository. The
358
only supported flag name at the moment is `keyfile'. The meaning
359
of this flag(s) is: if any real download error (status code 400
360
and higher) happens on a file which path ends with the specified
361
string then the target server is blacklisted (considered faulty)
362
immediately and this download (and subsequent ones requested by this
363
client connection) are retried from other servers (see `TargetURLs'
364
description above). For example:
366
Remap-debrep: file:deb_mirror*.gz ; file:backends_debian ;
367
keyfile=Release keyfile=.deb
369
If the first mirror from backends_debian goes wild and returns 404
370
responses for everything then the next candidate will be used.
371
However, while this feature can improve redundancy for certain
372
installations it needs to be used with care! Some file types are
373
allowed to be missing and apt interprets their absence to change its
374
behavior as needed. keyfile= should only match files which have an
375
essential role and which disappearance is undoubtful indication of a
354
378
Chapter 5: Security
355
379
-------------------
882
906
section 4.3.2, `conf/*.hooks' and `/usr/share/doc/apt-cacher-
883
907
ng/examples/*.hooks' files for details.
909
8.11 Listen to only specific interfaces or IP protocols
911
Unless configured explicitely, the server listens to any interface
912
with IPv4 or IPv6 protocol. To disable some of this, use the
913
`BindAddress' option. It should contain a list of IP adresseses
914
associated with particular network interfaces, separated by space.
915
When option is set then the server won't listen to addresses or
916
protocols not included there.
918
To limit to specific IP protocol, the address should only be present
919
in the protocol specific syntax (like 192.0.43.10) will limit the
920
use to the specific protocol.
922
The usual wildcard addresses can also be used to match all
923
interfaces of the specific protocol, like 0.0.0.0 for IPv4.
925
8.12 Use the proxy without storing all data twice
927
There is a general use case where the data storing behavior of APT
928
is not so fortunate. Imagine an old laptop with a slow and small
929
harddisk but a modern network connection (i.e. Cardbus-attached WLAN
930
card). But there is not enough space for APT to store the downloaded
931
packages on the local disk, or not enough to perform the upgrade
934
A plausible workaround in this case are moving contents of
935
/var/cache/apt/archives directory to a mounted NFS share and
936
replacing the original directory with a symlink (or bind-mount to
937
the mentioned share). However, this solution would transfer all data
938
at least three times over network. Another plausible workaround
939
might be the use of curlftpfs which would embedd a remote FTP share
940
which then can be specified as file:// URL in sources.list. However,
941
this solution won't work with a local HTTP proxy like apt-cacher-
942
ng (and httpfs http://sourceforge.net/projects/httpfs/ is not an
943
alternative because it works only with a single file per mount).
945
As real alternative, apt-cacher-ng comes with an own implementation
946
of a http file system called `acngfs'. It makes some assumptions of
947
proxy's behaviour in order to emulate a real directory structure.
948
Directories can be entered but not browsed (i.e. content listing
949
is disallowed because of HTTP protocol limitations). Anyhow, this
950
solution is good enough for APT. When it's checking the contents of
951
the data source located on acngfs share, it reads the file contents
952
of just the files required for the update which makes the apt-
953
cacher-ng server download them on-the-fly.
955
And finally, angfs usage can be optimized for local access. This
956
works best if the proxy daemons runs on the same machine as acngfs
957
and there are hundreds of packages to update while filesystem access
958
costs are negligible. Here the cache directory can be specified in
959
acngfs parameters, and then it gets files directly from the cache if
960
they are completely downloaded and don't have volatile contents.
885
962
Chapter 9: Troubleshooting
886
963
--------------------------