<div dir="ltr">I switched the debian sync over to their main US site (<a href="http://ftp.us.debian.org">ftp.us.debian.org</a>). Hopefully we don't get the same issues from the US country mirrors. I don't know which is worse, using the round-robin country address, or a specific mirror out of the country list. On the one hand you might get a bad mirror in the list every once and a while. One the other hand, if you pick a single mirror that becomes unreliable, then you have constant problems and you're constantly reconfiguring to swap mirrors.<div><br></div><div>One of the most annoying things to deal with when running an independent mirror is distros that want like 5 levels of mirror tiering and wont give out master access to more than one or two country mirrors. There's virtually no accountability on these country mirrors to provide reliable service, and at the same time any offer of an additional country mirror is generally scoffed at because "the current ones are good enough" even when you're able to provide more space, and more bandwidth. Oh and don't get me started on push mirroring...</div><div><br></div><div>I also resumed syncing of debian-archive and debian-backports, which are also switched to the US country mirrors now. </div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>--</div>Wyatt Zacharias<div><br></div></div></div></div>
<br><div class="gmail_quote">On Wed, Sep 28, 2016 at 5:53 PM, Trevor Cordes <span dir="ltr"><<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2016-09-23 Theodore Baschak wrote:<br>
> Looks like this happened again, it must be an upstream permissions<br>
> error thats being propagated thru the mirroring process.<br>
<br>
</span>OK, I spent a few minutes and whipped up a perl script (kludge) that<br>
should solve this problem until upstream mirrors get fixed. Using<br>
inotify I watch for a perm change, check if the perms are not at least<br>
755 and if not I chmod 755. Using inotify should result in basically<br>
zero overhead (no polling, no cron-ing, etc).<br>
<br>
I also put in a systemd wrapper I like to use that allows me to capture<br>
all stdout/err to a central log file without having to program it in<br>
each script. Not sure if systemd finally fixed this shortcoming, but<br>
at least check (maybe 1-2 years ago) they hadn't. (Did I mention I hate<br>
systemd yet?) Systemd unit is muug-debian-mirror-dir-perm-<wbr>kludge.<br>
<br>
So this little script should restart on every reboot.<br>
<br>
It's logging all action to /var/log/debian-mirror-dir-<wbr>perm-kludge.log<br>
so we can ensure it's not going wonky and/or pinpoint what rsync run /<br>
mirror is screwing it up by comparing times.<br>
<br>
You can easily test with (root) chmod g-r /ARRAY/mirror/debian<br>
then cat /var/log/debian-mirror-dir-<wbr>perm-kludge.log<br>
then ll -d /ARRAY/mirror/debian<br>
<br>
Note, I suppose there is a possibility that rsync could do something<br>
mental like recheck the perm immediately or fight with my script in<br>
some way. That should show up in the logs. Perhaps a short (5s?) delay<br>
in my script before chmod might alleviate any issue. We'll see if it's<br>
required.<br>
<br>
The script could easily be expanded to watch all mirror dirs, but<br>
probably best to only use on an as-needed basis. I was cautious about<br>
security but anything like this just adds complexity and thus decreases<br>
security.<br>
<br>
<br>
#cat /usr/local/sbin/debian-mirror-<wbr>dir-perm-kludge<br>
#!/usr/bin/perl -w<br>
<br>
$naughtydir='/ARRAY/mirror/<wbr>debian';<br>
<br>
use Linux::Inotify2;<br>
use POSIX qw(strftime);<br>
$|=1;<br>
<br>
printf strftime("%Y-%m-%d %H:%M:%S",localtime)." starting\n";<br>
<br>
my $inotify=new Linux::Inotify2 or die "unable to create new inotify object: $!";<br>
<br>
$inotify->watch($naughtydir,<wbr>IN_ATTRIB|IN_ONLYDIR|IN_DONT_<wbr>FOLLOW, sub {<br>
my $e=shift;<br>
print "events were lost\n" if $e->IN_Q_OVERFLOW;<br>
<br>
($perm)=(stat $naughtydir)[2] or die "cannot stat: $!";<br>
$perm&=07777;<br>
<br>
# see if perms got wonkyized<br>
if (($perm&0755)!=0755) {<br>
die "hanky panky" if !-d $naughtydir or -l $naughtydir;<br>
printf strftime("%Y-%m-%d %H:%M:%S",localtime)." updated perms (was: %o)\n",$perm;<br>
chmod 0755,$naughtydir or die "could not chmod: $!";<br>
}<br>
});<br>
<br>
1 while $inotify->poll;<br>
<div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" rel="noreferrer" target="_blank">http://www.muug.mb.ca/mailman/<wbr>listinfo/roundtable</a><br>
</div></div></blockquote></div><br></div>