Re: [gentoo-user] How to update portage offline with minimal impact?

["Daniel da Veiga" <danieldaveiga@gmail.com>]

On Jan 8, 2008 7:13 PM, BRM <bm_witness@yahoo.com> wrote:
> --- Per-Erik Westerberg <per-erik.westerberg@bredband.net> wrote:
> > tor 2008-01-03 klockan 13:16 -0800 skrev BRM:
> > > I have a couple Sparc systems. One has been running Gentoo for a
> > long
> > > time - installed using Gentoo 2006, not updated since due to the
> > issue
> > > I'm about the discuss - and the other is a near identical system
> > that
> > > might get Gentoo 2007 installed. Both are on two separate networks
> > and
> > > have no communication between them.
> > >
> > > The first system does have some Internet access through a firewall,
> > but
> > > it doesn't really work, at least for this purpose; so it's just as
> > good
> > > as not having any access at all for this purpose.
> <snip>
> > > In either case, I can't update portage using the normal method of
> > > 'emerge --sync'. So, I'm trying to figure out a solution that would
> > > enable me to update the systems. Under Slackware, I'd just point
> > > pkgtool to the CD media and install from that, just like during
> > > installation. Is there a similar approach for Gentoo? How do I
> > overcome
> > > the source mirror issue too so that the systems don't try to
> > download
> > > stuff from the web?
> > >
> > Have you tried to use a proxy (adjust accordingly)?
> > export http_proxy=http://proxy.company.com:8080
> > export ftp_proxy=http://proxy.company.com:8080
> > export RSYNC_PROXY=proxy.company.com:8080
>
> Yes, I tried using the proxy on the one system. (The other system won't
> even have that as an option.) The problem came there that the proxy is
> an authenticated proxy, primarily designed to work with Windows. It
> works fine from Firefox/Netscape in X Windows, but causes problems for
> command-line tools and console browsers. So, in addition to my trying
> to find a solution where a proxy is not an option, it is, for all
> intents and purposes, a non-option any way.
>

If you really don't wanna use the network, you can easily transfer a
tarball and rsync locally (gentoo forums have little nifty scripts for
syncing locally and emerging metadata). The foruns also have lots of
scripts designed to create a list of needed distfiles and download
them at another machine, you can transfer this and update. With a
little set of scripts you can automate the whole process using the
network, or require minor user intervention to transfer the list and
later the files to and from a networkless machine.

> Additionally, because it is an authenticated proxy, it is not an ideal
> solution as it would leave the username/password for a user in plain
> site of all users on the system as the info would be either in the
> environment variables and/or the command-line options of a program. So,
> from a security stand-point, it's not an option either since it
> sometimes takes a day or so to perform updates.
>

There's no problem in using an authenticated proxy for
emerge-webrsync, as you can keep a script in a directory with
restricted permissions, only root would be able to see it anyway, and
you can use this machine as an rsync and distfiles mirror for any
other in the network, crontab would work as well, as only the user who
creates it can see it (if you set it). You can even set a special
username/password at your proxy that can only access rsync port and
mirrors for distfiles for increased security.

OK, those are some of MANY options available. Gentoo is very flexible,
even in a controlled environment.

-- 
Daniel da Veiga

Filosofia de TI: Programadores de verdade consideram o conceito "o que
você vê é o que você tem" tão ruim em editores de texto quanto em
mulheres. Não, o programador de verdade quer um editor de texto do
estilo "você pediu, você levou" - complicado, indecifrável, poderoso,
impiedoso, perigoso.