2011-05-07

By Xyne

pacserve

Meta

AUR:48294
Arch Forum Thread:117094
Binary Package:xyne-any/pacserve-2011.07.19.1-1-any.pkg.tar.xz
PKGBUILD:pkgbuilds/pacserve
Repos:[xyne-any]
Source Package:pacserve-2011.07.19.1.tar.gz
Taurball:pacserve.tar.gz
Version:2011.07.19.1

About

Pacserve is intended for use on LANs with multiple Arch systems. It makes it easy to share packages across local computers to avoid redundant downloads from mirrors and thus save bandwidth. It is intended as a replacement for PkgD, which has been deprecated.

How It Works

The following flowchart gives an overview of how each pacserver handles a request from Pacman:

Your browser does not support SVG images.

Packages are thus retrieved from the local network if possible and no bandwidth is wasted on redundant downloads from external mirrors.

Non-package requests are passed directly through to the first mirror that can fulfill the request.

Other Pacservers are queried using custom searches and redundant and recursive queries are avoided.

Simple Setup Example

This is an example of how to set up a simple Pacserve network on a LAN. This is only recommended if the LAN itself is trusted and behind a firewall. If that is not the case then you should look into more advanced setups.

Your browser does not support SVG images.

Let's say that you have a desktop computer and two laptops, each running Arch Linux. To share packages between them, do the following on each system:

  1. Start Pacserve with pacserve --multicast
  2. Add Server = http://localhost:15678/request/$repo/$arch to the top of your Pacman mirrorlist.1
  3. If you have a firewall on your local computer, open port 15678 for incoming tcp traffic (package requests) and open port 15679 for incoming udp traffic (multicast announcements). An iptables example is given below.

After that it should "just work". Each system runs its own pacserver and pacman only queries the pacserver on the same system. Pacserve handles all communication between the different systems. Other pacservers will be detected automatically if they join the network.

If you need anything more advanced than that then you should be able to figure it out using pacserve --help. If not, send me an email and I will try to help.

iptables Example

The following will open the necessary ports for pacserve to work on your LAN. If the LAN itself is not behind a firewall, or if there are untrusted computers on your LAN, then you should modify these commands as necessary, e.g. by restricting these rules to specific IP or MAC addresses.

iptables -A INPUT -p tcp --dport 15678 -j ACCEPT
iptables -A INPUT -p udp -m pkttype --pkt-type multicast --dport 15679 -j ACCEPT

The "More Help" Message

From pacserve --more-help (maybe not up-to-date, check the actual output to be sure):

ABOUT
  Pacserve is intended for use on LANs with multiple Arch systems. It makes it
  easy to share packages across local computers to avoid unnecessary downloads
  from external mirrors. It saves bandwidth and speeds up pacman updates.


  If the requested package can not be found on the local host, Pacserve will
  query other known Pacserve servers. If the package is found, the client will
  be forwarded to the server that has the package. If not, mirrors listed in the
  pacman configuration file will be queried until the packages if found and the
  client can be forwarded to the mirror.


  Database requests are immediately passed on to the mirrors.


PACMAN.CONF
  To use Pacserve with Pacman, add "http:<host:port>/request/$repo/$arch" to
  thetop of your mirrorlist of the top of each database section in pacman.conf,
  replacing "<host:port>" with the host and port where Pacserve is running, e.g.


    Server = http://localhost:14567/request/$repo/$arch


  Once the server has been added, make sure that it is up then run pacman as
  usual.


  Pacserve reads pacman.conf (/etc/pacman.conf by default) to determine the
  location of the cache directory, the mirrors for each repo, etc. If you wish
  to change any of these settings, copy pacman.conf, edit it, and use the
  "--pacman-conf" option to select the edited file.


PACSERVE NETWORKS
  There are two ways to make Pacserve aware of other Pacserve servers. The first
  is to use the "--pacserver" option. It may be passed multiple times to create
  a list, e.g.


    pacserve --pacserver 192.168.1.1:45365 --pacserver 192.168.1.2:45365


  This option should be used for "static" servers, i.e. servers that should
  (almost) always be running at the given address. The second way is to enable
  multicast detection using "--multicast". This is useful for dynamic networks,
  such as LANs that may have different laptops connected to it. Pacserve servers
  with multicast enabled should "just work" by detecting each other. See the
  section about multicast filtering for information about restricting server
  registration via multicast


MULTICAST FILTERING
  Normally Pacserve will register any Pacserve server that announces itself via
  multicast. This is fine when on a trusted LAN behind a firewall, but sometimes
  you may wish to restrict such registration to known IP addresses on the
  network. The "--multicast-filter" option can be used for this. A filter is a
  Python regular expression prefixed with either "i:" or "x:". "i:" designates
  in inclusive filter and "x:" designates an exclusive filter.


  When a new Pacserve server is detected via multicast, its <host:port> string
  will be passed to each filter, in the order specified on the command line. It
  will be rejected if it fails to match any inclusive filter or if it matches
  any exclusive filter. For example, to restrict servers to the addresses
  beginning with "192.168." but reject any that begin with "192.168.2.", you
  would use the following:


    pacserve --multicast-filter 'i:^192\.168\.' --multicast-filter
    'x:^192\.168\.2\.'




CONFIGURATION FILE
  Pacserve does not have a configuration file. Just create a simple bash script
  to re-use command-line options. For example:


    #/bin/bash
    pacserve --pacserver 192.168.1.1:45365 \
    --pacserver 192.168.1.2:45365 \
    --multicast-filter 'i:^192\.168\.' \
    --multicast-filter 'x:^192\.168\.2\.' \
    "$@"


  Note the use of "\" to break up the command across multiple lines. The final
  "$@" passes any arguments to the script on to pacserve.

Additional Information

See the following:

pacserve --help
pacserve --more-help

Ideas & TODO

  • maybe change the way database requests are handled
  • maybe enable more advanced options for connecting to other Pacservers, such as using client certificates
  • maybe add an "info" method for listing all available package
    • cache the list on other Pacservers to prevent redundant queries
    • clear list after expiration interval
  • provide a proper daemon
  • re-announce presence via multicast at configurable intervals

Changelog

2011-04-19

  • added multicast support, inspired by toofishes' multipkg
  • changed default port to 15678 instead of inheriting 8080 from XyneHTTPServer

  1. For any repo that doesn't use the mirrorlist, add that line to the top of the repo section in pacman.conf. You could of course add it to the top of the standard repo sections too instead of the mirrorlist.