You are not logged in.
Good Morning All,
I have been awarded a contract for some highly secure software. The requirements for this project are a blend of MILSPEC-498, and various HIPAA requirements. The project requires two separate workstations. The main development workstation will be deployed in an air-gap model, and a separate second machine will have an offline arch repo mirror on it. The customer hasn't specified Arch - I am specifying Arch. It's my daily driver. I have no clue what their target distro is and don;t care. The app will be statically linked with all it needs to be standalone.
This second machine that has been provided to me - is to be the arch mirror, which once rsync has done it's job - can be taken offline, scanned per the customer's requirements, then reconnected via a private physical network to the air-gapped workstation and then act as a Arch Mirror for pacman. It's "sneakernet" I know....In this manner the air-gapped workstation never sees the router, never sees the gateway, nor the internet at all. There is a whole list of requirements that I have to meet that I'll not bore the group with here. I can handle it all - except establishing an offline arch mirror for internal. In this case - I don't know where to begin - or which server Arch would prefer that I use, or a recommended mirror for that matter. (Denver, USA is my location)
OR - would it be best to put the entire mirror on a portable HDD, scan it per the customer's requirements - then "sneakernet" it over to and plug it into the air-gap workstation for pacman to use as it's offline mirror. I have been provided with three 1TB drives and a SATA cradle for E-SATA connectivity.
I didn't see anything like this in the wiki.... Hopefull I didn't miss something obvious.
How do I take this dedicated machine and put an arch repo mirror on it? One that will only be operated in-house? I'll be using rsync to minimize bandwidth and keep the mirror up to date weekly once the initial mirror has been created - but I do not know if Arch has a dedicated repo for just such private, offline usage or not.
Am I overthinking it? Is it just as simple as choosing a mirror, pointing rsync at the mirror and this dedicated machine and letting rsync do it's thing? Followed by some tweaks to the mirrorlist in /etc/pacman.d? This assumes an FTP server on this to be offline arch repo machine.
What about the mirrorlist in /etc/pacman.d? What do I need to do to the air-gap workstation's config for it to use this internal, offline mirror I am about to create? I am sure there is some magic I have to work here to point it at the local machine once it's offline.... But again what I am trying to do is not in the wiki. It's simply not a normal setup. I'm concerned about the keys.....is why I am asking.
Pointers to articles, etc are solicited and requested.
Sincerely and respectfully,
dcb
Last edited by dcbdbis (2019-07-10 00:15:25)
Offline
Am I overthinking it? Is it just as simple as choosing a mirror, pointing rsync at the mirror and this dedicated machine and letting rsync do it's thing? Followed by some tweaks to the mirrorlist in /etc/pacman.d?
Yes. Just rsync from whatever mirror has an acceptable performance (speed, update delta etc) to you.
What about the mirrorlist in /etc/pacman.d?
In your /etc/pacman.d/mirrorlist
Server = file:///media/usb/arch-rsync-copy/$repo/os/$arch
Pointers to articles, etc are solicited and requested.
man pacman.conf
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Thank you - both of you for the reply.
Exactly what I was looking for.
Thank you again!
dcb
Offline