[Devel] vzpkg

[Kir Kolyshkin]

Robert Nelson wrote:
>>> For the yum-cache, I mount the /vz/template version of the cache 
>>> into the VE.  I do the same for the apt/archives on Debian.
>>
>> If you do it read-only, how do you handle the case yum/apt wants to 
>> write something to it?
>>
>> If you do it read-write, how can you make sure that an evil container 
>> root will not put some home-baked Trojaned packages into that area?
>>
>
> Currently I mount it rw, but only while a vzpkg* command is running.  
> If the VE manages their own packages they don't get to share the 
> cache.  There is still a window while the vzpkg command is running but 
> I don't know how to specify different access to a directory for the HN 
> versus the VE.  Is there a way?
>
> Long term, the best solution is probably implementing something like 
> Debian's apt-cacher for rpms and then running apt-cacher and 
> "rpm-cacher" on the HN.
I guess we can run a caching proxy on the host system, so the first time 
any VE will need a package it will be downloaded and cached on the host 
system; any subsequent requests will be served from cache. The only 
problem is yum metadata which can become inconsistent; need to test it 
extensively.