Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use apt-p2p To Improve Ubuntu 9.04 Upgrade

Posted by kdawson on from the sharing-it-around dept.

An anonymous reader writes "With Jaunty Jackalope scheduled for release in 12 days on April 23, this blog posting describes how to switch to apt-p2p in preparation for the upgrade. This should help significantly to reduce the load on the mirrors, smooth out the upgrade experience for all involved, and bypass the numerous problems that have occurred in the past on Ubuntu release day. Remember to disable all third-party repositories beforehand."

26 of 269 comments (clear)

  1. Website and Warning by Daengbo · · Score: 4, Informative

    The site doesn't have much information, but other sources I have read state that apt-p2p is very experimental. Use at your own peril!

    --
    Put identity in the browser.
    1. Re:Website and Warning by drinkypoo · · Score: 2, Informative

      Easily found from apt-p2p's main page: protocol... please don't ask me to browse the web for you again, kthxbye.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Website and Warning by strstrep · · Score: 2, Informative

      I don't know about Ubuntu, but Debian uses GPG to sign all their packages, so I'd guess that Ubuntu does the same.

    3. Re:Website and Warning by mrsteveman1 · · Score: 2, Informative

      If we're talking about package security, there is already signing of the packages themselves.

      Getting them from a different source shouldn't matter as long as the signing method is secure, and i believe with deb it is GPG so, yea.

    4. Re:Website and Warning by blueg3 · · Score: 2, Informative

      You do realize that there are no extant MD5 or SHA1 attacks that can produce data of a specified length that matches a specified hash, right? (For that matter, there isn't such an attack when the length isn't specified.) You would need such an attack to poison something like BitTorrent with false data.

      (This protocol, and BitTorrent, both use SHA1.)

      The existence of a type of attack on MD5 doesn't even imply that MD5 is rendered useless, much less SHA1. There's only a risk where that type of attack can be employed.

  2. Alternate CD by elwin_windleaf · · Score: 5, Informative

    You can also upgrade Ubuntu with an alternate install CD. These can be downloaded via bittorrent, and usually trigger an "automatic update" prompt as soon as they are inserted into an existing Ubuntu system.

    1. Re:Alternate CD by Anonymous Coward · · Score: 1, Informative

      no, this is wrong. You can only use the Alternate cd. The desktop or live cd has only a small handful of actual packages. Most of the space is taken up by an image of an all ready installed system (extension .squashfs I believe). The alternate cd, on the other hand, is almost entirely packages, with the addition of a program that can do the upgrade.

  3. Slashdotted... by Anonymous Coward · · Score: 3, Informative

    mirror here: http://74.125.77.132/search?q=cache:3gY3Bq4EKnMJ:blog.chenhow.net/os/linux/ubuntu/using-apt-p2p-for-faster-upgrades-from-intrepid-to-jaunty/+http://blog.chenhow.net/os/linux/ubuntu/using-apt-p2p-for-faster-upgrades-from-intrepid-to-jaunty&cd=1&hl=nl&ct=clnk&gl=nl

  4. Slashdotted? by drinkypoo · · Score: 5, Informative

    It worked for me. But in case it really is slashdotted here's the story, from memory (let's test those theories eh?)

    1. apt-get install apt-p2p (Not in Hardy and older repos IIRC... for you late/sporadic upgraders)
    2. Back up your /etc/apt/sources.list and then edit the file, s/\/\//\/\/localhost:9977\// (hope I got that right -- Guess I could have just used # or something eh?)
    3. Not in the guide: edit /etc/apt-p2p/apt-p2p.conf and set UPLOAD_LIMIT ... just in case. :) You probably have to /etc/init.d/apt-p2p restart after that.
    4. apt-get update
    5. Then make the update... But it's not time for that yet.
    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:Bandwidth usage by Mr_Perl · · Score: 3, Informative

    Can't help you with the paying for extra bandwidth, but the wondershaper has helped my limited speed home network remain responsive during downloads.

    --

    My poetry site welcomes the unusual.
  6. Re:Good citizenship by Daengbo · · Score: 3, Informative

    You should just set up an apt-cache on one and direct the others to fetch from the first. There are several to choose from. Search for "apt proxy."

    --
    Put identity in the browser.
  7. Re:Why upgrade? by Aladrin · · Score: 2, Informative

    For the same reason that you'll upgrade to 9.10 instead of waiting for 11.04: Features.

    Sure, it'll have all the bugfixes for years, but it won't have any of the new features.

    (In case anyone has forgotten, LTS are supported for 3 years on the desktop, so there's no 'need' to upgrade every 18 months.)

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  8. Irony by digitalderbs · · Score: 4, Informative

    that a site advising the use of p2p to prevent the meltdown of servers has itself been slashdotted.

    On a side note : web data and pages themselves could be p2p distributed too, no? Say a peer gets a webpage's hash (containing html and images) and the date/time of expiry for a webpage from a server. If other peers have that page (html+images), and it's up to date, you could download their copy. Otherwise, the server sends a fresh copy to you, and you seed it for others. Not being in computer science, I'm sure this has been proposed before and that there are glaring shortcomings I have missed.

    1. Re:Irony by slashdotmsiriv · · Score: 2, Informative

      Two projects that do what you say that I know of:

      http://flashback.calit2.uci.edu/apache2-default/

      http://sns.cs.princeton.edu/2009/04/firecoral-iptps/

  9. Re:Bandwidth usage by nurb432 · · Score: 3, Informative

    It will obliterate your monthly use cap.

    This mode of distribution only works in a perfect world, which few of us live in now.

    --
    ---- Booth was a patriot ----
  10. Re:good idea but... by FluffyWithTeeth · · Score: 3, Informative

    This isn't how it works in the UK. If BT has phone lines going somewhere, then you have dozens of ISPs to choose from.

    They can be buying direct from BT wholesale, or own anything quite a bit further up the chain. Noone should really be touching the BT consumer ISP for any reason.

  11. Re:8.10 upgrade glitch: downclocking by vadim_t · · Score: 2, Informative

    ondemand actually happens to be the best governor.

    In theory, "powersave", by keeping the CPU frequency at a minimum would save some power in comparison. In practice, it doesn't. This is because doing anything at all prevents the CPU from entering the lowest power using modes (which go beyond simply dropping in frequency).

    So it's more efficient to make the CPU run at full blast, do whatever needs to be done, then go to sleep (C3, not suspend to RAM), than to do the same work at a lower clock speed, keeping the CPU active 3 or 4 times longer. By C2 the clock isn't active anymore, which is a huge gain on anything the "powersave" governor can provide.

  12. Re:What about deltas? by Anonymous Coward · · Score: 1, Informative

    debdelta already exists:

    http://packages.debian.org/debdelta

    It just isn't well integrated with apt:

    http://bugs.debian.org/498778

  13. Re:What about deltas? by stevied · · Score: 2, Informative

    More promising is some sort of system built on zsync - there are some ideas here.

  14. Re:good idea but... by turbidostato · · Score: 2, Informative

    Please undo moderation to parent post. Signed packages anyone?

  15. Re:good idea but... by vadim_t · · Score: 4, Informative

    Ubuntu packages are signed. The signature certifies that the package was mirrored as-is and not modified in any way.

  16. Re:good idea but... by Kjella · · Score: 5, Informative

    All packages are signed, the repository is just a convienient way of getting them. If you add a third party repository they usually also ask you to add their public key to the trusted package signers. That's also why you have all the local mirrors - I doubt Canonical operates very many of them. Same thing in companies, set one machine to download and the 100 others to download from the local machine, you don't need to put any trust in that machine as it's just passing signed packages. So you download the package from P2P or whatever, apt checks the signature and if's Genuine Canonical(tm) it'll install the package otherwise it'll complain. Didn't you notice the repositories are all http? No certificates or security checks there, anyone can give you any garbage data but it won't have the right signature.

    --
    Live today, because you never know what tomorrow brings
  17. Re:What about deltas? by cheftw · · Score: 2, Informative

    $diff slashface-1.1.deb slashface-1.2.deb> slashface1.1-1.2.debdelta

    --
    Always back up, never back down. ---- Think you're cool 'cos your uid is prime? Take mine, modulo the one digit integers
  18. Re:Partitions are your friend by rincebrain · · Score: 2, Informative

    Not going to help you - most filesystems are growable but not shrinkable online.

    --
    It's only an insult if it's not true.
  19. howtoforge by lems1 · · Score: 2, Informative

    The original link was dead. This is from howtoforge:

    http://www.howtoforge.com/ubuntu-using-apt-p2p-for-faster-upgrades-from-hardy-to-intrepid

    --
    This sig can be distributed under the LGPL license
  20. apt-spy considered dangerous by kostmo · · Score: 2, Informative

    and according to this bug, "apt-spy is no longer in the Ubuntu repository for releases newer than feisty."