Meeting 2021 07 16
Sharing anonymized user data for the AUR with researcher
Sangy: We are studying access patterns for community repositories. The end goal is to build a system for repository signing (based on TUF) to allow for high-latency update metadata for high-troughput community repositories. In order to study the scale of the these access patterns, we sought out to a couple of repositories to understand how users update packages and how many times they query package metadata. We would love to have access to AUR metadata for both, package updates (i.e., git pushes) and package fetches (i.e., clones, fetches). Happy to discuss anonymization methods and time windows
Fetches
x.x.x.x aur.archlinux.org - [14/Jul/2021:00:00:00 +0000] "GET /python-foobar.git/info/refs?service=git-upload-pack HTTP/2.0" 200 123 "-" "git/2.32.0" "-" 0.100
x.x.x.x aur.archlinux.org - [15/Jul/2021:02:16:44 +0000] "GET /cgit/aur.git/snapshot/raider.tar.gz HTTP/2.0" 200 3112 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-" 0.099Pushes
Jul 04 00:00:00 aur.archlinux.org sshd[xx]: Accepted publickey for aur from x.x.x.x port x ssh2: RSA SHA256:xxActionables
- How often does a package update?
- How often a package is downloaded?
- Log pushes: https://gitlab.archlinux.org/archlinux/aurweb/-/blob/master/aurweb/git/serve.py
- IP addresses / user-agent can be filtered
- We store logs for 2 weeks
mailman3
Actionables
- !437 (merged)
- https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e
- https://security.archlinux.org/CVE-2021-33038
- https://github.com/pennersr/django-allauth/issues/656
- Package mailman-web in our repository
- Document how existing users account are transferred or not transferred and communicate this to arch-dev-public.
new (faster) gitlab runner
The current public runner sponsored by Kape is kind of slow for our purposes. We need great singlethreaded speeds and therefore Sven asked gunix for a faster machine. We received a faster machine and have to set it up now.
root@archiso ~ # cat /proc/cpuinfo | grep 'model name' | head -n 1
model name : Intel(R) Xeon(R) E-2288G CPU @ 3.70GHz
root@archiso ~ # free -h
total used free shared buff/cache available
Mem: 62Gi 265Mi 61Gi 169Mi 559Mi 61Gi
Swap: 0B 0B 0B
root@archiso ~ # fdisk -l
Disk /dev/sda: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: CT500MX500SSD1
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk /dev/sdb: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: CT500MX500SSD1
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk /dev/loop0: 641.63 MiB, 672792576 bytes, 1314048 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes