Use apt-p2p To Improve Ubuntu 9.04 Upgrade

An anonymous reader writes "With Jaunty Jackalope scheduled for release in 12 days on April 23, this blog posting describes how to switch to apt-p2p in preparation for the upgrade. This should help significantly to reduce the load on the mirrors, smooth out the upgrade experience for all involved, and bypass the numerous problems that have occurred in the past on Ubuntu release day. Remember to disable all third-party repositories beforehand."

Website and Warning

[Daengbo]

The site [camrdale.org] doesn't have much information, but other sources I have read state that apt-p2p is very experimental. Use at your own peril!

Alternate CD

[elwin_windleaf]

You can also upgrade Ubuntu with an alternate install CD. These can be downloaded via bittorrent, and usually trigger an "automatic update" prompt as soon as they are inserted into an existing Ubuntu system.

Slashdotted...

[Anonymous Coward]

mirror here: http://74.125.77.132/search?q=cache:3gY3Bq4EKnMJ:blog.chenhow.net/os/linux/ubuntu/using-apt-p2p-for-faster-upgrades-from-intrepid-to-jaunty/+http://blog.chenhow.net/os/linux/ubuntu/using-apt-p2p-for-faster-upgrades-from-intrepid-to-jaunty&cd=1&hl=nl&ct=clnk&gl=nl

Slashdotted?

[drinkypoo]

It worked for me. But in case it really is slashdotted here's the story, from memory (let's test those theories eh?)

1. apt-get install apt-p2p (Not in Hardy and older repos IIRC... for you late/sporadic upgraders)
2. Back up your /etc/apt/sources.list and then edit the file, s/\/\//\/\/localhost:9977\// (hope I got that right -- Guess I could have just used # or something eh?)
3. Not in the guide: edit /etc/apt-p2p/apt-p2p.conf and set UPLOAD_LIMIT ... just in case. :) You probably have to /etc/init.d/apt-p2p restart after that.
4. apt-get update
5. Then make the update... But it's not time for that yet.

Re:Bandwidth usage

[Mr_Perl]

Can't help you with the paying for extra bandwidth, but the wondershaper [lartc.org] has helped my limited speed home network remain responsive during downloads.

Re:Good citizenship

[Daengbo]

You should just set up an apt-cache on one and direct the others to fetch from the first. There are several to choose from. Search for "apt proxy."

Re:Why upgrade?

[Aladrin]

For the same reason that you'll upgrade to 9.10 instead of waiting for 11.04: Features.

Sure, it'll have all the bugfixes for years, but it won't have any of the new features.

(In case anyone has forgotten, LTS are supported for 3 years on the desktop, so there's no 'need' to upgrade every 18 months.)

Irony

[digitalderbs]

that a site advising the use of p2p to prevent the meltdown of servers has itself been slashdotted.

On a side note : web data and pages themselves could be p2p distributed too, no? Say a peer gets a webpage's hash (containing html and images) and the date/time of expiry for a webpage from a server. If other peers have that page (html+images), and it's up to date, you could download their copy. Otherwise, the server sends a fresh copy to you, and you seed it for others. Not being in computer science, I'm sure this has been proposed before and that there are glaring shortcomings I have missed.

Re:Bandwidth usage

[nurb432]

It will obliterate your monthly use cap.

This mode of distribution only works in a perfect world, which few of us live in now.

Re:good idea but...

[FluffyWithTeeth]

This isn't how it works in the UK. If BT has phone lines going somewhere, then you have dozens of ISPs to choose from.

They can be buying direct from BT wholesale, or own anything quite a bit further up the chain. Noone should really be touching the BT consumer ISP for any reason.

Re:Website and Warning

[drinkypoo]

Easily found from apt-p2p's main page: protocol [camrdale.org]... please don't ask me to browse the web for you again, kthxbye.

Re:Website and Warning

[strstrep]

I don't know about Ubuntu, but Debian uses GPG to sign all their packages, so I'd guess that Ubuntu does the same.

Re:8.10 upgrade glitch: downclocking

[vadim_t]

ondemand actually happens to be the best governor.

In theory, "powersave", by keeping the CPU frequency at a minimum would save some power in comparison. In practice, it doesn't. This is because doing anything at all prevents the CPU from entering the lowest power using modes (which go beyond simply dropping in frequency).

So it's more efficient to make the CPU run at full blast, do whatever needs to be done, then go to sleep (C3, not suspend to RAM), than to do the same work at a lower clock speed, keeping the CPU active 3 or 4 times longer. By C2 the clock isn't active anymore, which is a huge gain on anything the "powersave" governor can provide.

Re:Irony

[slashdotmsiriv]

Two projects that do what you say that I know of:

http://flashback.calit2.uci.edu/apache2-default/ [uci.edu]

http://sns.cs.princeton.edu/2009/04/firecoral-iptps/ [princeton.edu]

Re:What about deltas?

[Anonymous Coward]

debdelta already exists:

http://packages.debian.org/debdelta

It just isn't well integrated with apt:

http://bugs.debian.org/498778

Re:What about deltas?

[stevied]

More promising is some sort of system built on zsync [moria.org.uk] - there are some ideas here [ubuntu.com].

Re:good idea but...

[turbidostato]

Please undo moderation to parent post. Signed packages anyone?

Re:good idea but...

[vadim_t]

Ubuntu packages are signed. The signature certifies that the package was mirrored as-is and not modified in any way.

Re:good idea but...

[Kjella]

All packages are signed, the repository is just a convienient way of getting them. If you add a third party repository they usually also ask you to add their public key to the trusted package signers. That's also why you have all the local mirrors - I doubt Canonical operates very many of them. Same thing in companies, set one machine to download and the 100 others to download from the local machine, you don't need to put any trust in that machine as it's just passing signed packages. So you download the package from P2P or whatever, apt checks the signature and if's Genuine Canonical(tm) it'll install the package otherwise it'll complain. Didn't you notice the repositories are all http? No certificates or security checks there, anyone can give you any garbage data but it won't have the right signature.

Re:What about deltas?

[cheftw]

$diff slashface-1.1.deb slashface-1.2.deb> slashface1.1-1.2.debdelta

Re:Partitions are your friend

[rincebrain]

Not going to help you - most filesystems are growable but not shrinkable online.

howtoforge

[lems1]

The original link was dead. This is from howtoforge:

http://www.howtoforge.com/ubuntu-using-apt-p2p-for-faster-upgrades-from-hardy-to-intrepid [howtoforge.com]

Re:Website and Warning

[mrsteveman1]

If we're talking about package security, there is already signing of the packages themselves.

Getting them from a different source shouldn't matter as long as the signing method is secure, and i believe with deb it is GPG so, yea.

Re:Website and Warning

[blueg3]

You do realize that there are no extant MD5 or SHA1 attacks that can produce data of a specified length that matches a specified hash, right? (For that matter, there isn't such an attack when the length isn't specified.) You would need such an attack to poison something like BitTorrent with false data.

(This protocol, and BitTorrent, both use SHA1.)

The existence of a type of attack on MD5 doesn't even imply that MD5 is rendered useless, much less SHA1. There's only a risk where that type of attack can be employed.

apt-spy considered dangerous

[kostmo]

and according to this bug [launchpad.net], "apt-spy is no longer in the Ubuntu repository for releases newer than feisty."

Re:Alternate CD

[Anonymous Coward]

no, this is wrong. You can only use the Alternate cd. The desktop or live cd has only a small handful of actual packages. Most of the space is taken up by an image of an all ready installed system (extension .squashfs I believe). The alternate cd, on the other hand, is almost entirely packages, with the addition of a program that can do the upgrade.