[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[RFC] apt-zeroconf 0.1

Dear Debian Developers,

we are working on a distributed apt-cacher for local networks
implemented in Python. We call it apt-zeroconf since we use avahi for
automatically finding other apt-zeroconf instances on the LAN, similar
to Apple's Rendezvous/Bonjour/Zeroconf technology.

It is still in an early development stage, so we wouldn't recommend it
for everyday use. This release is solely for the purpose of getting
feedback and further ideas from you. And bugreports, of course.

Please send all comments, ideas or insults either as replies to this
email or to our trac at


You can also reach us via IRC in #apt-zeroconf on irc.debian.org.


 * implemented in Python
 * easy and fast to set up
 * share your apt-cache with others on your LAN transparently using
 * automatic file-list-updates using inotify
 * acts as a http server and proxy for apt
 * no root privileges required
 * active development


When running more than one Debian box in a LAN with slow internet access
the most often used solution to prevent downloading the same Debian
package twice is running apt-cacher or the like on one single machine,
a centralized server.

The problem with this solution is, that every machine in the network
needs to be configured for this proxy. If it is down, no one can update.
If you go to another network, you must tweak your sources.list or
apt.conf in order to upgrade, which is quite common nowadays with
notebooks and wifi technology.

We would therefore be interested in an automatic and peer-to-peer
solution. When there is no apt caching daemon in the LAN, we want to
fetch the packages directly from the internet. But if there is one or
even more available, apt should automatically use it, without any
configuration from the user. This is by the way the reason we called
it apt-zeroconf in the first place.

The next question is: Who runs an apt caching daemon? In our first
implementation, everyone running apt-zeroconf also shares his apt
package cache in /var/cache/apt/archives to everyone in the network.

Now, one might think this could potentially pose a security threat as 
everyone can offer and distribute debs without any authentication 
whatsoever. This is not the case as we are not yet caching the package
lists or pdiffs, which are PGP-signed and contain MD5, SHA1 and SHA256 
checksums of the packages. But due to the trusted PGP signatures,
caching package lists shouldn't be an issue.


Apt-zeroconf consists of two parts: a http server and the avahi-related
stuff. Avahi is used to let everyone else in the network know that you
have an apt-zeroconf caching service installed and running. The httpd
does act as http server if used in fake-mirror-mode, but also as http
proxy if you're using it as such with apt. It uses port 1618 by

In every mode, apt-zeroconf is provided with a fallback mirror by apt,
so if there are no apt-zeroconf instances on the LAN offering your deb,
your regular Debian mirror will be used to provide apt with the
necessary files. See Configuration for details.


Yes, there is a little configuration, despite the name, but only
because the user needs to be aware that he is actually using it and
that the daemon has to be running when performing an update, upgrade
or install.

There are two ways to use it:

 * Proxy Mode
   Add the following line to your /etc/apt/apt.conf:

       Acquire { http { Proxy "";; } }

   This way every mirror listed in your sources.list will be cached.
   If you don't want this use the second method.

 * Fake Mirror Mode
   Change in your /etc/apt/sources.list

        deb http://your.mirror.debian.org/debian sid main


        deb sid main

   e.g. deb sid main
   With this method, you can select only specific mirrors to be patched
   through apt-zeroconf.


 * Configuration
 * Support for resuming (HTTP header pass-through)
 * Proxy support
 * Documentation
 * Use debconf for even easier configuration

Where to get it

Grab it while it's hot from:

    * source: http://phidev.org/azc/apt-zeroconf_0.1.tar.gz
    * deb: http://phidev.org/azc/apt-zeroconf_0.1_all.deb
    * dsc: http://phidev.org/azc/apt-zeroconf_0.1.dsc

Florian Ludwig
Franz Pletz

Franz Pletz                  \  eat Depends: cook | eat-out
www: http://franz-pletz.org/  \  But eat-out is non-free so that's out
email: fpletz@franz-pletz.org  \  And cook Recommends: clean-pans

Attachment: signature.asc
Description: Digital signature

Reply to: