One thing I like about Arch and Void linux (and many other distros, I just use those the most) is the ability to host and install from mirrors of packages all over the world. This helps spread the love/burden of hosting.
It is easy to host Incus images, because this is a built-in function. But they are single points of failure.
Is there a way to introduce safe mirroring of widely-shared images that wouldn’t require a client/user to update their command line scripts?
Presumably, we would need the following:
- Explicit, opt-in list of mirrors
- Aliasing of a set of mirrors so a single “virtual” remote
- Fingerprinting of images to help guard against compromised images
Speculative command line
lxc launch \ --mirrors us.foo.example,eu.foo.example \ --image-fingerprint <...> \ virtual-remote:debian/12
lxc launch \ --use-mirrors \ --image-fingerprint <...> \ virtual-remote:debian/12
…and the configuration of the
virtual-remote alias is done some other way.
Something like this would allow clients to opt in to downloading from one of several servers without explicitly scripting “fail-over” if one of them goes down.
The motivation for this is to provide some tooling that helps resist centralization, even if it’s just an option.
PS: since this is just brainstorming, I’d be interested in hearing about other peoples’ ideas for improvements to image servers.