Rate-mirrors-bin questions

Christopher67 · November 25, 2021, 7:15pm

Is there a way(I’m sure there is lol) using rate-mirrors-bin to sort by only countries that i want using only https, https update servers more secure?

1.United States
2.United Kingdom
3.Germany
4.France
5.Canada

Thanks!

dalto · November 25, 2021, 7:24pm

A few things:

You can limit by protocol with something like:
- rate-mirrors --protocol=https --protocol=http arch
http isn’t secure
I am not sure if there is a way to limit by country but even if there was, it seems like it would be very limiting to how rate-mirrors works. It isn’t like reflector. What makes it so powerful is the way it searches and finds better mirrors

Christopher67 · November 25, 2021, 7:25pm

Thank you, much appreciated.

@dalto would this be correct?

rate-mirrors --protocol=https arch | sudo tee /etc/pacman.d/mirrorlist

Christopher67 · November 25, 2021, 7:52pm

@dalto That indeed worked, I used

rate-mirrors --protocol=https arch | sudo tee /etc/pacman.d/mirrorlist

This is now at the bottom of my mirror list

# FINISHED AT: 2021-11-25 14:45:21.908793966 -05:00
Server = https://mirrors.kamey.tk/archlinux/$repo/os/$arch
Server = https://arch.mirror.constant.com/$repo/os/$arch
Server = https://mirror.sergal.org/archlinux/$repo/os/$arch
Server = https://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
Server = https://america.mirror.pkgbuild.com/$repo/os/$arch
Server = https://arch.mirror.jsc.mx/$repo/os/$arch
Server = https://mirror.cyberbits.eu/archlinux/$repo/os/$arch
Server = https://mirror.f4st.host/archlinux/$repo/os/$arch
Server = https://archlinux.mailtunnel.eu/$repo/os/$arch
Server = https://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch
Server = https://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch
Server = https://mirror.smith.geek.nz/archlinux/$repo/os/$arch
Server = https://mirrors.cat.net/archlinux/$repo/os/$arch
Server = https://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch
Server = https://archlinux.thaller.ws/$repo/os/$arch
Server = https://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch

Thanks again!

Kresimir · November 25, 2021, 8:22pm

A convenience of rate-mirrors over reflector is that it will usually give you a great list of mirrors without any options. Typically it is sufficient to just run it with:

rate-mirrors arch

and redirect its standard output to your mirror list file (for example, using sudo tee).

Regarding http vs. https protocols, https is encrypted and thus any information send through it cannot be intercepted by a third party. In practice, however, I don’t think that makes a lot of difference, since pacman typically checks signatures of packages before installing them (at least it does for the official repos). In practice, I don’t think an attacker could abuse the http protocol to serve you a modified version of a package. The only security concern that comes to my mind is that http traffic can easily be monitored, so a malicious third party could make logs of packages you’re updating and keep a profile of you.

That said, http mirrors tend to be much faster than https mirrors.

Perhaps I am wrong about this, in which case, I would appreciate someone correcting me.

Christopher67 · November 25, 2021, 8:54pm

Thanks for sharing that info.

system · November 27, 2021, 8:55pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.