Some comments on cacher rpm and doc discrepencies and invalid application
Closed this issue · 0 comments
Bear with me, learning my way as of now and using this long term needed proxy to practice my understanding.
We are on Q4.1.1 here, with whonix-wks and whonix-gw as well latest, installed with a fedault qubes installation (the expected large audience)
I installed cacher from your repository. Another issue will be raised on that later on, nothing got copied from sys-whonix update vm to dom0 and I had to qvm-run the rpm to dom0 with redirection trick, and then installed it locally with rpm -i. Not the interest of this issue, which is aimed at making things work by default for anyone installing long awaited cacher:
1- README is wrong where cacher.spec is right on guiding on applying change_templates.sls
Line 17 in 147c07e
Line 59 in 147c07e
If you intended by:
Line 16 in 147c07e
To say that
--targets=Name_Of_Template, you should probably be more explicit about it (not so clear for newbies learning salt like myself). Still, its cacher.change_templates not cacher.change_templates.sls
2- change_templates.sls is not applying changes properly for Q4.1 own repos since there are spaces between baseurl=https, as opposed to other fedora definitions....
shaker/cacher/change_templates.sls
Line 37 in 147c07e
What worked for me was to modify change_templates.sls to the following:
EDITED:
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
#
#
{% if grains['os_family']|lower == 'debian' %}
{% for repo in salt['file.find']('/etc/apt/sources.list.d/', name='*list') %}
{{ repo }}_baseurl:
file.replace:
- name: {{ repo }}
- pattern: 'https://'
- repl: 'http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% endfor %}
/etc/apt/sources.list:
file.replace:
- name: /etc/apt/sources.list
- pattern: 'https:'
- repl: 'http://HTTPS/'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% elif grains['os_family']|lower == 'arch' %}
pacman:
file.replace:
- names:
- /etc/pacman.d/mirrorlist
- /etc/pacman.d/99-qubes-repository-4.1.conf.disabled
- pattern: 'https:'
- repl: 'http://HTTPS/'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% elif grains['os_family']|lower == 'redhat' %}
{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
{{ repo }}_baseurl:
file.replace:
- name: {{ repo }}
- pattern: 'baseurl=https://'
- repl: 'baseurl=http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{{ repo }}_baseurl_:
file.replace:
- name: {{ repo }}
- pattern: 'baseurl = https://'
- repl: 'baseurl = http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{{ repo }}_metalink:
file.replace:
- name: {{ repo }}
- pattern: 'metalink=https://(.*)basearch'
- repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% endfor %}
{% endif %}
3- I am not sure how to resolve whonix complaining that no tor enabled update-vm is found for the moment and haven't found any solution for it for the moment:
WARNING: Execution of /usr/bin/apt prevented by /etc/uwt.d/40_qubes.conf because no torified Qubes updates proxy found.
Please make sure Whonix-Gateway (commonly called sys-whonix) is running.
- If you are using Qubes R3.2: The NetVM of this TemplateVM should be set to Whonix-Gateway (commonly called sys-whonix).
- If you are using Qubes R4 or higher: Check your _dom0_ /etc/qubes-rpc/policy/qubes.UpdatesProxy settings.
_At the very top_ of that file you should have the following:
$tag:whonix-updatevm $default allow,target=sys-whonix
To see if it is fixed, try running in Whonix TemplateVM:
sudo systemctl restart qubes-whonix-torified-updates-proxy-check
Then try to update / use apt-get again.
For more help on this subject see:
https://www.whonix.org/wiki/Qubes/UpdatesProxy
If this warning message is transient, it can be safely ignored.