shaker/cacher.spec

111 lines
3.8 KiB
RPMSpec
Raw Normal View History

2022-05-21 10:36:56 -04:00
Name: 3isec-qubes-cacher
Version: 1.8
Release: 1%{?dist}
Summary: A caching proxy in Qubes
License: GPLv3+
SOURCE0: cacher
%description
This package provides a caching proxy, named cacher.
A caching proxy stores downloaded packages, so that you need only download
a package once for it to be used when updating many templates.
The proxy is preconfigured to work out of the box for Debian, Ubuntu,
Arch, and Fedora templates.
When you install this package your Qubes system will be altered to use
the proxy by default.
This is done with an entry in /etc/qubes/policy.d/30-user.policy
If you want to change the proxy setting for some/all templates, edit
that file.
So that you can use https:// in your repository definitions, the entries
will be changed in the templates.
https:// becomes http://HTTPS///
This is so that the request to the proxy is plain text, and the proxy
will then make the request via https
This change will be done automatically for every template that exists
when you install this package.
If you install a new template, you must make this configuration change.
In dom0 run:
qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.change_templates
replacing TEMPLATE with the name of the new template.
If you want to use the standard proxy, you have to revert this change,
as well as editing the policy file.
In dom0 run:
qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.restore_templates
replacing TEMPLATE with the name of the new template.
When this package is installed it will attempt to rewrite repository
definitions in all templates.
This includes templates that are not under salt control, like Windows
templates.
You must manually shutdown those templates.
No changes are made to Whonix templates, and updates to those templates
will not be cached.
If you want updates to run via Tor, set the netvm for the cacher qube
to be a Tor proxy, like sys-whonix.
Because the cacher qube is listening on port 8082, you can use it from
non-template qubes and qubes that do not have a working qrexec. Use
the native configuration to set the update proxy using the IP address
of cacher.
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/srv/salt
cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
%files
%defattr(-,root,root,-)
/srv/salt/cacher/*
%post
if [ $1 -eq 1 ]; then
echo "------------------------"
echo "cacher is being installed"
echo "------------------------"
qubesctl state.apply cacher.create
qubesctl --skip-dom0 --targets=template-cacher state.apply cacher.install
qubesctl --skip-dom0 --targets=cacher state.apply cacher.configure
qubesctl state.apply cacher.use
qubesctl --skip-dom0 --templates state.apply cacher.change_templates
fi
%preun
if [ $1 -eq 0 ]; then
qubesctl --skip-dom0 --templates state.apply cacher.restore_templates
fi
%postun
if [ $1 -eq 0 ]; then
sed -i /qubes.UpdatesProxy.*target=cacher/d /etc/qubes/policy.d/30-user.policy
fi
%changelog
* Mon Aug 22 2022 unman <unman@thirdeyesecurity.org> - 1.8
- Stop rewriting for Whonix templates
* Sun Aug 21 2022 unman <unman@thirdeyesecurity.org> - 1.7
- Correct uninstall action
* Thu Jul 28 2022 unman <unman@thirdeyesecurity.org> - 1.5
- Extended description
2022-05-21 10:36:56 -04:00
* Sat May 21 2022 unman <unman@thirdeyesecurity.org> - 1.4
- Standardise package names to 3isec-
* Sun May 15 2022 unman <unman@thirdeyesecurity.org> - 1.3
- General tidy up
- Automate configuration for standard templates on install
- Remove configuration on package removal.
* Fri May 13 2022 unman <unman@thirdeyesecurity.org>
- Update to handling fedora 35 in pool
- add archlx_mirrors for pooling
- automatically salt all templates to use this proxy
* Fri May 06 2022 unman <unman@thirdeyesecurity.org>
- Update to debian-11-minimal base
* Wed Feb 03 2021 unman <unman@thirdeyesecurity.org>
- First Build