2022-05-21 10:36:56 -04:00
|
|
|
Name: 3isec-qubes-cacher
|
2022-08-22 06:43:18 -04:00
|
|
|
Version: 1.8
|
2021-02-10 01:52:05 -05:00
|
|
|
Release: 1%{?dist}
|
2022-07-28 12:21:06 -04:00
|
|
|
Summary: A caching proxy in Qubes
|
2021-02-10 01:52:05 -05:00
|
|
|
|
|
|
|
License: GPLv3+
|
2022-08-22 06:43:18 -04:00
|
|
|
SOURCE0: cacher
|
2021-02-10 01:52:05 -05:00
|
|
|
|
|
|
|
%description
|
2022-08-22 06:43:18 -04:00
|
|
|
This package provides a caching proxy, named cacher.
|
|
|
|
A caching proxy stores downloaded packages, so that you need only download
|
|
|
|
a package once for it to be used when updating many templates.
|
|
|
|
The proxy is preconfigured to work out of the box for Debian, Ubuntu,
|
|
|
|
Arch, and Fedora templates.
|
2022-07-28 12:21:06 -04:00
|
|
|
|
|
|
|
When you install this package your Qubes system will be altered to use
|
|
|
|
the proxy by default.
|
|
|
|
This is done with an entry in /etc/qubes/policy.d/30-user.policy
|
|
|
|
If you want to change the proxy setting for some/all templates, edit
|
|
|
|
that file.
|
|
|
|
|
|
|
|
So that you can use https:// in your repository definitions, the entries
|
|
|
|
will be changed in the templates.
|
|
|
|
https:// becomes http://HTTPS///
|
2022-08-22 06:43:18 -04:00
|
|
|
This is so that the request to the proxy is plain text, and the proxy
|
|
|
|
will then make the request via https
|
|
|
|
This change will be done automatically for every template that exists
|
|
|
|
when you install this package.
|
2022-07-28 12:21:06 -04:00
|
|
|
|
2022-08-22 06:43:18 -04:00
|
|
|
If you install a new template, you must make this configuration change.
|
|
|
|
In dom0 run:
|
2022-07-28 12:21:06 -04:00
|
|
|
qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.change_templates
|
2022-08-22 06:43:18 -04:00
|
|
|
replacing TEMPLATE with the name of the new template.
|
2022-07-28 12:21:06 -04:00
|
|
|
|
2022-08-22 06:43:18 -04:00
|
|
|
If you want to use the standard proxy, you have to revert this change,
|
|
|
|
as well as editing the policy file.
|
|
|
|
In dom0 run:
|
2022-07-28 12:21:06 -04:00
|
|
|
qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.restore_templates
|
2022-08-22 06:43:18 -04:00
|
|
|
replacing TEMPLATE with the name of the new template.
|
|
|
|
|
|
|
|
When this package is installed it will attempt to rewrite repository
|
|
|
|
definitions in all templates.
|
|
|
|
This includes templates that are not under salt control, like Windows
|
|
|
|
templates.
|
|
|
|
You must manually shutdown those templates.
|
|
|
|
|
|
|
|
No changes are made to Whonix templates, and updates to those templates
|
|
|
|
will not be cached.
|
|
|
|
|
|
|
|
If you want updates to run via Tor, set the netvm for the cacher qube
|
|
|
|
to be a Tor proxy, like sys-whonix.
|
|
|
|
|
|
|
|
Because the cacher qube is listening on port 8082, you can use it from
|
|
|
|
non-template qubes and qubes that do not have a working qrexec. Use
|
|
|
|
the native configuration to set the update proxy using the IP address
|
|
|
|
of cacher.
|
|
|
|
|
2021-02-10 01:52:05 -05:00
|
|
|
|
|
|
|
%install
|
|
|
|
rm -rf %{buildroot}
|
|
|
|
mkdir -p %{buildroot}/srv/salt
|
|
|
|
cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
|
|
|
|
|
|
|
|
%files
|
|
|
|
%defattr(-,root,root,-)
|
|
|
|
/srv/salt/cacher/*
|
|
|
|
|
2022-05-15 10:57:37 -04:00
|
|
|
%post
|
|
|
|
if [ $1 -eq 1 ]; then
|
|
|
|
echo "------------------------"
|
|
|
|
echo "cacher is being installed"
|
|
|
|
echo "------------------------"
|
|
|
|
qubesctl state.apply cacher.create
|
|
|
|
qubesctl --skip-dom0 --targets=template-cacher state.apply cacher.install
|
|
|
|
qubesctl --skip-dom0 --targets=cacher state.apply cacher.configure
|
|
|
|
qubesctl state.apply cacher.use
|
|
|
|
qubesctl --skip-dom0 --templates state.apply cacher.change_templates
|
|
|
|
fi
|
|
|
|
|
|
|
|
%preun
|
|
|
|
if [ $1 -eq 0 ]; then
|
|
|
|
qubesctl --skip-dom0 --templates state.apply cacher.restore_templates
|
|
|
|
fi
|
|
|
|
|
|
|
|
%postun
|
|
|
|
if [ $1 -eq 0 ]; then
|
2022-08-20 20:12:12 -04:00
|
|
|
sed -i /qubes.UpdatesProxy.*target=cacher/d /etc/qubes/policy.d/30-user.policy
|
2022-05-15 10:57:37 -04:00
|
|
|
fi
|
|
|
|
|
2021-02-10 01:52:05 -05:00
|
|
|
%changelog
|
2022-08-22 06:43:18 -04:00
|
|
|
* Mon Aug 22 2022 unman <unman@thirdeyesecurity.org> - 1.8
|
|
|
|
- Stop rewriting for Whonix templates
|
2022-08-20 20:12:12 -04:00
|
|
|
* Sun Aug 21 2022 unman <unman@thirdeyesecurity.org> - 1.7
|
|
|
|
- Correct uninstall action
|
2022-07-28 12:21:06 -04:00
|
|
|
* Thu Jul 28 2022 unman <unman@thirdeyesecurity.org> - 1.5
|
|
|
|
- Extended description
|
2022-05-21 10:36:56 -04:00
|
|
|
* Sat May 21 2022 unman <unman@thirdeyesecurity.org> - 1.4
|
|
|
|
- Standardise package names to 3isec-
|
2022-05-15 10:57:37 -04:00
|
|
|
* Sun May 15 2022 unman <unman@thirdeyesecurity.org> - 1.3
|
|
|
|
- General tidy up
|
|
|
|
- Automate configuration for standard templates on install
|
|
|
|
- Remove configuration on package removal.
|
|
|
|
* Fri May 13 2022 unman <unman@thirdeyesecurity.org>
|
|
|
|
- Update to handling fedora 35 in pool
|
|
|
|
- add archlx_mirrors for pooling
|
|
|
|
- automatically salt all templates to use this proxy
|
|
|
|
* Fri May 06 2022 unman <unman@thirdeyesecurity.org>
|
|
|
|
- Update to debian-11-minimal base
|
|
|
|
* Wed Feb 03 2021 unman <unman@thirdeyesecurity.org>
|
2021-02-10 01:52:05 -05:00
|
|
|
- First Build
|