From 834c2db5f739c216bc846cbd44313e76c2acb348 Mon Sep 17 00:00:00 2001 From: unman Date: Mon, 22 Aug 2022 10:43:18 +0000 Subject: [PATCH] Salt - caching proxy - bump version. Add more detail in spec file description --- cacher.spec | 59 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/cacher.spec b/cacher.spec index 16fc6b2..79857c0 100644 --- a/cacher.spec +++ b/cacher.spec @@ -1,17 +1,17 @@ Name: 3isec-qubes-cacher -Version: 1.5 +Version: 1.8 Release: 1%{?dist} Summary: A caching proxy in Qubes License: GPLv3+ -SOURCE0: cacher +SOURCE0: cacher %description - This package provides a caching proxy, named cacher. - A caching proxy stores downloaded packages, so that you need only download - a package once for it to be used when updating many templates. - The proxy is preconfigured to work out of the box for Debian, Ubuntu, - Arch, and Fedora templates. +This package provides a caching proxy, named cacher. +A caching proxy stores downloaded packages, so that you need only download +a package once for it to be used when updating many templates. +The proxy is preconfigured to work out of the box for Debian, Ubuntu, +Arch, and Fedora templates. When you install this package your Qubes system will be altered to use the proxy by default. @@ -22,21 +22,39 @@ that file. So that you can use https:// in your repository definitions, the entries will be changed in the templates. https:// becomes http://HTTPS/// - This is so that the request to the proxy is plain text, and the proxy - will then make the request via https - This change will be done automatically for every template that exists - when you install this package. +This is so that the request to the proxy is plain text, and the proxy +will then make the request via https +This change will be done automatically for every template that exists +when you install this package. - If you install a new template, you must make this configuration change. - In dom0 run: +If you install a new template, you must make this configuration change. +In dom0 run: qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.change_templates - replacing TEMPLATE with the name of the new template. +replacing TEMPLATE with the name of the new template. - If you want to use the standard proxy, you have to revert this change, - as well as editing the policy file. - In dom0 run: +If you want to use the standard proxy, you have to revert this change, +as well as editing the policy file. +In dom0 run: qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.restore_templates - replacing TEMPLATE with the name of the new template. +replacing TEMPLATE with the name of the new template. + +When this package is installed it will attempt to rewrite repository +definitions in all templates. +This includes templates that are not under salt control, like Windows +templates. +You must manually shutdown those templates. + +No changes are made to Whonix templates, and updates to those templates +will not be cached. + +If you want updates to run via Tor, set the netvm for the cacher qube +to be a Tor proxy, like sys-whonix. + +Because the cacher qube is listening on port 8082, you can use it from +non-template qubes and qubes that do not have a working qrexec. Use +the native configuration to set the update proxy using the IP address +of cacher. + %install rm -rf %{buildroot} @@ -70,6 +88,8 @@ if [ $1 -eq 0 ]; then fi %changelog +* Mon Aug 22 2022 unman - 1.8 +- Stop rewriting for Whonix templates * Sun Aug 21 2022 unman - 1.7 - Correct uninstall action * Thu Jul 28 2022 unman - 1.5 @@ -80,14 +100,11 @@ fi - General tidy up - Automate configuration for standard templates on install - Remove configuration on package removal. - * Fri May 13 2022 unman - Update to handling fedora 35 in pool - add archlx_mirrors for pooling - automatically salt all templates to use this proxy - * Fri May 06 2022 unman - Update to debian-11-minimal base - * Wed Feb 03 2021 unman - First Build