Name: 3isec-qubes-cacher Version: 1.8 Release: 1%{?dist} Summary: A caching proxy in Qubes License: GPLv3+ SOURCE0: cacher %description This package provides a caching proxy, named cacher. A caching proxy stores downloaded packages, so that you need only download a package once for it to be used when updating many templates. The proxy is preconfigured to work out of the box for Debian, Ubuntu, Arch, and Fedora templates. When you install this package your Qubes system will be altered to use the proxy by default. This is done with an entry in /etc/qubes/policy.d/30-user.policy If you want to change the proxy setting for some/all templates, edit that file. So that you can use https:// in your repository definitions, the entries will be changed in the templates. https:// becomes http://HTTPS/// This is so that the request to the proxy is plain text, and the proxy will then make the request via https This change will be done automatically for every template that exists when you install this package. If you install a new template, you must make this configuration change. In dom0 run: qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.change_templates replacing TEMPLATE with the name of the new template. If you want to use the standard proxy, you have to revert this change, as well as editing the policy file. In dom0 run: qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.restore_templates replacing TEMPLATE with the name of the new template. When this package is installed it will attempt to rewrite repository definitions in all templates. This includes templates that are not under salt control, like Windows templates. You must manually shutdown those templates. No changes are made to Whonix templates, and updates to those templates will not be cached. If you want updates to run via Tor, set the netvm for the cacher qube to be a Tor proxy, like sys-whonix. Because the cacher qube is listening on port 8082, you can use it from non-template qubes and qubes that do not have a working qrexec. Use the native configuration to set the update proxy using the IP address of cacher. %install rm -rf %{buildroot} mkdir -p %{buildroot}/srv/salt cp -rv %{SOURCE0}/ %{buildroot}/srv/salt %files %defattr(-,root,root,-) /srv/salt/cacher/* %post if [ $1 -eq 1 ]; then echo "------------------------" echo "cacher is being installed" echo "------------------------" qubesctl state.apply cacher.create qubesctl --skip-dom0 --targets=template-cacher state.apply cacher.install qubesctl --skip-dom0 --targets=cacher state.apply cacher.configure qubesctl state.apply cacher.use qubesctl --skip-dom0 --templates state.apply cacher.change_templates fi %preun if [ $1 -eq 0 ]; then qubesctl --skip-dom0 --templates state.apply cacher.restore_templates fi %postun if [ $1 -eq 0 ]; then sed -i /qubes.UpdatesProxy.*target=cacher/d /etc/qubes/policy.d/30-user.policy fi %changelog * Mon Aug 22 2022 unman - 1.8 - Stop rewriting for Whonix templates * Sun Aug 21 2022 unman - 1.7 - Correct uninstall action * Thu Jul 28 2022 unman - 1.5 - Extended description * Sat May 21 2022 unman - 1.4 - Standardise package names to 3isec- * Sun May 15 2022 unman - 1.3 - General tidy up - Automate configuration for standard templates on install - Remove configuration on package removal. * Fri May 13 2022 unman - Update to handling fedora 35 in pool - add archlx_mirrors for pooling - automatically salt all templates to use this proxy * Fri May 06 2022 unman - Update to debian-11-minimal base * Wed Feb 03 2021 unman - First Build