UPDATE: It seems like there’s some sort of conflict between apt-cacher-ng 3.6.4-1 and tinyproxy 1.10.0-5 on Debian 11 where the apt-cacher-ng service can’t bind to the 8082 socket.
-
After upgrading to Qubes 4.2.1 and installing the 3isec-qubes-cacher.x86_64 v1.16-1.fc37 package, which created a debian-11 TemplateVM running apt-cacher-ng 3.6.4-1 and tinyproxy 1.10.0-5, I found that my Debian TemplateVMs throw the following error:
E: Failed to fetch http://HTTPS///deb.debian.org/debian/dists/bookworm/InRelease 500 Unable to connect [IP: 127.0.0.1 8082]
-
I inspected cacher’s
/rw/config/rc.localand noticed a uselessiptablescommand (because/sbin/iptablesdidn’t exist) and a similarly-uselessnftcommand (becausesystemctl status nftablesindicated the nftables service wasn’t running)- I temporarily enabled the nftables service on cacher by enabling it on template-cacher, but Debian TemplateVMs continue to throw the same error
- I inspected the apt-cacher-ng service on cacher via
systemctl status apt-cacher-ngand sawCouldn’t bind socket: Address already in use
Port 8082 is busy, see the manual (Troubleshooting chapter) for details.- Troubleshooting indicated we could ferret out the conflicting process via
fuser -4 -v -n tcp 8082which revealed there were 3 instances of tinyproxy running- I uninstalled tinyproxy from cacher and restarted the apt-cacher-ng service
- Now both the cacher AppVM and my debian TemplateVMs throw DNS errors
- cacher: [msg] Nameserver 10.139.1.1:53 has failed: Network is unreachable
- debian TemplateVM: E: Failed to fetch http://HTTPS///deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease 503 DNS error - non-recoverable failure in name resolution [IP: 127.0.0.1 8082]
- Troubleshooting indicated we could ferret out the conflicting process via
- A related curiosity: What in the fedora update process in particular uses JSON files?