Apt-cache-ng/cacher proxy question

qEawma5f · March 27, 2025, 1:26am

Hi,

I’m trying to set up a cacher using this guide: shaker/cacher at main · unman/shaker · GitHub. I’m confused about whether to set the netvm to a VPN or sys-whonix. For those who have used the cacher, what do you recommend for the netvm?

Thanks!

unman · March 27, 2025, 1:54am

Hi. You can set the netvm to whatever best suits your use case.
I dont use whonix, but I do route traffic over Tor.
The choice is entirely up to you.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

qEawma5f · March 27, 2025, 9:30pm

Hello,

Thank you for your response.

Do you have Tor running within the cacher, or is sys-whonix the only netvm you are using?

I came across this discussion: sys-cacher questions · Issue #122 · ben-grande/qusal · GitHub, where @ben-grade recommended against using sys-whonix as a netvm or running Tor inside it. What do you think?

unman · March 28, 2025, 12:02am

I’m not a believer in mixing up things, so I wouldn’t run Tor in a cacher
qube.
I dont use Whonix, but I do run Tor proxies.
I place cacher downstream from a Tor proxy.

I dont see why you wouldn’t place cacher downstream from sys-whonix. This
looks wrong to me.
You can no longer run Tor over Tor, so you cant have any repo definitions
that use tor+https - you’d need to amend them just like you amend any
definitions that use https://.
Something like this would work in these cases:
sed -i s^tor+https://^http://HTTPS///^ REPO_DEFINITION
or
sed -i s^tor+http://^http://^ REPO_DEFINITION

Placing the caching proxy depends entirely on your needs.
Need to use Tor? Set the netvm as sys-whonix.
Need to use a VPN? Set the netvm to the VPN proxy.
Need both? i think you’ll see where this is going.
Need neither? Just set netvm as sys-firewall.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

qEawma5f · April 5, 2025, 12:22am

Hi @unman

I’ve successfully set up the cacher, and everything is functioning properly. However, I’m getting an error with the Fedora 41 templates. I tried to remove them from the cacher, but the error persists.

 >>> Curl error (56): Failure when receiving data from the peer for https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml 
>>> Curl error (56): Failure when receiving data from the peer for https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml 
>>> Curl error (56): Failure when receiving data from the peer for https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml 
>>> Curl error (56): Failure when receiving data from the peer for https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml

qEawma5f · April 5, 2025, 7:46pm

Solved by changing the fedora-cisco-openh264.repo to

baseurl=http://HTTPS///codecs.fedoraproject.org/openh264/41/x86_64/os/

qEawma5f · April 5, 2025, 8:56pm

Now I’m stuck with flathub, is there a possibility to set that up with flatpak?
@solene @unman

solene · April 5, 2025, 8:58pm

I wrote a guide explaining how to use a reverse proxy to cache flatpak updates, it could easily be adapted to qubes os

Mirai · April 5, 2025, 9:28pm

Did not know setting up an update cache is this easy. Would be awesome if you could adapt it to Qubes

qEawma5f · April 6, 2025, 12:13am

I’ve ran this command

flatpak remote-modify flathub --url=http://my-cache.local:8082/repo/`

When I try to install a package, I get a 403 error, which is weird. I thought it was tor, but it was working fine without a cacher so I’m a bit lost can’t find anything on the internet too…