Apt-cacher-ng and whonix

I used Unman’s shaker/notes to set up sys-apt-cacher-ng, with sys-whonix as the netvm. Upon reviewing the saltstack state that’s applied, it appears that Whonix is “blacklisted.”

However, I manually ran the following commands to replace https with http in the sources list files:

sed -i s^https://^http://HTTPS///^ /etc/apt/sources.list.d/debian.list
sed -i s^https://^http://HTTPS///^ /etc/apt/sources.list.d/qubes-r4.list

Now, when I try to update the templates via Qubes Updater, I get the following error:

...
WARNING: Execution of /usr/bin/apt-get prevented by /etc/uwt.d/40_qubes.conf because no torified Qubes updates proxy found.
Please make sure Whonix-Gateway (commonly called sys-whonix) is running.
....

It seems like it’s not possible (or recommended) to perform this action. My guess is that Whonix prevents clearnet updates due to the “tor+https” prefixes in the source definitions. For some reason, it isn’t recognizing that apt-cacher-ng is using sys-whonix. Is that correct? If so, could this issue be resolved by using onionized repositories in whonix?

Nevermind.

Interesting. I wonder how to balance security with low maintenance so I can force cacher to be used everywhere it works and keep tinyproxy where it does not :slight_smile:

The issue is that Whonix (consistently) insists that the update mechanism
runs over Tor, but there is not agreed mechanism for ensuring that this
occurs.
To run cacher over Tor you simply have to ensure that its netvm (or
netvm upstream) is set to a Tor proxy.

The best solution to your “wondering” is to set the Default update proxy
to cacher, with exceptions set for the Whonix templates. You can set
this easily in the Qubes Global Config GUI

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

My default updates are torified already, but there is no issue with cacher running over tor?

No, this is my standard set up.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.