I set up a cacher-qube that works perfectly (except with fedora templates) and set the cacher qube’s netvm to sys-whonix.
I then installed apt-transport-tor in my debian templates and changed the urls in the .list files to tor+http://HTTPS///. Everything still works even when I change the cacher’s netvm to sys-firewall, which makes me wonder whether or not it even made sense to install apt-transport-tor.
Is anyone more knowledgeable willing to explain? I tried to research the application of these two packages together but wasn’t able to find anything relevant.
If you chained cacher qube to sys-whonix and if you want to assure yourself updating is done via tor, just shut down sys-whonix and then try to update - if proper, sys-whonix would start up.
Regarding installing tor anywhere in AppVMs while using sys-whonix, I am almost sure it’s not necessary. Whatever is chained to sys-whonix already goes through tor.
But, if you prefer tor and not sys-whonix, then look for @unman’s notes how to setup tor qube. He prefers it over Whonix in general, as I can recall.
Would you guys mind updating the issue?
Is that caching properly packages across fedora and debian (and other user chosen templates) without too much hassle/hacks?
Once again, the goal of not redownloading packages for multiple Templates trying to download the same packages is the problem space that would need to be fixed. Last time I followed the topic, apt-cacher-ng was a partial solution for that problem space, where qubes-updates-cache could not be used (was a hack that since http->https happened in all repositories, could not be used anymore, which pointed to apt-cacher-ng which never made its way into Qubes maintained solution, hence a fringe, locally maintained solution).