Apt-transport-tor with apt-cacher-ng. Does it make sense?

I set up a cacher-qube that works perfectly (except with fedora templates) and set the cacher qube’s netvm to sys-whonix.

I then installed apt-transport-tor in my debian templates and changed the urls in the .list files to tor+http://HTTPS///. Everything still works even when I change the cacher’s netvm to sys-firewall, which makes me wonder whether or not it even made sense to install apt-transport-tor.

Is anyone more knowledgeable willing to explain? I tried to research the application of these two packages together but wasn’t able to find anything relevant.

Thank you

My guess is that debian/whonix falls back to http without tor.
Did you take a look at https://www.whonix.org/wiki/Onionizing_Repositories

1 Like

No, haven’t seen that page yet. I’ll take a look now, thank you

Wait, why would you install this in template, when updating templates is done via qrexec?

Misinformation I guess. I figured the url must’ve gone somewhere and wanted to ensure everything is done via tor.
So, is it not necessary?

If you chained cacher qube to sys-whonix and if you want to assure yourself updating is done via tor, just shut down sys-whonix and then try to update - if proper, sys-whonix would start up.
Regarding installing tor anywhere in AppVMs while using sys-whonix, I am almost sure it’s not necessary. Whatever is chained to sys-whonix already goes through tor.
But, if you prefer tor and not sys-whonix, then look for @unman’s notes how to setup tor qube. He prefers it over Whonix in general, as I can recall.

2 Likes

I’m interested in this topic as well!

Last time I followed this subject was from [Contribution] qubes-updates-cache · Issue #1957 · QubesOS/qubes-issues · GitHub which didn’t receive a lot of love. Funding was proposed once [Contribution] qubes-updates-cache · Issue #1957 · QubesOS/qubes-issues · GitHub but didn’t receive any love on that and the process seemed to not cover all cases.

Would you guys mind updating the issue?
Is that caching properly packages across fedora and debian (and other user chosen templates) without too much hassle/hacks?

Once again, the goal of not redownloading packages for multiple Templates trying to download the same packages is the problem space that would need to be fixed. Last time I followed the topic, apt-cacher-ng was a partial solution for that problem space, where qubes-updates-cache could not be used (was a hack that since http->https happened in all repositories, could not be used anymore, which pointed to apt-cacher-ng which never made its way into Qubes maintained solution, hence a fringe, locally maintained solution).

@BEBF738VD @Johnboy @enmus @Sven : did that change? Where should that discussion continue?