Cacher(apt-cacher-ng) & Debian template extrepo

Hi guys,

I would like to update Librewolf. And recently, according to the official documentation for Debian, it only works with the following option:

sudo apt update && sudo apt install extrepo -y

sudo extrepo enable librewolf

sudo apt update && sudo apt install librewolf -y

When I enter:
sudo extrepo enable librewolf
in the Debian template I get the following message:

extrepo enable librewolf
Could not download index YAML file:
500 Can’t connect to extrepo-team.pages.debian.net:443 (Temporary name resolution error) at /usr/share/perl5/Debian/ExtRepo/Data.pm line 27.

Can the extrepo be solved via apt-cacher?

Try this:

sudo http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf

Thanks, that worked.

Did not work for me:

sudo http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf
Could not download index YAML file:
500 establishing SSL tunnel failed: 403 CONNECT denied (ask the admin to allow HTTPS tunnels) at /usr/share/perl5/Debian/ExtRepo/Data.pm line 27.

@kryptopunk could you please share all the code lines you entered? What template did you use, any modification? Thank you

I’ve tried it in default debian-12-minimal template and it worked for me.
I’m using cacher qube as well.

This is very odd. I found a typo in my apt-cacher configuration, fixed it. Rerun my apt-cacher auto-creation script and get it working. But just once! I redo the librewolf qube creation and it failed again with the same (old) error message.

May I ask you to briefly run these 6 code lines (Qubes OS 4.2, apt-cacher installed and configured):

src="debian-12-minimal"; tpl="deb-12-m-librewolf-extrepo"

qvm-template install ${src}

qvm-run --pass-io --user root ${src} 'sed -i s^https://^http://HTTPS///^g /etc/apt/sources.list'
qvm-run --pass-io --user root ${src} 'sed -i s^https://^http://HTTPS///^g /etc/apt/sources.list.d/*'

qvm-clone ${src} ${tpl}

qvm-run --pass-io --user root ${tpl} "apt install qubes-core-agent-passwordless-root qubes-core-agent-networking"

qvm-run --pass-io --user root ${tpl} "apt update"
qvm-run --pass-io --user root ${tpl} "apt install extrepo --yes"
qvm-run --pass-io --user root ${tpl} "http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf"

I end up with this error message (in dom0):

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Could not download index YAML file:
500 establishing SSL tunnel failed: 403 CONNECT denied (ask the admin to allow HTTPS tunnels) at /usr/share/perl5/Debian/ExtRepo/Data.pm line 27.

I think, I have the same problem. The librewolf repo links the deb package to the gitlab release page.

wget https://repo.librewolf.net./pool/librewolf-130.0.1-1-linux-x86_64-deb.deb

will connect to https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/130.0.1-1/librewolf-130.0.1-1-linux-x86_64-deb.deb

Http caching is not possible.

It worked for me.
What’s the net qube of your cacher qube?
Maybe your IP is blocked by the repository?
I’m using sys-whonix as a net qube for cacher qube.

Did you reference to this or did you do it differently?

I have a normal setup (sys-firewall, sys-net). Additionally, I tested with and without VPN.

I’ve run the exact same commands from your post without errors.
Try to set your cacher qube’s net qube to sys-whonix for a test.

Thanks for the confirmation.

So, I guess it is linked to this http issue.

What’s your apt-cacher-ng config /etc/apt-cacher-ng/acng.conf?

Well, it is a straight forward implementation of unman-notes/apt-cacher-ng.md at master · rustybird/unman-notes · GitHub

The file itself contains 99% comment lines, but I guess you are interested in the line:

Port:8082

it is present.

apt-cacher worked/s always fine, it is just the extrepo issue.

Do you have the same error if you run this command in the template?

curl -x http://127.0.0.1:8082 https://debian.org

I’m not sure what’s different in my case, but with this config:

$ grep -o '^[^#]*' /etc/apt-cacher-ng/acng.conf
CacheDir: /var/cache/apt-cacher-ng
LogDir: /var/log/apt-cacher-ng
SupportDir: /usr/lib/apt-cacher-ng
Port:8082
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian 
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu 
Remap-klxrep: file:kali_mirrors /kali ; file:backends_kali 
Remap-cygwin: file:cygwin_mirrors /cygwin 
Remap-sfnet:  file:sfnet_mirrors 
Remap-alxrep: file:archlx_mirrors /archlinux 
Remap-fedora: file:fedora_mirrors 
Remap-epel:   file:epel_mirrors 
Remap-slrep:  file:sl_mirrors 
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo 
Remap-secdeb: security.debian.org security.debian.org/debian-security deb.debian.org/debian-security /debian-security cdn-fastly.deb.debian.org/debian-security ; deb.debian.org/debian-security security.debian.org cdn-fastly.deb.debian.org/debian-security
ReportPage: acng-report.html
ExThreshold: 4
FollowIndexFileRemoval: 1
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
AllowUserPorts: 80 443

The request to https://debian.org is passthrough in cacher qube for me withour caching and it works without error.
I’m not sure what’s different in my case, I’m using debian-12-minimal template with apt-cacher-ng installed and the only things I’ve changed in the config are Port and AllowUserPorts.
I don’t have PassThroughPattern in my apt-cacher-ng config.

I get this:

curl: (56) CONNECT tunnel failed, response 403

I get exactly the same but I remember an apt-cacher setting during the installation. It asked for HTTP tunnels …
I will reinstall my apt-cacher and select this option to check if this will fix it.

Maybe you have some additional options in /etc/default/apt-cacher-ng.

I’ve missed this, it was configured by the package manager during installation in another file /etc/apt-cacher-ng/zz_debconf.conf:

PassThroughPattern: .*

You can reconfigure apt-cacher-ng by running dpkg-reconfigure apt-cacher-ng in the template and PassThroughPattern is configured at this step:

  +----------------------+ Configuring apt-cacher-ng +-----------------------+  
  |                                                                          |  
  | Apt-Cacher NG can be configured to allow users to create HTTP tunnels,   |  
  | which can be used to access remote servers that might otherwise be       |  
  | blocked by (for instance) a firewall filtering HTTPS connections.        |  
  |                                                                          |  
  | This feature is usually disabled for security reasons; enable it only    |  
  | for trusted LAN environments.                                            |  
  |                                                                          |  
  | Allow HTTP tunnels through Apt-Cacher NG?                                |  
  |                                                                          |  
  |                    <Yes>                       <No>                      |  
  |                                                                          |  
  +--------------------------------------------------------------------------+  

Yes, I can confirm: apt-cacher with the configuration allow http tunnel works, without it cannot establish the required connection.

Thanks for all your support @apparatus !

But now, I have the question: How can I define the PassThroughPattern that it will allows the exception for this special (extrepo librewolf) case only and for all other connection use https only?

Try this:

PassThroughPattern: extrepo-team\.pages\.debian\.net:443$

Sorry for my late response.

I cannot get it working. Please could you explain your suggested pattern.

• extrepo-team: ?
• .pages: ?
• .debian: ?
• .net:443$ ?

(443: is the HTTPS port)

Any further pattern / syntax I could test?