I have a StandaloneVM that I’m trying to update using the qubes-update-gui. I’m also using sys-cacher. I have added the explicit RPC policy qubes.UpdateProxy * <qube> @default allow target=sys-cacher. This setup works for my TemplateVMs. But for standalones, it fails with the error Temporary Failure Resolving 'deb.debian.org'. It seems as if the update process isn’t being routed via sys-cacher, or reaching the internet at all.
If I set the netvm of the StandaloneVM as sys-cacher, it starts working. However, if I change my sources.list to http://HTTPS/// (in order to use apt-cacher-ng’s TLS function), it starts failing again, with Could not resolve 'HTTPS'. The TLS setup also works fine with TemplateVMs (which don’t even need to have a netvm).
How you created sys-cacher.
Nor what version of Qubes you are using.
Generally speaking, if you create a standalone based on a stock template
it should work out of the box.
If you create a standalone de novo, then you should be able to use
apt-cacher-ng by specifying the IP address and port of the proxy in the
appropriate place. How you do this will depend on what distro the
standalone is using.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
The StandaloneVM was based on the debian 12 minimal template and running on R4.2.
Thanks for the tip. So to make it work, it was necessary to add Acquire::http::Proxy "http://<ip of sys-cacher>:<port of update proxy, default is 8082> to /etc/apt/apt.conf.
In addition, it was necessary to set the StandaloneVM netvm to sys-cacher. Otherwise it still wouldn’t work.
RPC policies for qubes.UpdateProxy seem to be irrelevant, since even switching the rule to deny doesn’t prevent the update from working. So am I correct in concluding that a StandaloneVM uses a different mechanism than a TemplateVM? It seems to pretty much require the same setup that updating an AppVM manually would.