fix: allow update check to work on cacher clients

Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: #44 Fixes: #31
ben-grande · Apr 26, 2024 · 1ede2e1 · 1ede2e1
1 parent a6f7d23
commit 1ede2e1
Show file tree

Hide file tree

Showing 5 changed files with 324 additions and 75 deletions.
diff --git a/salt/sys-cacher/README.md b/salt/sys-cacher/README.md
@@ -106,13 +106,30 @@ non-template qubes and qubes that do not have a working Qrexec. Use the native
 configuration to set the update proxy using the IP address of `sys-cacher` by
 setting `sys-cacher` as the netvm of the client qube.
 
+Set `sys-cacher` as the netvm of your qube:
+```sh
+qvm-prefs QUBE netvm sys-cacher
+```
+
+Enable the service `netvm-cacher`:
+```sh
+qvm-features QUBE service.netvm-cacher 1
+```
+
+Copy [apt-cacher-ng-repo](files/client/bin/apt-cacher-ng-repo) to your qube
+and set the script to run on boot. Make sure that the file
+`/var/run/qubes-service/netvm-cacher` exists on every startup for the proxy
+address change take effect.
+
+The qube has to be restarted for changes to take effect.
+
 ### Non-TemplateVMs integration
 
 **Attention**: this method will allow a client qube to bypass the qubes
-firewall and connect to a remote via the updates proxy.
+firewall and connect to a remote host via the updates proxy.
 
 By default, only templates will use the proxy to update, if you want to cache
-Non-TemplateVMs updates or simply make them functional again, the qube will
+non-TemplateVMs updates or simply make them functional again, the qube will
 need the `service.updates-proxy-setup` feature set:
 ```sh
 qvm-tags add QUBE updatevm-sys-cacher