Adding a repo: works in appvm/dispvm, not in template
35 views
Skip to first unread message
Jake
Dec 16, 2018, 9:30:09 AM12/16/18
to qubes...@googlegroups.com
I need to add an additional yum/dnf repo to install some software, but I
seem to only be able to do it on an appvm/dispvm, not on a template.
When adding the repo to the template, I cannot install packages after
adding it, and get the following message when attempting to install
using dnf:
"Failed to synchronize cache for repo <new repo name>"
Can someone give me a clue about why this works for appvms and not a
template?
Regards,
Jake
seem to only be able to do it on an appvm/dispvm, not on a template.
When adding the repo to the template, I cannot install packages after
adding it, and get the following message when attempting to install
using dnf:
"Failed to synchronize cache for repo <new repo name>"
Can someone give me a clue about why this works for appvms and not a
template?
Regards,
Jake
unman
Dec 16, 2018, 10:05:11 AM12/16/18
to qubes...@googlegroups.com
qubes-rpc.(see www.qubes-os.org/doc/software-update-vm#updates-proxy)
What's the repo you want to use, and what is the proxy you are
using? (Check in QubesGlobalSettings and /etc/qubes-rpc/policy/qubes.UpdatesProxy in dom0)
Jake
Dec 29, 2018, 6:19:08 PM12/29/18
to qubes...@googlegroups.com
external USB device, and giving my sys-usb vm network access to install
these packages each time I need to use it strikes me as poor opsec.
What I have attempted to do is clone my fedora template, add the new
repo to that template, and then install the relevant packages. The goal
with this config is to avoid having to re-trust the remote repo and its
packages each time I set this up.
I gave the docs you linked to and the config files a close look and
don't immediately see how to debug this problem and get updates via this
additional repo working via the proxy system. My read is that the
following is occurring when attempting to update/install packages in a
templateVM:
attempt to install pkg in templateVM --> traffic flows to/from
127.0.0.1:8082 in templateVM --> either sys-net or sys-whonix over
qubes-rpc --> ?
I don't see any obvious logs that give useful info and it's not clear to
me how to track the update process over the qubes-rpc link. The best
debug info I have on-hand is that "dnf install <pkg name> -v" gives the
error "Cannot download 'https://remoterepo.com/rpm': Cannot download
repomd.xml: Cannot download repodata/repomd.xml: All mirror were
tried". I have verified that
https://remoterepo.com/rpm/repodata/repomd.xml exists and packages
install fine using a dispVM. Are the repo IPs or domains being filtered
via the update proxy?
Any advice on how to get this additional repo working via the update
proxy mechanism would be welcome.
awokd
Jan 6, 2019, 8:12:19 PM1/6/19
to qubes...@companyzero.com, qubes...@googlegroups.com
Jake wrote on 12/29/18 11:19 PM:
Are you on Qubes 4.0 and editing one of the files in your template in
/etc/yum.repod.d/? It should just work. If you can, try using an HTTPS
repo for your USB device.
/etc/yum.repod.d/? It should just work. If you can, try using an HTTPS
repo for your USB device.
Reply all
Reply to author
Forward
0 new messages