On 12/16/18 9:05 AM, unman wrote:
On Sun, Dec 16, 2018 at 01:57:57AM -0600, Jake wrote:
I need to add an additional yum/dnf repo to install some software, but I
seem to only be able to do it on an appvm/dispvm, not on a template.
When adding the repo to the template, I cannot install packages after adding
it, and get the following message when attempting to install using dnf:
"Failed to synchronize cache for repo <new repo name>"
Can someone give me a clue about why this works for appvms and not a
template?
Regards,
Jake
appVMs are networked and templates use a proxy which they access by
qubes-rpc.(seewww.qubes-os.org/doc/software-update-vm#updates-proxy)
What's the repo you want to use, and what is the proxy you are
using? (Check in QubesGlobalSettings and
/etc/qubes-rpc/policy/qubes.UpdatesProxy in dom0)
Apologies for the delayed response. The repo is a 3rd party repo for an
external USB device, and giving my sys-usb vm network access to install
these packages each time I need to use it strikes me as poor opsec.
What I have attempted to do is clone my fedora template, add the new
repo to that template, and then install the relevant packages. The goal
with this config is to avoid having to re-trust the remote repo and its
packages each time I set this up.
I gave the docs you linked to and the config files a close look and
don't immediately see how to debug this problem and get updates via this
additional repo working via the proxy system. My read is that the
following is occurring when attempting to update/install packages in a
templateVM:
attempt to install pkg in templateVM --> traffic flows to/from
127.0.0.1:8082 in templateVM --> either sys-net or sys-whonix over
qubes-rpc --> ?
I don't see any obvious logs that give useful info and it's not clear to
me how to track the update process over the qubes-rpc link. The best
debug info I have on-hand is that "dnf install <pkg name> -v" gives the
error "Cannot download 'https://remoterepo.com/rpm': Cannot download
repomd.xml: Cannot download repodata/repomd.xml: All mirror were
tried". I have verified that
https://remoterepo.com/rpm/repodata/repomd.xml exists and packages
install fine using a dispVM. Are the repo IPs or domains being filtered
via the update proxy?
Any advice on how to get this additional repo working via the update
proxy mechanism would be welcome.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/90c47ac6-8aab-4f23-3040-b86beb1a68b8%40companyzero.com.
For more options, visit https://groups.google.com/d/optout.
