Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upcomments to use Qubes onion repository #2623
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andrewdavidwong
Feb 8, 2017
Member
A lot of users seem to be struggling with using sed and with editing the file manually (and sending me messages about it), so I'm in favor of this.
|
A lot of users seem to be struggling with using sed and with editing the file manually (and sending me messages about it), so I'm in favor of this. |
andrewdavidwong
added
C: other
enhancement
labels
Feb 8, 2017
andrewdavidwong
added this to the Release 3.2 updates milestone
Feb 8, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Feb 8, 2017
Member
Files to maybe edit or maybe duplicate.
- https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes-r3.list.in
- https://github.com/QubesOS/qubes-core-agent-linux/blob/master/misc/qubes-r3.repo
- https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/fedora-updates.repo.in
- https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/fedora.repo.in
- https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/qubes-dom0.repo.in
- https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/qubes-templates.repo
adrelanos
referenced this issue
in QubesOS/qubes-core-agent-linux
Feb 9, 2017
Closed
add comments for Qubes onion apt repository #36
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Feb 9, 2017
Member
Actually, I don't like that style from https://github.com/adrelanos/qubes-core-agent-linux-1/blob/a193c8f3aa4df7ecdd8b835a49085f6c5f798568/misc/qubes-r3.list.in myself too much.
Anyhow. If you think that one is okay, we can go for this.
|
Actually, I don't like that style from https://github.com/adrelanos/qubes-core-agent-linux-1/blob/a193c8f3aa4df7ecdd8b835a49085f6c5f798568/misc/qubes-r3.list.in myself too much. Anyhow. If you think that one is okay, we can go for this. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
unman
Feb 9, 2017
Member
Can suggest that instead of interleaving the onion addresses with standard, it would be much easier for users to edit if they were broken out in separate blocks at the end of the file?
Like this-
# Main qubes updates repository
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm @DIST@ main
#deb-src http://deb.qubes-os.org/r3.2/vm @DIST@ main
# Updates through Tor
# Main qubes updates repository through Tor
#deb [arch=amd64] tor+http://deb.qubesos4rrrrz6n4.onion/r3.2/vm @DIST@ main
#deb-src tor+http://deb.qubesos4rrrrz6n4.onion/r3.2/vm @DIST@ main
That would make user error much less likely
|
Can suggest that instead of interleaving the onion addresses with standard, it would be much easier for users to edit if they were broken out in separate blocks at the end of the file? That would make user error much less likely |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
0brand
Jun 23, 2018
It was looking at the options for dom0 repos and TemplateVM repos (debian, fedora)
This link is dead so I'm not sure how the example looked
1. For dom0, I think either of these would work.
a)
Add a second block for onion repositories which is commented out by default. When users want to onionize repos they can comment out the first block (clearnet update) and uncomment second block (Tor update).
[qubes-dom0-current]
name = Qubes Dom0 Repository (updates)
baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/%DIST%
enabled = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-current-testing]
name = Qubes Dom0 Repository (updates-testing)
baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-security-testing]
name = Qubes Dom0 Repository (security-testing)
baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-unstable]
name = Qubes Dom0 Repository (unstable)
baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable
#Qubes Tor onion service repository
#[qubes-dom0-current]
#name = Qubes Dom0 Repository (updates)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/%DIST%
#enabled = 1
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
#[qubes-dom0-current-testing]
#name = Qubes Dom0 Repository (updates-testing)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current-testing/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
#[qubes-dom0-security-testing]
#name = Qubes Dom0 Repository (security-testing)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/security-testing/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
#[qubes-dom0-unstable]
#name = Qubes Dom0 Repository (unstable)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/unstable/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable
b)
Add a second baseurl=. line (commented out by default) which points to the onion repository. When onionizing repos, users just comment/uncomment the corresponding line.
[qubes-dom0-current]
name = Qubes Dom0 Repository (updates)
baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/%DIST%
enabled = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-current-testing]
name = Qubes Dom0 Repository (updates-testing)
baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-security-testing]
name = Qubes Dom0 Repository (security-testing)
baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/security-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-unstable]
name = Qubes Dom0 Repository (unstable)
baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/unstable/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable
It looks like option "a" may be a little messy with all the comment/uncomment so I'm partial to "b"
2. For Template repos @unman had a good idea with separate blocks for onion at the end of the file. This would be much less confusing for users.
When a consensus is met I would be more than happy to submit the pull request or what ever else needs to be done i.e. testing etc.
0brand
commented
Jun 23, 2018
|
It was looking at the options for dom0 repos and TemplateVM repos (debian, fedora) This link is dead so I'm not sure how the example looked 1. For dom0, I think either of these would work. a) Add a second block for onion repositories which is commented out by default. When users want to onionize repos they can comment out the first block (clearnet update) and uncomment second block (Tor update). b) Add a second It looks like option "a" may be a little messy with all the comment/uncomment so I'm partial to "b" 2. For Template repos @unman had a good idea with separate blocks for onion at the end of the file. This would be much less confusing for users. When a consensus is met I would be more than happy to submit the pull request or what ever else needs to be done i.e. testing etc. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Jun 23, 2018
Member
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
adrelanos commentedFeb 8, 2017
Why? Not having to use sed, not having to open documentation to make this change.
Please have a look if you like this style.
Other possible styles:
Related:
#2576