Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

comments to use Qubes onion repository #2623

Closed
adrelanos opened this issue Feb 8, 2017 · 10 comments
Closed

comments to use Qubes onion repository #2623

adrelanos opened this issue Feb 8, 2017 · 10 comments
Labels
C: other T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@adrelanos
Copy link
Member

adrelanos commented Feb 8, 2017

Why? Not having to use sed, not having to open documentation to make this change.

Please have a look if you like this style.

Other possible styles:

  • a separate files only containing onions (and all out commented by default)
  • not edit the current file, just append the onions below

Related:
#2576

@andrewdavidwong
Copy link
Member

andrewdavidwong commented Feb 8, 2017

A lot of users seem to be struggling with using sed and with editing the file manually (and sending me messages about it), so I'm in favor of this.

@andrewdavidwong andrewdavidwong added C: other T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. labels Feb 8, 2017
@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Feb 8, 2017
@adrelanos
Copy link
Member Author

adrelanos commented Feb 9, 2017

Actually, I don't like that style from https://github.com/adrelanos/qubes-core-agent-linux-1/blob/a193c8f3aa4df7ecdd8b835a49085f6c5f798568/misc/qubes-r3.list.in myself too much.

Anyhow. If you think that one is okay, we can go for this.

@unman
Copy link
Member

unman commented Feb 9, 2017

Can suggest that instead of interleaving the onion addresses with standard, it would be much easier for users to edit if they were broken out in separate blocks at the end of the file?
Like this-

# Main qubes updates repository
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm @DIST@ main
#deb-src http://deb.qubes-os.org/r3.2/vm @DIST@ main


# Updates through Tor
# Main qubes updates repository through Tor
#deb [arch=amd64] tor+http://deb.qubesos4rrrrz6n4.onion/r3.2/vm @DIST@ main
#deb-src tor+http://deb.qubesos4rrrrz6n4.onion/r3.2/vm @DIST@ main

That would make user error much less likely

@0brand
Copy link

0brand commented Jun 23, 2018

It was looking at the options for dom0 repos and TemplateVM repos (debian, fedora)

https://github.com/adrelanos/qubes-core-agent-linux-1/blob/a193c8f3aa4df7ecdd8b835a49085f6c5f798568/misc/qubes-r3.list.in

This link is dead so I'm not sure how the example looked

1. For dom0, I think either of these would work.

a)

Add a second block for onion repositories which is commented out by default. When users want to onionize repos they can comment out the first block (clearnet update) and uncomment second block (Tor update).

[qubes-dom0-current]
name = Qubes Dom0 Repository (updates)
baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/%DIST%
enabled = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-current-testing]
name = Qubes Dom0 Repository (updates-testing)
baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-security-testing]
name = Qubes Dom0 Repository (security-testing)
baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-unstable]
name = Qubes Dom0 Repository (unstable)
baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable
#Qubes Tor onion service repository 

#[qubes-dom0-current]
#name = Qubes Dom0 Repository (updates)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/%DIST%
#enabled = 1
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

#[qubes-dom0-current-testing]
#name = Qubes Dom0 Repository (updates-testing)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current-testing/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

#[qubes-dom0-security-testing]
#name = Qubes Dom0 Repository (security-testing)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/security-testing/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

#[qubes-dom0-unstable]
#name = Qubes Dom0 Repository (unstable)
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/unstable/dom0/%DIST%
#enabled = 0
#metadata_expire = 7d
#gpgcheck = 1
#gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable

b)

Add a second baseurl=. line (commented out by default) which points to the onion repository. When onionizing repos, users just comment/uncomment the corresponding line.

[qubes-dom0-current]
name = Qubes Dom0 Repository (updates)
baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/%DIST%
enabled = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-current-testing]
name = Qubes Dom0 Repository (updates-testing)
baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-security-testing]
name = Qubes Dom0 Repository (security-testing)
baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/security-testing/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary

[qubes-dom0-unstable]
name = Qubes Dom0 Repository (unstable)
baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/%DIST%
#baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/unstable/dom0/%DIST%
enabled = 0
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable

It looks like option "a" may be a little messy with all the comment/uncomment so I'm partial to "b"

2. For Template repos @unman had a good idea with separate blocks for onion at the end of the file. This would be much less confusing for users.

When a consensus is met I would be more than happy to submit the pull request or what ever else needs to be done i.e. testing etc.

@adrelanos
Copy link
Member Author

adrelanos commented Jun 26, 2018

  1. I am for b).

  2. Yes.

@adrelanos
Copy link
Member Author

adrelanos commented Aug 31, 2018

Patches were submitted by @0brand.

Patch "Comment to use qubes onion repository" Dom0 repositories.
https://groups.google.com/forum/#!topic/qubes-devel/8WM1wegSg90

Patch "Comments in TemplateVMs to use onion repositories"
https://groups.google.com/forum/#!topic/qubes-devel/G8dCAp-BRBo

@0brand
Copy link

0brand commented Sep 4, 2018

@adrelanos This issue can be closed? Merak applied patches .

@andrewdavidwong
Copy link
Member

andrewdavidwong commented Sep 5, 2018

Closing this as "resolved." If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C: other T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Development

No branches or pull requests

4 participants