b49ae50ad5
Configure package manager to use 127.0.0.1:8082 as proxy instead of "magic" IP intercepted later. The listen on this port and whenever new connection arrives, spawn qubes.UpdatesProxy service call (to default target domain - subject to configuration in dom0) and connect its stdin/out to the local TCP connection. This part use systemd.socket unit in case of systemd, and ncat --exec otherwise. On the other end - in target domain - simply pass stdin/out to updates proxy (tinyproxy) running locally. It's important to _not_ configure the same VM to both be updates proxy and use it. In practice such configuration makes little sense - if VM can access network (which is required to run updates proxy), package manager can use it directly. Even if this network access is through some VPN/Tor. If a single VM would be configured as both proxy provider and proxy user, connection would loop back to itself. Because of this, proxy connection redirection (to qrexec service) is disabled when the same VM also run updates proxy. Fixes QubesOS/qubes-issues#1854 |
||
|---|---|---|
| .. | ||
| qubes-core | ||
| qubes-core-early | ||
| qubes-core-netvm | ||
| qubes-core.modules | ||
| qubes-dvm | ||
| qubes-firewall | ||
| qubes-misc.modules | ||
| qubes-qrexec-agent | ||
| qubes-sysinit | ||
| qubes-updates-proxy | ||
| qubes-updates-proxy-forwarder | ||