(cc: David Kalnischkies as this may answer his question too) Hello Pablo, > > I run into the same issue when proxying my apt through apt-cacher-ng. > Not without any proxy in between. > > It seems you're using a proxy, too: > > > Acquire::http::Proxy "http://10.137.255.254:8082/";; > > Out of curiosity and hopefully narrowing down the issue: What kind of > proxy is this on your side? >
You are right, there is a proxy and I failed to mention it. D'oh! This report comes from a Qubes OS "Debian 8 template", which runs on a xen-based VM, and is just a regular Debian with some additional packages that allow the VMs based on this template to play nice on a Qubes OS system (allowing copy&paste between machines, handle block device sharing, etc). They way Qubes OS works in terms of networking is that "application VMs" connect to internet through a "firewall VM", which has a WAN interface (the insecure one) connected to a "network VM". At the end, from the point of view of the VM I am reporting the issue from, it is like getting to the Internet through a Linux-based firewall and then a home router. Qubes templates have a tinyproxy-based proxy that allows the update of the machines regardless of the firewall settings. Hence, they have the Acquire::http::Proxy "http://10.137.255.254:8082/"; statement on their apt config files. This proxy config seems quite generic: User tinyproxy > Group tinyproxy > Port 8082 > Timeout 60 > DefaultErrorFile "/usr/share/tinyproxy/default.html" > #StatHost "tinyproxy.stats" > StatFile "/usr/share/tinyproxy/stats.html" > Syslog On > LogLevel Notice > PidFile "/var/run/tinyproxy-updates/tinyproxy.pid" > MaxClients 50 > MinSpareServers 2 > MaxSpareServers 10 > StartServers 2 > MaxRequestsPerChild 0 > DisableViaHeader Yes > Allow 127.0.0.1 > Allow 10.137.0.0/16 > ConnectPort 443 I will monitor syslog when performing the apt-get update and see if I can catch any special event. So far, the same issue happens on my newer template, which is Debian 9-based, and is happening almost 50% of the time when the apt-lists are no longer valid. When it happens, repeating the 'apt-get update' command succeeds. Thanks for pointing out this "small" detail. Regards, ///Pablo
