From 11f2bbd904eabb2dd4ce7f531eee86bf77ac4626 Mon Sep 17 00:00:00 2001
From: 3np <3np@example.com>
Date: Sat, 22 Mar 2025 23:38:46 +0000
Subject: [PATCH 1/2] chore: remove whonix-specific updates-proxy filter from
 non-whonix templates

the removed filter is now applied in qubes-whonix
---
 Makefile                                   | 1 -
 debian/qubes-core-agent-networking.install | 1 -
 debian/qubes-core-agent.maintscript        | 1 +
 network/tinyproxy-updates.conf             | 6 ------
 network/updates-blacklist                  | 2 --
 rpm_spec/core-agent.spec.in                | 1 -
 6 files changed, 1 insertion(+), 11 deletions(-)
 delete mode 100644 network/updates-blacklist

diff --git a/Makefile b/Makefile
index c6774d1e8..22727fd5b 100644
--- a/Makefile
+++ b/Makefile
@@ -236,7 +236,6 @@ install-netvm: install-systemd-networking-dropins install-networkmanager
 	install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
 	install -D network/vif-qubes-nat.sh $(DESTDIR)/etc/xen/scripts/vif-qubes-nat.sh
 	install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
-	install -m 0644 -D network/updates-blacklist $(DESTDIR)/etc/tinyproxy/updates-blacklist
 
 	install -m 0400 -D network/qubes-ipv4.nft $(DESTDIR)/etc/qubes/qubes-ipv4.nft
 	install -m 0400 -D network/qubes-ipv6.nft $(DESTDIR)/etc/qubes/qubes-ipv6.nft
diff --git a/debian/qubes-core-agent-networking.install b/debian/qubes-core-agent-networking.install
index af0d96af8..fc95af845 100644
--- a/debian/qubes-core-agent-networking.install
+++ b/debian/qubes-core-agent-networking.install
@@ -8,7 +8,6 @@ etc/qubes/qubes-antispoof.nft
 etc/sysctl.d/81-qubes.conf.optional
 etc/sysctl.d/82-qubes-minimal-sys-net.conf.optional
 etc/tinyproxy/tinyproxy-updates.conf
-etc/tinyproxy/updates-blacklist
 etc/udev/rules.d/99-qubes-network.rules
 etc/xen/scripts/vif-qubes-nat.sh
 etc/xen/scripts/vif-route-qubes
diff --git a/debian/qubes-core-agent.maintscript b/debian/qubes-core-agent.maintscript
index 8f45a8f5b..f7a17d871 100644
--- a/debian/qubes-core-agent.maintscript
+++ b/debian/qubes-core-agent.maintscript
@@ -1,3 +1,4 @@
 rm_conffile /etc/apt/apt.conf.d/00notiy-hook
 rm_conffile /etc/tinyproxy/filter-updates
+rm_conffile /etc/tinyproxy/updates-blacklist
 rm_conffile /etc/systemd/system/haveged.service
diff --git a/network/tinyproxy-updates.conf b/network/tinyproxy-updates.conf
index b88c91799..f255cd8c5 100644
--- a/network/tinyproxy-updates.conf
+++ b/network/tinyproxy-updates.conf
@@ -23,9 +23,3 @@ Allow 10.137.0.0/16
 ConnectPort 443
 # Gentoo uses Rsync for its main repository
 ConnectPort 873
-
-# Explicitly block connections to the proxy IP, to return an error in such
-# case. This error page contains a magic string which is used in Whonix to
-# detect whether proxy is torified or not.
-# See https://github.com/qubesos/qubes-issues/issues/1482 for details
-Filter "/etc/tinyproxy/updates-blacklist"
diff --git a/network/updates-blacklist b/network/updates-blacklist
deleted file mode 100644
index f79e43a29..000000000
--- a/network/updates-blacklist
+++ /dev/null
@@ -1,2 +0,0 @@
-10.137.255.254
-127.0.0.1
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index 4ab1c835f..bcd24b05f 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -1130,7 +1130,6 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes/qubes-ipv6-disabled.nft
 %config(noreplace) /etc/qubes/rpc-config/qubes.UpdatesProxy
 %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
-%config(noreplace) /etc/tinyproxy/updates-blacklist
 %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules
 %if !0%{?is_opensuse}
 /etc/dhclient.d/qubes-setup-dnat-to-ns.sh

From 4bf05556f7c1f70326745956bdf4a009764009a3 Mon Sep 17 00:00:00 2001
From: 3np <3np@example.com>
Date: Sun, 23 Mar 2025 01:58:31 +0000
Subject: [PATCH 2/2] wip: properly migrate /etc/tinyproxy/updates-blacklist

---
 debian/qubes-core-agent.maintscript | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/qubes-core-agent.maintscript b/debian/qubes-core-agent.maintscript
index f7a17d871..af6e33106 100644
--- a/debian/qubes-core-agent.maintscript
+++ b/debian/qubes-core-agent.maintscript
@@ -1,4 +1,4 @@
 rm_conffile /etc/apt/apt.conf.d/00notiy-hook
 rm_conffile /etc/tinyproxy/filter-updates
-rm_conffile /etc/tinyproxy/updates-blacklist
+mv_conffile /etc/tinyproxy/updates-blacklist /etc/tinyproxy/updates-blocklist qubes-whonix #TODO: fill in version
 rm_conffile /etc/systemd/system/haveged.service