Curl-proxy / wget-proxy scripts in Templates so users can add GPG distro keys linked to added external repositories

Insurgo · April 20, 2022, 7:26pm

Tried real quick to try to do PoC wget-wrapper code snippet, and wanted insight on what is the best approach to get network info for Templates.

Without network

user@debian-11:~$ qubesdb-read /qubes-ip
Failed to read /qubes-ip
user@debian-11:~$ qubesdb-read /qubes-gateway
Failed to read /qubes-gateway
user@debian-11:~$ qubesdb-read /type
TemplateVM

With network:

user@debian-11-networked:~$ qubesdb-read /qubes-gateway
10.137.0.8
user@debian-11-networked:~$ qubesdb-read /qubes-ip
10.137.0.51
user@debian-11-networked:~$ qubesdb-read /type
TemplateVM

So basically:

wget could be an alias to wget-wrapper.
curl could be an alias to curl-wapper
wget-wrapper and curl-wrapper could check for qubesdb-read /qubes-gateway and qubesdb-read /type. If TemplateVM and have a gateway, warn the user that this is really insecure and ask for confirmation prior of continuing. If TemplateVM and no gateway, exit saying that -proxy countrpart should be used.

Thoughts?