@adw @marmarek @sven @Demi @fsflover
If you prefer not interrupting user, but warning him that he is about to download stuff on the internet from a non-networked Template, that section could be changed to simply call the -proxy (here curl-proxy as an exemple) instead of exiting and asking the user to change curl to curl-proxy manually…:
if [ "$(qubesdb-read /type)" == "TemplateVM" ]; then
if ! $(qubesdb-read /qubes-gateway > /dev/null 2>&1); then
echo "You attempted to download a file with curl in a Template without direct internet access. (no network assigned)." >&2
echo "" >&2
echo "The attempted downloading command was: curl $@." > &2
echo "" >&2
echo "Automatically translating to: curl-proxy $@" >&2
echo "" >&2
echo "Continuing in 3 seconds... Type CTRL+C to prevent the download now!" >&2
sleep 3
/usr/bin/curl-proxy "$@"
else
echo "You attempted to download a file with curl in a Template WITH DIRECT INTERNET ACCESS. (network assigned)." >&2
echo "" >&2
echo "The attempted downloading command was: curl $@" >&2
echo "" >&2
echo "Continuing in 3 seconds... Type CTRL+C to prevent the download now!" >&2
sleep 3
/usr/bin/curl "$@"
fi
else
echo "curl download attempt not in TemplateVM. Continuing..." >&2
/usr/bin/curl "$@"
fi
The resulting behavior would become similar to a Template with network access configured externally in Qubes, while using the proxy through curl-proxy translated call automatically (snippet):
The attempted downloading command was: curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg
Automatically translating to: curl-proxy -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg
Continuing in 3 seconds... Type CTRL+C to prevent the download now!