Curl-proxy / wget-proxy scripts in Templates so users can add GPG distro keys linked to added external repositories

General Discussion
60

@marmarek @Demi @Sven @fsflover @enmus @deeplow

Please help me improve this PoC. (tar.gz archive, instructions below)

  • This is the blocking version of what was posted above, but archived for convenience of testing. (Non-Networked Template will prevent automatic download and tell the user to replace wget/curl to wget-proxy/curl-proxy manually from command line).

  • The non-blocking curl-wrapper example (translating curl to curl-proxy calls automatically on non-networked TemplateVM) is here.

Was created by:

user@debian-11:/$ sudo tar zcvf wget-curl-wrappers-config-changes-debian.tar.gz /usr/bin/curl-proxy /usr/bin/curl-wrapper /usr/bin/wget-wrapper /usr/bin/wget-proxy /etc/profile.d/download-wrappers-aliases.sh /etc/bash.bashrc 
tar: Removing leading `/' from member names
/usr/bin/curl-proxy
tar: Removing leading `/' from hard link targets
/usr/bin/curl-wrapper
/usr/bin/wget-wrapper
/usr/bin/wget-proxy
/etc/profile.d/download-wrappers-aliases.sh
/etc/bash.bashrc

So you can inspect code by downloading/extracting it locally in any qube directory.
You can test it by cloning debian-11 to debian-11-proxytest or whatever, and then copying the downloaded archive to your cloned debian-11-proxytest TemplateVM (qvm-copy from command line or righ-clicking in Files application from the qube that downloaded the archive):

cd /
sha256sum ~/QubesIncoming/NameOfOriginQube/wget-curl-wrappers-config-changes-debian.tar.gz
397c6e3e8e792a4fcb48c7401b575dab30e51afb58eea4f7ee350a62a7aa2fb4  ~/QubesIncoming/NameOfOriginQube/wget-curl-wrappers-config-changes-debian.tar.gz
sudo tar zxvf ~/QubesIncoming/NameOfOriginQube/wget-curl-wrappers-config-changes-debian.tar.gz

Reboot Template (or just open a new terminal.)
/etc/bash.bashrc will reload /etc/profie.d/*.sh and the aliases should be there already working so that curl/wget are replaced by curl-wrapper/wget-wrapper, which you can confirm by typing alias in the terminal.

Then try calling curl and wget to download stuff:

  • TemplateVM without assigned network (default)
  • TemplateVM with assigned network (core instructions)
  • from created qubes depending on cloned template.

Please report experience/frustrations/desired improvements: what you would like to be the Qubes default TemplateVM behavior dealing with command line downloaders and why.