I loathe all of these methods that don’t simply work with apt-install. Hoop jumping for no benefit.
Unfortunately both veracrypt and brave require this crap.
1 Like
I don’t know if it’s flatpack but there’s that one where you have to do wget and curl because there’s some “key” you can’t work without connecting your template directly to the internet. A pox on that.
I always find it extremely odd/frustrating that Qubes team as yet to address to ability to gpg --recv-keys when preparing TemplateVMs (I understand the issue is with gpg wanting to DNS) thus, leaving: A) “dirty” fetch + verify post install or B) manually including the key.
Leveraging split-gpg for TemplateVMs feels too excessive. Is that even a “thing”?
You can install Brave with apt, you just need to add the repo to the template.
Aaah, that’s good to know, thanks!
I can tolerate Vercrypt not being up-to-the-minute because I run it offline.
1 Like
@Emily same thing … this is Qubes OS specific and should go to General Discussion. Any reason you posted here?
I provided a simple solution some years back which leverages the proxy.
You may find this too dirty for your taste.
The advantage of salting templates is that you can provide any needed
keys as part of the package install from a trusted source.
1 Like
Thanks for pointing this out, much appreciated!
I definitely 
it better than the other options listed above and, I’d certainly 
it if it were available as a package in the qubes repo.
I’m fully aware of how over the top this would be for such a simple script but, it’s a long night/day & I just don’t see the smoothest workflow (manually adding it to the most commonly used TemplateVMs?).
What am I thinking!?!? This fits the bill 100% for the salted projects I’ve shared. 
As always, much gratitude for you @unman !
When I try to look up how to do this I get nothing but crap having to do with “curl” and gpg key donkey derbies.
Like here: Installing Brave on Linux | Brave Browser
The Flatseal/Flatpak discussion seemed to encompass more than just Qubes. Please move it if you feel its mis-categorized.
You just need to add --proxy localhost 8082 to the curl command.
2 Likes
@SteveC here’s a bash snippet to install brave-browser on a debian-based distro:
install_brave.sh
#!/bin/bash
apt update && apt upgrade -y
cd /tmp
export https_proxy=127.0.0.1:8082
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"| tee /etc/apt/sources.list.d/brave-browser-release.list
apt update && apt install -y brave-browser
2 Likes
This worked well…once I got rid of the cacher (which was painful but anyhow…).
Thank you. Once I had it working, I was able to figure out how to do it with the cacher in place.
In order to use the cacher:
#!/bin/bash
apt update && apt upgrade -y
cd /tmp
export https_proxy=127.0.0.1:8082
curl --proxy 127.0.0.1:8082 http://HTTPS///brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg --output /usr/share/keyrings/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] http://HTTPS///brave-browser-apt-release.s3.brave.com/ stable main"| tee /etc/apt/sources.list.d/brave-browser-release.list
apt update && apt install -y brave-browser
I don’t know why the curl command needed rearranging as well as the HTTPS stuff, I just know it did. Fortunately this…
How to curl with an active apt-cacher configuration - User Support - Qubes OS Forum (qubes-os.org)
…was here to help me figure that out.
[edit to add: I’m not even sure the export line is needed.]
3 Likes
Nice.
Do you have similar scripts for Veracrypt and/or Opera?
Yes.
Moved to General Discussion
You don’t need a script, all it does it add --proxy 127.0.0.1:8082 to curl.
If you need to download files in a template, you can use the update proxy on localhost:8082.
https://www.qubes-os.org/doc/how-to-install-software/#updates-proxy
1 Like