No network connection to download the proprietary HP plugin inside minimal template

User Support General
,
1

I am facing a problem with hplip setup.

I need to install the hp-plugin from remote source ( connection stabilished inside the hp-setup) on the minimal Debian template, but I cannot connect even though I export proxy_https.


This is the script I am trying to fix to configure an HP printer:

hplip-usb-printer-qubes.sh 

#!/bin/bash

################################################################################
# File Name    : hplip-usb-printer-qubes.sh
# Description  : This script creates a disposable qube for HP printers via USB
#                using hplip with semi-automatic hp-setup and plugin installation
#                for printers that require proprietary components with USB printer
#                detection and attachment.
# Dependencies : usbutils cups python3-pyqt5 hplip-gui
# Usage        : • Transfer from appvm to dom0:
#                qvm-run -p appvm 'cat ~/hplip-usb-printer-qubes.sh' > ~/hplip-usb-printer-qubes.sh
#                • Make executable:
#                chmod +x ~/hplip-usb-printer-qubes.sh
#                • Run:
#                bash ~/hplip-usb-printer-qubes.sh
# Author       : Me and the bois
# License      : Free of charge, no warranty
# Last edited  : 2025-10-05
################################################################################

# Safety check
set -eu

# Configuration
BASE_TEMPLATE="debian-12-minimal"
CUSTOM_TEMPLATE="debian-hplip-template"
DISP_TEMPLATE="debian-hplip-template-dvm"
NAMED_DISP_VM="disp-printer"

# Ensure printer is connected via USB and powered on
check_printer_attached() {
    echo -e "\nPrinter Check..."

    if qvm-usb 2>/dev/null | grep -q -i -E "03f0|Hewlett"; then
        echo "HP printer detected"
        return 0
    else
        echo "No HP printer detected"
        echo "Please connect HP printer via USB and ensure it's powered on"
        return 1
    fi
}

# Step 1: Verify and create base template
create_base_template() {
    echo -e "\nStep 1: Verifying and creating base template: $BASE_TEMPLATE..."

    if ! qvm-check "$BASE_TEMPLATE"; then
        echo -e "\nInstalling $BASE_TEMPLATE..."
        sudo qubes-dom0-update "qubes-template-$BASE_TEMPLATE"
    fi

    qvm-shutdown --wait "$BASE_TEMPLATE"

    echo -e "\nUpdating $BASE_TEMPLATE..."
    sudo qubesctl --show-output --skip-dom0 --targets="$BASE_TEMPLATE" state.sls update.qubes-vm

    echo -e "\nBase template setup complete"
}

# Step 2: Create custom template
create_custom_template() {
    echo -e "\nStep 2: Creating $CUSTOM_TEMPLATE..."

    if ! qvm-check "$CUSTOM_TEMPLATE"; then
        echo -e "\nCreating $CUSTOM_TEMPLATE by cloning from $BASE_TEMPLATE..."
        qvm-clone "$BASE_TEMPLATE" "$CUSTOM_TEMPLATE"
    fi

    qvm-prefs "$CUSTOM_TEMPLATE" label yellow
    qvm-prefs "$CUSTOM_TEMPLATE" include_in_backups false
    qvm-service "$CUSTOM_TEMPLATE" cups on
    qvm-service "$CUSTOM_TEMPLATE" qubes-usb-proxy on

    echo -e "\nStarting $CUSTOM_TEMPLATE for package installation..."
    qvm-start "$CUSTOM_TEMPLATE"
}

# Step 3: Install system dependencies
install_system_dependencies() {
    echo -e "\nStep 3: Installing required packages in $CUSTOM_TEMPLATE..."

    qvm-run -p -u root "$CUSTOM_TEMPLATE" "echo 'TERM=xterm' >> /etc/environment"
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen"
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "locale-gen en_US.UTF-8"

    # Install basic packages (change as needed)
    echo -e "\nInstalling basic packages in $CUSTOM_TEMPLATE..."
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "
    apt install -y --no-install-recommends \
    qubes-core-agent-passwordless-root \
    qubes-core-agent-networking \
    qubes-usb-proxy \
    usbutils \
    thunar \
    qubes-core-agent-thunar \
    qpdfview \
    mousepad \
    less \
    psmisc \
    bash-completion \
    xfce4-terminal
"
}

# Step 4: Install printer dependencies in custom template
install_printer_dependencies() {
    echo -e "\nStep 4: Installing printing dependencies in $CUSTOM_TEMPLATE..."

    # Install printer package
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "
    apt install -y --no-install-recommends \
    cups \
    ipp-usb \
    python3-pyqt5 \
    hplip-gui \
    printer-driver-hpcups
"
}

# Step 5: Printer connection configuration
setup_printer_services() {
    echo -e "\nStep 5: Configuring printer services..."

    # Load services
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "systemctl enable cups"
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "systemctl start cups"

    # Group and permission settings
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "usermod -a -G lpadmin user"
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "mkdir -p /var/lib/hp"
    qvm-run -p -u root "$CUSTOM_TEMPLATE" "chown -R user:user /var/lib/hp"

    # Restart for fresh configurations and services
    qvm-shutdown --wait "$CUSTOM_TEMPLATE"
    qvm-start --skip-if-running "$CUSTOM_TEMPLATE"
    sleep 3

    # Find and attach USB with error checking
    DEVICE_ID=$(qvm-usb list | grep -i -E "03f0|Hewlett" | awk '{print $1}' | head -n 1)
    if [[ -z "$DEVICE_ID" ]]; then
        echo "Error: No HP USB device found. Please check printer connection."
        return 1
    fi

    if qvm-usb attach "$CUSTOM_TEMPLATE" "$DEVICE_ID"; then
        echo "Attached $DEVICE_ID to $CUSTOM_TEMPLATE."
    else
        echo "Error: Failed to attach USB device $DEVICE_ID"
        return 1
    fi
}

# Step 6: Run interactive setup
run_printer_setup() {
    echo -e "\nStep 6: Running printer setup..."

    if ! qvm-run -p "$CUSTOM_TEMPLATE" "hp-setup -i" 2>/dev/null; then
        echo "Warning: Printer setup encountered issues, but continuing..."
        echo ""
        echo "You can manually run 'hp-setup -i' later in the template."
        echo ""
    fi

    return 0  # Always return success to continue script
}

# Step 7: Function to create DVM template
create_dvm_template() {
    echo -e "\nStep 7: Creating DVM template..."
    qvm-shutdown --wait "$CUSTOM_TEMPLATE"

    if qvm-check "$DISP_TEMPLATE" 2>/dev/null; then
        qvm-remove "$DISP_TEMPLATE" -f
    fi

    qvm-create --template "$CUSTOM_TEMPLATE" --label yellow "$DISP_TEMPLATE"
    qvm-prefs "$DISP_TEMPLATE" template_for_dispvms True
    qvm-prefs "$DISP_TEMPLATE" include_in_backups false
    qvm-service "$DISP_TEMPLATE" cups on
}

# Step 8: Function to create named disposable VM
create_named_disposable() {
    echo -e "\nStep 8: Creating named disposable VM..."
    if qvm-check "$NAMED_DISP_VM" 2>/dev/null; then
        qvm-remove "$NAMED_DISP_VM" -f
    fi

    qvm-create --class DispVM --template "$DISP_TEMPLATE" --label yellow "$NAMED_DISP_VM"
    qvm-prefs "$NAMED_DISP_VM" netvm 'sys-whonix'  # Or your preferred netvm
    qvm-prefs "$NAMED_DISP_VM" include_in_backups false
    qvm-service "$NAMED_DISP_VM" cups on

    echo -e "\nNamed disposable VM '$NAMED_DISP_VM' created successfully"
}

# Finalization
finalize() {
    # Add menu items
    qvm-features "$CUSTOM_TEMPLATE" menu-items "hplip.desktop system-config-printer.desktop thunar.desktop xfce4-terminal.desktop"
    qvm-features "$DISP_TEMPLATE" menu-items "hplip.desktop system-config-printer.desktop thunar.desktop xfce4-terminal.desktop"
    qvm-features "$NAMED_DISP_VM" menu-items "hplip.desktop system-config-printer.desktop thunar.desktop xfce4-terminal.desktop"

    # Shutdown template
    qvm-shutdown --wait "$CUSTOM_TEMPLATE"

    echo -e "\nSetup completed successfully!"
    echo "Usage:"
    echo "Set your preferred netvm for printer configuration:"
    echo "   qvm-prefs $NAMED_DISP_VM netvm 'sys-whonix'"
    echo "Start named disposable template and printer setup:"
    echo "   qvm-run -q -a --service -- $NAMED_DISP_VM qubes.StartApp+hplip"
    echo "Attach printer to $NAMED_DISP_VM:"
    echo "   qvm-usb attach $NAMED_DISP_VM $DEVICE_ID"
}

# Main execution
main() {
    echo "Starting HP USB Printer Setup with Plugin Support"
    check_printer_attached
    create_base_template
    create_custom_template
    install_system_dependencies
    install_printer_dependencies
    setup_printer_services
    run_printer_setup
    create_dvm_template
    create_named_disposable
    finalize
    echo -e "\nSetup completed successfully!"
}

main "$@"


Is there a more private setup for those who depend on hplip and hp-plugin?

I've tried several things , e.g., USB-PPD connection almost any dependence or network connection. As a USB connected modern printer shouldn't be set up as a USB with PPD and driver if it is capable of IPP-over-USB (know as driverless or AirPrint), some drivers and are deprecated in CUPS and they will not be serviced.

I'm thinking in a setup with system-config-printer printer interface using USB-PPD connection with drives like, printer-driver-hpcups or foomatic-db .


Some references

Lessons learned: dont buy HP printers, buy a Brother laser printer. Never connect it to internet and never install or update backdoored-watering-hole-new-drives.

1 Like
2

Hplip is downloading the plugin and signature files from the http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/ using wget or curl command.
So you need to have either wget or curl installed and set http_proxy instead of https_proxy.
You can also download the plugin in a network-connected disposable qube, verify its signature, move it to the template and install it there using hp-plugin.

You should use qvm-template instead of qubes-dom0-update.

Why don’t you just use the qubes-vm-update?

There is no qubes-usb-proxy service in the Qubes OS.

2 Likes
3

That’s great, I didn’t know that existed.


==============================================================

Exactly what I’m will do.


==============================================================

From qubes documentation:

Installation

The minimal templates can be installed with the following type of command:

sudo qubes-dom0-update qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal


==============================================================

From qubes documentation:

We could use two ways, the old one and the new one:

Advanced users may wish to perform updates via the command-line interface. There are two ways to do this:

  • If you are using Salt, one can use the following two Salt states.
  • update.qubes-dom0
  • update.qubes-vm
  • Alternatively, use qubes-dom0-update to update dom0, and use qubes-vm-update to update domUs.

Using either of these methods has the same effect as updating via the Qubes Update tool.


==============================================================

From qubes documentation:

CORRECT !


==============================================================

Another day I’ll redo the script, testing and implementing everything automatically. I’ll post it another day, thanks.

1 Like
4

It’s outdated, seems like someone missed it when updating the documentation:

I think that qubes-vm-update is more abstract tool, compared to qubesctl command, which is using Salt specifically. Right now Qubes OS is using Salt, but it could change in the future, for example, to Ansible. So using qubes-vm-update instead of Salt directly wouldn’t break your script in the future.
But those are just my thoughts.

1 Like