Qubes Salt Beginner's Guide

leo · August 31, 2023, 4:54pm

You could use something like this:

conferencing--download-key:
  cmd.run:
    - name: curl --output /etc/apt/keyrings/skype.asc https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD4040146BE3972509FD57FC71F3045A5DF7587C3
    - env:
      - https_proxy: http://127.0.0.1:8082
    - creates:
      - /etc/apt/keyrings/skype.asc

This is similar to unman’s recommendation on this topic.

Szewcu · August 31, 2023, 5:31pm

don’t know why this not work form me. Which work is curl -x.

Szewcu · August 31, 2023, 5:33pm

this gives me an error. Deleting this line (since we provided key file externally) make everything work.

leo · August 31, 2023, 6:05pm

It could be that you tried to download something from a HTTP URL while using a proxy with HTTPS. To avoid this issue you could always set both environment variables:

conferencing--download-key:
  cmd.run:
    - name: curl --output /etc/apt/keyrings/skype.asc https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD4040146BE3972509FD57FC71F3045A5DF7587C3
    - env:
      - http_proxy: http://127.0.0.1:8082
      - https_proxy: http://127.0.0.1:8082
    - creates:
      - /etc/apt/keyrings/skype.asc

Using curl’s --proxy option like you did also works.

That’s great! I will leave this line in the guide tough, because it takes care of transforming Skype’s GPG key from an ASCII-armored format to a binary format, and this is necessary to use the key with the repository.

Szewcu · August 31, 2023, 6:08pm

ahhh ok, I transform them in place using gpg --dearmor. So I got error that they are both the same.

Szewcu · August 31, 2023, 7:34pm

Do you maybe have an idea how to deal with selinux policies in fedora-38? I want to install Threema but I can’t. I remember that I probably disable, selinux, reboot, install reboot and again enable selinux…

leo · August 31, 2023, 7:44pm

I haven’t got any experience with selinux policies, but with Salt I guess you could use the selinux interface to manage them.

leo · October 3, 2023, 12:22pm

A small update for anyone interested in making remote backups with Wyng:

After a few weeks of testing, I wrote section 3.4: Making remote backups. Using Wyng with rclone mount is however quite experimental, so I would recommend using the local backup method instead. This can be complemented with rclone sync for example to upload the local backup files to some cloud storage.

Nevertheless, I hope that these are interesting examples of what can be done with Salt