I found this cool idea trying to remember the tinyproxy command format and figured it might save a lot of people time installing stuff in their templates. I’m sure there must be a reason this is not set by default in the templates(I imagine it’s so people don’t accidentally install stuff in a template?), but I feel stupid for not doing this.
Anyway, you can configure curl and wget to use tinyproxy by default using the following commands. I’m hoping someone will tell me why this might not be a good idea(before i run it in every template lol), but it is making a lot of things easier so far.
Here’s the short answer, found near the end of this thread.
The example posed at the beginning of the thread, signal-desktop, is now available as an extrepo (Debian) package. Other packages may be available as flatpaks. Either of these methods would be more secure than executing curl or wget from a template. If I had to resort to the latter, I would create a new template for that purpose and consider it compromised.
yeah but the whole point of this configuration is just so you don’t have to type out the proxy along with using curl WHEN curl/wget are the only options to get the pgp keys for software you want. @ephile, thanks, I didn’t know about extrepo. But the point of this thread was just to make those times when you have to import pgp keys to install software; for instance, Mullvad Browser or Brave Browser. These require the use of curl/wget to install, and i always have to modify whatever installation script i’m using manually by adding the line “curl --proxy http://127.0.0.1:8082”, and it got annoying, so I thought ‘why not just configure curl/wget to use the proxy by default?’(This is the main question nobody has answered yet.) I have read that Curl-proxy thread by Insurgo, and it is just a little over my head
This thread was not intended to be about template safety, it was about making the curl/wget tinyproxy easier to use when it needs to be used in a template(why else would you be using it if it isn’t proxied, is the logic here). Such as in the below mullvad installation where usually i’d have to manually modify the curl command.
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable stable main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-browser
# And to install the alpha version
sudo apt install mullvad-browser-alpha
Anyway @ephile, thanks for the info, I already employ the whole cloning templates for potentially compromising software strategy. minimal templates for single applications etc. Perhaps i’m still being myopic about this. I thought i was making things easier -.-
Good point and thanks for the useful tip. I have a separate template for Mullvad browser, which required the curl command as you detailed above. Fortuantely Brave browser is available with extrepo.