[qubes-users] Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates

Hi,

I'm maintaining my setup using salt.

For work I need to use proprietary software (citrix client) - a picture
perfect use case for a dedicated template/app vm combo (sadly there
isn't a flatpak, which via user space-installation would allow me to
bypass the dedicated template).

Citrix now is playing nasty:

has *.debs, *.rpms and tarballs ready for download, but some java
script magic adds individualized tokens to the download links, to
prevent straight linking to the resources.

Some nice person has figured out how to circumvent that using bash
scripting in the AUR of ArchLinux
(PKGBUILD - aur.git - AUR Package Repositories) and
I used that to build a shell script that will deliver a currently valid
download link, which I was thinking to use via `cmd.script` in salt.

However, I now realize that a proper Qubes template does not have
standard internet access even when being updated, so that route is
barred.

How would you go about this? Just manual downloading the rpm and
installing it into the template does the trick, but I'd vastly prefer a
salty solution.

Thanks for reading this far and thank you for any hints.

Joh

How would you go about this? Just manual downloading the rpm and
installing it into the template does the trick, but I'd vastly prefer a
salty solution.

I tend to download it once, store it with my salt stuff and install it via salt.
This also avoids untrusted download issues / limits them to the first download only.

And the last time I tried Citrix on Qubes, I just installed it to the home directory (there was a tarball for download IIRC).

This is really exciting ... will try this ... the rpm puts it into
`/opt` ... would remove the need for a dedicated template.

Thanks!

A related question: howto transfer a binary file (like the citrix
tarball) to dom0 for integration into the salt setup?

the `qvm-run` and `cat`-based version in the docs does not work in this
case.

A related question: howto transfer a binary file (like the citrix
tarball) to dom0 for integration into the salt setup?

the `qvm-run` and `cat`-based version in the docs does not work in this
case.

Just pack it into one *.tar.gz and then use the qvm-run cat commands to transfer it from the source VM to dom0. It works with any file, just not with directories - so you need to pack those.

Was trying that but forgetting the VM of origin ... PEBKAC.

You did not, perchance, find a way to run the darn `setupwfc` script
without user interaction/using the defaults?

You did not, perchance, find a way to run the darn `setupwfc` script
without user interaction/using the defaults?

No, I didn't salt the home install. However usually you can emulate user input via echo "y"$'\n'"n" | someprog.
Otherwise there's also programs for that (I've never tried them).

I'm using a salt solution to install zoom inspired by unman's script: notes/gpg_in_templates at master · unman/notes · GitHub
like that in a debian template as a salt state:

install-zoom:
  cmd.run:
    - names:
      - wget --no-verbose -e use_proxy=on -e https_proxy=127.0.0.1:8082 -O ~/zoom_amd64.deb https://zoom.us/client/latest/zoom_amd64.deb
      - sudo apt-get install ~/zoom_amd64.deb -y