Re: Dom0 bash script: export 'https_proxy=127.0.0.1:8082' doesn't work?

Emily · July 9, 2023, 8:38am

I haven’t been able to get qvm-run export proxy to work in scripts that run from dom0, downloading files in a qube. Any ideas why?

Ref: This script works running in qube:

#!/bin/bash
# Installs the latest .deb version of Electron Mail.
# For export proxy to work it must run with root priviliges in some qube configs.

owner='vladimiry'
repo='ElectronMail'
download_name='electron-mail.deb'

notify(){
    echo "$1"; notify-send "$1"
}

export 'https_proxy=127.0.0.1:8082'

latest_release=$(curl -s "https://api.github.com/repos/$owner/$repo/releases/latest")
download_url=$(echo "$latest_release" | grep -o '"browser_download_url": ".*\.deb"' | cut -d '"' -f 4)

echo "deb_download_url: $download_url"

# Step 1: Set the downloads directory
downloads_dir="/tmp"

# Step 2: Delete the file if it already exists in the downloads directory
file_path="$downloads_dir/$download_name"
if [ -f "$file_path" ]; then
    sudo rm "$file_path"
fi

# Step 3: Download the *.deb file to the downloads directory
curl -L "$download_url" -o "$file_path"

# Step 4: Calculate the SHA256 hash of the downloaded file
file_hash=$(sha256sum "$file_path" | awk '{print $1}')

echo "File hash: $file_hash"

# Step 5: Check if the hash exists in the release page
hash_check=$(curl -s "https://github.com/$owner/$repo/releases" | grep -q "$file_hash" && echo "Hash found" || echo "Hash not found")

# Step 6: Install the *.deb file if the hash check passed and remove the file
if [ "$hash_check" = "Hash found" ]; then
    sudo dpkg -i "$file_path"
    rm "$file_path"
else
    notify "Hash check failed. Installation aborted."
    rm "$file_path"
fi

The dom0 version won’t work. The proxy seems to be the problem:

#!/bin/bash
# Downloads, verifies, and installs the latest .deb version of Electron Mail.
# Runs from dom0
# $1=install qube name.

#  NOT WORKING 
#  Uset the version that runs in qube.


# Check if target_qube parameter is provided
if [ -z "$1" ]; then
    echo "Please provide qube as a parameter."
    exit 1
fi

target_qube="$1"

owner='vladimiry'
repo='ElectronMail'
download_name='electron-mail.deb'
hash_check=''

notify(){
    echo "$1"
    notify-send "$1"
}

# Download and verify in qube.
qvm-run --pass-io -u root "$target_qube" "
    sudo apt update && apt upgrade -y && apt autoremove -y &&
    sudo apt install -y qubes-core-agent-networking curl &&
    export 'https_proxy=127.0.0.1:8082' &&
    latest_release=$(curl -s \"https://api.github.com/repos/$owner/$repo/releases/latest\") &&
    wait && # prevent reace condition
    echo \"Latest release: $latest_release\" &&
    download_url=$(echo \"$latest_release\" | grep -o '"browser_download_url": ".*\.deb"' | cut -d '"' -f 4) &&
    echo \"Download url: $download_url\" &&
    downloads_dir='/tmp' &&
    file_path=\"$downloads_dir/$download_name\" &&
    curl -L \"$download_url\" -o \"$file_path\" &&
    file_hash=$(sha256sum \"$file_path\" | awk '{print $1}')&&  
    hash_check=$(curl -s \"https://github.com/$owner/$repo/releases\" | grep -q \"$file_hash\" && echo \"Hash found\" || echo \"Hash not found\")
"

# Guard: Hash failed.
if [ "$hash_check" = "Hash not found" ]; then
    notify "Hash check failed. Installation aborted."
    qvm-run --pass-io -u root "$target_qube" "rm \"$file_path\""
    exit 1
fi

#  Install
qvm-run --pass-io -u root "$target_qube" "
    sudo dpkg -i \"$file_path\" &&
    rm \"$file_path\"
"

tempmail · July 9, 2023, 11:52am

I’d try 2 things:

To export http_proxy as well (not likely to resolve the issue)
Instead of exporting proxies, to apply it directly to curl command:

curl --proxy localhost:8082 https://…

szz9pza · July 9, 2023, 1:23pm

The problem isn’t with export https_proxy.

You should search the internet for the thing called: shell expansion.
In your code, all command substitutions $( code ) are executed in dom0
and the result are substituted in your command.
Same thing for your variables, they are substitued before being sent to the qube.

You must escape them.
i.e.
latest_release=$(curl -s ...) to latest_release=\$(curl -s ...)
$latest_release to \$latest_release
etc.

Also note that if [ "$hash_check" = "Hash not found" ]; will never be true.
The hash_check=$(curl -s ...) in the first qvm-run is not the same variable
as the one you have declared at the beginning (hash_check='').
Either you make only one qvm-run call or you parse the output of the first
one and retrieve the hash_check variable.
Same thing apply to the $file_path variable in your last qvm-run call.

szz9pza · July 9, 2023, 2:14pm

In fact, i was refering to `"$hash_check" = "Hash not found"` that will never be true. `if [ "$hash_check" = "Hash not found" ];` will always be true. you need to use `[[ ]]`.
[user@dom0 ~]$ cat x.sh #!/usr/bin/bash if [ true ]; then echo foo fi if [ false ]; then echo bar fi [user@dom0 ~]$ ./x.sh foo bar

edit: sorry to necro this. I stand corrected (don’t know what I was thinking about).
Above example print the output because they test literal string true and false.
Of course the string comparaison works with single bracket.