I created a set of scripts with which automate set up of template and app VMs for software that I use on a day-to-day basis. Maybe it’s useful for some here and maybe someone is able to give me guidance and feedback on improvements.
One angle that’s not so nice is that I run it from dom0 and copy files first into dom0 to then copy them to a target VM to run the actual installation. I can’t see how to improve that without a lot of complications by running multiple scripts in multiple places.
Some code feedback for improvements of your project:
For string that have no substitution use single quotes, not double.
For all places use quoting, currently you have many places that are not using them and will break if user provides values with spaces.
For all number comparisons and operations use (( )) brackets, for all string comparisons use [[ ]].
Use awesome shellcheck to check your script. Most convenient with plugin in Codium/VS Code.
E.g. let’s consider rm $0 in your code. If program name has spaces the command will fail, if it starts with - it will be misinterpreted as a flag. Better code from this point: rm -- "${0}"
Take a look at this project of bash completion for Qubes OS. It has required settings for Codium/VS Code.
It follows these and other rules, it is probably still full of bugs, because bash is a huge pitfall by design, but shellcheck allowed to avoid millions of mistakes.
Its best to avoid doing anything with applications in Dom0 if it can be avoided. Rather than staging things in Dom0 it would be best to store rpm/deb/ installers in an archive VM and do one of several things from Dom0 to transfer them.
A) Create or use the private volume and block attach it to the AppVM you are configuring. Simply install your apps from there then dismount that volume. Care must be taken that this volume is only active in one VM at a time.
B) qvm-copy from one archive VM path containing your files to another and install apps from QubesIncoming in the destination VM. This may require interaction with the user running the script.
C) qvm-run -p “tar cf - /path/installers” in the archive AppVM and pipe the tar output stream directly to qvm-run -p “tar xvf -” in the AppVM you are configuring. Then install your apps from the tar destination path in the AppVM. As long as Dom0 does not read or interpret that tar data stream, and the destination path in the target VM is highly constrained to a subdirectory then it should be safe.