What is the "Proper" Way to Compile or Install Something from Github and Make it Accessible in a Template?

User Support
1

In a non-Qubes environment everyone uses git clone and then installs the tools needed to compile and follows the instructions and runs thing.

If I want a program to be in the template, should I be doing everything in the template?

So GitHub - SYSTRAN/faster-whisper: Faster Whisper transcription with CTranslate2 is an example of something I’d like to try out. I need to make sure python is installed, I need to clone the repository.

Is the answer to install the tools needed in the template and just clone in a disposable VM and copy it to the template and then compile or install?

I think that’s the answer and I may have answered my own question.

2

You could also clone and compile in the disposable, test there, and then
finally transfer the final software in to the template.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

3

Sometimes compilation instructions require prerequisites and it will be something that will pull something remotely and then execute a script and the script will want internet access and then the script will do the installation.

for example I could be supposed to run setup-install.sh and I would run that and if the template were connected, it would download lots of things, compile them, and then install them. some of these scripts are not that simple for someone with only a small understanding of linux or programming. is the only solution for something like this to open up the sh file and read it and run some of it in the disposable and some in the template?

would there be a way to temporarily give a template access to the internet for certain downloads or domains but have it go through the same process as when the template is updating? this would break the qubes security model however?

4

You can configure the script to use proxy:

You can set this proxy for any app that is used in setup process git/curl/wget/etc.

5

I think this is what I need but it looks so hard to implement. How do I do it?

I don’t even understand the instructions.

6

does unman’s utility do this without making me have to understand all this? this looks hard

7

This is too hard. I am going to clone the template and attach it directly to the Internet. I know this is bad and a way for the template to be attacked but this is too hard and taking too long and the instructions are not easy.

8

The idea is simple, there is a local proxy http://127.0.0.1:8082 available in a template that you can use to access the internet.
But you need to configure the software to use this proxy and this depends on the software that you want to use.
I guess for faster-whisper you need to set proxy for pip like this:

Which utility are you talking about?

9

qubes-task-gui

10

So I just use something like git clone https://link --proxy http://127.0.0.1:8082 that would work?

is that proxy going to be whatever is used for the default update network?

I didn’t attach the template to the Internet yet.

11

no wait, that --proxy is just for curl and doesn’t work with everything, i can’t use it for git

So I have to set up a ton of scripts to use this the correct way. that would take 6 hours for someone like me, and unman doesn’t have a shortcut

12

It won’t help you install your specific software in the template. You can use it to install one of the available packages that it provides, not any arbitrary package:
https://qubes.3isec.org/tasks.html

For git to use proxy you need to configure it like this:

git config --global http.proxy http://127.0.0.1:8082

Then use git clone ... normally.

This proxy is connected to your template update proxy qube.

13

I want to use sdk to install the latest Java SDK

there’s no way to do this without connecting the internet to the template

i am trying to use sdk from sdkman.io

14

You can try this:

curl -o sdkman.sh https://get.sdkman.io/
chmod +x sdkman.sh
export http_proxy=http://127.0.0.1:8082
export https_proxy=http://127.0.0.1:8082
./sdkman.sh
15

curl -o sdkman.sh https://get.sdkman.io/
chmod +x sdkman.sh
export http_proxy=http://127.0.0.1:8082
export https_proxy=http://127.0.0.1:8082
./sdkman.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0curl: (6) Could not resolve host: get.sdkman.io
zsh: exit 6 curl -o sdkman.sh https://get.sdkman.io/
chmod: cannot access ‘sdkman.sh’: No such file or directory
zsh: exit 1 chmod +x sdkman.sh
zsh: no such file or directory: ./sdkman.sh
zsh: exit 127 ./sdkman.sh

Is this because whonix is my update proxy? I could change it to a more accepted IP?

16

I forgot about proxy for curl, try this:

export http_proxy=http://127.0.0.1:8082
export https_proxy=http://127.0.0.1:8082
curl -o sdkman.sh https://get.sdkman.io/
chmod +x sdkman.sh
./sdkman.sh
1 Like
17

it worked but when i type sdk it says zsh command not found

18

Can you post the full ./sdkman.sh output?
What template are you trying to install it in? Whonix Workstation?

19

yes

                                             Now attempting installation...

Looking for a previous installation of SDKMAN…
SDKMAN found.

======================================================================================================
You already have SDKMAN installed.
SDKMAN was found at:

/home/user/.sdkman

Please consider running the following if you need to upgrade.

$ sdk selfupdate force

======================================================================================================

i don’t know what is not correct

20

Well, it looks like it was installed?
I don’t see the zsh command not found here.
If it’s not working then you can try to update the installed sdk using this command:

sdk selfupdate force

Or remove the old installation:

rm -rf /home/user/.sdkman

And retry the install.