2024-03-21 16:50:02 -04:00
|
|
|
#!/bin/sh
|
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
# SPDX-FileCopyrightText: 2015 - 2020 Marek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
|
2024-04-30 08:53:21 -04:00
|
|
|
# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
2024-03-21 16:50:02 -04:00
|
|
|
#
|
2024-04-26 13:23:14 -04:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
## Description: rewrite repositories definitions to be used with the cacher.
|
|
|
|
## It works for qubes that should be configured to use the cacher via Qrexec
|
|
|
|
## or Netvm (direct networking).
|
|
|
|
##
|
|
|
|
## Looping through files and testing their permissions (read, write) is better
|
|
|
|
## than finding a file and trying to sed it without knowledge, it is also
|
|
|
|
## beneficial as 'find' fails if file is not existent and sending all 'find'
|
|
|
|
## output to /dev/stderr is not great.
|
|
|
|
##
|
2024-07-10 08:36:05 -04:00
|
|
|
## Assigning the repositories files to '${@}' avoids having to parse their
|
|
|
|
## names in case they contain spaces, newlines and other dangerous characters
|
|
|
|
## to the shell, it is also an easy way to use an array for /bin/sh.
|
2024-03-21 16:50:02 -04:00
|
|
|
|
|
|
|
set -eu
|
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
set_proxy_marker(){
|
|
|
|
marker_begin_text="QUBES BEGIN"
|
|
|
|
marker_end_text="QUBES END"
|
|
|
|
marker_begin="### ${marker_begin_text} ###"
|
|
|
|
marker_end="### ${marker_end_text} ###"
|
|
|
|
proxy_file="${1}"
|
|
|
|
proxy_options="${2}"
|
|
|
|
|
2024-08-06 11:04:16 -04:00
|
|
|
if ! grep -q -e "^${marker_begin}$" -- "${proxy_file}"; then
|
|
|
|
if grep -q -e "^${marker_end}$" -- "${proxy_file}"; then
|
2024-07-09 11:42:07 -04:00
|
|
|
msg="found marker ${marker_end_text} but not ${marker_begin_text}"
|
|
|
|
msg="${msg} in ${proxy_file}."
|
|
|
|
msg="${msg} fix it by removing markers or adding missing ones and retry"
|
|
|
|
echo "Error: ${msg}" >&2
|
2024-04-26 13:23:14 -04:00
|
|
|
exit 1
|
|
|
|
fi
|
2024-08-06 11:04:16 -04:00
|
|
|
cp -- "${proxy_file}" "${proxy_file}.qubes-orig"
|
|
|
|
echo "${marker_begin}" | tee -a -- "${proxy_file}" >/dev/null
|
|
|
|
echo "${marker_end}" | tee -a -- "${proxy_file}" >/dev/null
|
|
|
|
elif ! grep -q -e "^${marker_end}$" -- "${proxy_file}"; then
|
2024-07-09 11:42:07 -04:00
|
|
|
msg="found marker ${marker_begin_text} but not ${marker_end_text}"
|
|
|
|
msg="${msg} in ${proxy_file}."
|
|
|
|
msg="${msg} fix it by removing markers or adding missing ones and retry"
|
|
|
|
echo "error: ${msg}" >&2
|
2024-04-26 13:23:14 -04:00
|
|
|
exit 1
|
|
|
|
fi
|
2024-03-21 16:50:02 -04:00
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
proxy_tmp_file="$(mktemp)"
|
|
|
|
cat >"${proxy_tmp_file}" <<EOF
|
2024-07-09 11:42:07 -04:00
|
|
|
# The text between ${marker_begin_text} and ${marker_end_text} is
|
|
|
|
# automatically generated by $0. All changes here will be overridden.
|
2024-04-26 13:23:14 -04:00
|
|
|
# You can override options after the ${marker_end_text}.
|
|
|
|
${proxy_options}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
## Couldn't figure out how to write only changes on the next sed.
|
2024-08-06 11:04:16 -04:00
|
|
|
if ! grep -q -e "${proxy_options}" -- "${proxy_file}"; then
|
|
|
|
tee -a -- "${changes_file}" <"${proxy_tmp_file}" >/dev/null
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
## GNU Sed, only reliable while we don't support BSD.
|
|
|
|
sed -i -e "/^${marker_begin}$/,/^${marker_end}$/{
|
|
|
|
/^${marker_end}$/b
|
|
|
|
/^${marker_begin}$/!d
|
|
|
|
r ${proxy_tmp_file}
|
2024-08-06 11:04:16 -04:00
|
|
|
}" -- "${proxy_file}"
|
|
|
|
rm -f -- "${proxy_tmp_file}"
|
2024-03-21 16:50:02 -04:00
|
|
|
}
|
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
check_netvm_cacher(){
|
|
|
|
proxy_host="127.0.0.1"
|
|
|
|
proxy_port="8082"
|
|
|
|
proxy_addr=""
|
|
|
|
proxy_url=""
|
|
|
|
proxy_conf=""
|
|
|
|
if ! test -f /var/run/qubes-service/updates-proxy-setup; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
if test -f /var/run/qubes-service/netvm-cacher; then
|
|
|
|
proxy_host="$(qubesdb-read /qubes-gateway)"
|
|
|
|
if test -z "${proxy_host}"; then
|
2024-07-09 11:42:07 -04:00
|
|
|
echo "Error: service netvm-cacher enabled but netvm IP not found" >&2
|
2024-04-26 13:23:14 -04:00
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
proxy_addr="${proxy_host}:${proxy_port}"
|
|
|
|
proxy_url="http://${proxy_addr}"
|
|
|
|
proxy_conf="proxy=${proxy_addr}"
|
2024-03-21 16:50:02 -04:00
|
|
|
}
|
|
|
|
|
2024-05-29 10:16:03 -04:00
|
|
|
reject_os(){
|
|
|
|
echo "${0##*/} does not support your Operating System distribution." >&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
# shellcheck disable=SC2317
|
2024-04-26 13:23:14 -04:00
|
|
|
set_proxy_os(){
|
|
|
|
if test -e /etc/fedora-release; then
|
|
|
|
## Fedora
|
|
|
|
|
|
|
|
if test -w /etc/dnf/dnf.conf; then
|
2024-04-30 08:53:21 -04:00
|
|
|
set_proxy_marker /etc/dnf/dnf.conf "zchunk=False
|
|
|
|
${proxy_conf}"
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
cat >/etc/yum.conf.d/qubes-proxy.conf <<EOF
|
|
|
|
${proxy_conf}
|
|
|
|
EOF
|
|
|
|
else
|
2024-08-06 11:04:16 -04:00
|
|
|
rm -f -- /etc/yum.conf.d/qubes-proxy.conf
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
2024-03-21 16:50:02 -04:00
|
|
|
|
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-07-09 11:42:07 -04:00
|
|
|
baseurl_search="baseurl\s*=\s*https://"
|
|
|
|
baseurl_repl="baseurl=http://HTTPS///"
|
|
|
|
meta_search="metalink\s*=\s*https://"
|
|
|
|
meta_repl="metalink=http://HTTPS///"
|
|
|
|
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
|
|
|
|
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${baseurl_expr}" -e "${meta_expr}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/rpmfusion*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
2024-07-09 11:42:07 -04:00
|
|
|
baseurl_search="^\s*#.*baseurl"
|
|
|
|
baseurl_repl="baseurl"
|
|
|
|
meta_search="^\s*metalink\s*=\s*"
|
|
|
|
meta_expr="#metalink="
|
|
|
|
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
|
|
|
|
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${baseurl_expr}" -e "${meta_expr}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-04-26 13:23:14 -04:00
|
|
|
|
2024-03-21 16:50:02 -04:00
|
|
|
uninstall)
|
2024-07-09 11:42:07 -04:00
|
|
|
baseurl_search="baseurl\s*=\s*http://HTTPS///"
|
|
|
|
baseurl_repl="baseurl=https://"
|
|
|
|
meta_search="metalink\s*=\s*http://HTTPS///"
|
|
|
|
meta_repl="metalink=https://"
|
|
|
|
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
|
|
|
|
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${baseurl_expr}" -e "${meta_expr}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/rpmfusion*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|^\s*baseurl|#baseurl|w ${changes_file}" \
|
|
|
|
-e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+ 2>/dev/null || true
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-07-10 08:36:05 -04:00
|
|
|
*) echo "Unsupported action" >&2; exit 1
|
2024-03-21 16:50:02 -04:00
|
|
|
esac
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then
|
2024-05-29 10:16:03 -04:00
|
|
|
## Debian and derivatives but not Whonix.
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
cat >/etc/apt/apt.conf.d/50cacher-proxy <<EOF
|
|
|
|
# Use Cacher NetVM Update Proxy
|
|
|
|
Acquire::http::Proxy "${proxy_url}";
|
|
|
|
Acquire::tor::proxy "${proxy_url}";
|
|
|
|
EOF
|
|
|
|
else
|
2024-08-06 11:04:16 -04:00
|
|
|
rm -f -- /etc/apt/apt.conf.d/50cacher-proxy
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/apt/sources.list \
|
|
|
|
/etc/apt/sources.list.d/*.list \
|
|
|
|
/etc/apt/sources.list.d/*.sources
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
2024-03-21 16:50:02 -04:00
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-07-09 11:42:07 -04:00
|
|
|
sources_search="URIs:\s*https://"
|
|
|
|
sources_repl="URIs: http://HTTPS///"
|
|
|
|
list_search="^\s*\(#*\)\s*deb\(.*\)https://"
|
|
|
|
list_repl="\1deb\2http://HTTPS///"
|
|
|
|
sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
|
|
|
|
list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${list_expr}" -e "${sources_expr}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-04-26 13:23:14 -04:00
|
|
|
|
2024-03-21 16:50:02 -04:00
|
|
|
uninstall)
|
2024-07-09 11:42:07 -04:00
|
|
|
sources_search="URIs:\s*http://HTTPS///"
|
|
|
|
sources_repl="URIs: https://"
|
|
|
|
list_search="^\s*\(#*\)\s*deb\(.*\)http://HTTPS///"
|
|
|
|
list_repl="\1deb\2https://"
|
|
|
|
sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
|
|
|
|
list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${list_expr}" -e "${sources_expr}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-07-10 08:36:05 -04:00
|
|
|
*) echo "Unsupported action" >&2; exit 1
|
2024-03-21 16:50:02 -04:00
|
|
|
esac
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
elif test -e /etc/arch-release; then
|
|
|
|
## Archlinux
|
|
|
|
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
if ! test -d /run/qubes/bin; then
|
2024-08-06 11:04:16 -04:00
|
|
|
mkdir -p -- /run/qubes/bin
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
cat >/run/qubes/bin/pacman <<EOF
|
|
|
|
#!/bin/sh
|
2024-07-10 08:36:05 -04:00
|
|
|
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\${@}"
|
2024-04-26 13:23:14 -04:00
|
|
|
EOF
|
2024-08-06 11:04:16 -04:00
|
|
|
chmod -- +x /run/qubes/bin/pacman
|
2024-04-26 13:23:14 -04:00
|
|
|
cat >/etc/profile.d/qubes-proxy.sh << EOF
|
2024-07-10 08:36:05 -04:00
|
|
|
export PATH=/run/qubes/bin:\${PATH}
|
2024-04-26 13:23:14 -04:00
|
|
|
EOF
|
|
|
|
else
|
2024-08-06 11:04:16 -04:00
|
|
|
rm -f -- /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/pacman.d/mirrorlist \
|
|
|
|
/etc/pacman.d/*.conf \
|
|
|
|
/etc/pacman.d/*.conf.disabled
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
2024-03-21 16:50:02 -04:00
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-07-09 11:42:07 -04:00
|
|
|
repo_search="Server\s*=\s*https://" \
|
|
|
|
repo_repl="Server = http://HTTPS///"
|
|
|
|
repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${repo_regex}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-04-26 13:23:14 -04:00
|
|
|
|
2024-03-21 16:50:02 -04:00
|
|
|
uninstall)
|
2024-07-09 11:42:07 -04:00
|
|
|
repo_search="Server\s*=\s*http://HTTPS///"
|
|
|
|
repo_repl="Server = https://"
|
|
|
|
repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
|
2024-04-26 13:23:14 -04:00
|
|
|
find "${@}" -type f -exec sed -i \
|
2024-07-09 11:42:07 -04:00
|
|
|
-e "${repo_regex}" \
|
2024-08-06 11:04:16 -04:00
|
|
|
-- {} \+
|
2024-03-21 16:50:02 -04:00
|
|
|
;;
|
2024-07-10 08:36:05 -04:00
|
|
|
*) echo "Unsupported action" >&2; exit 1
|
2024-03-21 16:50:02 -04:00
|
|
|
esac
|
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
else
|
2024-05-29 10:16:03 -04:00
|
|
|
## Gentoo: upstream does not have a good solution:
|
2024-07-09 11:42:07 -04:00
|
|
|
## https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo
|
2024-05-29 10:16:03 -04:00
|
|
|
reject_os
|
2024-04-26 13:23:14 -04:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
set_proxy_unspecific_os(){
|
|
|
|
if test -w /etc/PackageKit/PackageKit.conf; then
|
|
|
|
set_proxy_marker /etc/PackageKit/PackageKit.conf "ProxyHTTP=${proxy_url}"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
usage(){
|
|
|
|
echo "Usage: ${0##*/} [install|uninstall]"
|
|
|
|
echo "Note: autodetection occurs if not argument is specified"
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
changes_file="$(mktemp)"
|
2024-08-06 11:04:16 -04:00
|
|
|
trap 'rm -f -- "${changes_file}"' HUP INT QUIT ABRT EXIT
|
2024-04-26 13:23:14 -04:00
|
|
|
|
|
|
|
if test -f /var/run/qubes-service/updates-proxy-setup ||
|
|
|
|
test -f /var/run/qubes-service/netvm-cacher
|
|
|
|
then
|
|
|
|
action="install"
|
2024-03-21 16:50:02 -04:00
|
|
|
else
|
2024-04-26 13:23:14 -04:00
|
|
|
action="uninstall"
|
|
|
|
fi
|
|
|
|
|
|
|
|
case "${1-}" in
|
|
|
|
install|uninstall) action="${1}";;
|
|
|
|
"") ;;
|
|
|
|
*) usage;;
|
|
|
|
esac
|
|
|
|
|
2024-07-10 08:36:05 -04:00
|
|
|
uid="$(id -u)"
|
|
|
|
if test "${uid}" != "0"; then
|
2024-04-26 13:23:14 -04:00
|
|
|
echo "Error: Permission denied, action requires root privileges."
|
2024-03-21 16:50:02 -04:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2024-04-26 13:23:14 -04:00
|
|
|
check_netvm_cacher
|
|
|
|
set_proxy_os
|
|
|
|
set_proxy_unspecific_os
|
|
|
|
|
|
|
|
## Stateful Salt cmd Module.
|
2024-03-21 16:50:02 -04:00
|
|
|
echo
|
|
|
|
if test -s "${changes_file}"; then
|
2024-04-26 13:23:14 -04:00
|
|
|
echo "changed=yes comment='configuration was modified'"
|
2024-03-21 16:50:02 -04:00
|
|
|
else
|
2024-04-26 13:23:14 -04:00
|
|
|
echo "changed=no comment='configuration remained untouched'"
|
2024-03-21 16:50:02 -04:00
|
|
|
fi
|
|
|
|
exit
|