Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-12-15 02:44:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
475b81a67f
qusal/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo

351 lines
10 KiB
Plaintext
Raw Normal View History

feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
#!/bin/sh
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
# SPDX-FileCopyrightText: 2015 - 2020 Marek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
fix: update fedora mirror list with upstream Experiment with setting zchunk to false in DNF for Fedora. Fixes: https://github.com/ben-grande/qusal/issues/47
2024-04-30 08:53:21 -04:00
# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
#
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
# SPDX-License-Identifier: GPL-2.0-only
## Description: rewrite repositories definitions to be used with the cacher.
## It works for qubes that should be configured to use the cacher via Qrexec
## or Netvm (direct networking).
##
## Looping through files and testing their permissions (read, write) is better
## than finding a file and trying to sed it without knowledge, it is also
## beneficial as 'find' fails if file is not existent and sending all 'find'
## output to /dev/stderr is not great.
##
feat: enable all optional shellcheck validations Make shell a little bit safer with: - add-default-case - check-extra-masked-returns - check-set-e-suppressed - quote-safe-variables - check-unassigned-uppercase Although there are some stylistic decisions for uniformity: - avoid-nullary-conditions - deprecated-which - require-variable-braces
2024-07-10 08:36:05 -04:00
## Assigning the repositories files to '${@}' avoids having to parse their
## names in case they contain spaces, newlines and other dangerous characters
## to the shell, it is also an easy way to use an array for /bin/sh.
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
set -eu
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
set_proxy_marker(){
marker_begin_text="QUBES BEGIN"
marker_end_text="QUBES END"
marker_begin="### ${marker_begin_text} ###"
marker_end="### ${marker_end_text} ###"
proxy_file="${1}"
proxy_options="${2}"
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
if ! grep -q -e "^${marker_begin}$" -- "${proxy_file}"; then
if grep -q -e "^${marker_end}$" -- "${proxy_file}"; then
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
msg="found marker ${marker_end_text} but not ${marker_begin_text}"
msg="${msg} in ${proxy_file}."
msg="${msg} fix it by removing markers or adding missing ones and retry"
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "Error: ${msg}" >&2
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
exit 1
fi
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
cp -- "${proxy_file}" "${proxy_file}.qubes-orig"
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "${marker_begin}" | tee -a -- "${proxy_file}" >/dev/null
printf '%s\n' "${marker_end}" | tee -a -- "${proxy_file}" >/dev/null
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
elif ! grep -q -e "^${marker_end}$" -- "${proxy_file}"; then
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
msg="found marker ${marker_begin_text} but not ${marker_end_text}"
msg="${msg} in ${proxy_file}."
msg="${msg} fix it by removing markers or adding missing ones and retry"
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "error: ${msg}" >&2
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
exit 1
fi
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
proxy_tmp_file="$(mktemp)"
cat >"${proxy_tmp_file}" <<EOF
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
# The text between ${marker_begin_text} and ${marker_end_text} is
# automatically generated by $0. All changes here will be overridden.
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
# You can override options after the ${marker_end_text}.
${proxy_options}
EOF
## Couldn't figure out how to write only changes on the next sed.
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
if ! grep -q -e "${proxy_options}" -- "${proxy_file}"; then
tee -a -- "${changes_file}" <"${proxy_tmp_file}" >/dev/null
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
## GNU Sed, only reliable while we don't support BSD.
sed -i -e "/^${marker_begin}$/,/^${marker_end}$/{
/^${marker_end}$/b
/^${marker_begin}$/!d
r ${proxy_tmp_file}
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
}" -- "${proxy_file}"
rm -f -- "${proxy_tmp_file}"
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
}
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
check_netvm_cacher(){
proxy_host="127.0.0.1"
proxy_port="8082"
proxy_addr=""
proxy_url=""
proxy_conf=""
if ! test -f /var/run/qubes-service/updates-proxy-setup; then
return 0
fi
if test -f /var/run/qubes-service/netvm-cacher; then
proxy_host="$(qubesdb-read /qubes-gateway)"
if test -z "${proxy_host}"; then
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' \
"Error: service netvm-cacher enabled but netvm IP not found" >&2
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
return 1
fi
fi
proxy_addr="${proxy_host}:${proxy_port}"
proxy_url="http://${proxy_addr}"
proxy_conf="proxy=${proxy_addr}"
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
}
fix: cacher: restrict install to supported clients - Enforce uninstall in Fedora, it has been too problematic due to zchunk checksum mismatch errors; - Skip tagging and installing on unsupported qubes, before it tagged every template that did not have the tag 'whonix-updatevm', this is error prone as it would fail the installation on unsupported clients such as Gentoo, Mirage. Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 10:16:03 -04:00
reject_os(){
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
msg_unsupported="${0##*/} does not support your OS distribution."
printf '%s\n' "${msg_unsupported}" >&2
fix: cacher: restrict install to supported clients - Enforce uninstall in Fedora, it has been too problematic due to zchunk checksum mismatch errors; - Skip tagging and installing on unsupported qubes, before it tagged every template that did not have the tag 'whonix-updatevm', this is error prone as it would fail the installation on unsupported clients such as Gentoo, Mirage. Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 10:16:03 -04:00
exit 1
}
# shellcheck disable=SC2317
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
set_proxy_os(){
if test -e /etc/fedora-release; then
## Fedora
if test -w /etc/dnf/dnf.conf; then
fix: update fedora mirror list with upstream Experiment with setting zchunk to false in DNF for Fedora. Fixes: https://github.com/ben-grande/qusal/issues/47
2024-04-30 08:53:21 -04:00
set_proxy_marker /etc/dnf/dnf.conf "zchunk=False
${proxy_conf}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
if test -n "${proxy_addr}"; then
cat >/etc/yum.conf.d/qubes-proxy.conf <<EOF
${proxy_conf}
EOF
else
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
rm -f -- /etc/yum.conf.d/qubes-proxy.conf
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
set --
for repo in \
/etc/yum.repos.d/*.repo
do
test -f "${repo}" || continue
test -r "${repo}" || continue
test -w "${repo}" || continue
set -- "${@}" "${repo}"
done
test -n "${*}" || return 0
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
case "${action}" in
install)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
baseurl_search="baseurl\s*=\s*https://"
baseurl_repl="baseurl=http://HTTPS///"
meta_search="metalink\s*=\s*https://"
meta_repl="metalink=http://HTTPS///"
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${baseurl_expr}" -e "${meta_expr}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
set --
for repo in \
/etc/yum.repos.d/rpmfusion*.repo
do
test -f "${repo}" || continue
test -r "${repo}" || continue
test -w "${repo}" || continue
set -- "${@}" "${repo}"
done
test -n "${*}" || return 0
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
baseurl_search="^\s*#.*baseurl"
baseurl_repl="baseurl"
meta_search="^\s*metalink\s*=\s*"
meta_expr="#metalink="
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${baseurl_expr}" -e "${meta_expr}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
uninstall)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
baseurl_search="baseurl\s*=\s*http://HTTPS///"
baseurl_repl="baseurl=https://"
meta_search="metalink\s*=\s*http://HTTPS///"
meta_repl="metalink=https://"
baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${baseurl_expr}" -e "${meta_expr}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
set --
for repo in \
/etc/yum.repos.d/rpmfusion*.repo
do
test -f "${repo}" || continue
test -r "${repo}" || continue
test -w "${repo}" || continue
set -- "${@}" "${repo}"
done
test -n "${*}" || return 0
find "${@}" -type f -exec sed -i \
-e "s|^\s*baseurl|#baseurl|w ${changes_file}" \
-e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+ 2>/dev/null || true
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
*) printf '%s\n' "Unsupported action" >&2; exit 1
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
esac
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then
fix: cacher: restrict install to supported clients - Enforce uninstall in Fedora, it has been too problematic due to zchunk checksum mismatch errors; - Skip tagging and installing on unsupported qubes, before it tagged every template that did not have the tag 'whonix-updatevm', this is error prone as it would fail the installation on unsupported clients such as Gentoo, Mirage. Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 10:16:03 -04:00
## Debian and derivatives but not Whonix.
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
if test -n "${proxy_addr}"; then
cat >/etc/apt/apt.conf.d/50cacher-proxy <<EOF
# Use Cacher NetVM Update Proxy
Acquire::http::Proxy "${proxy_url}";
Acquire::tor::proxy "${proxy_url}";
EOF
else
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
rm -f -- /etc/apt/apt.conf.d/50cacher-proxy
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
set --
for repo in \
/etc/apt/sources.list \
/etc/apt/sources.list.d/*.list \
/etc/apt/sources.list.d/*.sources
do
test -f "${repo}" || continue
test -r "${repo}" || continue
test -w "${repo}" || continue
set -- "${@}" "${repo}"
done
test -n "${*}" || return 0
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
case "${action}" in
install)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
sources_search="URIs:\s*https://"
sources_repl="URIs: http://HTTPS///"
list_search="^\s*\(#*\)\s*deb\(.*\)https://"
list_repl="\1deb\2http://HTTPS///"
sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${list_expr}" -e "${sources_expr}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
uninstall)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
sources_search="URIs:\s*http://HTTPS///"
sources_repl="URIs: https://"
list_search="^\s*\(#*\)\s*deb\(.*\)http://HTTPS///"
list_repl="\1deb\2https://"
sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${list_expr}" -e "${sources_expr}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
*) printf '%s\n' "Unsupported action" >&2; exit 1
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
esac
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
elif test -e /etc/arch-release; then
## Archlinux
if test -n "${proxy_addr}"; then
if ! test -d /run/qubes/bin; then
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
mkdir -p -- /run/qubes/bin
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
cat >/run/qubes/bin/pacman <<EOF
#!/bin/sh
feat: enable all optional shellcheck validations Make shell a little bit safer with: - add-default-case - check-extra-masked-returns - check-set-e-suppressed - quote-safe-variables - check-unassigned-uppercase Although there are some stylistic decisions for uniformity: - avoid-nullary-conditions - deprecated-which - require-variable-braces
2024-07-10 08:36:05 -04:00
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\${@}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
EOF
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
chmod -- +x /run/qubes/bin/pacman
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
cat >/etc/profile.d/qubes-proxy.sh << EOF
feat: enable all optional shellcheck validations Make shell a little bit safer with: - add-default-case - check-extra-masked-returns - check-set-e-suppressed - quote-safe-variables - check-unassigned-uppercase Although there are some stylistic decisions for uniformity: - avoid-nullary-conditions - deprecated-which - require-variable-braces
2024-07-10 08:36:05 -04:00
export PATH=/run/qubes/bin:\${PATH}
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
EOF
else
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
rm -f -- /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
set --
for repo in \
/etc/pacman.d/mirrorlist \
/etc/pacman.d/*.conf \
/etc/pacman.d/*.conf.disabled
do
test -f "${repo}" || continue
test -r "${repo}" || continue
test -w "${repo}" || continue
set -- "${@}" "${repo}"
done
test -n "${*}" || return 0
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
case "${action}" in
install)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
repo_search="Server\s*=\s*https://" \
repo_repl="Server = http://HTTPS///"
repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${repo_regex}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
uninstall)
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
repo_search="Server\s*=\s*http://HTTPS///"
repo_repl="Server = https://"
repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
find "${@}" -type f -exec sed -i \
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
-e "${repo_regex}" \
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
-- {} \+
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
;;
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
*) printf '%s\n' "Unsupported action" >&2; exit 1
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
esac
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
else
fix: cacher: restrict install to supported clients - Enforce uninstall in Fedora, it has been too problematic due to zchunk checksum mismatch errors; - Skip tagging and installing on unsupported qubes, before it tagged every template that did not have the tag 'whonix-updatevm', this is error prone as it would fail the installation on unsupported clients such as Gentoo, Mirage. Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 10:16:03 -04:00
## Gentoo: upstream does not have a good solution:
style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-07-09 11:42:07 -04:00
## https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo
fix: cacher: restrict install to supported clients - Enforce uninstall in Fedora, it has been too problematic due to zchunk checksum mismatch errors; - Skip tagging and installing on unsupported qubes, before it tagged every template that did not have the tag 'whonix-updatevm', this is error prone as it would fail the installation on unsupported clients such as Gentoo, Mirage. Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 10:16:03 -04:00
reject_os
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
fi
}
set_proxy_unspecific_os(){
if test -w /etc/PackageKit/PackageKit.conf; then
set_proxy_marker /etc/PackageKit/PackageKit.conf "ProxyHTTP=${proxy_url}"
fi
}
usage(){
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "Usage: ${0##*/} [install|uninstall]"
printf '%s\n' "Note: autodetection occurs if not argument is specified"
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
exit 1
}
changes_file="$(mktemp)"
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it.
2024-08-06 11:04:16 -04:00
trap 'rm -f -- "${changes_file}"' HUP INT QUIT ABRT EXIT
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
if test -f /var/run/qubes-service/updates-proxy-setup ||
test -f /var/run/qubes-service/netvm-cacher
then
action="install"
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
else
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
action="uninstall"
fi
case "${1-}" in
install|uninstall) action="${1}";;
"") ;;
*) usage;;
esac
feat: enable all optional shellcheck validations Make shell a little bit safer with: - add-default-case - check-extra-masked-returns - check-set-e-suppressed - quote-safe-variables - check-unassigned-uppercase Although there are some stylistic decisions for uniformity: - avoid-nullary-conditions - deprecated-which - require-variable-braces
2024-07-10 08:36:05 -04:00
uid="$(id -u)"
if test "${uid}" != "0"; then
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "Error: Permission denied, action requires root privileges."
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
exit 1
fi
fix: allow update check to work on cacher clients Qubes that have the updates-proxy-service enabled will have the repository definitions set to work with the proxy, being it a TemplateVM or another type of qube. Qubes that have that same service disabled and are based on templates that are being cached, will have the repository definitions corrected for it to work like normal systems via the networking instead of caching proxy. Optimizations were done for a faster runtime, previously it would call sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora repositories (one extra for rpmfusion) and some more for PackageKit and dnf.conf markers. Inexpensive runtime is a must for a script that may run multiple times, such as when being called by a tool monitoring the filesystem such as inotify. Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use case of the cacher, thus the license had to be changed. For: https://github.com/ben-grande/qusal/issues/44 Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 13:23:14 -04:00
check_netvm_cacher
set_proxy_os
set_proxy_unspecific_os
## Stateful Salt cmd Module.
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '\n'
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
if test -s "${changes_file}"; then
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "changed=yes comment='configuration was modified'"
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
else
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced.
2024-08-06 12:15:24 -04:00
printf '%s\n' "changed=no comment='configuration remained untouched'"
feat: apply URI changes in qube Very useful for template based qubes to uninstall the cacher definition to reach remote repository definitions with direct connection. https://github.com/ben-grande/qusal/issues/31
2024-03-21 16:50:02 -04:00
fi
exit
Reference in New Issue Copy Permalink