2024-03-21 21:50:02 +01:00
|
|
|
#!/bin/sh
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
# SPDX-FileCopyrightText: 2015 - 2020 Marek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
|
2024-04-30 14:53:21 +02:00
|
|
|
# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
2024-03-21 21:50:02 +01:00
|
|
|
#
|
2024-04-26 19:23:14 +02:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
## Description: rewrite repositories definitions to be used with the cacher.
|
|
|
|
## It works for qubes that should be configured to use the cacher via Qrexec
|
|
|
|
## or Netvm (direct networking).
|
|
|
|
##
|
|
|
|
## Looping through files and testing their permissions (read, write) is better
|
|
|
|
## than finding a file and trying to sed it without knowledge, it is also
|
|
|
|
## beneficial as 'find' fails if file is not existent and sending all 'find'
|
|
|
|
## output to /dev/stderr is not great.
|
|
|
|
##
|
|
|
|
## Assigning the repositories files to '$@' avoids having to parse their names
|
|
|
|
## in case they contain spaces, newlines and other dangerous characters to the
|
|
|
|
## shell, it is also an easy way to use an array for /bin/sh.
|
2024-03-21 21:50:02 +01:00
|
|
|
|
|
|
|
set -eu
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
set_proxy_marker(){
|
|
|
|
marker_begin_text="QUBES BEGIN"
|
|
|
|
marker_end_text="QUBES END"
|
|
|
|
marker_begin="### ${marker_begin_text} ###"
|
|
|
|
marker_end="### ${marker_end_text} ###"
|
|
|
|
proxy_file="${1}"
|
|
|
|
proxy_options="${2}"
|
|
|
|
|
|
|
|
if ! grep -q "^${marker_begin}$" "${proxy_file}"; then
|
|
|
|
if grep -q "^${marker_end}$" "${proxy_file}"; then
|
|
|
|
echo "Error: found marker ${marker_end_text} but not ${marker_begin_text} in ${proxy_file}" >&2
|
|
|
|
echo "Fix the file by either removing both markers or adding missing ones and retry" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
cp "${proxy_file}" "${proxy_file}.qubes-orig"
|
|
|
|
echo "${marker_begin}" | tee -a "${proxy_file}" >/dev/null
|
|
|
|
echo "${marker_end}" | tee -a "${proxy_file}" >/dev/null
|
|
|
|
elif ! grep -q "^${marker_end}$" "${proxy_file}"; then
|
|
|
|
echo "Error: found marker ${marker_begin_text} but not ${marker_end_text} in ${proxy_file}" >&2
|
|
|
|
echo "Fix the file by either removing both markers or adding missing ones and retry" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
2024-03-21 21:50:02 +01:00
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
proxy_tmp_file="$(mktemp)"
|
|
|
|
cat >"${proxy_tmp_file}" <<EOF
|
|
|
|
# The text between ${marker_begin_text} and ${marker_end_text} is automatically
|
|
|
|
# generated by $0. All changes here will be overriden.
|
|
|
|
# You can override options after the ${marker_end_text}.
|
|
|
|
${proxy_options}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
## Couldn't figure out how to write only changes on the next sed.
|
|
|
|
if ! grep -q "${proxy_options}" "${proxy_file}"; then
|
|
|
|
tee -a "${changes_file}" <"${proxy_tmp_file}" >/dev/null
|
|
|
|
fi
|
|
|
|
## GNU Sed, only reliable while we don't support BSD.
|
|
|
|
sed -i -e "/^${marker_begin}$/,/^${marker_end}$/{
|
|
|
|
/^${marker_end}$/b
|
|
|
|
/^${marker_begin}$/!d
|
|
|
|
r ${proxy_tmp_file}
|
|
|
|
}" "${proxy_file}"
|
|
|
|
rm -f "${proxy_tmp_file}"
|
2024-03-21 21:50:02 +01:00
|
|
|
}
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
check_netvm_cacher(){
|
|
|
|
proxy_host="127.0.0.1"
|
|
|
|
proxy_port="8082"
|
|
|
|
proxy_addr=""
|
|
|
|
proxy_url=""
|
|
|
|
proxy_conf=""
|
|
|
|
if ! test -f /var/run/qubes-service/updates-proxy-setup; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
if test -f /var/run/qubes-service/netvm-cacher; then
|
|
|
|
proxy_host="$(qubesdb-read /qubes-gateway)"
|
|
|
|
if test -z "${proxy_host}"; then
|
|
|
|
echo "Error: service netvm-cacher enabled but netvm IP was not found" >&2
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
proxy_addr="${proxy_host}:${proxy_port}"
|
|
|
|
proxy_url="http://${proxy_addr}"
|
|
|
|
proxy_conf="proxy=${proxy_addr}"
|
2024-03-21 21:50:02 +01:00
|
|
|
}
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
set_proxy_os(){
|
|
|
|
if test -e /etc/fedora-release; then
|
|
|
|
## Fedora
|
|
|
|
|
|
|
|
if test -w /etc/dnf/dnf.conf; then
|
2024-04-30 14:53:21 +02:00
|
|
|
set_proxy_marker /etc/dnf/dnf.conf "zchunk=False
|
|
|
|
${proxy_conf}"
|
2024-04-26 19:23:14 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
cat >/etc/yum.conf.d/qubes-proxy.conf <<EOF
|
|
|
|
${proxy_conf}
|
|
|
|
EOF
|
|
|
|
else
|
|
|
|
rm -f /etc/yum.conf.d/qubes-proxy.conf
|
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
2024-03-21 21:50:02 +01:00
|
|
|
|
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|baseurl\s*=\s*https://|baseurl=http://HTTPS///|w ${changes_file}" \
|
|
|
|
-e "s|metalink\s*=\s*https://|metalink=http://HTTPS///|w ${changes_file}" \
|
|
|
|
{} \+
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/rpmfusion*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|^\s*#.*baseurl|baseurl|w ${changes_file}" \
|
|
|
|
-e "s|^\s*metalink\s*=\s*|#metalink=|w ${changes_file}" \
|
|
|
|
{} \+
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
2024-04-26 19:23:14 +02:00
|
|
|
|
2024-03-21 21:50:02 +01:00
|
|
|
uninstall)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|baseurl\s*=\s*http://HTTPS///|baseurl=https://|w ${changes_file}" \
|
|
|
|
-e "s|metalink\s*=\s*http://HTTPS///|metalink=https://|w ${changes_file}" \
|
|
|
|
{} \+
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/yum.repos.d/rpmfusion*.repo
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|^\s*baseurl|#baseurl|w ${changes_file}" \
|
|
|
|
-e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \
|
|
|
|
{} \+ 2>/dev/null || true
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
|
|
|
esac
|
2024-04-26 19:23:14 +02:00
|
|
|
|
|
|
|
elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then
|
|
|
|
## Debian but not Whonix.
|
|
|
|
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
cat >/etc/apt/apt.conf.d/50cacher-proxy <<EOF
|
|
|
|
# Use Cacher NetVM Update Proxy
|
|
|
|
Acquire::http::Proxy "${proxy_url}";
|
|
|
|
Acquire::tor::proxy "${proxy_url}";
|
|
|
|
EOF
|
|
|
|
else
|
|
|
|
rm -f /etc/apt/apt.conf.d/50cacher-proxy
|
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/apt/sources.list \
|
|
|
|
/etc/apt/sources.list.d/*.list \
|
|
|
|
/etc/apt/sources.list.d/*.sources
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
2024-03-21 21:50:02 +01:00
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|URIs:\s*https://|URIs: http://HTTPS///|w ${changes_file}" \
|
|
|
|
-e "s|^\s*\(#*\)\s*deb\(.*\)https://|\1deb\2http://HTTPS///|w ${changes_file}" \
|
|
|
|
{} \+
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
2024-04-26 19:23:14 +02:00
|
|
|
|
2024-03-21 21:50:02 +01:00
|
|
|
uninstall)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|URIs:\s*http://HTTPS///|URIs: https://|w ${changes_file}" \
|
|
|
|
-e "s|^\s*\(#*\)\s*deb\(.*\)http://HTTPS///|\1deb\2https://|w ${changes_file}" \
|
|
|
|
{} \+
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
|
|
|
esac
|
2024-04-26 19:23:14 +02:00
|
|
|
|
|
|
|
elif test -e /etc/arch-release; then
|
|
|
|
## Archlinux
|
|
|
|
|
|
|
|
if test -n "${proxy_addr}"; then
|
|
|
|
if ! test -d /run/qubes/bin; then
|
|
|
|
mkdir -p /run/qubes/bin
|
|
|
|
fi
|
|
|
|
cat >/run/qubes/bin/pacman <<EOF
|
|
|
|
#!/bin/sh
|
|
|
|
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\$@"
|
|
|
|
EOF
|
|
|
|
chmod +x /run/qubes/bin/pacman
|
|
|
|
cat >/etc/profile.d/qubes-proxy.sh << EOF
|
|
|
|
export PATH=/run/qubes/bin:\$PATH
|
|
|
|
EOF
|
|
|
|
else
|
|
|
|
rm -f /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh
|
|
|
|
fi
|
|
|
|
|
|
|
|
set --
|
|
|
|
for repo in \
|
|
|
|
/etc/pacman.d/mirrorlist \
|
|
|
|
/etc/pacman.d/*.conf \
|
|
|
|
/etc/pacman.d/*.conf.disabled
|
|
|
|
do
|
|
|
|
test -f "${repo}" || continue
|
|
|
|
test -r "${repo}" || continue
|
|
|
|
test -w "${repo}" || continue
|
|
|
|
set -- "${@}" "${repo}"
|
|
|
|
done
|
|
|
|
test -n "${*}" || return 0
|
|
|
|
|
2024-03-21 21:50:02 +01:00
|
|
|
case "${action}" in
|
|
|
|
install)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|Server\s*=\s*https://|Server = http://HTTPS///|w ${changes_file}" \
|
|
|
|
{} \+
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
2024-04-26 19:23:14 +02:00
|
|
|
|
2024-03-21 21:50:02 +01:00
|
|
|
uninstall)
|
2024-04-26 19:23:14 +02:00
|
|
|
find "${@}" -type f -exec sed -i \
|
|
|
|
-e "s|Server\s*=\s*http://HTTPS///|Server = https://|w ${changes_file}" \
|
|
|
|
{} \+
|
2024-03-21 21:50:02 +01:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
else
|
|
|
|
## TODO: Gentoo.
|
|
|
|
echo "Cacher does not support your Operating System distribution." >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
set_proxy_unspecific_os(){
|
|
|
|
if test -w /etc/PackageKit/PackageKit.conf; then
|
|
|
|
set_proxy_marker /etc/PackageKit/PackageKit.conf "ProxyHTTP=${proxy_url}"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
usage(){
|
|
|
|
echo "Usage: ${0##*/} [install|uninstall]"
|
|
|
|
echo "Note: autodetection occurs if not argument is specified"
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
changes_file="$(mktemp)"
|
|
|
|
trap 'rm -f "${changes_file}"' HUP INT QUIT ABRT EXIT
|
|
|
|
|
|
|
|
if test -f /var/run/qubes-service/updates-proxy-setup ||
|
|
|
|
test -f /var/run/qubes-service/netvm-cacher
|
|
|
|
then
|
|
|
|
action="install"
|
2024-03-21 21:50:02 +01:00
|
|
|
else
|
2024-04-26 19:23:14 +02:00
|
|
|
action="uninstall"
|
|
|
|
fi
|
|
|
|
|
|
|
|
case "${1-}" in
|
|
|
|
install|uninstall) action="${1}";;
|
|
|
|
"") ;;
|
|
|
|
*) usage;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
if test "$(id -u)" != "0"; then
|
|
|
|
echo "Error: Permission denied, action requires root privileges."
|
2024-03-21 21:50:02 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2024-04-26 19:23:14 +02:00
|
|
|
check_netvm_cacher
|
|
|
|
set_proxy_os
|
|
|
|
set_proxy_unspecific_os
|
|
|
|
|
|
|
|
## Stateful Salt cmd Module.
|
2024-03-21 21:50:02 +01:00
|
|
|
echo
|
|
|
|
if test -s "${changes_file}"; then
|
2024-04-26 19:23:14 +02:00
|
|
|
echo "changed=yes comment='configuration was modified'"
|
2024-03-21 21:50:02 +01:00
|
|
|
else
|
2024-04-26 19:23:14 +02:00
|
|
|
echo "changed=no comment='configuration remained untouched'"
|
2024-03-21 21:50:02 +01:00
|
|
|
fi
|
|
|
|
exit
|