Strategy Question: salt & installation of 3rd party software from web scraped URL - impossible in no-web templates
4 views
Skip to first unread message
Johannes Graumann
Apr 5, 2022, 1:20:49 PM4/5/22
to 'Johannes Graumann' via qubes-users
Hi,
I'm maintaining my setup using salt.
For work I need to use proprietary software (citrix client) - a picture
perfect use case for a dedicated template/app vm combo (sadly there
isn't a flatpak, which via user space-installation would allow me to
bypass the dedicated template).
Citrix now is playing nasty:
https://www.citrix.com/de-de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html
has *.debs, *.rpms and tarballs ready for download, but some java
script magic adds individualized tokens to the download links, to
prevent straight linking to the resources.
Some nice person has figured out how to circumvent that using bash
scripting in the AUR of ArchLinux
(https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=icaclient) and
I used that to build a shell script that will deliver a currently valid
download link, which I was thinking to use via `cmd.script` in salt.
However, I now realize that a proper Qubes template does not have
standard internet access even when being updated, so that route is
barred.
How would you go about this? Just manual downloading the rpm and
installing it into the template does the trick, but I'd vastly prefer a
salty solution.
Thanks for reading this far and thank you for any hints.
Joh
I'm maintaining my setup using salt.
For work I need to use proprietary software (citrix client) - a picture
perfect use case for a dedicated template/app vm combo (sadly there
isn't a flatpak, which via user space-installation would allow me to
bypass the dedicated template).
Citrix now is playing nasty:
https://www.citrix.com/de-de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html
has *.debs, *.rpms and tarballs ready for download, but some java
script magic adds individualized tokens to the download links, to
prevent straight linking to the resources.
Some nice person has figured out how to circumvent that using bash
scripting in the AUR of ArchLinux
(https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=icaclient) and
I used that to build a shell script that will deliver a currently valid
download link, which I was thinking to use via `cmd.script` in salt.
However, I now realize that a proper Qubes template does not have
standard internet access even when being updated, so that route is
barred.
How would you go about this? Just manual downloading the rpm and
installing it into the template does the trick, but I'd vastly prefer a
salty solution.
Thanks for reading this far and thank you for any hints.
Joh
David Hobach
Apr 5, 2022, 1:34:01 PM4/5/22
to qubes...@googlegroups.com
> How would you go about this? Just manual downloading the rpm and
> installing it into the template does the trick, but I'd vastly prefer a
> salty solution.
I tend to download it once, store it with my salt stuff and install it via salt.
> installing it into the template does the trick, but I'd vastly prefer a
> salty solution.
This also avoids untrusted download issues / limits them to the first download only.
David Hobach
Apr 5, 2022, 1:37:56 PM4/5/22
to qubes...@googlegroups.com
And the last time I tried Citrix on Qubes, I just installed it to the home directory (there was a tarball for download IIRC).
Johannes Graumann
Apr 5, 2022, 1:40:04 PM4/5/22
to David Hobach, qubes...@googlegroups.com
On Tue, 2022-04-05 at 19:37 +0200, David Hobach wrote:
> And the last time I tried Citrix on Qubes, I just installed it to the
> home directory (there was a tarball for download IIRC).
This is really exciting ... will try this ... the rpm puts it into
> And the last time I tried Citrix on Qubes, I just installed it to the
> home directory (there was a tarball for download IIRC).
`/opt` ... would remove the need for a dedicated template.
Thanks!
Johannes Graumann
Apr 5, 2022, 1:47:22 PM4/5/22
to David Hobach, qubes...@googlegroups.com
On Tue, 2022-04-05 at 19:39 +0200, 'Johannes Graumann' via qubes-users
wrote:
A related question: howto transfer a binary file (like the citrix
tarball) to dom0 for integration into the salt setup?
the `qvm-run` and `cat`-based version in the docs does not work in this
case.
wrote:
tarball) to dom0 for integration into the salt setup?
the `qvm-run` and `cat`-based version in the docs does not work in this
case.
David Hobach
Apr 5, 2022, 2:16:17 PM4/5/22
to Johannes Graumann, qubes...@googlegroups.com
> A related question: howto transfer a binary file (like the citrix
> tarball) to dom0 for integration into the salt setup?
>
> the `qvm-run` and `cat`-based version in the docs does not work in this
> case.
Just pack it into one *.tar.gz and then use the qvm-run cat commands to transfer it from the source VM to dom0. It works with any file, just not with directories - so you need to pack those.
> tarball) to dom0 for integration into the salt setup?
>
> the `qvm-run` and `cat`-based version in the docs does not work in this
> case.
Johannes Graumann
Apr 6, 2022, 8:38:22 AM4/6/22
to David Hobach, qubes...@googlegroups.com
Johannes Graumann
Apr 6, 2022, 10:03:44 AM4/6/22
to David Hobach, qubes...@googlegroups.com
On Tue, 2022-04-05 at 19:39 +0200, 'Johannes Graumann' via qubes-users
wrote:
wrote:
without user interaction/using the defaults?
David Hobach
Apr 6, 2022, 1:24:11 PM4/6/22
to Johannes Graumann, qubes...@googlegroups.com
> You did not, perchance, find a way to run the darn `setupwfc` script
> without user interaction/using the defaults?
No, I didn't salt the home install. However usually you can emulate user input via echo "y"$'\n'"n" | someprog.
> without user interaction/using the defaults?
Otherwise there's also programs for that (I've never tried them).
lik...@gmx.de
Apr 8, 2022, 2:28:21 PM4/8/22
to qubes...@googlegroups.com
On 4/5/22 19:20, 'Johannes Graumann' via qubes-users wrote:
> However, I now realize that a proper Qubes template does not have
> standard internet access even when being updated, so that route is
> barred.
>
> How would you go about this? Just manual downloading the rpm and
> installing it into the template does the trick, but I'd vastly prefer a
> salty solution.
I'm using a salt solution to install zoom inspired by unman's script: https://github.com/unman/notes/blob/master/gpg_in_templates
> However, I now realize that a proper Qubes template does not have
> standard internet access even when being updated, so that route is
> barred.
>
> How would you go about this? Just manual downloading the rpm and
> installing it into the template does the trick, but I'd vastly prefer a
> salty solution.
like that in a debian template as a salt state:
install-zoom:
cmd.run:
- names:
- wget --no-verbose -e use_proxy=on -e https_proxy=127.0.0.1:8082 -O ~/zoom_amd64.deb https://zoom.us/client/latest/zoom_amd64.deb
- sudo apt-get install ~/zoom_amd64.deb -y
Reply all
Reply to author
Forward
0 new messages