Q4rc4 :: qvm-prefs-screenshot-to-clipboard - 1st attempt

[[799]]

Hello,

having the idea of a qvm-screenshot-to-clipboard script I was eager to try writting a script.
The solution I had in mind could work but I am struggling with a small issue and would like to get some help.
The script takes a screenshot in dom0, store it to a file and qvm-copy the file to the target appvm (one and only command line argument for the script).
Then within the AppVM it is using xclip to copy the graphic to clipboard and removes all temporary files in the AppVM and dom0
All pieces are working, except the xclip command when launced from dom0.

When I launch the command within the AppVM it is working.
But I need to start the xclip command from an external script and when I do so, the same command is not working.
It seems that I am missing something when using xclip via script which is run in a new terminal session (from dom0 but also within the App)

Any ideas how to fix this?
It feels so frustrating that I nearly have a working solution but I am missing the last few meters.

How to use the script:

1) in dom0: launch script

2) make the screenshot by selection the area

as the xclip is not working in the AppVM as supposed:

3) switch to the AppVM where the screenshot should be used

4) launch the "helper script" in the AppVM which is running the following command

xclip -selection clipboard -t image/png /home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png

My qvm-screenshot-to-clipboard script which has to be placed and run from dom0:

--- BEGIN of script ---


#!/bin/bash
# qvm-screenshot-to-clipboard
# Creates a dom0 screenshot and copy it to the Clipboard of an AppVM

MyAppVM=$1
MyScreenshot=qvm-screenshot-to-clipboard.png

# Take screenshot in dom0 by selecting an area and adding border+shadow
gnome-screenshot --area --include-border --border-effect=shadow --file=/tmp/$MyScreenshot

# Copy screenhot to AppVM command line argument / delete existing file

qvm-run $MyAppVM 'rm -f /home/user/QubesIncoming/dom0/$MyScreenshot'

qvm-copy-to-vm $MyAppVM /tmp/$MyScreenshot

###FIXME begin

# I would like to just invoke the following
# command via qvm-run in the AppVM
# but the clipboard is just empty when using
# this approach.
# running the same command
# xclip -selection clipboard -t image/png /home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png
# therof I have put the command into a helper
# script in my AppVM:
# qvm-run $MyAppVM /home/user/qvm-screenshot-to-clipboard-appvm.sh
# the script is working when it is launched from
# an already opened gnome-terminal window
# but it will not work when the script is invoked
# from dom0 via qvm-run or through an own 
# strangely it is also not working when I start
# the script from within the appvm
# 'xterm -e

[awokd]

On Sat, February 17, 2018 10:11 pm, '[799]' via qubes-users wrote:

> xclip -selection clipboard -t image/png
> /home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png

Can't really find a man page for xclip. What happens when you run this in
dom0?

qvm-run $MyAppVM 'xclip -t image/png
/home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png'

[[799]]

Hello awokd,

-------- Original-Nachricht --------

An 17. Feb. 2018, 23:41, 'awokd' via qubes-users schrieb:

> Can't really find a man page for xclip. What
> happens when you run this in dom0?

xclip doesn't have to be present in dom0 as the command is only used in the AppVM.
As such you might need to install it in your template VM.

In dom0 you are only using gnome-screenshot to make the screenshot.
If it is not available in dom0 you can install it via qubes-dom0-update gnome-screenshot or use any other existing sxreenshot-app which is available in your dom0 and offers the option to safe screenshots directly to file.

Question regarding security:
As far as I can tell I don't think that the suggested solution to transfer screenshots to an AppVM offers a great security risk as the data is only flowing from (!) dom0 to your AppVM and the graphic file is creating in dom0.
But as I am far away from being a security expert, I'd like to hear a more qualified feedback if working with this script might be a bad idea.

Regards

[799]

[Yuraeitha]

If interested, I've recently made a similar script that works a little differently. I'll put it here as having options and choice is a good thing.


mv "$(xfce4-screenshooter -fo ls)" ~/Screenshots
( sleep 3 )
qvm-move-to-vm Base ~/Screenshots/screenshot_*





I know many here don't need an explanation since it's a rather straight forward simple working script that "just works", but for those who may need it, here are some considerations to take into account about the script:

- The mv "$() part of the script serves as a function to remove "save as" and instead auto-save with the name screenshot_+date+timestamp.

- Never remove the -o attribute if you want the mv "$() part of the script working.

- The first line decides where to save the screenshot, and the third line pulls the screenshot from this location. By narrowing down an empty folder specifically this use-case, you avoid false positive transfers, although those are unlikely in dom0 anyway.

- By default this scripts sends screenshots to an offline AppVM that I frequently have running in the background for offline applications and daily used data.

- AppVM name used: Base

- Fullscreen, keep the f attribute.

- Region, change -fo to -ro

- Window, change -fo to -wo

- The screenshot_* part, will move any files or folders beginning with screenshot_*, at the given address location. If you got older screenshots there, then they will also be moved. This should not be a big problem though, if you only use these scripts and keep the folder empty.

- You can also optionally keybind scripts to different AppVM's, so you don't have to move them a second time from the standard AppVM.

- Need longer time, for example to carefully select text in region screenshots, then expand the sleep timer to, say, 20 seconds.

- Make scripts executable and put them in dom0 $HOME/ folder. Then simply just keybind them in Qubes Menu --> System-Tools --> Keyboard ---> Shortcut tab.

- If dom0 is ever compromised, or the AppVM you backup your scripts to is compromised, be sure to check the scripts before putting them back in dom0 in the future.



My own favourite version is region selection, set to 10 seconds, keybinded to the Screenshot key.

mv "$(xfce4-screenshooter -ro ls)" ~/Screenshots
( sleep 10 )
qvm-move-to-vm Base ~/Screenshots/Screenshot_*

All the others are scripted too, but I need to hold down Ctrl key, shift key, etc. to make those work. I also keybind for different AppVM's, where I include a letter, where the letter denotes the AppVM. For example shift+w+printscreen, will send a screenshot to my work AppVM, while shift+s+printscreen sends the screenshot to my Study AppVM.

[Yuraeitha]

I did not intend to be rude by posting this alternative. Besides this alternative doesn't put the screenshot in the clipboard, which I think is pretty ingenious of you, and in that way, your script is definitely superior since it makes it even easier.

I hope you get the last part working, it could prove to be very interesting.

[[799]]

--
Qubes 4rc3 > Lenovo X230 + Lenovo W540

Gesendet von ProtonMail mobile




-------- Original-Nachricht --------

> [...]

> mv "$(xfce4-screenshooter -fo ls)" ~/Screenshots
> ( sleep 3 )
> qvm-move-to-vm Base ~/Screenshots/screenshot_*

> [...]

Your scripts can be used to save all screenshots to a folder in an AppVM whereas my scripts is mainly for quick copy'n paste.

I think I'll also change my script to use xfce4-screenshoiter instead of gnome-screenshot.
Thanks for the hint.

I have uploaded my script to GitHub, maybe you should do the same or we add it to the repository so that users can pick the right script for their needs?

As you mentioned:
Choice is always a good thing.

[799]

[Yuraeitha]

hmm, thinking about it, did you try awokd's approach? I do something very similar for my QubesTV setup that I'm working on polishing, which works on scripts too, like we're doing here. The command may have to be adjusted a bit, but in general, it should work, even without xclip in dom0.

Actually, I'd go as far as to say it should most definitely work for xclip, while my scripts here are different, I've done it enough to tell it can work if modified correctly.

Either way, try awokd's command out, it will definitely work in one variant or different. The question is if require a bit of modification. For example, maybe use "qvm-run AppVM bash 'command to execute inside AppVM -o etc. lalala'" instead of say, "qvm-run AppVM gnome-terminal -e 'command to execute inside AppVM -o etc. lalala'".

For example I've seen a case where one when executed inside the AppVM, will open the executed QubesTV streaming link in the same browser, same tab, while the very same command inserted into the AppVM from dom0, would open up a whole new instance of Firefox, and thereby open a new window. Which, needless to say, doesn't work. The solution was to use bash for already running firefox, so that it won't start a new firefox instance. Hopefully you can use any of this to make qvm-run appvm "command" work.

In terms of security, I'm in the same boat, I can't say for sure. But I agree with the notion, that it "probably"? is secure due to the one direction flow of data.

[Yuraeitha]

oh I went away from my pc for a short while while writing a new post, didn't see you had answered meanwhile.

But I definitely agree. I'll see if I can get it on github tomorrow.

[awokd]

On Sun, February 18, 2018 10:24 pm, Yuraeitha wrote:

> hmm, thinking about it, did you try awokd's approach?

He had but it wasn't working so I was just suggesting trying out a
different command line option for xclip. Could be because it was in a
different session or something, like you're saying.

[Yuraeitha]

On Sunday, February 18, 2018 at 11:00:35 PM UTC+1, [799] wrote:

btw, I don't mind if you merge some of the code, what I feel is important here is that people have something that just works. Besides a crucial part of this code is something I got elsewhere anyway, I just don't remember where anymore. In short, the mv "$()" part of the script to bypass the "save as" is not my invention, but something I learned elsewhere, where-ever that was in time and space.

[Yuraeitha]

@awokd
Most likely yes, I haven't seen a command that can't be run from dom0 yet, it just need a little spanki'... Ahem, love.

I haven't yet fully grasped why some commands behave different as they do when from dom0, compared to when same command is executed inside the AppVM. For example the bash example above. But I imagine, grasping this difference, one can probably execute anything from dom0.

[Yuraeitha]

On Sunday, February 18, 2018 at 11:00:35 PM UTC+1, [799] wrote:

@ [799]

Aight, I followed up on your suggestion and made a wiki for this script. Feel free to use it any way you like.
https://github.com/Aekez/scripting-qubes/wiki/Streamlining-the-Screenshotting

If our scripts in the end can't be merged without loosing strengths or avoiding new weaknesses in them, then perhaps an idea could be to use ideas from each others scripts which work. For example if you're okay with it I might add the clipboard functionality. Of course crediting you. But then there is the question if our scripts could essentially be merged into a single script by such a move? If so, then I don't mind you posting it, I'll simply add a reference to your script in the wiki so anyone reading it will be made aware of yours. Credits doesn't matter much to me, so I don't mind if you put a merged script together, if this is what is feasible to do.

I've been thinking about adding a page to other Qubes community wiki pages. Maybe we can take this even further, thereby creating a sort of network by Qubes Community users who make wiki's like these. Kind of like how various YouTube communities share and promote each others videos and work to help carry out their collective and shared community goals. Maybe we can do something like this in the wiki pages and work together to create better wiki available information?

For example I remember Ivan made a wiki for Windows 7 on github, which can be a good place for Windows wiki updates. (I don't know anyone else's wiki pages, I only know Ivan's). Yours holding the finished screenshot script, and other things you're working on of course. My own project is QubesTV, but as mentioned on the page, it's not something I can finish my self if it's meant to reach high quality. Currently I'm doing whatever I can to lay the ground-work though. But the idea here, is having wiki pages for various topics, and network them together. What do you guys think?