How to use curl in a template VM?
235 views
Skip to first unread message
bill...@gmail.com
Nov 8, 2019, 12:59:55 PM11/8/19
to qubes-users
I am trying to install the Brave browser in my debian template VM it requires that I add a repository with the command:
curl -s https://brave-browser-apt-beta.s3.brave.com/brave-core-nightly.asc | sudo apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-beta.gpg add -
When I try the first part of this alone, I get nothing back, so I'm assuming that curl is blocked -- I get the correct key in the "untrusted" vm when I do it there.
I have to say that I am still trying to get my head around how qubes does networking, but while I can easily upgrade and add software in the debian template vM using apt, it seems that curl is not getting through.
So:
1) Is there a document that goes through the networking stuff in detail?
2) How would I go about installing this software in the template?
Thanks!
billo
b17b7bdb
Nov 8, 2019, 5:42:14 PM11/8/19
to qubes...@googlegroups.com
On 11/8/19 5:59 PM, billollib-Re5JQE...@public.gmane.org wrote:> I am trying to install the Brave browser in my debian template VM it
I just installed Brave in Debian Buster following the steps in:
https://medium.com/@connorrfin10/how-to-install-brave-browser-on-debian-10-buster-f95c9d30556c
https://medium.com/@connorrfin10/how-to-install-brave-browser-on-debian-10-buster-f95c9d30556c
First I cloned my template as debian-10-brave, so that I wouldn't mess up one of my regular templates. In order to execute the curl and echo commands in Step 1: Preparing for installation, I temporarily enabled sys-whonix as the NetVM for this template, but set it back to the default none setting for NetVM immediately afterward. Not ideal, but it solves problem above.
Note, in Step 4: Final Fixes, I had to open the terminal as root in order to execute the echo command. From the dom0 terminal:
$ qvm-run -u root debian-10-brave xterm
then type in the command manually into the debian-10-brave root terminal.
unman
Nov 8, 2019, 10:08:38 PM11/8/19
to qubes...@googlegroups.com
On Fri, Nov 08, 2019 at 10:42:02PM +0000, 'b17b7bdb' via qubes-users wrote:
> On 11/8/19 5:59 PM, billollib-Re5JQE...@public.gmane.org wrote:> I am trying to install the Brave browser in my debian template VM it
> > requires that I add a repository with the command:
> >
> > curl -s
> > https://brave-browser-apt-beta.s3.brave.com/brave-core-nightly.asc |
> > sudo apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-beta.gpg add -
> >
> > When I try the first part of this alone, I get nothing back, so I'm
> > assuming that curl is blocked -- I get the correct key in the
> > "untrusted" vm when I do it there.
> >
> > I have to say that I am still trying to get my head around how qubes does networking, but while I can easily upgrade and add software in the debian template vM using apt, it seems that curl is not getting through.
> >
> > So:
> >
> > 1) Is there a document that goes through the networking stuff in detail?
> > 2) How would I go about installing this software in the template?
>
> I just installed Brave in Debian Buster following the steps in:
> https://medium.com/@connorrfin10/how-to-install-brave-browser-on-debian-10-buster-f95c9d30556c
>
> First I cloned my template as debian-10-brave, so that I wouldn't mess up one of my regular templates. In order to execute the curl and echo commands in Step 1: Preparing for installation, I temporarily enabled sys-whonix as the NetVM for this template, but set it back to the default none setting for NetVM immediately afterward. Not ideal, but it solves problem above.
>
Don't do this. It creates risk and is unnecessary.
> On 11/8/19 5:59 PM, billollib-Re5JQE...@public.gmane.org wrote:> I am trying to install the Brave browser in my debian template VM it
> > requires that I add a repository with the command:
> >
> > curl -s
> > https://brave-browser-apt-beta.s3.brave.com/brave-core-nightly.asc |
> > sudo apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-beta.gpg add -
> >
> > When I try the first part of this alone, I get nothing back, so I'm
> > assuming that curl is blocked -- I get the correct key in the
> > "untrusted" vm when I do it there.
> >
> > I have to say that I am still trying to get my head around how qubes does networking, but while I can easily upgrade and add software in the debian template vM using apt, it seems that curl is not getting through.
> >
> > So:
> >
> > 1) Is there a document that goes through the networking stuff in detail?
> > 2) How would I go about installing this software in the template?
>
> I just installed Brave in Debian Buster following the steps in:
> https://medium.com/@connorrfin10/how-to-install-brave-browser-on-debian-10-buster-f95c9d30556c
>
> First I cloned my template as debian-10-brave, so that I wouldn't mess up one of my regular templates. In order to execute the curl and echo commands in Step 1: Preparing for installation, I temporarily enabled sys-whonix as the NetVM for this template, but set it back to the default none setting for NetVM immediately afterward. Not ideal, but it solves problem above.
>
Templates update without any networking using qrexec to an update Proxy.
The listener sits at 127.0.0.1:8082 on the template and passes traffic
to and fro using qrexec to the proxy - the proxy is determined by reading
from /etc/qubes-rpc/policy/qubes.UpdatesProxy.
Qubes stopped filtering on that proxy a long time ago, which means that
you can use/abuse it for *anything* you like.
I made a note on using gpg in templates here -
https://github.com/unman/notes/blob/master/gpg_in_templates
In this case you just need:
curl --proxy 127.0.0.1:8082 https://brave-browser-apt-beta.s3.brave.com/brave-core-nightly.asc
unman
bill...@gmail.com
Nov 11, 2019, 6:26:41 PM11/11/19
to qubes-users
The proxy worked fine. It's all good. Thanks!
billo
bill...@gmail.com
Nov 11, 2019, 6:27:32 PM11/11/19
to qubes-users
Thanks for the reply. I went the proxy route below, since it was simpler, but I appreciate the help.
billo
Reply all
Reply to author
Forward
0 new messages