This website requires JavaScript.
Explore
Help
Sign In
Qubes
/
core-agent-linux
Watch
1
Star
0
Fork
0
You've already forked core-agent-linux
Code
Issues
Pull Requests
Releases
Wiki
Activity
40652b700b
core-agent-linux
/
qubes-rpc
/
qubes.UpdatesProxy
3 lines
46 B
Plaintext
Raw
Normal View
History
Unescape
Escape
Implement qrexec-based connection to updates proxy Configure package manager to use 127.0.0.1:8082 as proxy instead of "magic" IP intercepted later. The listen on this port and whenever new connection arrives, spawn qubes.UpdatesProxy service call (to default target domain - subject to configuration in dom0) and connect its stdin/out to the local TCP connection. This part use systemd.socket unit in case of systemd, and ncat --exec otherwise. On the other end - in target domain - simply pass stdin/out to updates proxy (tinyproxy) running locally. It's important to _not_ configure the same VM to both be updates proxy and use it. In practice such configuration makes little sense - if VM can access network (which is required to run updates proxy), package manager can use it directly. Even if this network access is through some VPN/Tor. If a single VM would be configured as both proxy provider and proxy user, connection would loop back to itself. Because of this, proxy connection redirection (to qrexec service) is disabled when the same VM also run updates proxy. Fixes QubesOS/qubes-issues#1854
2017-05-26 03:07:47 +02:00
#!/bin/sh
Switch qubes.UpdatesProxy to socat - there are many netcat versions (openbsd, nmap, ...), which behave differently - especially while handling EOF - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently good) QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
exec socat STDIO TCP:localhost:8082
Reference in New Issue
Copy Permalink