168 lines
5.3 KiB
Bash
Executable File
168 lines
5.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
#
|
|
# Copyright (C) 2015 Marek Marczykowski-Górecki
|
|
# <marmarek@invisiblethingslab.com>
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
#
|
|
|
|
# Source Qubes library.
|
|
# shellcheck source=init/functions
|
|
. /usr/lib/qubes/init/functions
|
|
|
|
BEGIN_MARKER="### QUBES BEGIN ###"
|
|
END_MARKER="### QUBES END ###"
|
|
|
|
set -e
|
|
|
|
### helper functions begin ###
|
|
|
|
# set proxy in given config file
|
|
update_conf() {
|
|
local CONF_PATH="$1"
|
|
local CONF_OPTIONS="$2"
|
|
|
|
# Ensure that Qubes conf markers are present in the file
|
|
if ! grep -q "$BEGIN_MARKER" "$CONF_PATH"; then
|
|
if grep -q "$END_MARKER" "$CONF_PATH"; then
|
|
echo "ERROR: found QUBES END marker but not QUBES BEGIN in ${CONF_PATH}" >&2
|
|
echo "Fix the file by either removing both of them, or adding missing back and retry" >&2
|
|
exit 1
|
|
fi
|
|
cp "$CONF_PATH" "${CONF_PATH}.qubes-orig"
|
|
echo "$BEGIN_MARKER" >> "$CONF_PATH"
|
|
echo "$END_MARKER" >> "$CONF_PATH"
|
|
elif ! grep -q "$END_MARKER" "$CONF_PATH"; then
|
|
echo "ERROR: found QUBES BEGIN marker but not QUBES END in ${CONF_PATH}" >&2
|
|
echo "Fix the file by either removing both of them, or adding missing back and retry" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Prepare config block
|
|
local tmpfile
|
|
tmpfile=$(mktemp)
|
|
cat > "${tmpfile}" <<EOF
|
|
# This part of configuration, until QUBES END, is automatically generated by
|
|
# $0. All changes here will be overriden.
|
|
# If you want to override any option set here, set it again to desired value,
|
|
# below this section
|
|
$CONF_OPTIONS
|
|
EOF
|
|
|
|
# And insert it between the markers
|
|
sed -i -e "/^$BEGIN_MARKER$/,/^$END_MARKER$/{
|
|
/^$END_MARKER$/b
|
|
/^$BEGIN_MARKER$/!d
|
|
r ${tmpfile}
|
|
}" "${CONF_PATH}"
|
|
rm -f "${tmpfile}"
|
|
}
|
|
|
|
### helper functions end
|
|
|
|
# Determine whether the proxy should be used
|
|
if qsvc yum-proxy-setup || qsvc updates-proxy-setup ; then
|
|
PROXY_ADDR_BASE="127.0.0.1:8082"
|
|
PROXY_ADDR="http://${PROXY_ADDR_BASE}/"
|
|
PROXY_CONF_ENTRY="proxy=$PROXY_ADDR"
|
|
else
|
|
PROXY_ADDR=""
|
|
# do not proxy at all (for example dnf.conf doesn't tolerate empty entry)
|
|
PROXY_CONF_ENTRY=""
|
|
fi
|
|
|
|
# For programs supporting .d style configs, it's simple
|
|
if [ -d /etc/apt/apt.conf.d ]; then
|
|
if [ -n "$PROXY_ADDR" ]; then
|
|
cat > /etc/apt/apt.conf.d/01qubes-proxy <<EOF
|
|
### This file is automatically generated by Qubes ($0 script).
|
|
### All modifications here will be lost.
|
|
### If you want to override some of this settings, create another file under
|
|
### /etc/apt/apt.conf.d.
|
|
|
|
# Use Qubes Update Proxy
|
|
Acquire::http::Proxy "$PROXY_ADDR";
|
|
Acquire::tor::proxy "$PROXY_ADDR";
|
|
EOF
|
|
else
|
|
rm -f /etc/apt/apt.conf.d/01qubes-proxy
|
|
fi
|
|
fi
|
|
|
|
# Yum at least supports including an individual config files
|
|
if [ -d /etc/yum.conf.d ]; then
|
|
cat > /etc/yum.conf.d/qubes-proxy.conf <<EOF
|
|
### This file is automatically generated by Qubes ($0 script).
|
|
### All modifications here will be lost.
|
|
### If you want to override some of this settings, add them in /etc/yum.conf
|
|
### below a "include=/etc/yum.conf.d/qubes-proxy.conf" line.
|
|
|
|
$PROXY_CONF_ENTRY
|
|
EOF
|
|
fi
|
|
|
|
# Pacman (archlinux) also
|
|
if [ -d /etc/pacman.d ]; then
|
|
if [ -n "$PROXY_ADDR" ]; then
|
|
mkdir -p /run/qubes/bin
|
|
cat > /run/qubes/bin/pacman <<EOF
|
|
#!/bin/bash
|
|
### This file is automatically generated by Qubes ($0 script).
|
|
### All modifications here will be lost.
|
|
exec env ALL_PROXY=$PROXY_ADDR /usr/bin/pacman "\$@"
|
|
EOF
|
|
chmod +x /run/qubes/bin/pacman
|
|
cat > /etc/profile.d/qubes-proxy.sh << EOF
|
|
### This file is automatically generated by Qubes ($0 script).
|
|
### All modifications here will be lost.
|
|
export PATH=/run/qubes/bin:\$PATH
|
|
EOF
|
|
else
|
|
rm -f /run/qubes/bin/pacman
|
|
rm -f /etc/profile.d/qubes-proxy.sh
|
|
fi
|
|
fi
|
|
|
|
|
|
# DNF configuration doesn't support including other files
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1352234
|
|
if [ -e /etc/dnf/dnf.conf ]; then
|
|
update_conf /etc/dnf/dnf.conf "$PROXY_CONF_ENTRY"
|
|
fi
|
|
|
|
# The same goes for PackageKit...
|
|
# https://bugs.freedesktop.org/show_bug.cgi?id=96788
|
|
if [ -e /etc/PackageKit/PackageKit.conf ]; then
|
|
update_conf /etc/PackageKit/PackageKit.conf "ProxyHTTP=$PROXY_ADDR"
|
|
fi
|
|
|
|
# Portage (Gentoo)
|
|
if [ -e /etc/portage/make.conf ]; then
|
|
update_conf /etc/portage/make.conf "http_proxy=\"$PROXY_ADDR\"
|
|
https_proxy=\"$PROXY_ADDR\"
|
|
RSYNC_PROXY=\"${PROXY_ADDR_BASE}\""
|
|
|
|
# Current workaround for gpg not resolving key servers used behing proxy
|
|
# See QubesOS/qubes-issues#6013
|
|
if [ -n "$PROXY_ADDR" ]; then
|
|
update_conf /etc/hosts "127.0.0.1 keys.gentoo.org keys.gnupg.net"
|
|
else
|
|
update_conf /etc/hosts ""
|
|
fi
|
|
fi
|