Permalink
Cannot retrieve contributors at this time
executable file
107 lines (94 sloc)
3.51 KB
#!/bin/bash | |
## Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org> | |
## See the file COPYING for copying conditions. | |
qubes_torified_updates_proxy_not_detected() { | |
local error_msg error_text | |
error_msg="WARNING: Execution of $uwtwrapper_parent prevented by $BASH_SOURCE because no torified Qubes updates proxy found." | |
echo "$error_msg" >&2 | |
error_text="$(cat "/usr/share/doc/qubes-whonix/qubes_torfied_dom0.txt")" || true | |
echo "$error_text" >&2 | |
exit 255 | |
} | |
if [ "$torified_check" = "skip" ]; then | |
## Allow testing this script from command line. | |
## 'return 0 2>/dev/null || true' to exit from `source`ing this script. | |
return 0 2>/dev/null || true | |
## 'exit 0' to exit when run from command line. | |
exit 0 | |
fi | |
if echo "$uwtwrapper_parent" | grep -q apt ; then | |
torified_check=true | |
fi | |
if [ ! "$torified_check" = "true" ]; then | |
return 0 2>/dev/null || true | |
exit 0 | |
fi | |
## Detect Qubes. | |
if ! command -v "qubesdb-read" >/dev/null 2>&1 ; then | |
return 0 2>/dev/null || true | |
exit 0 | |
fi | |
## Detect being run inside TemplateVM. | |
if [ ! -f "/run/qubes/this-is-templatevm" ]; then | |
return 0 2>/dev/null || true | |
exit 0 | |
fi | |
qubes_torified_updates_proxy_wait_counter=0 | |
while true; do | |
## Determine if torified Qubes updates proxy was detected. | |
if [ -e "/run/updatesproxycheck/whonix-secure-proxy" ]; then | |
## Torified Qubes updates proxy was detected. | |
## Therefore exit from this torified Qubes updates proxy waiting loop. | |
break | |
fi | |
if [ -e /run/updatesproxycheck/whonix-secure-proxy-check-done ]; then | |
## Skip waiting if torified Qubes updates proxy test is already done. | |
qubes_torified_updates_proxy_not_detected | |
fi | |
qubes_torified_updates_proxy_wait_counter=$(( qubes_torified_updates_proxy_wait_counter + 1 )) | |
if [ "$qubes_torified_updates_proxy_wait_counter" -ge "120" ]; then | |
## Give up waiting for torified Qubes updates proxy test. | |
qubes_torified_updates_proxy_not_detected | |
fi | |
## Wait for torified Qubes updates proxy test to succeed. | |
sleep 1 | |
done | |
#### meta start | |
#### project Whonix | |
#### category networking and apt | |
#### qubes_whonix_only yes | |
#### description | |
## uwt Qubes-Whonix Integration | |
## | |
## Runs only inside Qubes TemplateVM. | |
## | |
## This configuration snippets configures [[#uwt|uwt]] to wait before running | |
## <code>apt</code> until status file | |
## <code>/run/updatesproxycheck/whonix-secure-proxy</code> or | |
## status file | |
## <code>/run/updatesproxycheck/whonix-secure-proxy-check-done</code> | |
## exists. It will timeout after <code>120</code> seconds. | |
## | |
## This is to determine if torified Qubes updates proxy was detected. | |
## | |
## If torified Qubes updates proxy detection fails, it will prevent running | |
## <code>apt</code> and show the following warning. | |
## | |
## <blockquote> | |
## WARNING: Execution of apt prevented by @file_name@ because no torified Qubes updates proxy found. | |
## </blockquote> | |
## | |
## If torified Qubes updates proxy detection succeeds, it will | |
## disable apt uwtwrapper. | |
## In other words, run apt normally. Run apt without <code>torsocks</code>. | |
## Because <code>apt</code> config file. | |
## <code>/etc/apt/apt.conf.d/01qubes-proxy</code> will already have http proxy | |
## settings for TCP based Qubes Updates proxy | |
## <code>Acquire::http::Proxy "http://10.137.255.254:8082/";</code> | |
## or for qrexec based Qubes updates proxy. | |
## <code>Acquire::http::Proxy "http://127.0.0.1:8082/";</code> | |
#### meta end | |
uwtwrapper["/usr/bin/apt"]="0" | |
uwtwrapper["/usr/bin/apt-get"]="0" | |
uwtwrapper["/usr/bin/apt-file"]="0" | |
uwtwrapper["/usr/bin/aptitude-curses"]="0" |