Skip to content
Permalink
master
Switch branches/tags

qubes-whonix/etc/uwt.d/40_qubes.conf

Go to file
 
 
Cannot retrieve contributors at this time
executable file 107 lines (94 sloc) 3.51 KB
Raw Blame
#!/bin/bash
## Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
qubes_torified_updates_proxy_not_detected() {
local error_msg error_text
error_msg="WARNING: Execution of $uwtwrapper_parent prevented by $BASH_SOURCE because no torified Qubes updates proxy found."
echo "$error_msg" >&2
error_text="$(cat "/usr/share/doc/qubes-whonix/qubes_torfied_dom0.txt")" || true
echo "$error_text" >&2
exit 255
}
if [ "$torified_check" = "skip" ]; then
## Allow testing this script from command line.
## 'return 0 2>/dev/null || true' to exit from `source`ing this script.
return 0 2>/dev/null || true
## 'exit 0' to exit when run from command line.
exit 0
fi
if echo "$uwtwrapper_parent" | grep -q apt ; then
torified_check=true
fi
if [ ! "$torified_check" = "true" ]; then
return 0 2>/dev/null || true
exit 0
fi
## Detect Qubes.
if ! command -v "qubesdb-read" >/dev/null 2>&1 ; then
return 0 2>/dev/null || true
exit 0
fi
## Detect being run inside TemplateVM.
if [ ! -f "/run/qubes/this-is-templatevm" ]; then
return 0 2>/dev/null || true
exit 0
fi
qubes_torified_updates_proxy_wait_counter=0
while true; do
## Determine if torified Qubes updates proxy was detected.
if [ -e "/run/updatesproxycheck/whonix-secure-proxy" ]; then
## Torified Qubes updates proxy was detected.
## Therefore exit from this torified Qubes updates proxy waiting loop.
break
fi
if [ -e /run/updatesproxycheck/whonix-secure-proxy-check-done ]; then
## Skip waiting if torified Qubes updates proxy test is already done.
qubes_torified_updates_proxy_not_detected
fi
qubes_torified_updates_proxy_wait_counter=$(( qubes_torified_updates_proxy_wait_counter + 1 ))
if [ "$qubes_torified_updates_proxy_wait_counter" -ge "120" ]; then
## Give up waiting for torified Qubes updates proxy test.
qubes_torified_updates_proxy_not_detected
fi
## Wait for torified Qubes updates proxy test to succeed.
sleep 1
done
#### meta start
#### project Whonix
#### category networking and apt
#### qubes_whonix_only yes
#### description
## uwt Qubes-Whonix Integration
##
## Runs only inside Qubes TemplateVM.
##
## This configuration snippets configures [[#uwt|uwt]] to wait before running
## <code>apt</code> until status file
## <code>/run/updatesproxycheck/whonix-secure-proxy</code> or
## status file
## <code>/run/updatesproxycheck/whonix-secure-proxy-check-done</code>
## exists. It will timeout after <code>120</code> seconds.
##
## This is to determine if torified Qubes updates proxy was detected.
##
## If torified Qubes updates proxy detection fails, it will prevent running
## <code>apt</code> and show the following warning.
##
## <blockquote>
## WARNING: Execution of apt prevented by @file_name@ because no torified Qubes updates proxy found.
## </blockquote>
##
## If torified Qubes updates proxy detection succeeds, it will
## disable apt uwtwrapper.
## In other words, run apt normally. Run apt without <code>torsocks</code>.
## Because <code>apt</code> config file.
## <code>/etc/apt/apt.conf.d/01qubes-proxy</code> will already have http proxy
## settings for TCP based Qubes Updates proxy
## <code>Acquire::http::Proxy "http://10.137.255.254:8082/";</code>
## or for qrexec based Qubes updates proxy.
## <code>Acquire::http::Proxy "http://127.0.0.1:8082/";</code>
#### meta end
uwtwrapper["/usr/bin/apt"]="0"
uwtwrapper["/usr/bin/apt-get"]="0"
uwtwrapper["/usr/bin/apt-file"]="0"
uwtwrapper["/usr/bin/aptitude-curses"]="0"