write GPG key and SSL certs sent though qubes.TemplateSearch and qubes.TemplateDownload

Guiiix · Guiiix · commit 81430ea4b7d8 · 2025-04-25T16:28:32.000+02:00
files destination path are replaced by the temp directory to prevent permission issues
and conflicts with existing files on the VM.
diff --git a/qubes-rpc/qvm-template-repo-query b/qubes-rpc/qvm-template-repo-query
@@ -26,6 +26,26 @@ repodir=$(mktemp -d)
 trap 'rm -r "$repodir"' EXIT
 cat > "$repodir/template.repo"
 
+# extract keys from wrapper in repo file
+mkdir "$repodir/keys"
+cp /etc/qubes/repo-templates/keys/* "$repodir/keys/"
+sed -i "s~/etc/qubes/repo-templates/keys/~$repodir/keys/~" "$repodir/template.repo"
+in_wrapper=false
+line_is_filename=true
+while read -r line; do
+    [[ "$line" == "###!Q!BEGIN-QUBES-WRAPPER!Q!###" ]] && in_wrapper=true && continue
+    [[ "$line" == "###!Q!END-QUBES-WRAPPER!Q!###" ]] && in_wrapper=false && continue
+    $in_wrapper || continue
+    if $line_is_filename; then
+        filename="$(echo "$line" | cut -c 2-)"
+        line_is_filename=false
+    else
+        mkdir -p "$(dirname "$filename")"
+        echo "$line" | cut -c 2- | base64 -d > "$filename"
+        line_is_filename=true
+    fi
+done < "$repodir/template.repo"
+
 DNF5=false
 if [ "$(readlink /usr/bin/dnf)" = "dnf5" ]; then
     DNF5=true
