summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn/fw/firewall.py
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2018-04-03 02:45:34 +0200
committerRuben Pollan <meskio@sindominio.net>2018-04-11 16:40:10 +0200
commit3169015c5f5eaed5f2ad48e486b1fe96e1eb6bbe (patch)
tree6394836b65afb6be4768504474964e677c75210a /src/leap/bitmask/vpn/fw/firewall.py
parent309ea9c35743c11dd29d809e713274840fb0b145 (diff)
several fixes for riseupvpn snap
- move snap folder to root folder, to allow automated builds - install only polkit file outside of snap - change path of bitmask-root accordingly in bitmask - fix check for polkit file inside snap - change and document the algorithm for picking bitmask-root in linux - add LD_LIBRARY_PATH as an environment entry for bitmask-systray
Diffstat (limited to 'src/leap/bitmask/vpn/fw/firewall.py')
-rw-r--r--src/leap/bitmask/vpn/fw/firewall.py25
1 files changed, 20 insertions, 5 deletions
diff --git a/src/leap/bitmask/vpn/fw/firewall.py b/src/leap/bitmask/vpn/fw/firewall.py
index 98b317b0..cc5d76d0 100644
--- a/src/leap/bitmask/vpn/fw/firewall.py
+++ b/src/leap/bitmask/vpn/fw/firewall.py
@@ -25,7 +25,10 @@ import subprocess
from twisted.logger import Logger
-from leap.bitmask.system import IS_MAC, IS_LINUX
+from leap.bitmask.system import IS_MAC, IS_LINUX, IS_SNAP
+from leap.bitmask.vpn.constants import BITMASK_ROOT_SYSTEM
+from leap.bitmask.vpn.constants import BITMASK_ROOT_LOCAL
+from leap.bitmask.vpn.constants import BITMASK_ROOT_SNAP
from leap.common.events import catalog, emit_async
from leap.bitmask.vpn.launchers import darwin
@@ -87,11 +90,23 @@ class _LinuxFirewallManager(object):
This allows us to achieve fail close on a vpn connection.
"""
- _SYSTEM_BITMASK_ROOT = '/usr/sbin/bitmask-root'
- if os.path.isfile(_SYSTEM_BITMASK_ROOT):
- BITMASK_ROOT = _SYSTEM_BITMASK_ROOT
+ # TODO factor out choosing a version of bitmask-root.
+ # together with linux vpnlauncher.
+
+ if IS_SNAP:
+ # snap has its own version under /snap
+ BITMASK_ROOT = BITMASK_ROOT_SNAP
+ elif IS_STANDALONE and os.path.isfile(BITMASK_ROOT_LOCAL):
+ # if this is a bundle, we pick local. bundles ask to install it there.
+ BITMASK_ROOT = BITMASK_ROOT_LOCAL
else:
- BITMASK_ROOT = "/usr/local/sbin/bitmask-root"
+ if os.path.isfile(BITMASK_ROOT_SYSTEM):
+ # we can be running from the debian package,
+ # or some other distro. it's the maintainer responsibility to put bitmask-root there.
+ BITMASK_ROOT = BITMASK_ROOT_SYSTEM
+ else:
+ # as a last case, we fall back to installing into the /usr/local/sbin version.
+ BITMASK_ROOT = BITMASK_ROOT_LOCAL
def __init__(self, remotes):
"""