Age | Commit message (Collapse) | Author |
|
|
|
|
|
- move snap folder to root folder, to allow automated builds
- install only polkit file outside of snap
- change path of bitmask-root accordingly in bitmask
- fix check for polkit file inside snap
- change and document the algorithm for picking bitmask-root in linux
- add LD_LIBRARY_PATH as an environment entry for bitmask-systray
|
|
|
|
|
|
|
|
|
|
for some usages, specially with autostart enabled, user might want to
launch only the systray.
this commit implements a simple ``--nowindow`` switch that just avoids
showing the main window for now. in the future, we can have a different
entrypoint that just launches bitmaskd and a minimal systray widget.
I'm not documenting this feature properly since I think this is still
missing some functionality: the ability to switch on and off the vpn,
and the ability to pass the --autostart as a flag to the bitmask
entrypoint.
|
|
|
|
for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.
explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.
-Resolves: #9181, #9129
|
|
honor the anonymous certificate for the providers that offer it.
this still needs a change in bonafide, in which if provider supports
anonymous access we still have to download eip-service.json
for testing, I assume this has been already manually downloaded.
|
|
|
|
In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.
Let's apply masquerade only to the packets addressed to the nameserver.
- Resolves: #9137
|
|
- Resolves: #9191
|
|
Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.
- Resolves: #9188
|
|
this commit deprecates qtwebkit usage.
|
|
|
|
To get the status of a single message providing it's mailbox and
message-id. For now it only returns encryption/signature status.
- Resolves: #6914
|
|
|
|
Pin the provider.json and the ca cert for the public providers.
- Resolves: #9074
|
|
this will be used by bundles, and it's needed now that ifconfig and
other net-utils are being deprecated.
|
|
Check on every fetch of the private key if the expiration is less than
two months before it expire. And extend the expiration if needed.
- Resolves: #8217
|
|
|
|
|
|
|
|
- Resolves: #9094
|
|
When content-type was set in the message headers instead of the
MIMEPart (e.g. when not using MIMEParts in the message) bitmask would
ignore it and add the content as text/plain. This caused problems with
Nylas.
To fix this, if the message is not Multipart I'm keeping the
assumption that everything is going to have the maintype of "text" but
copying the subtype from the original message.
This also decodes the original message's payload before attaching the
old content to the new message to make up for the loss of encoding
information.
-Resolves: #9064
|
|
|
|
- Resolves: #9099
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For now, the way to select a gateway is to add a section in
bitmaskd.cfg:
[vpn_prefs]
locations = ["frankfurt", "seattle__wa"]
countries = ["DE", "US"]
Note that the location indication has priority over country code.
This will be exposed by the UI in release 0.11
- Resolves: #8855
|
|
This is a first approach to automatic gateways selection.
More things are missing:
- allow manual selection, by location or country code.
- take the hemisphere into account.
- expose the selected gw to the api/cli
but overall seems this is a good approach to make 0.10 release usable in
terms of vpn.
- Resolves: #8804
|
|
If chromium is installed in the system, there's no need to depend on
qt5.
|
|
This can be produced by errors fetching keys from the server.
- Resolves: #8971
|
|
- Resolves: #8852
|
|
Right now we are trying to restart openvpn every 2 seconds, for ever (or
until the user turns down the VPN). Maybe we can be more smart making
the retries longer with time.
- Resolves: #8049
|
|
If is set keyamanger will try to discover and download the key.
- Resolves: #8821
|
|
|
|
Deal as well with sending key if key is outdated in the providers nicknym.
- Resolves: #8819, #8832
|
|
Allows to upload a key to providers that use a different api uri than
api.provider.net
- Resolves: #8868
|
|
|
|
|
|
|
|
|