summaryrefslogtreecommitdiff
path: root/src/leap
AgeCommit message (Collapse)Author
2018-01-26[bug] don't check for updates on polkit just for its existenceRuben Pollan
We don't update the polkit file normally, for now let's check if it's installed. It should be more clever, detecting wich file is needed, depending on wich bitmask-root will be executed. But for now it's just a dummy check.
2018-01-25[tests] workaround for functional tests in dockerKali Kaneko
polkit doesn't work inside docker.
2018-01-25[bug] fixed function callKali Kaneko
2018-01-25[bug] do not fail if the provider does not allow anonymous vpnKali Kaneko
Since bonafide was not catching the error 401, an attempt to bootstrap a provider that does not support anonvpn with the new setup was resulting in a json that was containing only an error message. this was producing an error when trying to access the configuration for that provider's EIP section. we now avoid writing a json config file if an error 401 is found, and also catch the exception for a ValueError when the EIP section is not found in the provider's configuration.
2018-01-25[feat] use new assets for systray iconsKali Kaneko
2018-01-25[bug] several fixes after reviewKali Kaneko
2018-01-25[feat] implement --nowindow flag to display only systrayKali Kaneko
for some usages, specially with autostart enabled, user might want to launch only the systray. this commit implements a simple ``--nowindow`` switch that just avoids showing the main window for now. in the future, we can have a different entrypoint that just launches bitmaskd and a minimal systray widget. I'm not documenting this feature properly since I think this is still missing some functionality: the ability to switch on and off the vpn, and the ability to pass the --autostart as a flag to the bitmask entrypoint.
2018-01-25[feat] report missing polkit properly from main UIKali Kaneko
also refactor and move polkit_agent so that it does not depend on having bitmask on the path.
2018-01-25[bug] check if attribute existsKali Kaneko
2018-01-25[feat] autostart application when user logs inKali Kaneko
2018-01-25[feat] implement autostart for vpnKali Kaneko
2018-01-25[feat] implement vpn status watchdogKali Kaneko
2018-01-25[feat] hardcode tcp4 in vpn connectionsKali Kaneko
for now, we'll be hardcoding tcp as a more reliable alternative, no matter what the provider announces. explicitely specifying ipv4 should fix the case in which vpn fails to start because ipv6 is disabled. -Resolves: #9181, #9129
2018-01-25[feat] support anonymous vpnKali Kaneko
honor the anonymous certificate for the providers that offer it. this still needs a change in bonafide, in which if provider supports anonymous access we still have to download eip-service.json for testing, I assume this has been already manually downloaded.
2018-01-25[feat] get cert automatically on vpn startKali Kaneko
2018-01-16[bug] fix the systemctl runRuben Pollan
2018-01-12[bug] Accept any character for message-idRuben Pollan
- Resolves: #9202
2018-01-12[feat] bump bitmask-root versionRuben Pollan
2018-01-12Add Qubes DNS support, fixesChristopher Laprise
2018-01-12Add anti-leak rules for qubes-firewallChristopher Laprise
2018-01-09[bug] fix issues with dns resolution with systemd-resolvedRuben Pollan
In ubuntu 17.10 some changes with systemd-resolved broke our firewall, blocking all DNS queries. The masquerade rules in the firewall, that are used to rewrite the source IP address of the DNS queries, were wrongly modifying the queries to systemd-resolved. Let's apply masquerade only to the packets addressed to the nameserver. - Resolves: #9137
2018-01-09[bug] do not depend on function if not in scopeKali Kaneko
2018-01-08[feat] try other gateways if the main one failsRuben Pollan
Removing '--persist-ip' param on openvpn it will try to connect to a different gateway if the first one fails. This means, that in case of network disconnection for some minutes bitmask will keep rotating between the different gateways and one the network comes back it will not connect anymore to the first one, but to the one that was trying at this moment. - Resolves: #9188
2018-01-06[style] pep8Kali Kaneko
2018-01-06[refactor] webengine entrypointKali Kaneko
this commit deprecates qtwebkit usage.
2018-01-06[refactor] factor out common functionsKali Kaneko
used from both entrypoints for linux and mac apps.
2017-12-22[bug] sync start and shutdown of systray and browserKali Kaneko
some juggling to make systray (qt5 for now) and browser (pywebview, native) start and stop coordinatedly. I will explore a more lightweight systray for coming releases.
2017-12-22[refactor] Use sender interface in outgoing serviceRuben Pollan
2017-12-22[bug] fetch the incoming service only if is onRuben Pollan
If you try to fetch the incoming service while it's still starting it throws a KeyError. - Resolves: #9174
2017-12-21[doc] add note about expected paths to bitmask-root itselfKali Kaneko
I should remember this change when we merge elijah's fix again. Hopefully that happens soon enough.
2017-12-21[bug] temporarily revert dnsmasq firewall fixKali Kaneko
It has been reported that, after this fix, dns leaks happen under some circumstances not yet clear. Preparing for a release, we have decided to revert this change until the problem can be properly triaged. This means a broken vpn aartful support for the time being, but a non-leaking master. https://0xacab.org/leap/bitmask-dev/issues/9137 - Related: #9137
2017-12-20[feat] remove status files on shutdownKali Kaneko
2017-12-20[bug] add lock in command dispatcherKali Kaneko
2017-12-20[pkg] import changes for qt5 to workkali
2017-12-20[bug] accept message-ids with '-'Ruben Pollan
Thunderbird produces message ids with '-' in them.
2017-12-20[feat] Add msg_status call to the mail APIRuben Pollan
To get the status of a single message providing it's mailbox and message-id. For now it only returns encryption/signature status. - Resolves: #6914
2017-12-20[refactor] rename API add_msg to msg_addRuben Pollan
To have consistency with all API calls related to messages and start all of them with msg_*
2017-12-09[bug] remove stuck_bootstrap deferred from ProviderRuben Pollan
This deferred was not used anywhere, but it was called twice. Provider is a singleton so multiple logins into the same provider where producing it to be called mor than once. - Resolves: #9171
2017-12-08[style] pep8Kali Kaneko
2017-12-08[docs] add comment about python interpreterKali Kaneko
2017-12-08[pkg] copy provider certificates on bundlesKali Kaneko
2017-12-08[bug] remove hardcoded pathKali Kaneko
2017-12-08[feat] osx systray with pyqt5Kali Kaneko
2017-12-07[feat] update bitmask-root if neededRuben Pollan
Chech the hash of the installed bitmask root and sign as not installed if doesn't match the one we have in the bundle. Also for running bitmask-root, if there is more than one (in /usr/local/sbin and /usr/sbin) run the one with higher version number. - Resolves: #9020
2017-12-07[feat] add provider pinningRuben Pollan
Pin the provider.json and the ca cert for the public providers. - Resolves: #9074
2017-12-05[bug] change bitmask-root to work with dnsmasqelijah
2017-12-03[feat] extend the expiration of private keys if neededRuben Pollan
Check on every fetch of the private key if the expiration is less than two months before it expire. And extend the expiration if needed. - Resolves: #8217
2017-12-03[refactor] remove rengenerate keyRuben Pollan
We are not planning to regenerate keys (for now), only to extend the expiration date.
2017-12-03[feat] stop resetting signs used after key regenerationTulio Casagrande
We were considering to reset the sign_used flag to force the new key to be resend as attachment in forthcoming emails. Although, this is not a good solution, because we'll lose information about which keys the client has signed.
2017-12-03[feat] send public key as attachment on every emailTulio Casagrande
Previously, we were sending the key attached as long as the contact hasn't replied back. But with new key replace scenarios, we need to updated the contact keyring with the new key. We can implement autocrypt or similar in the future, but for now, let's send the key attached on every email.