From 205324734626a5dece03fc871448d0f71bbfb46d Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 24 Oct 2012 04:25:46 +0900 Subject: removed branding info from branding config file So we officially can say this is a generic client now. Branding config file is still at pkg/branding/config.py Note that with this change the package is called now leap-client so you will have to remove old installs of leap-foo-client in your path (from previous branded builds). Changing the package name was an AWFUL and painful idea, and we will not do that again. (launcher is another story). Lesson learned. --- pkg/branding/config.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkg') diff --git a/pkg/branding/config.py b/pkg/branding/config.py index 665cfbda..bcacc3bc 100644 --- a/pkg/branding/config.py +++ b/pkg/branding/config.py @@ -1,11 +1,11 @@ # Configuration file for branding -BRANDED_BUILD = True +BRANDED_BUILD = False APP_BASE_NAME = "leap-client" APP_PREFIX = "%s-" % APP_BASE_NAME BRANDED_OPTS = { - 'short_name': "springbok", - 'provider_domain': "springbok", - 'provider_ca_path': "data/branding/cacert.pem"} + 'short_name': "", + 'provider_domain': "", + 'provider_ca_path': ""} -- cgit v1.2.3 From 18be85f13abc6bc94a3725950ec16ad1adec0ab8 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 11 Dec 2012 01:40:05 +0900 Subject: fetch only if not changed-since config file timestamp Changing this now to be able to test different providers by just updating our local config file. --- pkg/requirements.pip | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index e5338744..5664aa5e 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -11,3 +11,4 @@ jsonschema srp pycrypto keyring +python-dateutil -- cgit v1.2.3 From 0c2275222cf77bf5975a25a75ab0e50ac752bc9e Mon Sep 17 00:00:00 2001 From: kali Date: Mon, 17 Dec 2012 04:35:16 +0900 Subject: fix srp authentication cookies --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 5664aa5e..c573009e 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -8,7 +8,7 @@ psutil netifaces python-gnutls==1.1.9 # see https://bugs.launchpad.net/ubuntu/+source/python-gnutls/+bug/1027129 jsonschema -srp +srp>=1.0.1 pycrypto keyring python-dateutil -- cgit v1.2.3 From 2be35ae3a89071df58bae2513d0a7e9a68239f57 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 18 Dec 2012 05:56:55 +0900 Subject: relax srp requirement (breaks install) --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index c573009e..49b56274 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -8,7 +8,7 @@ psutil netifaces python-gnutls==1.1.9 # see https://bugs.launchpad.net/ubuntu/+source/python-gnutls/+bug/1027129 jsonschema -srp>=1.0.1 +srp # >=1.0.1 MUST HAVE 1.0.1 BUGFIX, but upstream DID NOT UPDATE setup.py so it conflicts pycrypto keyring python-dateutil -- cgit v1.2.3 From 34cdc516cbdef476d0329fff5d09d6eb0e85431f Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 18 Dec 2012 07:17:56 +0900 Subject: freeze requests requirement lower than 1.0 srp auth breaking with 1.0 api --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 49b56274..d7dc2c91 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -2,7 +2,7 @@ # do not change it, we will freeze the requirements before tagging a release. argparse # only for python 2.6 -requests +requests<1.0.0 ping psutil netifaces -- cgit v1.2.3 From 1834c0e5207d3edb0002558715aaf30676e6d847 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 27 Dec 2012 02:58:26 +0900 Subject: updated requirements for soledad --- pkg/requirements.pip | 4 ++++ pkg/test-requirements.pip | 1 + 2 files changed, 5 insertions(+) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index d7dc2c91..e7ccb97a 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -12,3 +12,7 @@ srp # >=1.0.1 MUST HAVE 1.0.1 BUGFIX, but upstream DID NOT UPDATE setup.py so i pycrypto keyring python-dateutil +python-gnupg +u1db +oauth +couchdb diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index 26db61c8..081d5479 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -1,3 +1,4 @@ +unittest2 coverage mock nose -- cgit v1.2.3 From b4af406e6cf233d939e3dfa5b5c9b2241b6d8ea0 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 27 Dec 2012 03:09:34 +0900 Subject: import fixes for soledad --- pkg/test-requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index 081d5479..11ccf4eb 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -1,4 +1,4 @@ -unittest2 +unittest2 # TODO we should include this dep only for python2.6 coverage mock nose -- cgit v1.2.3 From 5a99186cbc1b4fc8dbd317b56f3a620b2a9f79a4 Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 28 Dec 2012 02:27:29 +0900 Subject: add bootstrap script to repo --- pkg/scripts/leap | 6 ----- pkg/scripts/leap_client_bootstrap.sh | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 6 deletions(-) delete mode 100755 pkg/scripts/leap create mode 100644 pkg/scripts/leap_client_bootstrap.sh (limited to 'pkg') diff --git a/pkg/scripts/leap b/pkg/scripts/leap deleted file mode 100755 index 6e62b597..00000000 --- a/pkg/scripts/leap +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env python - -from leap.app import main - -if __name__ == "__main__": - main() diff --git a/pkg/scripts/leap_client_bootstrap.sh b/pkg/scripts/leap_client_bootstrap.sh new file mode 100644 index 00000000..6c302d3f --- /dev/null +++ b/pkg/scripts/leap_client_bootstrap.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Installs requirements, and +# clones the latest leap-client + +# depends on: +# openvpn git-core libgnutls-dev python-dev python-qt4 python-setuptools python-virtualenv + +# Escape code +esc=`echo -en "\033"` + +# Set colors +cc_green="${esc}[0;32m" +cc_yellow="${esc}[0;33m" +cc_blue="${esc}[0;34m" +cc_red="${esc}[0;31m" +cc_normal=`echo -en "${esc}[m\017"` + +echo "${cc_yellow}" +echo "~~~~~~~~~~~~~~~~~~~~~~" +echo "LEAP " +echo "client bootstrapping " +echo "~~~~~~~~~~~~~~~~~~~~~~" +echo "" +echo "${cc_green}Creating virtualenv...${cc_normal}" + +mkdir leap-client-testbuild +virtualenv leap-client-testbuild +source leap-client-testbuild/bin/activate + +echo "${cc_green}Installing leap client...${cc_normal}" + +# Clone latest git (develop branch) +# change "develop" for any other branch you want. + + +pip install -e 'git://leap.se/leap_client@develop#egg=leap-client' + +cd leap-client-testbuild + +# symlink the pyqt libraries to the system libs +./src/leap-client/pkg/postmkvenv.sh + +echo "${cc_green}leap-client installed! =)" +echo "${cc_yellow}" +echo "Launch it with: " +echo "~~~~~~~~~~~~~~~~~~~~~~" +echo "bin/leap-client" +echo "~~~~~~~~~~~~~~~~~~~~~~" +echo "${cc_normal}" -- cgit v1.2.3 From 4ad663b935fa1845d426dde99a8272942b620e11 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 2 Jan 2013 18:06:13 +0900 Subject: initial OSX packaging --- pkg/osx/Info.plist | 22 ++++++++++++++++++++++ pkg/osx/Makefile | 17 +++++++++++++++++ pkg/osx/README.rst | 10 ++++++++++ pkg/osx/leap-client.spec | 32 ++++++++++++++++++++++++++++++++ pkg/postmkvenv.sh | 17 ++++++++++++++++- 5 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 pkg/osx/Info.plist create mode 100644 pkg/osx/Makefile create mode 100644 pkg/osx/README.rst create mode 100644 pkg/osx/leap-client.spec (limited to 'pkg') diff --git a/pkg/osx/Info.plist b/pkg/osx/Info.plist new file mode 100644 index 00000000..e90d920a --- /dev/null +++ b/pkg/osx/Info.plist @@ -0,0 +1,22 @@ + + + + + CFBundleDisplayName + leap-client + CFBundleExecutable + MacOS/app + CFBundleIconFile + icon-windowed.icns + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + leap-client + CFBundlePackageType + APPL + CFBundleShortVersionString + 1 + LSBackgroundOnly + + + diff --git a/pkg/osx/Makefile b/pkg/osx/Makefile new file mode 100644 index 00000000..54fbf14a --- /dev/null +++ b/pkg/osx/Makefile @@ -0,0 +1,17 @@ +pkg : dist dmg + +dist : + ~/pyinstaller/pyinstaller.py -w -s leap-client.spec + cp -r /opt/local/Library/Frameworks/QtGui.framework/Versions/4/Resources/qt_menu.nib "dist/LEAP Client.app/Contents/Resources" + cp Info.plist "dist/LEAP Client.app/Contents/Info.plist" + cp ../../data/images/leap-client.icns "dist/LEAP Client.app/Contents/Resources/icon-windowed.icns" + + +dmg : + #TODO: remove if already present + #rm dist/LEAPClient.dmg + hdiutil create -format UDBZ -srcfolder "dist/LEAP Client.app/" "dist/LEAP Client.dmg" + +clean : + rm -rf dist/ build/ + diff --git a/pkg/osx/README.rst b/pkg/osx/README.rst new file mode 100644 index 00000000..dfd8fc16 --- /dev/null +++ b/pkg/osx/README.rst @@ -0,0 +1,10 @@ +freezing the app +---------------- +just type, from this dir:: + + $ make dist + $ make dmg + +For doing both things:: + + $ make pkg diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec new file mode 100644 index 00000000..4a34bb7c --- /dev/null +++ b/pkg/osx/leap-client.spec @@ -0,0 +1,32 @@ +# -*- mode: python -*- +a = Analysis(['../../src/leap/app.py'], + pathex=[ + '../../src/leap', + '/Users/kaliy/leap/leap-client-testbuild/src/leap-client/pkg/osx'], + hiddenimports=['atexit'], + hookspath=None) +pyz = PYZ(a.pure) +exe = EXE(pyz, + a.scripts, + exclude_binaries=1, + name=os.path.join('build/pyi.darwin/leap-client', 'app'), + debug=False, + strip=True, + upx=True, + console=False) +coll = COLLECT(exe, + a.binaries, + a.zipfiles, + a.datas, + strip=True, + upx=True, + name=os.path.join('dist', 'app')) +app = BUNDLE(coll, + name=os.path.join('dist', 'leap-client.app')) + +import sys +if sys.platform.startswith("darwin"): + app = BUNDLE(coll, + name=os.path.join('dist', 'LEAP Client.app'), + appname='LEAP Client', + version=1) diff --git a/pkg/postmkvenv.sh b/pkg/postmkvenv.sh index efdbc2fb..593b11da 100755 --- a/pkg/postmkvenv.sh +++ b/pkg/postmkvenv.sh @@ -8,6 +8,14 @@ # script fails in ubuntu, with path: /usr/lib/pymodules/python2.7/PyQt4 # use import PyQt4; PyQt4.__path__ instead +platform='unknown' +unamestr=`uname` +if [[ "$unamestr" == 'Linux' ]]; then + platform='linux' +elif [[ "$unamestr" == 'Darwin' ]]; then + platform='darwin' +fi + LIBS=( PyQt4 sip.so ) PYTHON_VERSION=python$(python -c "import sys; print (str(sys.version_info[0])+'.'+str(sys.version_info[1]))") @@ -15,7 +23,14 @@ VAR=( $(which -a $PYTHON_VERSION) ) GET_PYTHON_LIB_CMD="from distutils.sysconfig import get_python_lib; print (get_python_lib())" LIB_VIRTUALENV_PATH=$(python -c "$GET_PYTHON_LIB_CMD") -LIB_SYSTEM_PATH=$(${VAR[-1]} -c "$GET_PYTHON_LIB_CMD") + +if [[ $platform == 'linux' ]]; then + LIB_SYSTEM_PATH=$(${VAR[-1]} -c "$GET_PYTHON_LIB_CMD") +elif [[ $platform == 'darwin' ]]; then + LIB_SYSTEM_PATH=$(/opt/local/bin/python2.6 -c "$GET_PYTHON_LIB_CMD") +else + echo "unsupported platform; not doing symlinks" +fi for LIB in ${LIBS[@]} do -- cgit v1.2.3 From 7c7e303ad66333d34fb6829deb8c3c3e81e1b328 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 2 Jan 2013 18:20:27 +0900 Subject: merge osx readme --- pkg/osx/README.rst | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'pkg') diff --git a/pkg/osx/README.rst b/pkg/osx/README.rst index dfd8fc16..e69de29b 100644 --- a/pkg/osx/README.rst +++ b/pkg/osx/README.rst @@ -1,10 +0,0 @@ -freezing the app ----------------- -just type, from this dir:: - - $ make dist - $ make dmg - -For doing both things:: - - $ make pkg -- cgit v1.2.3 From e35eb606faef1ccd06201a0b38a462375426cedd Mon Sep 17 00:00:00 2001 From: kali Date: Mon, 7 Jan 2013 21:10:41 +0900 Subject: Working OSX installer workflow. Using platypus for installer. Working installer at 17.6MB compressed. --- pkg/osx/Makefile | 32 +- pkg/osx/README.rst | 60 +++ .../install/ProcessNetworkChanges.plist.template | 16 + pkg/osx/install/client.down.sh | 146 +++++ pkg/osx/install/client.up.sh | 596 +++++++++++++++++++++ pkg/osx/install/install-leapc.sh | 16 + pkg/osx/install/leap-installer.platypus | 90 ++++ 7 files changed, 953 insertions(+), 3 deletions(-) create mode 100644 pkg/osx/install/ProcessNetworkChanges.plist.template create mode 100755 pkg/osx/install/client.down.sh create mode 100755 pkg/osx/install/client.up.sh create mode 100755 pkg/osx/install/install-leapc.sh create mode 100644 pkg/osx/install/leap-installer.platypus (limited to 'pkg') diff --git a/pkg/osx/Makefile b/pkg/osx/Makefile index 54fbf14a..b302fa31 100644 --- a/pkg/osx/Makefile +++ b/pkg/osx/Makefile @@ -1,4 +1,8 @@ -pkg : dist dmg +#WARNING: You need to run this with an activated VIRTUALENV. + +OSX = dist/LEAP\ Client.app/Contents/MacOS/ + +pkg : dist trim installer dmg dist : ~/pyinstaller/pyinstaller.py -w -s leap-client.spec @@ -6,12 +10,34 @@ dist : cp Info.plist "dist/LEAP Client.app/Contents/Info.plist" cp ../../data/images/leap-client.icns "dist/LEAP Client.app/Contents/Resources/icon-windowed.icns" +trim: + #XXX this should go properly in pyinstaller spec excludes, but going quick'n'dirty + rm $(OSX)QtSvg $(OSX)QtXml $(OSX)QtNetwork $(OSX)QtOpenGL $(OSX)Qt3Support $(OSX)QtSql + +installer: + #XXX need to fix some paths there (binary, etc) + platypus -P install/leap-installer.platypus -y dist/LEAPClient_installer.app + #XXX should build tuntap extensions ourselves + mkdir "dist/LEAPClient_installer.app/Contents/Resources/StartupItems" + mkdir "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" + cp -r /opt/local/Library/StartupItems/tun "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/" + cp -r /opt/local/Library/StartupItems/tap "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/" + cp -r /opt/local/Library/Extensions/tun.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" + cp -r /opt/local/Library/Extensions/tap.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" + #copy the binary that we have previously built + #XXX not building it yet... + cp ../../openvpn/build/openvpn.leap "dist/LEAPClient_installer.app/Contents/Resources/" + #copy startup scripts + cp install/client.up.sh "dist/LEAP Client.app/Contents/Resources" + cp install/client.down.sh "dist/LEAP Client.app/Contents/Resources" + cp install/ProcessNetworkChanges.plist.template "dist/LEAP Client.app/Contents/Resources" + #Finally, copy application bundle... + cp -r "dist/LEAP Client.app" "dist/LEAPClient_installer.app/Contents/Resources/" dmg : #TODO: remove if already present #rm dist/LEAPClient.dmg - hdiutil create -format UDBZ -srcfolder "dist/LEAP Client.app/" "dist/LEAP Client.dmg" + hdiutil create -format UDBZ -srcfolder "dist/LEAPClient_installer.app/" "dist/LEAP Client Installer.dmg" clean : rm -rf dist/ build/ - diff --git a/pkg/osx/README.rst b/pkg/osx/README.rst index e69de29b..48d96ffb 100644 --- a/pkg/osx/README.rst +++ b/pkg/osx/README.rst @@ -0,0 +1,60 @@ +environment setup in osx +======================== +(I rm'd my README by mistake at some point. Re-do). + +basically you need this to setup your environment: + +# check and consolidate + +# install xcode and macports +# port -v selfupdate +# port install python26 +# port install python_select # unneeded? +# port install py26-pyqt4 +# port install py26-twisted +# port install py26-pip +# port install py26-virtualenv +# port install git-core +# port install gnutls +# port install platypus + +Requirements +============ +pyinstaller (in ~/pyinstaller) +platypus (tested with latest macports) + +... + install environment as usual, + inside virtualenv. + +.. note:: there is something missing here, about troubles building gnutls extension, + I think I ended by symlinking global install via macports. + +Pyinstaller fix for sip api +--------------------------- +We need a workaround for setting the right sip api. +Paste this in the top of pyinstaller/support/rthooks/pyi_rth_qt4plugins.py:: + + import sip + sip.setapi('QString', 2) + sip.setapi('QVariant', 2) + +See www.pyinstaller.org/wiki/Recipe/PyQtChangeApiVersion. + +Building the package +==================== + +Building the binary +------------------- +We use the scripts in openvpn/build.zsh +The packaging Makefile is expecting the final binary in the location:: + + ../../openvpn/build/openvpn.leap + +Running the build +----------------- +IMPORTANT: activate the VIRTUALENV FIRST! +(you will get an import error otherwise) + +For running all steps at once:: + + make pkg diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template new file mode 100644 index 00000000..faea8dee --- /dev/null +++ b/pkg/osx/install/ProcessNetworkChanges.plist.template @@ -0,0 +1,16 @@ + + + + + Label + net.tunnelblick.openvpn.process-network-changes + ProgramArguments + + ${DIR}/process-network-changes + + WatchPaths + + /Library/Preferences/SystemConfiguration + + + diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh new file mode 100755 index 00000000..47f00ed7 --- /dev/null +++ b/pkg/osx/install/client.down.sh @@ -0,0 +1,146 @@ +#!/bin/bash -e +# Note: must be bash; uses bash-specific tricks +# +# ****************************************************************************************************************** +# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# pushed configurations and DHCP leases. :) +# +# This is the "Down" version of the script, executed after the connection is +# closed. +# +# Created by: Nick Williams (using original code and parts of old Tblk scripts) +# +# ****************************************************************************************************************** + +trap "" TSTP +trap "" HUP +trap "" INT +export PATH="/bin:/sbin:/usr/sbin:/usr/bin" + +readonly LOG_MESSAGE_COMMAND=$(basename "${0}") + +# Quick check - is the configuration there? +if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then + # Configuration isn't there, so we forget it + echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting." + exit 0 +fi + +# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift Tunnelblick options out of the argument list + +# Get info saved by the up script +TUNNELBLICK_CONFIG="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN + quit +EOF)" + +ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" +LEASEWATCHER_PLIST_PATH="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" +PSID="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" +SCRIPT_LOG_FILE="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" +# Don't need: PROCESS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" +# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" +ARG_TAP="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" +bRouteGatewayIsDhcp="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" + +# @param String message - The message to log +logMessage() +{ + echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" +} + +trim() +{ + echo ${@} +} + +if ${ARG_TAP} ; then + if [ "$bRouteGatewayIsDhcp" == "true" ]; then + if [ -z "$dev" ]; then + logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly." + else + set +e + ipconfig set "$dev" NONE 2>/dev/null + set -e + fi + fi +fi + +# Issue warning if the primary service ID has changed +PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF + open + show State:/Network/OpenVPN + quit +EOF)" +if [ "${PSID}" != "${PSID_CURRENT}" ] ; then + logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}" +fi + +# Remove leasewatcher +if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + launchctl unload "${LEASEWATCHER_PLIST_PATH}" + logMessage "Cancelled monitoring of system configuration changes" +fi + +# Restore configurations +DNS_OLD="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN/OldDNS + quit +EOF)" +WINS_OLD="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN/OldSMB + quit +EOF)" +TB_NO_SUCH_KEY=" { + TunnelblickNoSuchKey : true +}" + +if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then + scutil <<- EOF + open + remove State:/Network/Service/${PSID}/DNS + quit +EOF +else + scutil <<- EOF + open + get State:/Network/OpenVPN/OldDNS + set State:/Network/Service/${PSID}/DNS + quit +EOF +fi + +if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then + scutil <<- EOF + open + remove State:/Network/Service/${PSID}/SMB + quit +EOF +else + scutil <<- EOF + open + get State:/Network/OpenVPN/OldSMB + set State:/Network/Service/${PSID}/SMB + quit +EOF +fi + +logMessage "Restored the DNS and WINS configurations" + +# Remove our system configuration data +scutil <<- EOF + open + remove State:/Network/OpenVPN/SMB + remove State:/Network/OpenVPN/DNS + remove State:/Network/OpenVPN/OldSMB + remove State:/Network/OpenVPN/OldDNS + remove State:/Network/OpenVPN + quit +EOF + +exit 0 diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh new file mode 100755 index 00000000..fc7e341a --- /dev/null +++ b/pkg/osx/install/client.up.sh @@ -0,0 +1,596 @@ +#!/bin/bash -e +# Note: must be bash; uses bash-specific tricks +# +# ****************************************************************************************************************** +# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :) +# +# This is the "Up" version of the script, executed after the interface is +# initialized. +# +# Created by: Nick Williams (using original code and parts of old Tblk scripts) +# +# ****************************************************************************************************************** + +trap "" TSTP +trap "" HUP +trap "" INT +export PATH="/bin:/sbin:/usr/sbin:/usr/bin" + +# Process optional arguments (if any) for the script +# Each one begins with a "-" +# They come from Tunnelblick, and come first, before the OpenVPN arguments +# So we set ARG_ script variables to their values and shift them out of the argument list +# When we're done, only the OpenVPN arguments remain for the rest of the script to use +ARG_MONITOR_NETWORK_CONFIGURATION="false" +ARG_RESTORE_ON_DNS_RESET="false" +ARG_RESTORE_ON_WINS_RESET="false" +ARG_TAP="false" +ARG_IGNORE_OPTION_FLAGS="" + +while [ {$#} ] ; do + if [ "$1" = "-m" ] ; then # Handle the arguments we know about + ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values + shift # Then shift them out + elif [ "$1" = "-d" ] ; then + ARG_RESTORE_ON_DNS_RESET="true" + shift + elif [ "$1" = "-w" ] ; then + ARG_RESTORE_ON_WINS_RESET="true" + shift + elif [ "$1" = "-a" ] ; then + ARG_TAP="true" + shift + elif [ "${1:0:2}" = "-i" ] ; then + ARG_IGNORE_OPTION_FLAGS="${1}" + shift + elif [ "${1:0:2}" = "-a" ] ; then + ARG_IGNORE_OPTION_FLAGS="${1}" + shift + else + if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand + shift # so the rest of the script sees only the OpenVPN arguments + else + break + fi + fi +done + +readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS + +# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy +# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn +# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn +# to get the script log path +# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything. +readonly TBALTPREFIX="/Library/Application Support/Tunnelblick/Users/" +readonly TBALTPREFIXLEN="${#TBALTPREFIX}" +readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}" +if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then + readonly TBBASE="${config:$TBALTPREFIXLEN}" + readonly TBSUFFIX="${TBBASE#*/}" + readonly TBUSERNAME="${TBBASE%%/*}" + readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/Tunnelblick/Configurations/$TBSUFFIX" +else + readonly TBCONFIG="${config}" +fi + +readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')" +readonly SCRIPT_LOG_FILE="/Library/Application Support/Tunnelblick/Logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" + +readonly TB_RESOURCE_PATH=$(dirname "${0}") + +LEASEWATCHER_PLIST_PATH="/Library/Application Support/Tunnelblick/LeaseWatch.plist" + +readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')" + +readonly DEFAULT_DOMAIN_NAME="openvpn" + +bRouteGatewayIsDhcp="false" + +# @param String message - The message to log +readonly LOG_MESSAGE_COMMAND=$(basename "${0}") +logMessage() +{ + echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" +} + +# @param String string - Content to trim +trim() +{ + echo ${@} +} + +# @param String[] dnsServers - The name servers to use +# @param String domainName - The domain name to use +# @param \optional String[] winsServers - The WINS servers to use +setDnsServersAndDomainName() +{ + declare -a vDNS=("${!1}") + domain=$2 + declare -a vWINS=("${!3}") + + set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors + + PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF + open + show State:/Network/Global/IPv4 + quit +EOF ) + + STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF + open + show Setup:/Network/Service/${PSID}/DNS + quit +EOF )" + if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then + readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then + readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + + STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF + open + show Setup:/Network/Service/${PSID}/SMB + quit +EOF )" + STATIC_WINS_SERVERS="" + STATIC_WORKGROUP="" + STATIC_NETBIOSNAME="" + if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then + STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then + STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")" + fi + if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then + STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")" + fi + readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME + + if [ ${#vDNS[*]} -eq 0 ] ; then + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + elif [ -n "${STATIC_DNS}" ] ; then + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + ;; + 10.4 | 10.5 ) + DYN_DNS="true" + # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's + SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')" + (( i=0 )) + for n in "${vDNS[@]}" ; do + if echo "${SDNS}" | grep -q "${n}" ; then + unset vDNS[${i}] + fi + (( i++ )) + done + if [ ${#vDNS[*]} -gt 0 ] ; then + ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")" + else + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + fi + ;; + esac + else + DYN_DNS="true" + ALL_DNS="$(trim "${vDNS[*]}")" + fi + readonly DYN_DNS ALL_DNS + + if [ ${#vWINS[*]} -eq 0 ] ; then + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + elif [ -n "${STATIC_WINS_SERVERS}" ] ; then + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + ;; + 10.4 | 10.5 ) + DYN_WINS="true" + # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's + SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')" + (( i=0 )) + for n in "${vWINS[@]}" ; do + if echo "${SWINS}" | grep -q "${n}" ; then + unset vWINS[${i}] + fi + (( i++ )) + done + if [ ${#vWINS[*]} -gt 0 ] ; then + ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")" + else + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + fi + ;; + esac + else + DYN_WINS="true" + ALL_WINS_SERVERS="$(trim "${vWINS[*]}")" + fi + readonly DYN_WINS ALL_WINS_SERVERS + + # We double-check that our search domain isn't already on the list + SEARCH_DOMAIN="${domain}" + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + if [ -n "${STATIC_SEARCH}" ] ; then + ALL_SEARCH="${STATIC_SEARCH}" + SEARCH_DOMAIN="" + else + ALL_SEARCH="${SEARCH_DOMAIN}" + fi + ;; + 10.4 | 10.5 ) + if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then + SEARCH_DOMAIN="" + fi + if [ -z "${SEARCH_DOMAIN}" ] ; then + ALL_SEARCH="${STATIC_SEARCH}" + else + ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")" + fi + ;; + esac + readonly SEARCH_DOMAIN ALL_SEARCH + + if ! ${DYN_DNS} ; then + NO_DNS="#" + fi + if ! ${DYN_WINS} ; then + NO_WS="#" + fi + if [ -z "${SEARCH_DOMAIN}" ] ; then + NO_SEARCH="#" + fi + if [ -z "${STATIC_WORKGROUP}" ] ; then + NO_WG="#" + fi + if [ -z "${STATIC_NETBIOSNAME}" ] ; then + NO_NB="#" + fi + if [ -z "${ALL_DNS}" ] ; then + AGG_DNS="#" + fi + if [ -z "${ALL_SEARCH}" ] ; then + AGG_SEARCH="#" + fi + if [ -z "${ALL_WINS_SERVERS}" ] ; then + AGG_WINS="#" + fi + + # Now, do the aggregation + # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from Tunnelblick, + # then save old and new DNS and WINS settings + # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID) + # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script + logMessage "Up to two 'No such key' warnings are normal and may be ignored" + + # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' + if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then + CORRECT_OLD_DNS_KEY="Setup:" + else + CORRECT_OLD_DNS_KEY="State:" + fi + + # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' + if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then + CORRECT_OLD_WINS_KEY="Setup:" + else + CORRECT_OLD_WINS_KEY="State:" + fi + + # If we are not expecting any WINS value, add to the expected WINS setup + NO_NOSUCH_KEY_WINS="#" + if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then + NO_NOSUCH_KEY_WINS="" + fi + readonly NO_NOSUCH_KEY_WINS + + set -e # We instruct bash that it CAN again fail on errors + + scutil <<- EOF + open + d.init + d.add PID # ${PPID} + d.add Service ${PSID} + d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}" + d.add ScriptLogFile "${SCRIPT_LOG_FILE}" + d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}" + d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}" + d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}" + d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}" + d.add IsTapInterface "${ARG_TAP}" + d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}" + set State:/Network/OpenVPN + + # First, back up the device's current DNS and WINS configurations + # Indicate 'no such key' by a dictionary with a single entry: "TunnelblickNoSuchKey : true" + d.init + d.add TunnelblickNoSuchKey true + get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS + set State:/Network/OpenVPN/OldDNS + + d.init + d.add TunnelblickNoSuchKey true + get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB + set State:/Network/OpenVPN/OldSMB + + # Second, initialize the new DNS map + d.init + ${NO_DNS}d.add ServerAddresses * ${vDNS[*]} + ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN} + d.add DomainName ${domain} + set State:/Network/Service/${PSID}/DNS + + # Third, initialize the WINS map + d.init + ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} + ${NO_WS}d.add WINSAddresses * ${vWINS[*]} + ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} + set State:/Network/Service/${PSID}/SMB + + # Now, initialize the maps that will be compared against the system-generated map + # which means that we will have to aggregate configurations of statically-configured + # nameservers, and statically-configured search domains + d.init + ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS} + ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH} + d.add DomainName ${domain} + set State:/Network/OpenVPN/DNS + + d.init + ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} + ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS} + ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} + ${NO_NOSUCH_KEY_WINS}d.add TunnelblickNoSuchKey true + set State:/Network/OpenVPN/SMB + + # We are done + quit +EOF + + logMessage "Saved the DNS and WINS configurations for later use" + + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then + # Generate an updated plist with the path for process-network-changes + readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template" + sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" + launchctl load "${LEASEWATCHER_PLIST_PATH}" + logMessage "Set up to monitor system configuration with process-network-changes" + else + # Generate an updated plist with the path for leasewatch + readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template" + sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" + launchctl load "${LEASEWATCHER_PLIST_PATH}" + logMessage "Set up to monitor system configuration with leasewatch" + fi + fi +} + +configureDhcpDns() +{ + # whilst ipconfig will have created the neccessary Network Service keys, the DNS + # settings won't actually be used by OS X unless the SupplementalMatchDomains key + # is added + # ref. + # - is there a way to extract the domains from the SC dictionary and re-insert + # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call? + + # - wait until we get a lease before extracting the DNS domain name and merging into SC + # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-) + ipconfig waitall + + unset test_domain_name + unset test_name_server + + set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail + + # usually takes at least a few seconds to get a DHCP lease + sleep 3 + n=0 + while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ] + do + logMessage "Sleeping for $n seconds to wait for DHCP to finish setup." + sleep $n + n=`expr $n + 1` + + if [ -z "$test_domain_name" ]; then + test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null` + fi + + if [ -z "$test_name_server" ]; then + test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null` + fi + done + + sGetPacketOutput=`ipconfig getpacket $dev` + + set -e # We instruct bash that it CAN again fail on individual errors + + #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput" + + unset aNameServers + unset aWinsServers + + nNameServerIndex=1 + nWinsServerIndex=1 + + if [ "$sGetPacketOutput" ]; then + sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1` + #echo $sGetPacketOutput_FirstLine + + if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then + set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors + + for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do + aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")" + let nNameServerIndex++ + done + + for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do + aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")" + let nWinsServerIndex++ + done + + sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"` + sDomainName="$(trim "$sDomainName")" + + if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + return 0 + elif [ ${#aNameServers[*]} -gt 0 ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + return 0 + else + # Should we return 1 here and indicate an error, or attempt the old method? + logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration." + fi + + set -e # We instruct bash that it CAN again fail on errors + else + # Should we return 1 here and indicate an error, or attempt the old method? + logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration." + fi + fi + + unset sDomainName + unset sNameServer + unset aNameServers + + sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null` + sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null` + + sDomainName="$(trim "$sDomainName")" + sNameServer="$(trim "$sNameServer")" + + declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages + + if [ "$sDomainName" -a "$sNameServer" ]; then + aNameServers[0]=$sNameServer + logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + elif [ "$sNameServer" ]; then + aNameServers[0]=$sNameServer + logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + elif [ "$sDomainName" ]; then + logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + fi + + return 0 +} + +configureOpenVpnDns() +{ + unset vForOptions + unset vOptions + unset aNameServers + unset aWinsServers + + nOptionIndex=1 + nNameServerIndex=1 + nWinsServerIndex=1 + + while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do + vOptions[nOptionIndex-1]=${!vForOptions} + case ${vOptions[nOptionIndex-1]} in + *DOMAIN* ) + sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")" + ;; + *DNS* ) + aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")" + let nNameServerIndex++ + ;; + *WINS* ) + aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")" + let nWinsServerIndex++ + ;; + * ) + logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'" + ;; + esac + let nOptionIndex++ + done + + if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + elif [ ${#aNameServers[*]} -gt 0 ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + else + # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened? + logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + fi + + return 0 +} + +# We sleep here to allow time for OS X to process network settings +sleep 2 + +EXIT_CODE=0 + +if ${ARG_TAP} ; then + # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP) + bRouteGatewayIsDhcp="false" + if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then + bRouteGatewayIsDhcp="true" + fi + + if [ "$bRouteGatewayIsDhcp" == "true" ]; then + if [ -z "$dev" ]; then + logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting." + exit 1 + fi + + ipconfig set "$dev" DHCP + + configureDhcpDns & + elif [ "$foreign_option_1" == "" ]; then + logMessage "No network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + configureOpenVpnDns + EXIT_CODE=$? + fi +else + if [ "$foreign_option_1" == "" ]; then + logMessage "No network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + configureOpenVpnDns + EXIT_CODE=$? + fi +fi + +exit $EXIT_CODE diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh new file mode 100755 index 00000000..d47b8f45 --- /dev/null +++ b/pkg/osx/install/install-leapc.sh @@ -0,0 +1,16 @@ +#!/bin/sh +echo "Installing LEAP Client in /Applications" +cp -r "LEAP Client.app" "/Applications" + +echo "Copying openvpn binary" +cp -r openvpn.leap /usr/bin + + +echo "Installing tun/tap drivers" +cp -r Extensions/* /Library/Extensions +cp -r StartupItems/* /Library/StartupItems + +echo "Loading tun/tap kernel extension" +/Library/StartupItems/tun/tun start + +echo "Installation Finished!" diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus new file mode 100644 index 00000000..9150961e --- /dev/null +++ b/pkg/osx/install/leap-installer.platypus @@ -0,0 +1,90 @@ + + + + + AcceptsFiles + + AcceptsText + + Authentication + + Author + Kali Yuga + BundledFiles + + Creator + Platypus-4.7 + DeclareService + + Destination + MyPlatypusApp.app + DestinationOverride + + DevelopmentVersion + + DocIcon + + Droppable + + ExecutablePath + /opt/local/share/platypus/ScriptExec + FileTypes + + **** + fold + + IconPath + + Identifier + se.leap.LEAPClientInstaller + Interpreter + /bin/sh + InterpreterArgs + + Name + LEAPClient Installer + NibPath + /opt/local/share/platypus/MainMenu.nib + OptimizeApplication + + Output + Progress Bar + RemainRunning + + Role + Viewer + ScriptArgs + + ScriptPath + ./install/install-leapc.sh + Secure + + ShowInDock + + StatusItemDisplayType + Text + StatusItemIcon + + + StatusItemTitle + MyPlatypusApp + Suffixes + + * + + TextBackground + #ffffff + TextEncoding + 4 + TextFont + Monaco + TextForeground + #000000 + TextSize + 10 + UseXMLPlistFormat + + Version + 1.0 + + -- cgit v1.2.3 From dc1466ea1384ea6263f3711b10f38365e0d727bc Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 9 Jan 2013 02:08:12 +0900 Subject: bump srp requirement due to critical bugfix --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index e7ccb97a..dbb04cbc 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -8,7 +8,7 @@ psutil netifaces python-gnutls==1.1.9 # see https://bugs.launchpad.net/ubuntu/+source/python-gnutls/+bug/1027129 jsonschema -srp # >=1.0.1 MUST HAVE 1.0.1 BUGFIX, but upstream DID NOT UPDATE setup.py so it conflicts +srp>=1.0.2 pycrypto keyring python-dateutil -- cgit v1.2.3 From f55dcd717a946651492142ed198853b1c667254b Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 10 Jan 2013 02:00:21 +0900 Subject: renamed connection page --- pkg/dev-reqs.pip | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 pkg/dev-reqs.pip (limited to 'pkg') diff --git a/pkg/dev-reqs.pip b/pkg/dev-reqs.pip new file mode 100644 index 00000000..44799a26 --- /dev/null +++ b/pkg/dev-reqs.pip @@ -0,0 +1,4 @@ +ipython +ipdb +pdb4qt +pygeoip -- cgit v1.2.3 From ade0eded09176fd687d1ee30724468c048d15065 Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 11 Jan 2013 09:16:49 +0900 Subject: fix for missing cacert bundle frozen app cannot find requests cacert bundle. added to Resources to get us going. --- pkg/osx/Makefile | 33 ++++++++++++++++++--------------- pkg/osx/install/install-leapc.sh | 2 ++ pkg/osx/leap-client.spec | 5 ++++- 3 files changed, 24 insertions(+), 16 deletions(-) (limited to 'pkg') diff --git a/pkg/osx/Makefile b/pkg/osx/Makefile index b302fa31..f2520fcf 100644 --- a/pkg/osx/Makefile +++ b/pkg/osx/Makefile @@ -1,6 +1,10 @@ #WARNING: You need to run this with an activated VIRTUALENV. OSX = dist/LEAP\ Client.app/Contents/MacOS/ +GITC = `git rev-parse --short HEAD` +DMG = "dist/leap-client-$(GITC).dmg" +INST = "dist/LEAP Client installer.app" +INSTR = "dist/LEAP Client installer.app/Contents/Resources" pkg : dist trim installer dmg @@ -16,28 +20,27 @@ trim: installer: #XXX need to fix some paths there (binary, etc) - platypus -P install/leap-installer.platypus -y dist/LEAPClient_installer.app + platypus -P install/leap-installer.platypus -y $(INST) #XXX should build tuntap extensions ourselves - mkdir "dist/LEAPClient_installer.app/Contents/Resources/StartupItems" - mkdir "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" - cp -r /opt/local/Library/StartupItems/tun "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/" - cp -r /opt/local/Library/StartupItems/tap "dist/LEAPClient_installer.app/Contents/Resources/StartupItems/" - cp -r /opt/local/Library/Extensions/tun.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" - cp -r /opt/local/Library/Extensions/tap.kext "dist/LEAPClient_installer.app/Contents/Resources/Extensions/" + mkdir $(INSTR)/StartupItems + mkdir $(INSTR)/Extensions + cp -r /opt/local/Library/StartupItems/tun $(INSTR)/StartupItems + cp -r /opt/local/Library/StartupItems/tap $(INSTR)/StartupItems + cp -r /opt/local/Library/Extensions/tun.kext $(INSTR)/Extensions + cp -r /opt/local/Library/Extensions/tap.kext $(INSTR)/Extensions #copy the binary that we have previously built #XXX not building it yet... - cp ../../openvpn/build/openvpn.leap "dist/LEAPClient_installer.app/Contents/Resources/" + cp ../../openvpn/build/openvpn.leap $(INSTR) #copy startup scripts - cp install/client.up.sh "dist/LEAP Client.app/Contents/Resources" - cp install/client.down.sh "dist/LEAP Client.app/Contents/Resources" - cp install/ProcessNetworkChanges.plist.template "dist/LEAP Client.app/Contents/Resources" + cp install/client.up.sh $(INSTR) + cp install/client.down.sh $(INSTR) + cp install/ProcessNetworkChanges.plist.template $(INSTR) #Finally, copy application bundle... - cp -r "dist/LEAP Client.app" "dist/LEAPClient_installer.app/Contents/Resources/" + cp -r "dist/LEAP Client.app" $(INSTR) dmg : - #TODO: remove if already present - #rm dist/LEAPClient.dmg - hdiutil create -format UDBZ -srcfolder "dist/LEAPClient_installer.app/" "dist/LEAP Client Installer.dmg" + rm -f $(DMG) + hdiutil create -format UDBZ -srcfolder $(INST) $(DMG) clean : rm -rf dist/ build/ diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh index d47b8f45..7a0d3a5e 100755 --- a/pkg/osx/install/install-leapc.sh +++ b/pkg/osx/install/install-leapc.sh @@ -14,3 +14,5 @@ echo "Loading tun/tap kernel extension" /Library/StartupItems/tun/tun start echo "Installation Finished!" + +open /Applications/LEAP\ Client.app/ diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec index 4a34bb7c..04f45253 100644 --- a/pkg/osx/leap-client.spec +++ b/pkg/osx/leap-client.spec @@ -15,7 +15,10 @@ exe = EXE(pyz, upx=True, console=False) coll = COLLECT(exe, - a.binaries, + a.binaries + + # this will easitly break if we setup the venv + # somewhere else. FIXME + [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA')], a.zipfiles, a.datas, strip=True, -- cgit v1.2.3 From f90f9df1d09e12ba64e9401530684d5a36220ad3 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 15 Jan 2013 22:17:56 +0900 Subject: todo about ping_gateway function --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index dbb04cbc..fa40c490 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -3,7 +3,7 @@ argparse # only for python 2.6 requests<1.0.0 -ping +ping # don't use it! needs root. psutil netifaces python-gnutls==1.1.9 # see https://bugs.launchpad.net/ubuntu/+source/python-gnutls/+bug/1027129 -- cgit v1.2.3 From 67506fe6ba55ac7eaf4cbfd3606bff34a1214c11 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 16 Jan 2013 01:33:50 +0900 Subject: add update resolv.conf script --- pkg/linux/leap-update-resolv-conf | 90 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 pkg/linux/leap-update-resolv-conf (limited to 'pkg') diff --git a/pkg/linux/leap-update-resolv-conf b/pkg/linux/leap-update-resolv-conf new file mode 100644 index 00000000..a54802e3 --- /dev/null +++ b/pkg/linux/leap-update-resolv-conf @@ -0,0 +1,90 @@ +#!/bin/bash +# +# Parses options from openvpn to update resolv.conf +# +# The only way to enforce that a linux system will not leak DNS +# queries is to replace /etc/resolv.conf with a file that only +# has the DNS resolver specified by the VPN. +# +# That is what this script does. This is what resolvconf is for, +# but sadly it does not always work. +# +# Example envs set from openvpn: +# foreign_option_1='dhcp-option DNS 193.43.27.132' +# foreign_option_2='dhcp-option DNS 193.43.27.133' +# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' +# + +function up() { + + comment=$( +cat < /etc/resolv.conf +} + +function down() { + if [ -f /etc/resolv.conf.bak ] ; then + unlink /etc/resolv.conf + mv /etc/resolv.conf.bak /etc/resolv.conf + fi +} + +case $script_type in + up) up ;; + down) down ;; +esac -- cgit v1.2.3 From 42c4ee53a8311164d82d10b1f6d19ae7604346c6 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 16 Jan 2013 06:03:05 +0900 Subject: add libgnutls lib to osx build --- pkg/osx/install/install-leapc.sh | 9 ++++++++- pkg/osx/leap-client.spec | 6 +++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'pkg') diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh index 7a0d3a5e..a2435adf 100755 --- a/pkg/osx/install/install-leapc.sh +++ b/pkg/osx/install/install-leapc.sh @@ -5,6 +5,13 @@ cp -r "LEAP Client.app" "/Applications" echo "Copying openvpn binary" cp -r openvpn.leap /usr/bin +echo "Installing gnutls" +mkdir -p /opt/local/lib +mv -f "/Applications/LEAP Client.app/Contents/MacOS/libgnutls.26.dylib" /opt/local/lib +mv -f "/Applications/LEAP Client.app/Contents/MacOS/libgnutls-extra.26.dylib" /opt/local/lib +ln -sf /opt/local/lib/libgnutls.26.dylib /opt/local/lib/libgnutls.dylib +ln -sf /opt/local/lib/libgnutls-extra.26.dylib /opt/local/lib/libgnutls-extra.dylib + echo "Installing tun/tap drivers" cp -r Extensions/* /Library/Extensions @@ -15,4 +22,4 @@ echo "Loading tun/tap kernel extension" echo "Installation Finished!" -open /Applications/LEAP\ Client.app/ +ln -s /Applications/LEAP\ Client.app/ /Volumes/LEAP\ Client\ installer/ diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec index 04f45253..65496469 100644 --- a/pkg/osx/leap-client.spec +++ b/pkg/osx/leap-client.spec @@ -18,7 +18,11 @@ coll = COLLECT(exe, a.binaries + # this will easitly break if we setup the venv # somewhere else. FIXME - [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA')], + [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA'), + # XXX osx only + ('libgnutls.26.dylib', '/opt/local/lib/libgnutls.26.dylib', 'BINARY'), + ('libgnutls-extra.26.dylib', '/opt/local/lib/libgnutls-extra.26.dylib', 'BINARY'), + ], a.zipfiles, a.datas, strip=True, -- cgit v1.2.3 From 68af5b2f807ac8acd9525d46d37cfd2a28a06b47 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 16 Jan 2013 23:33:46 +0900 Subject: fix ctypes dependency discovery for libgnutls --- pkg/osx/install/install-leapc.sh | 8 -------- pkg/osx/leap-client.spec | 3 --- 2 files changed, 11 deletions(-) (limited to 'pkg') diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh index a2435adf..2ecfc08e 100755 --- a/pkg/osx/install/install-leapc.sh +++ b/pkg/osx/install/install-leapc.sh @@ -5,14 +5,6 @@ cp -r "LEAP Client.app" "/Applications" echo "Copying openvpn binary" cp -r openvpn.leap /usr/bin -echo "Installing gnutls" -mkdir -p /opt/local/lib -mv -f "/Applications/LEAP Client.app/Contents/MacOS/libgnutls.26.dylib" /opt/local/lib -mv -f "/Applications/LEAP Client.app/Contents/MacOS/libgnutls-extra.26.dylib" /opt/local/lib -ln -sf /opt/local/lib/libgnutls.26.dylib /opt/local/lib/libgnutls.dylib -ln -sf /opt/local/lib/libgnutls-extra.26.dylib /opt/local/lib/libgnutls-extra.dylib - - echo "Installing tun/tap drivers" cp -r Extensions/* /Library/Extensions cp -r StartupItems/* /Library/StartupItems diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec index 65496469..75bf991b 100644 --- a/pkg/osx/leap-client.spec +++ b/pkg/osx/leap-client.spec @@ -19,9 +19,6 @@ coll = COLLECT(exe, # this will easitly break if we setup the venv # somewhere else. FIXME [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA'), - # XXX osx only - ('libgnutls.26.dylib', '/opt/local/lib/libgnutls.26.dylib', 'BINARY'), - ('libgnutls-extra.26.dylib', '/opt/local/lib/libgnutls-extra.26.dylib', 'BINARY'), ], a.zipfiles, a.datas, -- cgit v1.2.3 From d6c8cb0f12e8924820c296a8114a7899f61e5180 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 17 Jan 2013 05:54:16 +0900 Subject: (osx) detect which interface is traffic going thru --- pkg/requirements.pip | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index fa40c490..69d435dc 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -1,5 +1,5 @@ # in order of addition to the project. -# do not change it, we will freeze the requirements before tagging a release. +# do not change the ordering. argparse # only for python 2.6 requests<1.0.0 @@ -16,3 +16,4 @@ python-gnupg u1db oauth couchdb +sh -- cgit v1.2.3 From 6fb952397573f4bc90f4cd9e72b49fcf6256e95c Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 17 Jan 2013 08:07:45 +0900 Subject: localize exit country if we can only if we can find the geoip database, which comes with geoip-database in debian. we will have to think more about this in the future but it's nice to have now for testing. --- pkg/requirements.pip | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 69d435dc..813a9c62 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -17,3 +17,4 @@ u1db oauth couchdb sh +pygeoip -- cgit v1.2.3 From 8226d6032b6db0c15ff70e377f87f4acfdd21787 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 23 Jan 2013 07:02:58 +0900 Subject: working up/down resolv-conf script --- pkg/linux/README | 4 ++ pkg/linux/leap-update-resolv-conf | 90 --------------------------------------- pkg/linux/resolv-update | 90 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 90 deletions(-) create mode 100644 pkg/linux/README delete mode 100644 pkg/linux/leap-update-resolv-conf create mode 100755 pkg/linux/resolv-update (limited to 'pkg') diff --git a/pkg/linux/README b/pkg/linux/README new file mode 100644 index 00000000..7410789b --- /dev/null +++ b/pkg/linux/README @@ -0,0 +1,4 @@ += Files = +In GNU/Linux, we expect these files to be in place: + +resolv-update -> /etc/leap/resolv-update diff --git a/pkg/linux/leap-update-resolv-conf b/pkg/linux/leap-update-resolv-conf deleted file mode 100644 index a54802e3..00000000 --- a/pkg/linux/leap-update-resolv-conf +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# -# Parses options from openvpn to update resolv.conf -# -# The only way to enforce that a linux system will not leak DNS -# queries is to replace /etc/resolv.conf with a file that only -# has the DNS resolver specified by the VPN. -# -# That is what this script does. This is what resolvconf is for, -# but sadly it does not always work. -# -# Example envs set from openvpn: -# foreign_option_1='dhcp-option DNS 193.43.27.132' -# foreign_option_2='dhcp-option DNS 193.43.27.133' -# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' -# - -function up() { - - comment=$( -cat < /etc/resolv.conf -} - -function down() { - if [ -f /etc/resolv.conf.bak ] ; then - unlink /etc/resolv.conf - mv /etc/resolv.conf.bak /etc/resolv.conf - fi -} - -case $script_type in - up) up ;; - down) down ;; -esac diff --git a/pkg/linux/resolv-update b/pkg/linux/resolv-update new file mode 100755 index 00000000..a54802e3 --- /dev/null +++ b/pkg/linux/resolv-update @@ -0,0 +1,90 @@ +#!/bin/bash +# +# Parses options from openvpn to update resolv.conf +# +# The only way to enforce that a linux system will not leak DNS +# queries is to replace /etc/resolv.conf with a file that only +# has the DNS resolver specified by the VPN. +# +# That is what this script does. This is what resolvconf is for, +# but sadly it does not always work. +# +# Example envs set from openvpn: +# foreign_option_1='dhcp-option DNS 193.43.27.132' +# foreign_option_2='dhcp-option DNS 193.43.27.133' +# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' +# + +function up() { + + comment=$( +cat < /etc/resolv.conf +} + +function down() { + if [ -f /etc/resolv.conf.bak ] ; then + unlink /etc/resolv.conf + mv /etc/resolv.conf.bak /etc/resolv.conf + fi +} + +case $script_type in + up) up ;; + down) down ;; +esac -- cgit v1.2.3 From 39430cf8c1f9b7118586b1a1f232168fb2d5730b Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 24 Jan 2013 07:36:51 +0900 Subject: switch dependency to pyopenssl --- pkg/requirements.pip | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 813a9c62..4108d259 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -3,18 +3,20 @@ argparse # only for python 2.6 requests<1.0.0 -ping # don't use it! needs root. psutil netifaces -python-gnutls==1.1.9 # see https://bugs.launchpad.net/ubuntu/+source/python-gnutls/+bug/1027129 +pyopenssl jsonschema srp>=1.0.2 pycrypto keyring python-dateutil +sh +pygeoip # optional +#ping # to be deprecated + +# soledad deps -- will move to its own repo soon python-gnupg u1db oauth couchdb -sh -pygeoip -- cgit v1.2.3 From 9cdc193c587631986e579c1ba37a8b982be01238 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 24 Jan 2013 18:47:41 +0900 Subject: all tests green again plus: * added soledad test requirements * removed soledad from run_tests run (+1K tests failing) * added option to run All tests to run_tests script * pep8 cleanup --- pkg/test-requirements.pip | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkg') diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index 11ccf4eb..43bec43c 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -4,3 +4,8 @@ mock nose pep8==1.1 sphinx>=1.1.2 +nose-exclude + +# for soledad * to be splitted * +testscenarios +testtools -- cgit v1.2.3 From 8cbbc4199ab474bd4d392202eb6e93a0aea677b5 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 24 Jan 2013 23:49:54 +0900 Subject: test requirements for soledad --- pkg/test-requirements.pip | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pkg') diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index 43bec43c..edd53b16 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -1,3 +1,4 @@ +six>=1.1,<1.2 # soledad req (nose2) unittest2 # TODO we should include this dep only for python2.6 coverage mock @@ -7,5 +8,6 @@ sphinx>=1.1.2 nose-exclude # for soledad * to be splitted * +nose2 testscenarios testtools -- cgit v1.2.3 From cfeddae5b94a6ab9883f3226702dee31850d638f Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 24 Jan 2013 23:50:39 +0900 Subject: ping still in use... --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 4108d259..9b521a95 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -13,7 +13,7 @@ keyring python-dateutil sh pygeoip # optional -#ping # to be deprecated +ping # to be deprecated # soledad deps -- will move to its own repo soon python-gnupg -- cgit v1.2.3 From 66c40125df7c39d0a83cfa2fc2873de6bfbc7496 Mon Sep 17 00:00:00 2001 From: antialias Date: Thu, 24 Jan 2013 11:08:26 -0500 Subject: added tox to test-requirements.pip --- pkg/test-requirements.pip | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg') diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index edd53b16..d60439ea 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -6,6 +6,7 @@ nose pep8==1.1 sphinx>=1.1.2 nose-exclude +tox # for soledad * to be splitted * nose2 -- cgit v1.2.3 From ea00bc02d9722a670067667df752921d2c824389 Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 25 Jan 2013 07:00:10 +0900 Subject: use dirspec --- pkg/requirements.pip | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 9b521a95..19bd8514 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -14,6 +14,7 @@ python-dateutil sh pygeoip # optional ping # to be deprecated +dirspec # soledad deps -- will move to its own repo soon python-gnupg -- cgit v1.2.3 From aaeb78c2a93025b6a7c72d136336f16acccbc23c Mon Sep 17 00:00:00 2001 From: antialias Date: Thu, 24 Jan 2013 17:07:12 -0500 Subject: removed ping and root dependency (1456). improved default network request (771). fixed ERROR "cannot concatenate 'str' and 'list' objects" (1449). --- pkg/requirements.pip | 1 - 1 file changed, 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 9b521a95..a8a50fd3 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -13,7 +13,6 @@ keyring python-dateutil sh pygeoip # optional -ping # to be deprecated # soledad deps -- will move to its own repo soon python-gnupg -- cgit v1.2.3 From 46e1040b7c64b3d1c7c6edae5ae0ad3eeacdf6ab Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 25 Jan 2013 08:02:19 +0900 Subject: add zope.interface dep --- pkg/requirements.pip | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 0b0aef26..116f6492 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -12,9 +12,13 @@ pycrypto keyring python-dateutil sh -pygeoip # optional dirspec +pygeoip # optional + +# email +zope.interface + # soledad deps -- will move to its own repo soon python-gnupg u1db -- cgit v1.2.3 From 2814a28b5bd9bb15953cfd2ed31b1ef4dbf396bf Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 25 Jan 2013 18:22:45 +0900 Subject: add twisted as email dependency --- pkg/requirements.pip | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 116f6492..5b0b0d18 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -17,7 +17,9 @@ dirspec pygeoip # optional # email + zope.interface +twisted>=12.3.0 # soledad deps -- will move to its own repo soon python-gnupg -- cgit v1.2.3 From e33c500ad3006670158493f2a12afc015610894d Mon Sep 17 00:00:00 2001 From: kali Date: Mon, 28 Jan 2013 04:48:21 +0900 Subject: change dirspec dep by pyxdg --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 5b0b0d18..cbfbe8fb 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -12,7 +12,7 @@ pycrypto keyring python-dateutil sh -dirspec +pyxdg pygeoip # optional -- cgit v1.2.3 From 10a2303fe2d21999bce56940daecb78576f5b741 Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 30 Jan 2013 06:49:58 +0900 Subject: remove soledad / email requirements for 0.2 release --- pkg/requirements.pip | 11 ----------- pkg/test-requirements.pip | 6 ------ 2 files changed, 17 deletions(-) (limited to 'pkg') diff --git a/pkg/requirements.pip b/pkg/requirements.pip index cbfbe8fb..89b0ad3b 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -15,14 +15,3 @@ sh pyxdg pygeoip # optional - -# email - -zope.interface -twisted>=12.3.0 - -# soledad deps -- will move to its own repo soon -python-gnupg -u1db -oauth -couchdb diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip index d60439ea..a7349bfc 100644 --- a/pkg/test-requirements.pip +++ b/pkg/test-requirements.pip @@ -1,4 +1,3 @@ -six>=1.1,<1.2 # soledad req (nose2) unittest2 # TODO we should include this dep only for python2.6 coverage mock @@ -7,8 +6,3 @@ pep8==1.1 sphinx>=1.1.2 nose-exclude tox - -# for soledad * to be splitted * -nose2 -testscenarios -testtools -- cgit v1.2.3