From 3169015c5f5eaed5f2ad48e486b1fe96e1eb6bbe Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 3 Apr 2018 02:45:34 +0200 Subject: several fixes for riseupvpn snap - move snap folder to root folder, to allow automated builds - install only polkit file outside of snap - change path of bitmask-root accordingly in bitmask - fix check for polkit file inside snap - change and document the algorithm for picking bitmask-root in linux - add LD_LIBRARY_PATH as an environment entry for bitmask-systray --- src/leap/bitmask/vpn/fw/firewall.py | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'src/leap/bitmask/vpn/fw/firewall.py') diff --git a/src/leap/bitmask/vpn/fw/firewall.py b/src/leap/bitmask/vpn/fw/firewall.py index 98b317b0..cc5d76d0 100644 --- a/src/leap/bitmask/vpn/fw/firewall.py +++ b/src/leap/bitmask/vpn/fw/firewall.py @@ -25,7 +25,10 @@ import subprocess from twisted.logger import Logger -from leap.bitmask.system import IS_MAC, IS_LINUX +from leap.bitmask.system import IS_MAC, IS_LINUX, IS_SNAP +from leap.bitmask.vpn.constants import BITMASK_ROOT_SYSTEM +from leap.bitmask.vpn.constants import BITMASK_ROOT_LOCAL +from leap.bitmask.vpn.constants import BITMASK_ROOT_SNAP from leap.common.events import catalog, emit_async from leap.bitmask.vpn.launchers import darwin @@ -87,11 +90,23 @@ class _LinuxFirewallManager(object): This allows us to achieve fail close on a vpn connection. """ - _SYSTEM_BITMASK_ROOT = '/usr/sbin/bitmask-root' - if os.path.isfile(_SYSTEM_BITMASK_ROOT): - BITMASK_ROOT = _SYSTEM_BITMASK_ROOT + # TODO factor out choosing a version of bitmask-root. + # together with linux vpnlauncher. + + if IS_SNAP: + # snap has its own version under /snap + BITMASK_ROOT = BITMASK_ROOT_SNAP + elif IS_STANDALONE and os.path.isfile(BITMASK_ROOT_LOCAL): + # if this is a bundle, we pick local. bundles ask to install it there. + BITMASK_ROOT = BITMASK_ROOT_LOCAL else: - BITMASK_ROOT = "/usr/local/sbin/bitmask-root" + if os.path.isfile(BITMASK_ROOT_SYSTEM): + # we can be running from the debian package, + # or some other distro. it's the maintainer responsibility to put bitmask-root there. + BITMASK_ROOT = BITMASK_ROOT_SYSTEM + else: + # as a last case, we fall back to installing into the /usr/local/sbin version. + BITMASK_ROOT = BITMASK_ROOT_LOCAL def __init__(self, remotes): """ -- cgit v1.2.3