1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
.. _osx-dev:
Setting up a development environment in OSX™
============================================
.. note: work in progress
* Make sure you're using a new enough version of pip (1.8 or newest). This will make all the problems with ``cryptography`` going away, since it will install the statically built wheel.
* Use ``brew`` to install ``OpenSSL``.
* **Problem**: pyqt5 in homebrew stopped shipping qtwebkit. I found the following
workaround in an issue in qutebrowser's repo, works fine for me for now::
cd $(brew --prefix)/Library/Formula
curl -OO
https://raw.githubusercontent.com/Homebrew/homebrew/f802822b0fa35ad362aebd0101ccf83a638bed37/Library/Formula/{py,}qt5.rb
brew install qt5 pyqt5
.. note: copy that into a makefile target
After those fixes, you should be able to build the bundle::
make bundle_osx
Privileged helper
=================
The OSX privileged helper is in ``src/leap/bitmask/vpn/helpers/osx/``.
.. note: move it to vpn/helpers/osx
It is a python daemon that runs as root.
It should be installed by the Bitmask installer.
If you have to stop it::
sudo launchctl unload /Library/LaunchDaemons/se.leap.bitmask-helper.plist
And, to load it again::
sudo launchctl load /Library/LaunchDaemons/se.leap.bitmask-helper.plist
Debugging bitmask-helper
------------------------
Bitmask communicates with the privileged ``bitmask-helper`` through a unix
socket. If you need to debug the privileged helper (for instance, if you need to
tear down the firewall after a crash), you can do it like this with
``socat``::
echo 'firewall_stop/CMD' | socat - UNIX-CONNECT:/tmp/bitmask-helper.socket
Other helpers
-------------
There are other helpers that the installer drops in a well-know path.
These are shipped in ``pkg/osx``, and copied to
``/Applications/Bitmask.app/Contents/Resources``.
OSX Firewall
------------
The OSX Firewall lives in ``src/leap/bitmask/vpn/helpers/osx/bitmask.pf.conf``. It gets
installed to the same path mentioned in the previous section.
.. note: cleanup unused helpers
Installing the bundle with homebrew
===================================
For testing purposes, `homebrew`_ can be used to distribute and install the
bundle. This should download and install the latest version of the bundle::
brew install kalikaneko/bitmask/bitmask
After that, you should be able to launch the bundle::
bitmask
.. _`homebrew`: https://brew.sh/
Debug logs
----------
Bitmask rotates logs. The latest one can be found at::
/Users/<youruser>/Library/Preferences/leap/bitmaskd.log
Known Issues
------------
The current state of the bundle that is distributed with homebrew is yet buggy,
so it's in a pre-alpha state. Reports or bugfixes are welcome a this point.
Major blockers for a usable homebrew distribution are:
* Cannot find the gpg binary installed by homebrew https://0xacab.org/leap/bitmask-dev/issues/8934
How to produce a bundle to be distributed via homebrew
------------------------------------------------------
(This section is maintainer notes, but it can be useful also for you if you are working
on changes that affect distribution and you want let others test your work.)
The original homebrew formula is in ``https://github.com/kalikaneko/homebrew-bitmask/blob/master/bitmask.rb``.
When running ``make bundle_osx``, PyInstaller generates two different folders
(the initial PyInstaller folders get some extra files added by the rules in
the makefile). One is the OSX Bundle - that is distributed by the installer in
the form of a `.pkg` , and the other is the bare libs folder. The Bitmask
Formula instructs homebrew to fetch a tar.gz with this last folder, so first
step is preparing the tarball::
tar cvzf bitmask-`cat pkg/next-version`.tar.gz dist/bitmask-`cat pkg/next-version`
If you already uploaded a bundle with that version, make sure that you rename it
to include a patch version before uploading it::
scp bitmask-`cat pkg/next-version` downloads.leap.se:./client/osx/internal/
Then the ``version`` file needs to be changed in the Formula. The ``sha256``
field has also to be updated, you can get the value with::
shasum -a 256 bitmask-0.10a1p2.tar.gz
OSX Development Roadmap
=======================
1. [done] Get a smooth 0.10 installation experience for power-users via homebrew.
2. [done] Merge bugfixes.
3. Distribute Bitmask.pkg again, with the installer executing the same
installation scripts as homebrew Formula is doing.
Other notes
===========
PySide vs QtWebKit
------------------
http://qtwebkit.blogspot.nl/2016/08/qtwebkit-im-back.html
Running OSX on KVM
------------------
The following notes are not yet tested, but might be useful for development.
* https://github.com/kholia/OSX-KVM
|