diff options
author | kali <kali@leap.se> | 2020-09-30 16:25:27 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2020-10-13 19:08:44 +0200 |
commit | ef892643df8970aec45dbc3f48eabb95a1ccbf22 (patch) | |
tree | 1a20c34cca7b94e69468e471790996fa61909805 | |
parent | 47ac0543b9ed2d4afb8814a19e2f4dc3c30030e1 (diff) |
[pkg] osx helper and working qt installer
21 files changed, 179 insertions, 259 deletions
@@ -8,7 +8,8 @@ XBUILD ?= no SKIP_CACHECK ?= no PROVIDER ?= $(shell grep ^'provider =' branding/config/vendor.conf | cut -d '=' -f 2 | tr -d "[:space:]") -TARGET ?= bitmask +APPNAME ?= $(shell branding/scripts/getparam appname | tail -n 1) +TARGET ?= $(shell branding/scripts/getparam binname | tail -n 1) PROVIDER_CONFIG ?= branding/config/vendor.conf DEFAULT_PROVIDER = branding/assets/default/ VERSION ?= $(shell git describe) @@ -21,17 +22,22 @@ SOURCE_GOLIB=gui/backend.go # detect OS, we use it for dependencies UNAME = $(shell uname -s) PLATFORM ?= $(shell echo ${UNAME} | awk "{print tolower(\$$0)}") + +QTBUILD = build/qt WININST_DATA = branding/qtinstaller/packages/root.win_x86_64/data/ +OSX_DATA = build/installer/packages/bitmaskvpn/data/ +OSX_CERT="Developer ID Installer: LEAP Encryption Access Project" +MACDEPLOYQT_OPTS = -appstore-compliant -qmldir=gui/qml -always-overwrite +# XXX expired cert -codesign="${OSX_CERT}" + +# TODO converge both OSX/WINDOWS -TEMPLATES = branding/templates SCRIPTS = branding/scripts - -all: icon locales helper build +TEMPLATES = branding/templates HAS_QTIFW := $(shell PATH=$(PATH) which binarycreator) OPENVPN_BIN = "$(HOME)/openvpn_build/sbin/$(shell grep OPENVPN branding/thirdparty/openvpn/build_openvpn.sh | head -n 1 | cut -d = -f 2 | tr -d '"')" - ######################################################################### # go build ######################################################################### @@ -57,20 +63,23 @@ dependsDarwin: @brew install --default-names gnu-sed ifeq ($(PLATFORM), darwin) - EXTRA_FLAGS = MACOSX_DEPLOYMENT_TARGET=10.10 GOOS=darwin CC=clang +EXTRA_FLAGS = MACOSX_DEPLOYMENT_TARGET=10.10 GOOS=darwin CC=clang else - EXTRA_FLAGS = +EXTRA_FLAGS = endif + golib: - CGO_ENABLED=1 ${EXTRA_FLAGS} go build -buildmode=c-archive -o ${TARGET_GOLIB} ${SOURCE_GOLIB} + # TODO stop building golib in gui/build.sh, it's redundant. + # we should port the buildGoLib parts of the gui/build.sh script here + @echo "doing nothing" -build: build_helper build_openvpn - @XBUILD=no gui/build.sh +build: golib build_helper build_openvpn + @XBUILD=no TARGET=${TARGET} gui/build.sh build_helper: @echo "PLATFORM: ${PLATFORM}" @mkdir -p build/bin/${PLATFORM} - go build -o build/bin/${PLATFORM}/bitmask-helper -ldflags "-X main.AppName=${PROVIDER}VPN -X main.Version=${VERSION}" ./cmd/bitmask-helper/ + go build -o build/bin/${PLATFORM}/bitmask-helper -ldflags "-X main.AppName=${APPNAME} -X main.Version=${VERSION}" ./cmd/bitmask-helper/ build_old: ifeq (${XBUILD}, yes) @@ -91,13 +100,38 @@ build_openvpn: @[ -f $(OPENVPN_BIN) ] && echo "OpenVPN already built at" $(OPENVPN_BIN) || ./branding/thirdparty/openvpn/build_openvpn.sh build_installer: check_qtifw build - cp -r qtbuild/release/${PROVIDER}-vpn.app installer/packages/${PROVIDER}vpn/data/ - cp build/bin/${PLATFORM}/bitmask-helper installer/packages/${PROVIDER}vpn/data/ - cp $(OPENVPN_BIN) installer/packages/${PROVIDER}vpn/data/openvpn.leap - cp branding/templates/osx/bitmask.pf.conf installer/packages/${PROVIDER}vpn/data/helper/bitmask.pf.conf - cp branding/templates/osx/client.up.sh installer/packages/${PROVIDER}vpn/data/ - cp branding/templates/osx/client.down.sh installer/packages/${PROVIDER}vpn/data/ - cd installer && qmake && make + echo "mkdir osx data" + @mkdir -p ${OSX_DATA} + @cp -r ${TEMPLATES}/qtinstaller/config build/installer/ + @cp -r ${TEMPLATES}/qtinstaller/packages build/installer/ + @cp -r ${TEMPLATES}/qtinstaller/installer.pro build/installer/ +ifeq (${PLATFORM}, darwin) + @mkdir -p ${OSX_DATA}/helper + @cp "${TEMPLATES}/osx/bitmask.pf.conf" ${OSX_DATA}/helper/bitmask.pf.conf + @cp "${TEMPLATES}/osx/client.up.sh" ${OSX_DATA}/ + @cp "${TEMPLATES}/osx/client.down.sh" ${OSX_DATA}/ + @cp "${TEMPLATES}/qtinstaller/osx/post-install.py" ${OSX_DATA}/ + @cp "${TEMPLATES}/qtinstaller/osx/se.leap.bitmask-helper.plist" ${OSX_DATA}/ + @cp build/bin/${PLATFORM}/bitmask-helper ${OSX_DATA}/ + # FIXME our static openvpn build fails with an "Assertion failed at crypto.c". Needs to be fixed!!! - kali + #@cp $(OPENVPN_BIN) ${OSX_DATA}/openvpn.leap + @echo "WARNING: workaround for broken static build. Shipping homebrew dynamically linked instead" + @rm -f ${OSX_DATA}openvpn.leap && cp /usr/local/bin/openvpn ${OSX_DATA}openvpn.leap + @echo "[+] Running macdeployqt" + @macdeployqt ${QTBUILD}/release/${PROVIDER}-vpn.app ${MACDEPLOYQT_OPTS} + @cp -r "${QTBUILD}/release/${TARGET}.app"/ ${OSX_DATA}/ +endif + @echo "[+] All templates, binaries and libraries copied to build/installer." + @echo "[+] Now building the installer." + @cd build/installer && qmake INSTALLER=${APPNAME}-installer-${VERSION} && make + +installer_win: + # XXX refactor with build_installer + cp helper.exe ${WININST_DATA} + cp ${QTBUILD}/release/${TARGET}.exe ${WININST_DATA}${TARGET}.exe + # XXX add sign step here + windeployqt --qmldir gui/qml ${WININST_DATA}${TARGET}.exe + "/c/Qt/QtIFW-3.2.2/bin/binarycreator.exe" -c ./branding/qtinstaller/config/config.xml -p ./branding/qtinstaller/packages build/${PROVIDER}-vpn-${VERSION}-installer.exe check_qtifw: ifdef HAS_QTIFW @@ -134,11 +168,8 @@ _build_xbuild_done: # --------- FIXME ----------------------------------------------------------------------- clean: - @rm -rf installer/*.app - @rm -rf installer/packages/${PROVIDER}vpn/data/*.app - @rm -rf installer/packages/${PROVIDER}vpn/data/bitmask-helper @rm -rf build/ - @unlink branding/assets/default + @unlink branding/assets/default || true ######################################################################### # build them all @@ -208,6 +239,7 @@ tgz: @cd build/ && tar czf bitmask-vpn_$(VERSION).tgz ${TGZ_NAME} @rm -rf $(TGZ_PATH) +# XXX port/deprecate ----------------------------------------------- gen_pkg_win: @mkdir -p build/${PROVIDER}/windows/ @cp -r ${TEMPLATES}/windows build/${PROVIDER} @@ -230,6 +262,13 @@ endif @cd build/${PROVIDER}/osx && python3 generate.py @cd build/${PROVIDER}/osx/scripts && chmod +x preinstall postinstall +gen_pkg_deb: + @cp -r ${TEMPLATES}/debian build/${PROVIDER} + @VERSION=${VERSION} PROVIDER_CONFIG=${PROVIDER_CONFIG} ${SCRIPTS}/generate-debian.py build/${PROVIDER}/debian/data.json + @mkdir -p build/${PROVIDER}/debian/icons/scalable && cp branding/assets/default/icon.svg build/${PROVIDER}/debian/icons/scalable/icon.svg + @cd build/${PROVIDER}/debian && python3 generate.py + @cd build/${PROVIDER}/debian && rm app.desktop-template changelog-template rules-template control-template generate.py data.json && chmod +x rules + gen_pkg_snap: @cp -r ${TEMPLATES}/snap build/${PROVIDER} @VERSION=${VERSION} PROVIDER_CONFIG=${PROVIDER_CONFIG} ${SCRIPTS}/generate-snap.py build/${PROVIDER}/snap/data.json @@ -241,13 +280,6 @@ gen_pkg_snap: @cp branding/assets/default/icon.png build/${PROVIDER}/snap/gui/${PROVIDER}-vpn.png rm build/${PROVIDER}/snap/generate.py -gen_pkg_deb: - @cp -r ${TEMPLATES}/debian build/${PROVIDER} - @VERSION=${VERSION} PROVIDER_CONFIG=${PROVIDER_CONFIG} ${SCRIPTS}/generate-debian.py build/${PROVIDER}/debian/data.json - @mkdir -p build/${PROVIDER}/debian/icons/scalable && cp branding/assets/default/icon.svg build/${PROVIDER}/debian/icons/scalable/icon.svg - @cd build/${PROVIDER}/debian && python3 generate.py - @cd build/${PROVIDER}/debian && rm app.desktop-template changelog-template rules-template control-template generate.py data.json && chmod +x rules - prepare_done: @echo @echo 'Done. You can do "make build" now.' @@ -275,24 +307,8 @@ package_snap: package_deb: @make -C build/${PROVIDER} pkg_deb -installer_win: - # XXX refactor with build_installer - cp helper.exe ${WININST_DATA} - cp qtbuild/release/${TARGET}.exe ${WININST_DATA}${PROVIDER}-vpn.exe - windeployqt --qmldir gui/qml ${WININST_DATA}${PROVIDER}-vpn.exe - "/c/Qt/QtIFW-3.2.2/bin/binarycreator.exe" -c ./branding/qtinstaller/config/config.xml -p ./branding/qtinstaller/packages build/${PROVIDER}-vpn-${VERSION}-installer.exe - -# FIXME --- old nsis installer. deprecate, but probably we need something similar to sign all the binaries (helper, main app, installer...) - -package_win_stage_1: - @make -C build/${PROVIDER} pkg_win_stage_1 - -package_win_stage_2: - @make -C build/${PROVIDER} pkg_win_stage_2 - package_osx: - @make -C build/${PROVIDER} pkg_osx - + @echo "tbd" ######################################################################### diff --git a/bitmask.pro b/bitmask.pro index 7acf7a9..4099301 100644 --- a/bitmask.pro +++ b/bitmask.pro @@ -1,4 +1,3 @@ -#TARGET=bitmask #TARGET = $$BINARY_NAME CONFIG += qt staticlib @@ -25,7 +24,8 @@ HEADERS += \ gui/qjsonmodel.h \ lib/libgoshim.h -LIBS += -L../lib -lgoshim -lpthread +# we build from build/qt +LIBS += -L../../lib -lgoshim -lpthread RESOURCES += gui/gui.qrc diff --git a/branding/scripts/gen-providers-json.py b/branding/scripts/gen-providers-json.py index beef3fe..c89217a 100644 --- a/branding/scripts/gen-providers-json.py +++ b/branding/scripts/gen-providers-json.py @@ -1,4 +1,5 @@ #!/usr/bin/env python3 + import configparser import json import os diff --git a/branding/scripts/getparam b/branding/scripts/getparam new file mode 100755 index 0000000..2b87e1e --- /dev/null +++ b/branding/scripts/getparam @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 + +# A short utility to get appname in compilation time. +# This is a convenience to build helpers while we move the branding mechanism to a separate repo. + +import configparser + +import os +import sys + +from provider import getDefaultProvider +from provider import getProviderData + +def getData(): + here = os.path.abspath(os.path.dirname(__file__)) + configPath = os.path.join(here, '../../branding/config/vendor.conf') + if not os.path.isfile(configPath): + print("ERROR: path does not exist", config) + os.exit(1) + config = configparser.ConfigParser() + config.read(configPath) + defaultProvider = getDefaultProvider(config) + return getProviderData(getDefaultProvider(config), config) + +if __name__ == "__main__": + param = sys.argv[1] + if param == "appname": + field = "applicationName" + elif param == "binname": + field = "binaryName" + else: + print("ERROR: unknown param") + sys.exit(1) + + data = getData() + print(data[field]) diff --git a/branding/templates/bitmaskvpn/config.go b/branding/templates/bitmaskvpn/config.go deleted file mode 100644 index e3d70cf..0000000 --- a/branding/templates/bitmaskvpn/config.go +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by go generate; DO NOT EDIT. -// This file was generated by vendorize.py -// At $timeStamp - -package config - -/* All these constants are defined in the vendor.conf file - */ -const ( - Provider = "$providerURL" - ApplicationName = "$applicationName" - BinaryName = "$binaryName" - Auth = "$auth" - DonateURL = "$donateURL" - AskForDonations = "$askForDonations" - HelpURL = "$helpURL" - TosURL = "$tosURL" - APIURL = "$apiURL" - GeolocationAPI = "$geolocationAPI" -) - -var Version string - -/* - -CaCert : a string containing a representation of the provider CA, used to - sign the webapp and openvpn certificates. should be placed in - config/[provider]-ca.crt - -*/ -var CaCert = []byte(`$caCertString`) diff --git a/branding/templates/qtinstaller/config/config.xml b/branding/templates/qtinstaller/config/config.xml new file mode 100644 index 0000000..936726d --- /dev/null +++ b/branding/templates/qtinstaller/config/config.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Installer> + <Name>DemoLibVPN-0.0.1</Name> + <Version>0.0.1</Version> + <Title>DemoLibVPN Installer</Title> + <Publisher>LEAP Encryption Access Project</Publisher> + <TargetDir>@ApplicationsDir@/DemoLibVPN</TargetDir> + <RunProgram>@TargetDir@/demolib-vpn.app</RunProgram> + <RunProgramArguments> + </RunProgramArguments> + <StartMenuDir>DemoLibVPN</StartMenuDir> + <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters> + <!-- + <RemoteRepositories> + <Repository> + <Url>http://localhost/repository/</Url> + </Repository> + </RemoteRepositories> + --> + <MaintenanceToolName>Uninstall-DemoLibVPN</MaintenanceToolName> + <WizardStyle>mac</WizardStyle> +</Installer> diff --git a/installer/bitmask-installer.pro b/branding/templates/qtinstaller/installer.pro index 49179c4..ec800c1 100644 --- a/installer/bitmask-installer.pro +++ b/branding/templates/qtinstaller/installer.pro @@ -1,9 +1,7 @@ +!defined(INSTALLER, var):INSTALLER= "BitmaskVPN-Installer-git" TEMPLATE = aux - CONFIG -= debug_and_release -INSTALLER = RiseupVPN-Installer - INPUT = $$PWD/config/config.xml $$PWD/packages inst.input = INPUT inst.output = $$INSTALLER diff --git a/branding/installer/post-install.py b/branding/templates/qtinstaller/osx/post-install.py index 02da859..32b4780 100755 --- a/branding/installer/post-install.py +++ b/branding/templates/qtinstaller/osx/post-install.py @@ -32,8 +32,9 @@ def main(): log.write("Copy launch daemon...\n") copyLaunchDaemon() + log.write("Trying to launch helper...\n") out = launchHelper() - log.write("Copy plist: %s \n" % str(ok)) + log.write("result: %s \n" % str(out)) grantPermissionsOnLogFolder() @@ -52,6 +53,7 @@ def isHelperRunning(): def unloadHelper(): out = subprocess.call(["launchctl", "unload", HELPER_PLIST]) + out2 = subprocess.call(["pkill", "-9", "bitmask-helper"]) # just in case return out == 0 def fixHelperOwner(log): diff --git a/branding/installer/osx/se.leap.bitmask-helper.plist b/branding/templates/qtinstaller/osx/se.leap.bitmask-helper.plist index c9d9687..c9d9687 100644 --- a/branding/installer/osx/se.leap.bitmask-helper.plist +++ b/branding/templates/qtinstaller/osx/se.leap.bitmask-helper.plist diff --git a/branding/templates/qtinstaller/packages/bitmaskvpn/.gitignore b/branding/templates/qtinstaller/packages/bitmaskvpn/.gitignore new file mode 100644 index 0000000..60baa9c --- /dev/null +++ b/branding/templates/qtinstaller/packages/bitmaskvpn/.gitignore @@ -0,0 +1 @@ +data/* diff --git a/installer/packages/riseupvpn/meta/install.js b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js index f9c85f2..f9c85f2 100644 --- a/installer/packages/riseupvpn/meta/install.js +++ b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js diff --git a/installer/packages/riseupvpn/meta/package.xml b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/package.xml index 4dd7ae9..b910e7f 100644 --- a/installer/packages/riseupvpn/meta/package.xml +++ b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/package.xml @@ -1,9 +1,9 @@ <?xml version="1.0" encoding="UTF-8"?> <Package> - <DisplayName>RiseupVPN</DisplayName> - <Description>RiseupVPN</Description> - <Version>0.20.6-1</Version> - <ReleaseDate>2020-07-01</ReleaseDate> + <DisplayName>DemoLibVPN</DisplayName> + <Description>DemoLibVPN</Description> + <Version>0.20.9-1</Version> + <ReleaseDate>2020-10-01</ReleaseDate> <Default>false</Default> <RequiresAdminRights>true</RequiresAdminRights> <Script>install.js</Script> diff --git a/gui/build.sh b/gui/build.sh index 9c10341..a6c0a22 100755 --- a/gui/build.sh +++ b/gui/build.sh @@ -10,7 +10,10 @@ PROJECT=bitmask.pro TARGET_GOLIB=lib/libgoshim.a SOURCE_GOLIB=gui/backend.go -RELEASE=qtbuild/release +QTBUILD=build/qt +RELEASE=$QTBUILD/release + +PLATFORM=$(uname -s) if [ "$TARGET" == "" ] then @@ -36,6 +39,7 @@ function init { mkdir -p lib } +# TODO this should be moved to the makefile function buildGoLib { echo "[+] Using go in" $GO "[`go version`]" $GO generate ./pkg/config/version/genver/gen.go @@ -63,19 +67,36 @@ function buildGoLib { function buildQmake { echo "[+] Now building Qml app with Qt qmake" echo "[+] Using qmake in:" $QMAKE - mkdir -p qtbuild - $QMAKE -o qtbuild/Makefile "CONFIG-=debug CONFIG+=release" $PROJECT + mkdir -p $QTBUILD + $QMAKE -o $QTBUILD/Makefile "CONFIG-=debug CONFIG+=release" $PROJECT +} + +function renameOutput { + # i would expect that passing QMAKE_TARGET would produce the right output, but nope. + if [ "$PLATFORM" == "Linux" ] + then + mv $RELEASE/bitmask $RELEASE/$TARGET + strip $RELEASE/$TARGET + echo "[+] Binary is in" $RELEASE/$TARGET + fi + if [ "$PLATFORM" == "Darwin" ] + then + rm -rf $RELEASE/$TARGET.app + mv $RELEASE/bitmask.app/ $RELEASE/$TARGET.app/ + echo "[+] App is in" $RELEASE/$TARGET + fi } echo "[+] Building BitmaskVPN" lrelease bitmask.pro + +# FIXME move buildGoLib to the main makefile, to avoid redundant builds if possible buildGoLib buildQmake -make -C qtbuild clean -make -C qtbuild -j4 all -# i would expect that passing QMAKE_TARGET would produce the right output, but nope. -mv qtbuild/release/bitmask $RELEASE/$TARGET -strip $RELEASE/$TARGET -echo "[+] Binary is in" $RELEASE/$TARGET +make -C $QTBUILD clean +make -C $QTBUILD -j4 all + +renameOutput +echo "[+] Done." diff --git a/installer/.gitignore b/installer/.gitignore deleted file mode 100644 index 2fdd01e..0000000 --- a/installer/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -.qmake.stash -Makefile -packages/riseupvpn/data/riseup-vpn -RiseupVPN-Installer diff --git a/installer/config/config.xml b/installer/config/config.xml deleted file mode 100644 index 492e76f..0000000 --- a/installer/config/config.xml +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<Installer> - <Name>RiseupVPN Installer 1.0</Name> - <Publisher>LEAP Encryption Access Project</Publisher> - <Title>RiseupVPN Installer</Title> - <Version>1.0.0</Version> - <TargetDir>@ApplicationsDir@/RiseupVPN</TargetDir> - <RemoteRepositories> - <Repository> - <Url>http://localhost/repository/</Url> - </Repository> - </RemoteRepositories> - <WizardStyle>mac</WizardStyle> -</Installer> diff --git a/installer/packages/riseupvpn/data/.gitignore b/installer/packages/riseupvpn/data/.gitignore deleted file mode 100644 index 63c86a1..0000000 --- a/installer/packages/riseupvpn/data/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -openvpn.leap -bitmask-helper -riseup-vpn.app diff --git a/installer/packages/riseupvpn/data/README.txt b/installer/packages/riseupvpn/data/README.txt deleted file mode 100644 index c71984f..0000000 --- a/installer/packages/riseupvpn/data/README.txt +++ /dev/null @@ -1,3 +0,0 @@ -This is the RiseupVPN README. -It should be replaced with something more meaningful -(give links to issue tracker, repos, uninstaller etc). diff --git a/installer/packages/riseupvpn/data/post-install.py b/installer/packages/riseupvpn/data/post-install.py deleted file mode 100755 index 02da859..0000000 --- a/installer/packages/riseupvpn/data/post-install.py +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env python - -import os -import shutil -import sys -import subprocess - -HELPER = "bitmask-helper" -HELPER_PLIST = "/Library/LaunchDaemons/se.leap.bitmask-helper.plist" -_dir = os.path.dirname(os.path.realpath(__file__)) - -def main(): - log = open(os.path.join(_dir, 'post-install.log'), 'w') - log.write('Checking for admin privileges...\n') - - _id = os.getuid() - if _id != 0: - err = "error: need to run as root. UID: %s\n" % str(_id) - logErr(log, err) - - # failure: sys.exit(1) - - if isHelperRunning(): - log.write("Trying to stop bitmask-helper...\n") - # if this fail, we can check if the HELPER_PLIST is there - ok = unloadHelper() - log.write("success: %s \n" % str(ok)) - - ok = fixHelperOwner(log) - log.write("chown helper: %s \n" % str(ok)) - - log.write("Copy launch daemon...\n") - copyLaunchDaemon() - - out = launchHelper() - log.write("Copy plist: %s \n" % str(ok)) - - grantPermissionsOnLogFolder() - - # all done - log.write('post-install script: done\n') - sys.exit(0) - - -def logErr(log, msg): - log.write(msg) - sys.exit(1) - -def isHelperRunning(): - ps = _getProcessList() - return HELPER in ps - -def unloadHelper(): - out = subprocess.call(["launchctl", "unload", HELPER_PLIST]) - return out == 0 - -def fixHelperOwner(log): - path = os.path.join(_dir, HELPER) - try: - os.chown(path, 0, 0) - except OSError as exc: - log.write(str(exc)) - return False - return True - -def copyLaunchDaemon(): - plist = "se.leap.bitmask-helper.plist" - path = os.path.join(_dir, plist) - dest = os.path.join('/Library/LaunchDaemons', plist) - _p = _dir.replace("/", "\/") - subprocess.call(["sed", "-i.back", "s/PATH/%s/" % _p, path]) - shutil.copy(path, dest) - -def launchHelper(): - out = subprocess.call(["launchctl", "load", "/Library/LaunchDaemons/se.leap.bitmask-helper.plist"]) - return out == 0 - -def grantPermissionsOnLogFolder(): - helperDir = os.path.join(_dir, 'helper') - try: - os.makedirs(helperDir) - except Exception: - pass - os.chown(helperDir, 0, 0) - -def _getProcessList(): - _out = [] - output = subprocess.Popen(["ps", "-ceA"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - stdout, stderr = output.communicate() - for line in stdout.split('\n'): - cmd = line.split(' ')[-1] - _out.append(cmd.strip()) - return _out - -if __name__ == "__main__": - main() diff --git a/installer/packages/riseupvpn/data/se.leap.bitmask-helper.plist b/installer/packages/riseupvpn/data/se.leap.bitmask-helper.plist deleted file mode 100644 index c9d9687..0000000 --- a/installer/packages/riseupvpn/data/se.leap.bitmask-helper.plist +++ /dev/null @@ -1,26 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>WorkingDirectory</key> - <string>/tmp</string> - <key>StandardOutPath</key> - <string>bitmask-helper.log</string> - <key>StandardErrorPath</key> - <string>bitmask-helper-err.log</string> - <key>GroupName</key> - <string>daemon</string> - <key>RunAtLoad</key> - <true/> - <key>SessionCreate</key> - <true/> - <key>KeepAlive</key> - <true/> - <key>ThrottleInterval</key> - <integer>5</integer> - <key>Label</key> - <string>se.leap.BitmaskHelper</string> - <key>Program</key> - <string>PATH/bitmask-helper</string> -</dict> -</plist> diff --git a/pkg/helper/darwin.go b/pkg/helper/darwin.go index ae42646..2210da3 100644 --- a/pkg/helper/darwin.go +++ b/pkg/helper/darwin.go @@ -50,24 +50,23 @@ const ( func _getExecPath() string { ex, err := os.Executable() if err != nil { - log.Print("error while getting executable path!") + log.Print("ERROR: cannot find executable path") } return filepath.Dir(ex) } -func getHelperPath() string { - execPath := _getExecPath() - hp := filepath.Join(execPath, "../../../", "bitmask-helper") - log.Println(">>> DEBUG: helper", hp) - return hp +func getHelperDir() string { + d := _getExecPath() + log.Println(">>> DEBUG: helper dir", d) + return d } func getPlatformOpenvpnFlags() []string { - helperPath := getHelperPath() + helperDir := getHelperDir() return []string{ "--script-security", "2", - "--up", helperPath + "client.up.sh", - "--down", helperPath + "client.down.sh", + "--up", filepath.Join(helperDir, "client.up.sh"), + "--down", filepath.Join(helperDir, "client.down.sh"), } } @@ -83,7 +82,7 @@ func daemonize() { PidFilePerm: 0644, LogFileName: "bitmask-helper.log", LogFilePerm: 0640, - WorkDir: "./", + WorkDir: filepath.Join(getHelperDir(), "helper"), Umask: 027, Args: []string{"[bitmask-helper]"}, } @@ -107,8 +106,7 @@ func runServer(preferredPort int) { } func getOpenvpnPath() string { - execPath := _getExecPath() - openvpnPath := filepath.Join(execPath, "../../../", "openvpn.leap") + openvpnPath := filepath.Join(getHelperDir(), "openvpn.leap") log.Println(">>> DEBUG: openvpn", openvpnPath) return openvpnPath } @@ -203,7 +201,7 @@ func loadBitmaskAnchor() error { } func getRulefilePath() (string, error) { - rulefilePath := filepath.Join(getHelperPath(), "helper", "bitmask.pf.conf") + rulefilePath := filepath.Join(getHelperDir(), "helper", "bitmask.pf.conf") log.Println("DEBUG: rule file path", rulefilePath) if _, err := os.Stat(rulefilePath); !os.IsNotExist(err) { diff --git a/pkg/vpn/launcher.go b/pkg/vpn/launcher.go index e18fdc6..234a89c 100644 --- a/pkg/vpn/launcher.go +++ b/pkg/vpn/launcher.go @@ -1,5 +1,5 @@ // +build !linux -// Copyright (C) 2018 LEAP +// Copyright (C) 2018-2020 LEAP // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -51,12 +51,12 @@ func probeHelperPort(port int) int { break } } + log.Println("WARN: Cannot find working helper") return 0 } func smellsLikeOurHelperSpirit(port int, c *http.Client) bool { uri := "http://localhost:" + strconv.Itoa(port) + "/version" - log.Println("probing for helper at", uri) resp, err := c.Get(uri) if err != nil { return false @@ -68,9 +68,10 @@ func smellsLikeOurHelperSpirit(port int, c *http.Client) bool { return false } if strings.Contains(string(ver), config.ApplicationName) { + log.Println("DEBUG: Successfully probed for matching helper at", uri) return true } else { - log.Println("Another helper replied to our version request:", string(ver)) + log.Println("DEBUG: Another helper seems to be running:", string(ver)) } } return false @@ -157,7 +158,8 @@ func (l *launcher) send(path string, body []byte) error { resErr, err := ioutil.ReadAll(res.Body) if len(resErr) > 0 { - return fmt.Errorf("Helper returned an error: %q", resErr) + /* FIXME why do we trigger a fatal with this error? */ + return fmt.Errorf("FATAL: Helper returned an error: %q", resErr) } return err } |