From eead4d0046995c11314347b5963a7b4770a1c86e Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Tue, 2 Jul 2019 18:14:51 +0200 Subject: [feat] add make prepare target to Makefile --- branding/README.txt | 21 +++++++++ branding/assets/default | 1 - branding/check-ca-crt.py | 46 ------------------- branding/config.go.tmpl | 32 ------------- branding/config/calyx-ca.crt | 31 +++++++++++++ branding/config/vendor.conf | 20 ++++++-- branding/scripts/check-ca-crt.py | 26 ++++++++--- branding/scripts/vendorize.py | 24 ++++++++-- branding/template/config.go | 13 ++---- branding/vendorize.py | 99 ---------------------------------------- 10 files changed, 112 insertions(+), 201 deletions(-) create mode 100644 branding/README.txt delete mode 120000 branding/assets/default delete mode 100755 branding/check-ca-crt.py delete mode 100644 branding/config.go.tmpl create mode 100644 branding/config/calyx-ca.crt delete mode 100755 branding/vendorize.py (limited to 'branding') diff --git a/branding/README.txt b/branding/README.txt new file mode 100644 index 0000000..3601524 --- /dev/null +++ b/branding/README.txt @@ -0,0 +1,21 @@ +Branding for BitmaskVPN +================================================================================ + +This folder contains everything that is needed to generate a customized built of +BitmaskVPN for your provider. + + +Configure +-------------------------------------------------------------------------------- + +- Edit the file at 'branding/config/vendor.conf'. Add all the needed variables. +- Copy your provider CA certificate to 'branding/config/-ca.crt' +- Make sure that the folder 'branding/assets/' exists. Copy there all the needed assets. + +Build +-------------------------------------------------------------------------------- + +Run: + +PROVIDER=example.org make generate +make build diff --git a/branding/assets/default b/branding/assets/default deleted file mode 120000 index f0a0a64..0000000 --- a/branding/assets/default +++ /dev/null @@ -1 +0,0 @@ -riseup \ No newline at end of file diff --git a/branding/check-ca-crt.py b/branding/check-ca-crt.py deleted file mode 100755 index 6462467..0000000 --- a/branding/check-ca-crt.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python3 -import re -import sys -import urllib.request - -SCRIPT_NAME = 'check-ca-crt.py' - -USAGE = '''Check that the stored provider CA matches the one announced online. -Usage: {name} - -Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME) - - -def getLocalCert(provider): - sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() - with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt: - return crt.read().strip() - - -def getRemoteCert(uri): - fp = urllib.request.urlopen('https://' + uri + '/ca.crt') - remote_cert = fp.read().decode('utf-8').strip() - fp.close() - return remote_cert - - -if __name__ == '__main__': - - if len(sys.argv) != 3: - print('[!] Not enough arguments') - print(USAGE) - sys.exit(1) - - provider = sys.argv[1] - uri = sys.argv[2] - - local = getLocalCert(provider) - remote = getRemoteCert(uri) - - try: - assert local == remote - except AssertionError: - print('[!] ERROR: remote and local CA certs do not match') - sys.exit(1) - else: - print('OK') diff --git a/branding/config.go.tmpl b/branding/config.go.tmpl deleted file mode 100644 index c3a9a33..0000000 --- a/branding/config.go.tmpl +++ /dev/null @@ -1,32 +0,0 @@ -/* - DO NOT EDIT -------------------------------------------------- - - This file has been automatically generated by `go generate`. - Any changes will be overriden. - - DO NOT EDIT -------------------------------------------------- -*/ - -package config - -/* All these constants are defined in the vendor.conf file -*/ -const ( - Provider = "$providerURL" - ApplicationName = "$applicationName" - BinaryName = "$binaryName" - DonateURL = "$donateURL" - HelpURL = "$helpURL" - TosURL = "$tosURL" - APIURL = "$apiURL" - GeolocationAPI = "$geolocationAPI" -) - -/* - -CaCert : a string containing a representation of the provider CA, used to - sign the webapp and openvpn certificates. should be placed in - config/[provider]-ca.crt - -*/ -var CaCert = []byte(`$caCertString`) diff --git a/branding/config/calyx-ca.crt b/branding/config/calyx-ca.crt new file mode 100644 index 0000000..2923144 --- /dev/null +++ b/branding/config/calyx-ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBEMQ4wDAYDVQQKDAVjYWx5 +eDEaMBgGA1UECwwRaHR0cHM6Ly9jYWx5eC5uZXQxFjAUBgNVBAMMDWNhbHl4IFJv +b3QgQ0EwHhcNMTMwNzAyMDAwMDAwWhcNMjMwNzAyMDAwMDAwWjBEMQ4wDAYDVQQK +DAVjYWx5eDEaMBgGA1UECwwRaHR0cHM6Ly9jYWx5eC5uZXQxFjAUBgNVBAMMDWNh +bHl4IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDupdnx +Bgat537XOqrZOulE/RvjoXB1S07sy9/MMtksXFoQuWJZRCSTp1Jaqg3H/e9o1nct +LQO91+izfJe07TUyajFl7CfllYgMeyKTYcT85dFwNX4pcIHZr8UpmO0MpGBoR4W1 +8cPa3vxAG0CsyUmrASJVyhRouk4qazRosM5RwBxTdMzCK7L3SwqPQoxlY9YmRJlD +XYZlK5VMJd0dj9XxhMeFs5n43R0bsDENryrExSbuxoNfnUoQg3wffKk+Z0gW7YgW +ivPsbObqOgXUuBEU0xr9xMNBpU33ffLIsccrHq1EKp8zGfCOcww6v7+zEadUkVLo +6j/rRhYYgRw9lijZG1rMuV/mTGnUqbjHsdoz5mzkFFWeTSqo44lvhveUyCcwRNmi +2sjS77l0fCTzfreufffFoOEcRVMRfsnJdu/xPeARoXILEx8nQ421mSn6spOZlDQr +Tt0T0BAWt+VNc+m0IGSW3SwS7r5MUyQ/M5GrbQBGi5W2SzPriKZ79YTOwPVmXKLZ +vJoEuKRDkEPJLBAhcD5oSQljOm/Wp/hjmRH4HnI1y4XMshWlDsyRDB1Au5yrsfwN +noFVSskEcbXlZfNgml4lktLBqz+qwsw+voq6Ak7ROKbc0ii5s8+iNMbAtIK7GcFF +kuKKIyRmmGlDim/SDhlNdWo7Ah4Akde7zfWufwIDAQABo2AwXjAdBgNVHQ4EFgQU +AY8+K4ZupAQ+L9ttFJG3vaLBq5gwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMB +Af8wHwYDVR0jBBgwFoAUAY8+K4ZupAQ+L9ttFJG3vaLBq5gwDQYJKoZIhvcNAQEN +BQADggIBAOpXi5o3g/2o2rPa53iG7Zgcy8RpePGgZk6xknGYWeLamEqSh+XWQZ2w +2kQP54bf8HfPj3ugJBWsVtYAs/ltJwzeBfYDrwEJd1N8tw2IRuGlQOWiTAVVLBj4 +Zs+dikSuMoA399f/7BlUIEpVLUiV/emTtbkjFnDeKEV9zql6ypR0BtR8Knf8ALvL +YfMsWLvTe4rXeypzxIaE2pn8ttcXLYAX0ml2MofTi5xcDhMn1vznKIvs82xhncQx +I1MJMWqPHNHgJUJpA+y1IFh5LPbpag9PKQ0yQ9sM+/dyGumF2jElsMw71flh/Txr +2dEv8+FNV1pPK26XJZBK24rNWFs30eAFfH9EQCwVla174I4PDoWqsIR7vtQMObDt +Bq34R3TjjJJIt2sCSlYLooWwiK7Q+d/SgYqA+MSDmmwhzm86ToK6cwbCsvuw1AxR +X6VIs4U8wOotgljzX/CSpKqlxcqZjhnAuelZ1+KiN8RHKPj7AzSLYOv/YwTjLTIq +EOxquoNR58uDa5pBG22a7xWbSaKosn/mEl8SrUr6klzzc8Vh09IMoxrw74uLdAg2 +1jnrhm7qg91Ttb0aXiqbV+Kg/qQzojdewnnoBFnv4jaQ3y8zDCfMhsBtWlWz4Knb +Zqga1WyRm3Gj1j6IV0oOincYMrw5YA7bgXpwop/Lo/mmliMA14ps +-----END CERTIFICATE----- diff --git a/branding/config/vendor.conf b/branding/config/vendor.conf index ee5aa36..12fca4e 100644 --- a/branding/config/vendor.conf +++ b/branding/config/vendor.conf @@ -8,17 +8,31 @@ provider = riseup name = Riseup applicationName = RiseupVPN binaryName = riseup-vpn + providerURL = riseup.net +apiURL = https://api.black.riseup.net/ +caURL = https://black.riseup.net/ca.crt + tosURL = https://riseup.net/tos helpURL = https://riseup.net/support -donateURL = https://riseup.net/donate -apiURL = https://api.black.riseup.net/ + geolocationAPI = https://api.black.riseup.net:9001/json +askForDonations = true +donateURL = https://riseup.net/donate + [calyx] name = Calyx applicationName = CalyxVPN binaryName = calyx-vpn -apiURL = https://calyx.org +providerURL = https://calyx.net +tosURL = https://calyx.net/tos +helpURL = https://calyx.net/support +apiURL = https://api.calyx.net:4430/ +caURL = https://calyx.net/ca.crt +geolocationAPI = https://api.black.riseup.net:9001/json + +askForDonations = true +donateURL = http://example.org diff --git a/branding/scripts/check-ca-crt.py b/branding/scripts/check-ca-crt.py index 6462467..431d059 100755 --- a/branding/scripts/check-ca-crt.py +++ b/branding/scripts/check-ca-crt.py @@ -1,29 +1,37 @@ #!/usr/bin/env python3 import re import sys +import configparser import urllib.request SCRIPT_NAME = 'check-ca-crt.py' USAGE = '''Check that the stored provider CA matches the one announced online. -Usage: {name} +Usage: {name} -Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME) +Example: {name} riseup branding/config/vendor.conf'''.format(name=SCRIPT_NAME) def getLocalCert(provider): sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() - with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt: + with open('branding/config/' + '{provider}-ca.crt'.format(provider=sanitized)) as crt: return crt.read().strip() def getRemoteCert(uri): - fp = urllib.request.urlopen('https://' + uri + '/ca.crt') + fp = urllib.request.urlopen(uri) remote_cert = fp.read().decode('utf-8').strip() fp.close() return remote_cert +def getUriForProvider(provider, configfile): + c = configparser.ConfigParser() + c.read(configfile) + return c[provider]['caURL'] + + if __name__ == '__main__': if len(sys.argv) != 3: @@ -32,7 +40,13 @@ if __name__ == '__main__': sys.exit(1) provider = sys.argv[1] - uri = sys.argv[2] + config = sys.argv[2] + + try: + uri = getUriForProvider(provider, config) + except IndexError: + print('[!] Misconfigured provider') + sys.exit(1) local = getLocalCert(provider) remote = getRemoteCert(uri) @@ -43,4 +57,4 @@ if __name__ == '__main__': print('[!] ERROR: remote and local CA certs do not match') sys.exit(1) else: - print('OK') + print('OK: local CA matches what provider announces') diff --git a/branding/scripts/vendorize.py b/branding/scripts/vendorize.py index 46cc1e6..c600967 100755 --- a/branding/scripts/vendorize.py +++ b/branding/scripts/vendorize.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 +import datetime import os import sys @@ -12,11 +13,20 @@ CONFIGFILE = 'config/vendor.conf' SCRIPT_NAME = 'vendorize' -def getProviderData(config): - default = config['default']['provider'] - print("[+] Configured provider:", default) +def getDefaultProvider(config): + provider = os.environ.get('PROVIDER') + if provider: + print('[+] Got provider {} from environemnt'.format(provider)) + else: + print('[+] Using default provider from config file') + provider = config['default']['provider'] + return provider + - c = config[default] +def getProviderData(provider, config): + print("[+] Configured provider:", provider) + + c = config[provider] d = dict() keys = ('name', 'applicationName', 'binaryName', @@ -26,6 +36,9 @@ def getProviderData(config): for value in keys: d[value] = c.get(value) + d['timeStamp'] = '{:%Y-%m-%d %H:%M:%S}'.format( + datetime.datetime.now()) + return d @@ -90,7 +103,8 @@ if __name__ == "__main__": config = configparser.ConfigParser() config.read(configfile) - data = getProviderData(config) + provider = getDefaultProvider(config) + data = getProviderData(provider, config) addCaData(data, configfile) writeOutput(data, infile, outfile) diff --git a/branding/template/config.go b/branding/template/config.go index c3a9a33..67908c0 100644 --- a/branding/template/config.go +++ b/branding/template/config.go @@ -1,16 +1,11 @@ -/* - DO NOT EDIT -------------------------------------------------- - - This file has been automatically generated by `go generate`. - Any changes will be overriden. - - DO NOT EDIT -------------------------------------------------- -*/ +// Code generated by go generate; DO NOT EDIT. +// This file was generated by vendorize.py +// At $timeStamp package config /* All these constants are defined in the vendor.conf file -*/ + */ const ( Provider = "$providerURL" ApplicationName = "$applicationName" diff --git a/branding/vendorize.py b/branding/vendorize.py deleted file mode 100755 index 46cc1e6..0000000 --- a/branding/vendorize.py +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env python3 - -import os -import sys - -from string import Template -import configparser - -OUTFILE = 'config.go' -INFILE = 'config.go.tmpl' -CONFIGFILE = 'config/vendor.conf' -SCRIPT_NAME = 'vendorize' - - -def getProviderData(config): - default = config['default']['provider'] - print("[+] Configured provider:", default) - - c = config[default] - d = dict() - - keys = ('name', 'applicationName', 'binaryName', - 'providerURL', 'tosURL', 'helpURL', - 'donateURL', 'apiURL', 'geolocationAPI', 'caCertString') - - for value in keys: - d[value] = c.get(value) - - return d - - -def addCaData(data, configfile): - provider = data.get('name').lower() - folder, f = os.path.split(configfile) - caFile = os.path.join(folder, provider + '-ca.crt') - if not os.path.isfile(caFile): - bail('[!] Cannot find CA file in {path}'.format(path=caFile)) - with open(caFile) as ca: - data['caCertString'] = ca.read().strip() - - -def writeOutput(data, infile, outfile): - - with open(infile) as infile: - s = Template(infile.read()) - - with open(outfile, 'w') as outf: - outf.write(s.substitute(data)) - - -def bail(msg=None): - if not msg: - print('Usage: {scriptname}.py