summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorkali <kali@leap.se>2013-02-15 09:31:51 +0900
committerkali <kali@leap.se>2013-02-15 09:31:51 +0900
commit9cea9c8a34343f8792d65b96f93ae22bd8685878 (patch)
tree9f512367b1d47ced5614702a00f3ff0a8fe746d7 /pkg
parent7159734ec6c0b76fc7f3737134cd22fdaaaa7d58 (diff)
parent1032e07a50c8bb265ff9bd31b3bb00e83ddb451e (diff)
Merge branch 'release/v0.2.0'
Conflicts: README.txt
Diffstat (limited to 'pkg')
-rw-r--r--pkg/__init__.py0
-rw-r--r--pkg/branding/__init__.py15
-rw-r--r--pkg/branding/config.py11
-rw-r--r--pkg/dev-reqs.pip4
-rw-r--r--pkg/distribute_setup.py515
-rwxr-xr-xpkg/install_pyqt.sh10
-rw-r--r--pkg/install_venv.py247
-rw-r--r--pkg/linux/README4
-rw-r--r--pkg/linux/leap.desktop13
-rw-r--r--pkg/linux/polkit/net.openvpn.gui.leap.policy23
-rwxr-xr-xpkg/linux/resolv-update90
-rw-r--r--pkg/osx/Info.plist22
-rw-r--r--pkg/osx/Makefile46
-rw-r--r--pkg/osx/README.rst60
-rw-r--r--pkg/osx/install/ProcessNetworkChanges.plist.template16
-rwxr-xr-xpkg/osx/install/client.down.sh146
-rwxr-xr-xpkg/osx/install/client.up.sh596
-rwxr-xr-xpkg/osx/install/install-leapc.sh17
-rw-r--r--pkg/osx/install/leap-installer.platypus90
-rw-r--r--pkg/osx/leap-client.spec36
-rwxr-xr-xpkg/postmkvenv.sh38
-rw-r--r--pkg/requirements.pip17
-rw-r--r--pkg/scripts/leap_client_bootstrap.sh50
-rw-r--r--pkg/test-requirements.pip8
-rwxr-xr-xpkg/tools/with_venv.sh4
-rw-r--r--pkg/utils.py42
26 files changed, 2120 insertions, 0 deletions
diff --git a/pkg/__init__.py b/pkg/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/pkg/__init__.py
diff --git a/pkg/branding/__init__.py b/pkg/branding/__init__.py
new file mode 100644
index 00000000..0bd6befb
--- /dev/null
+++ b/pkg/branding/__init__.py
@@ -0,0 +1,15 @@
+from .config import APP_BASE_NAME, APP_PREFIX, BRANDED_BUILD, BRANDED_OPTS
+
+
+def get_name():
+ if BRANDED_BUILD is True:
+ return APP_PREFIX + BRANDED_OPTS.get('short_name', 'name_unknown')
+ else:
+ return APP_BASE_NAME
+
+
+def get_shortname():
+ if BRANDED_BUILD is True:
+ return BRANDED_OPTS.get('short_name', 'name_unknown')
+
+__all__ = ['get_name']
diff --git a/pkg/branding/config.py b/pkg/branding/config.py
new file mode 100644
index 00000000..bcacc3bc
--- /dev/null
+++ b/pkg/branding/config.py
@@ -0,0 +1,11 @@
+# Configuration file for branding
+
+BRANDED_BUILD = False
+
+APP_BASE_NAME = "leap-client"
+APP_PREFIX = "%s-" % APP_BASE_NAME
+
+BRANDED_OPTS = {
+ 'short_name': "",
+ 'provider_domain': "",
+ 'provider_ca_path': ""}
diff --git a/pkg/dev-reqs.pip b/pkg/dev-reqs.pip
new file mode 100644
index 00000000..44799a26
--- /dev/null
+++ b/pkg/dev-reqs.pip
@@ -0,0 +1,4 @@
+ipython
+ipdb
+pdb4qt
+pygeoip
diff --git a/pkg/distribute_setup.py b/pkg/distribute_setup.py
new file mode 100644
index 00000000..8f5b0637
--- /dev/null
+++ b/pkg/distribute_setup.py
@@ -0,0 +1,515 @@
+#!python
+"""Bootstrap distribute installation
+
+If you want to use setuptools in your package's setup.py, just include this
+file in the same directory with it, and add this to the top of your setup.py::
+
+ from distribute_setup import use_setuptools
+ use_setuptools()
+
+If you want to require a specific version of setuptools, set a download
+mirror, or use an alternate download directory, you can do so by supplying
+the appropriate options to ``use_setuptools()``.
+
+This file can also be run as a script to install or upgrade setuptools.
+"""
+import os
+import sys
+import time
+import fnmatch
+import tempfile
+import tarfile
+from distutils import log
+
+try:
+ from site import USER_SITE
+except ImportError:
+ USER_SITE = None
+
+try:
+ import subprocess
+
+ def _python_cmd(*args):
+ args = (sys.executable,) + args
+ return subprocess.call(args) == 0
+
+except ImportError:
+ # will be used for python 2.3
+ def _python_cmd(*args):
+ args = (sys.executable,) + args
+ # quoting arguments if windows
+ if sys.platform == 'win32':
+ def quote(arg):
+ if ' ' in arg:
+ return '"%s"' % arg
+ return arg
+ args = [quote(arg) for arg in args]
+ return os.spawnl(os.P_WAIT, sys.executable, *args) == 0
+
+DEFAULT_VERSION = "0.6.28"
+DEFAULT_URL = "http://pypi.python.org/packages/source/d/distribute/"
+SETUPTOOLS_FAKED_VERSION = "0.6c11"
+
+SETUPTOOLS_PKG_INFO = """\
+Metadata-Version: 1.0
+Name: setuptools
+Version: %s
+Summary: xxxx
+Home-page: xxx
+Author: xxx
+Author-email: xxx
+License: xxx
+Description: xxx
+""" % SETUPTOOLS_FAKED_VERSION
+
+
+def _install(tarball, install_args=()):
+ # extracting the tarball
+ tmpdir = tempfile.mkdtemp()
+ log.warn('Extracting in %s', tmpdir)
+ old_wd = os.getcwd()
+ try:
+ os.chdir(tmpdir)
+ tar = tarfile.open(tarball)
+ _extractall(tar)
+ tar.close()
+
+ # going in the directory
+ subdir = os.path.join(tmpdir, os.listdir(tmpdir)[0])
+ os.chdir(subdir)
+ log.warn('Now working in %s', subdir)
+
+ # installing
+ log.warn('Installing Distribute')
+ if not _python_cmd('setup.py', 'install', *install_args):
+ log.warn('Something went wrong during the installation.')
+ log.warn('See the error message above.')
+ finally:
+ os.chdir(old_wd)
+
+
+def _build_egg(egg, tarball, to_dir):
+ # extracting the tarball
+ tmpdir = tempfile.mkdtemp()
+ log.warn('Extracting in %s', tmpdir)
+ old_wd = os.getcwd()
+ try:
+ os.chdir(tmpdir)
+ tar = tarfile.open(tarball)
+ _extractall(tar)
+ tar.close()
+
+ # going in the directory
+ subdir = os.path.join(tmpdir, os.listdir(tmpdir)[0])
+ os.chdir(subdir)
+ log.warn('Now working in %s', subdir)
+
+ # building an egg
+ log.warn('Building a Distribute egg in %s', to_dir)
+ _python_cmd('setup.py', '-q', 'bdist_egg', '--dist-dir', to_dir)
+
+ finally:
+ os.chdir(old_wd)
+ # returning the result
+ log.warn(egg)
+ if not os.path.exists(egg):
+ raise IOError('Could not build the egg.')
+
+
+def _do_download(version, download_base, to_dir, download_delay):
+ egg = os.path.join(to_dir, 'distribute-%s-py%d.%d.egg'
+ % (version, sys.version_info[0], sys.version_info[1]))
+ if not os.path.exists(egg):
+ tarball = download_setuptools(version, download_base,
+ to_dir, download_delay)
+ _build_egg(egg, tarball, to_dir)
+ sys.path.insert(0, egg)
+ import setuptools
+ setuptools.bootstrap_install_from = egg
+
+
+def use_setuptools(version=DEFAULT_VERSION, download_base=DEFAULT_URL,
+ to_dir=os.curdir, download_delay=15, no_fake=True):
+ # making sure we use the absolute path
+ to_dir = os.path.abspath(to_dir)
+ was_imported = 'pkg_resources' in sys.modules or \
+ 'setuptools' in sys.modules
+ try:
+ try:
+ import pkg_resources
+ if not hasattr(pkg_resources, '_distribute'):
+ if not no_fake:
+ _fake_setuptools()
+ raise ImportError
+ except ImportError:
+ return _do_download(version, download_base, to_dir, download_delay)
+ try:
+ pkg_resources.require("distribute>=" + version)
+ return
+ except pkg_resources.VersionConflict:
+ e = sys.exc_info()[1]
+ if was_imported:
+ sys.stderr.write(
+ "The required version of distribute (>=%s) is not available,\n"
+ "and can't be installed while this script is running. Please\n"
+ "install a more recent version first, using\n"
+ "'easy_install -U distribute'."
+ "\n\n(Currently using %r)\n" % (version, e.args[0]))
+ sys.exit(2)
+ else:
+ del pkg_resources, sys.modules['pkg_resources'] # reload ok
+ return _do_download(version, download_base, to_dir,
+ download_delay)
+ except pkg_resources.DistributionNotFound:
+ return _do_download(version, download_base, to_dir,
+ download_delay)
+ finally:
+ if not no_fake:
+ _create_fake_setuptools_pkg_info(to_dir)
+
+
+def download_setuptools(version=DEFAULT_VERSION, download_base=DEFAULT_URL,
+ to_dir=os.curdir, delay=15):
+ """Download distribute from a specified location and return its filename
+
+ `version` should be a valid distribute version number that is available
+ as an egg for download under the `download_base` URL (which should end
+ with a '/'). `to_dir` is the directory where the egg will be downloaded.
+ `delay` is the number of seconds to pause before an actual download
+ attempt.
+ """
+ # making sure we use the absolute path
+ to_dir = os.path.abspath(to_dir)
+ try:
+ from urllib.request import urlopen
+ except ImportError:
+ from urllib2 import urlopen
+ tgz_name = "distribute-%s.tar.gz" % version
+ url = download_base + tgz_name
+ saveto = os.path.join(to_dir, tgz_name)
+ src = dst = None
+ if not os.path.exists(saveto): # Avoid repeated downloads
+ try:
+ log.warn("Downloading %s", url)
+ src = urlopen(url)
+ # Read/write all in one block, so we don't create a corrupt file
+ # if the download is interrupted.
+ data = src.read()
+ dst = open(saveto, "wb")
+ dst.write(data)
+ finally:
+ if src:
+ src.close()
+ if dst:
+ dst.close()
+ return os.path.realpath(saveto)
+
+
+def _no_sandbox(function):
+ def __no_sandbox(*args, **kw):
+ try:
+ from setuptools.sandbox import DirectorySandbox
+ if not hasattr(DirectorySandbox, '_old'):
+ def violation(*args):
+ pass
+ DirectorySandbox._old = DirectorySandbox._violation
+ DirectorySandbox._violation = violation
+ patched = True
+ else:
+ patched = False
+ except ImportError:
+ patched = False
+
+ try:
+ return function(*args, **kw)
+ finally:
+ if patched:
+ DirectorySandbox._violation = DirectorySandbox._old
+ del DirectorySandbox._old
+
+ return __no_sandbox
+
+
+def _patch_file(path, content):
+ """Will backup the file then patch it"""
+ existing_content = open(path).read()
+ if existing_content == content:
+ # already patched
+ log.warn('Already patched.')
+ return False
+ log.warn('Patching...')
+ _rename_path(path)
+ f = open(path, 'w')
+ try:
+ f.write(content)
+ finally:
+ f.close()
+ return True
+
+_patch_file = _no_sandbox(_patch_file)
+
+
+def _same_content(path, content):
+ return open(path).read() == content
+
+
+def _rename_path(path):
+ new_name = path + '.OLD.%s' % time.time()
+ log.warn('Renaming %s into %s', path, new_name)
+ os.rename(path, new_name)
+ return new_name
+
+
+def _remove_flat_installation(placeholder):
+ if not os.path.isdir(placeholder):
+ log.warn('Unkown installation at %s', placeholder)
+ return False
+ found = False
+ for file in os.listdir(placeholder):
+ if fnmatch.fnmatch(file, 'setuptools*.egg-info'):
+ found = True
+ break
+ if not found:
+ log.warn('Could not locate setuptools*.egg-info')
+ return
+
+ log.warn('Removing elements out of the way...')
+ pkg_info = os.path.join(placeholder, file)
+ if os.path.isdir(pkg_info):
+ patched = _patch_egg_dir(pkg_info)
+ else:
+ patched = _patch_file(pkg_info, SETUPTOOLS_PKG_INFO)
+
+ if not patched:
+ log.warn('%s already patched.', pkg_info)
+ return False
+ # now let's move the files out of the way
+ for element in ('setuptools', 'pkg_resources.py', 'site.py'):
+ element = os.path.join(placeholder, element)
+ if os.path.exists(element):
+ _rename_path(element)
+ else:
+ log.warn('Could not find the %s element of the '
+ 'Setuptools distribution', element)
+ return True
+
+_remove_flat_installation = _no_sandbox(_remove_flat_installation)
+
+
+def _after_install(dist):
+ log.warn('After install bootstrap.')
+ placeholder = dist.get_command_obj('install').install_purelib
+ _create_fake_setuptools_pkg_info(placeholder)
+
+
+def _create_fake_setuptools_pkg_info(placeholder):
+ if not placeholder or not os.path.exists(placeholder):
+ log.warn('Could not find the install location')
+ return
+ pyver = '%s.%s' % (sys.version_info[0], sys.version_info[1])
+ setuptools_file = 'setuptools-%s-py%s.egg-info' % \
+ (SETUPTOOLS_FAKED_VERSION, pyver)
+ pkg_info = os.path.join(placeholder, setuptools_file)
+ if os.path.exists(pkg_info):
+ log.warn('%s already exists', pkg_info)
+ return
+
+ if not os.access(pkg_info, os.W_OK):
+ log.warn("Don't have permissions to write %s, skipping", pkg_info)
+
+ log.warn('Creating %s', pkg_info)
+ f = open(pkg_info, 'w')
+ try:
+ f.write(SETUPTOOLS_PKG_INFO)
+ finally:
+ f.close()
+
+ pth_file = os.path.join(placeholder, 'setuptools.pth')
+ log.warn('Creating %s', pth_file)
+ f = open(pth_file, 'w')
+ try:
+ f.write(os.path.join(os.curdir, setuptools_file))
+ finally:
+ f.close()
+
+_create_fake_setuptools_pkg_info = _no_sandbox(
+ _create_fake_setuptools_pkg_info
+)
+
+
+def _patch_egg_dir(path):
+ # let's check if it's already patched
+ pkg_info = os.path.join(path, 'EGG-INFO', 'PKG-INFO')
+ if os.path.exists(pkg_info):
+ if _same_content(pkg_info, SETUPTOOLS_PKG_INFO):
+ log.warn('%s already patched.', pkg_info)
+ return False
+ _rename_path(path)
+ os.mkdir(path)
+ os.mkdir(os.path.join(path, 'EGG-INFO'))
+ pkg_info = os.path.join(path, 'EGG-INFO', 'PKG-INFO')
+ f = open(pkg_info, 'w')
+ try:
+ f.write(SETUPTOOLS_PKG_INFO)
+ finally:
+ f.close()
+ return True
+
+_patch_egg_dir = _no_sandbox(_patch_egg_dir)
+
+
+def _before_install():
+ log.warn('Before install bootstrap.')
+ _fake_setuptools()
+
+
+def _under_prefix(location):
+ if 'install' not in sys.argv:
+ return True
+ args = sys.argv[sys.argv.index('install') + 1:]
+ for index, arg in enumerate(args):
+ for option in ('--root', '--prefix'):
+ if arg.startswith('%s=' % option):
+ top_dir = arg.split('root=')[-1]
+ return location.startswith(top_dir)
+ elif arg == option:
+ if len(args) > index:
+ top_dir = args[index + 1]
+ return location.startswith(top_dir)
+ if arg == '--user' and USER_SITE is not None:
+ return location.startswith(USER_SITE)
+ return True
+
+
+def _fake_setuptools():
+ log.warn('Scanning installed packages')
+ try:
+ import pkg_resources
+ except ImportError:
+ # we're cool
+ log.warn('Setuptools or Distribute does not seem to be installed.')
+ return
+ ws = pkg_resources.working_set
+ try:
+ setuptools_dist = ws.find(
+ pkg_resources.Requirement.parse('setuptools', replacement=False)
+ )
+ except TypeError:
+ # old distribute API
+ setuptools_dist = ws.find(
+ pkg_resources.Requirement.parse('setuptools')
+ )
+
+ if setuptools_dist is None:
+ log.warn('No setuptools distribution found')
+ return
+ # detecting if it was already faked
+ setuptools_location = setuptools_dist.location
+ log.warn('Setuptools installation detected at %s', setuptools_location)
+
+ # if --root or --preix was provided, and if
+ # setuptools is not located in them, we don't patch it
+ if not _under_prefix(setuptools_location):
+ log.warn('Not patching, --root or --prefix is installing Distribute'
+ ' in another location')
+ return
+
+ # let's see if its an egg
+ if not setuptools_location.endswith('.egg'):
+ log.warn('Non-egg installation')
+ res = _remove_flat_installation(setuptools_location)
+ if not res:
+ return
+ else:
+ log.warn('Egg installation')
+ pkg_info = os.path.join(setuptools_location, 'EGG-INFO', 'PKG-INFO')
+ if (os.path.exists(pkg_info) and
+ _same_content(pkg_info, SETUPTOOLS_PKG_INFO)):
+ log.warn('Already patched.')
+ return
+ log.warn('Patching...')
+ # let's create a fake egg replacing setuptools one
+ res = _patch_egg_dir(setuptools_location)
+ if not res:
+ return
+ log.warn('Patched done.')
+ _relaunch()
+
+
+def _relaunch():
+ log.warn('Relaunching...')
+ # we have to relaunch the process
+ # pip marker to avoid a relaunch bug
+ _cmd = ['-c', 'install', '--single-version-externally-managed']
+ if sys.argv[:3] == _cmd:
+ sys.argv[0] = 'setup.py'
+ args = [sys.executable] + sys.argv
+ sys.exit(subprocess.call(args))
+
+
+def _extractall(self, path=".", members=None):
+ """Extract all members from the archive to the current working
+ directory and set owner, modification time and permissions on
+ directories afterwards. `path' specifies a different directory
+ to extract to. `members' is optional and must be a subset of the
+ list returned by getmembers().
+ """
+ import copy
+ import operator
+ from tarfile import ExtractError
+ directories = []
+
+ if members is None:
+ members = self
+
+ for tarinfo in members:
+ if tarinfo.isdir():
+ # Extract directories with a safe mode.
+ directories.append(tarinfo)
+ tarinfo = copy.copy(tarinfo)
+ tarinfo.mode = 448 # decimal for oct 0700
+ self.extract(tarinfo, path)
+
+ # Reverse sort directories.
+ if sys.version_info < (2, 4):
+ def sorter(dir1, dir2):
+ return cmp(dir1.name, dir2.name)
+ directories.sort(sorter)
+ directories.reverse()
+ else:
+ directories.sort(key=operator.attrgetter('name'), reverse=True)
+
+ # Set correct owner, mtime and filemode on directories.
+ for tarinfo in directories:
+ dirpath = os.path.join(path, tarinfo.name)
+ try:
+ self.chown(tarinfo, dirpath)
+ self.utime(tarinfo, dirpath)
+ self.chmod(tarinfo, dirpath)
+ except ExtractError:
+ e = sys.exc_info()[1]
+ if self.errorlevel > 1:
+ raise
+ else:
+ self._dbg(1, "tarfile: %s" % e)
+
+
+def _build_install_args(argv):
+ install_args = []
+ user_install = '--user' in argv
+ if user_install and sys.version_info < (2, 6):
+ log.warn("--user requires Python 2.6 or later")
+ raise SystemExit(1)
+ if user_install:
+ install_args.append('--user')
+ return install_args
+
+
+def main(argv, version=DEFAULT_VERSION):
+ """Install or upgrade setuptools and EasyInstall"""
+ tarball = download_setuptools()
+ _install(tarball, _build_install_args(argv))
+
+
+if __name__ == '__main__':
+ main(sys.argv[1:])
diff --git a/pkg/install_pyqt.sh b/pkg/install_pyqt.sh
new file mode 100755
index 00000000..d6739816
--- /dev/null
+++ b/pkg/install_pyqt.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+pip install sip # fails
+cd build/sip
+python configure.py
+make && make install
+cd ../..
+pip install PyQt # fails
+cd build/PyQt
+python configure.py
+make && make install
diff --git a/pkg/install_venv.py b/pkg/install_venv.py
new file mode 100644
index 00000000..17dfb984
--- /dev/null
+++ b/pkg/install_venv.py
@@ -0,0 +1,247 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+# Copyright 2010 OpenStack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Installation script for Nova's development virtualenv
+"""
+
+import optparse
+import os
+import subprocess
+import sys
+
+ROOT = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+VENV = os.path.join(ROOT, '.venv')
+PIP_REQUIRES = os.path.join(ROOT, 'pkg', 'requirements.pip')
+TEST_REQUIRES = os.path.join(ROOT, 'pkg', 'test-requirements.pip')
+PY_VERSION = "python%s.%s" % (sys.version_info[0], sys.version_info[1])
+
+
+def die(message, *args):
+ print >> sys.stderr, message % args
+ sys.exit(1)
+
+
+def check_python_version():
+ if sys.version_info < (2, 6):
+ die("Need Python Version >= 2.6")
+
+
+def run_command_with_code(cmd, redirect_output=True, check_exit_code=True):
+ """
+ Runs a command in an out-of-process shell, returning the
+ output of that command. Working directory is ROOT.
+ """
+ if redirect_output:
+ stdout = subprocess.PIPE
+ else:
+ stdout = None
+
+ print 'executing command: %s', cmd
+ proc = subprocess.Popen(cmd, cwd=ROOT, stdout=stdout)
+ output = proc.communicate()[0]
+ if check_exit_code and proc.returncode != 0:
+ die('Command "%s" failed.\n%s', ' '.join(cmd), output)
+ return (output, proc.returncode)
+
+
+def run_command(cmd, redirect_output=True, check_exit_code=True):
+ return run_command_with_code(cmd, redirect_output, check_exit_code)[0]
+
+
+class Distro(object):
+
+ def check_cmd(self, cmd):
+ return bool(run_command(['which', cmd], check_exit_code=False).strip())
+
+ def install_virtualenv(self):
+ if self.check_cmd('virtualenv'):
+ return
+
+ if self.check_cmd('easy_install'):
+ print 'Installing virtualenv via easy_install...',
+ if run_command(['easy_install', 'virtualenv']):
+ print 'Succeeded'
+ return
+ else:
+ print 'Failed'
+
+ die('ERROR: virtualenv not found.\n\nDevelopment'
+ ' requires virtualenv, please install it using your'
+ ' favorite package management tool')
+
+ def post_process(self):
+ """Any distribution-specific post-processing gets done here.
+
+ In particular, this is useful for applying patches to code inside
+ the venv."""
+ pass
+
+
+class Debian(Distro):
+ """This covers all Debian-based distributions."""
+
+ def check_pkg(self, pkg):
+ return run_command_with_code(['dpkg', '-l', pkg],
+ check_exit_code=False)[1] == 0
+
+ def apt_install(self, pkg, **kwargs):
+ run_command(['sudo', 'apt-get', 'install', '-y', pkg], **kwargs)
+
+ def apply_patch(self, originalfile, patchfile):
+ run_command(['patch', originalfile, patchfile])
+
+ def post_process(self):
+ #symlink qt in virtualenv
+ run_command(['pkg/tools/with_venv.sh', 'pkg/postmkvenv.sh'])
+
+ def install_virtualenv(self):
+ if self.check_cmd('virtualenv'):
+ return
+
+ if not self.check_pkg('python-virtualenv'):
+ self.apt_install('python-virtualenv', check_exit_code=False)
+
+ super(Debian, self).install_virtualenv()
+
+
+class Fedora(Distro):
+ """This covers all Fedora-based distributions.
+
+ Includes: Fedora, RHEL, CentOS, Scientific Linux"""
+
+ def check_pkg(self, pkg):
+ return run_command_with_code(['rpm', '-q', pkg],
+ check_exit_code=False)[1] == 0
+
+ def yum_install(self, pkg, **kwargs):
+ run_command(['sudo', 'yum', 'install', '-y', pkg], **kwargs)
+
+ def apply_patch(self, originalfile, patchfile):
+ run_command(['patch', originalfile, patchfile])
+
+ def install_virtualenv(self):
+ if self.check_cmd('virtualenv'):
+ return
+
+ if not self.check_pkg('python-virtualenv'):
+ self.yum_install('python-virtualenv', check_exit_code=False)
+
+ super(Fedora, self).install_virtualenv()
+
+
+def get_distro():
+ if os.path.exists('/etc/fedora-release') or \
+ os.path.exists('/etc/redhat-release'):
+ return Fedora()
+ elif os.path.exists('/etc/debian_version'):
+ return Debian()
+ else:
+ return Distro()
+
+
+def check_dependencies():
+ get_distro().install_virtualenv()
+
+
+def create_virtualenv(venv=VENV, no_site_packages=True):
+ """Creates the virtual environment and installs PIP only into the
+ virtual environment
+ """
+ print 'Creating venv...',
+ if no_site_packages:
+ #setuptools and virtualenv don't play nicely together,
+ #so we create the virtualenv with the distribute package instead.
+ #See: view-source:http://pypi.python.org/pypi/distribute
+ run_command(['virtualenv', '-q', '--distribute', '--no-site-packages', VENV])
+ else:
+ run_command(['virtualenv', '-q', '--distribute', VENV])
+ print 'done.'
+ print 'Installing pip in virtualenv...',
+ if not run_command(['pkg/tools/with_venv.sh', 'easy_install',
+ 'pip>1.0']).strip():
+ die("Failed to install pip.")
+ print 'done.'
+
+
+def pip_install(*args):
+ run_command(['pkg/tools/with_venv.sh',
+ 'pip', 'install', '--upgrade'] + list(args),
+ redirect_output=False)
+
+
+def install_dependencies(venv=VENV):
+ print 'Installing dependencies with pip (this can take a while)...'
+
+ # First things first, make sure our venv has the latest pip and distribute.
+ pip_install('pip')
+ pip_install('distribute')
+
+ pip_install('-r', PIP_REQUIRES)
+ pip_install('-r', TEST_REQUIRES)
+
+ # "
+ pthfile = os.path.join(venv, "lib", PY_VERSION, "site-packages",
+ "leap-client.pth")
+ f = open(pthfile, 'w')
+ f.write("%s\n" % ROOT)
+
+
+def post_process():
+ get_distro().post_process()
+
+
+def print_help():
+ help = """
+ To activate the leap virtualenv for the extent of your current
+ shell session you can run:
+
+ $ source .venv/bin/activate
+
+ Or, if you prefer, you can run commands in the virtualenv on a case by case
+ basis by running:
+
+ $ pkg/tools/with_venv.sh <your command>
+
+ Also, make test will automatically use the virtualenv.
+ """
+ print help
+
+
+def parse_args():
+ """Parse command-line arguments"""
+ parser = optparse.OptionParser()
+ parser.add_option("-n", "--no-site-packages", dest="no_site_packages",
+ default=False, action="store_true",
+ help="Do not inherit packages from global Python install")
+ return parser.parse_args()
+
+
+def main(argv):
+ (options, args) = parse_args()
+ check_python_version()
+ check_dependencies()
+ create_virtualenv(no_site_packages=options.no_site_packages)
+ install_dependencies()
+ post_process()
+ print_help()
+
+if __name__ == '__main__':
+ main(sys.argv)
diff --git a/pkg/linux/README b/pkg/linux/README
new file mode 100644
index 00000000..7410789b
--- /dev/null
+++ b/pkg/linux/README
@@ -0,0 +1,4 @@
+= Files =
+In GNU/Linux, we expect these files to be in place:
+
+resolv-update -> /etc/leap/resolv-update
diff --git a/pkg/linux/leap.desktop b/pkg/linux/leap.desktop
new file mode 100644
index 00000000..7a6d39d9
--- /dev/null
+++ b/pkg/linux/leap.desktop
@@ -0,0 +1,13 @@
+[Desktop Entry]
+Version=0.1.0
+Encoding=UTF-8
+Name=EIP
+Comment=Anonymity and privacy
+Comment[en]=Anonymity and privacy
+Comment[es]=Anonimato y privacidad
+Comment[sv]=Anonymitet och avlyssningsskydd
+Exec=leap
+Terminal=false
+Type=Application
+Icon=leap.png
+Categories=Network;
diff --git a/pkg/linux/polkit/net.openvpn.gui.leap.policy b/pkg/linux/polkit/net.openvpn.gui.leap.policy
new file mode 100644
index 00000000..50f991a3
--- /dev/null
+++ b/pkg/linux/polkit/net.openvpn.gui.leap.policy
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>LEAP Project</vendor>
+ <vendor_url>http://leap.se/</vendor_url>
+
+ <action id="net.openvpn,gui.leap.run-openvpn">
+ <description>Runs the openvpn binary</description>
+ <description xml:lang="es">Ejecuta el binario openvpn</description>
+ <message>OpenVPN needs that you authenticate to start</message>
+ <message xml:lang="es">OpenVPN necesita autorizacion para comenzar</message>
+ <icon_name>package-x-generic</icon_name>
+ <defaults>
+ <allow_any>yes</allow_any>
+ <allow_inactive>yes</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/openvpn</annotate>
+ </action>
+</policyconfig>
diff --git a/pkg/linux/resolv-update b/pkg/linux/resolv-update
new file mode 100755
index 00000000..a54802e3
--- /dev/null
+++ b/pkg/linux/resolv-update
@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+# Parses options from openvpn to update resolv.conf
+#
+# The only way to enforce that a linux system will not leak DNS
+# queries is to replace /etc/resolv.conf with a file that only
+# has the DNS resolver specified by the VPN.
+#
+# That is what this script does. This is what resolvconf is for,
+# but sadly it does not always work.
+#
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+function up() {
+
+ comment=$(
+cat <<SETVAR
+#
+# This is a temporary resolv.conf set by the LEAP Client in order to
+# strictly enforce that DNS lookups are secured by the VPN.
+#
+# When the LEAP Client quits or the VPN connection it manages is dropped,
+# this file will be replace with the regularly scheduled /etc/resolv.conf
+#
+# If you want custom entries to appear in this file while LEAP is running,
+# put them in /etc/leap/resolv-head or /etc/leap/resolv-tail. These files
+# should only be writable by root.
+#
+
+SETVAR
+)
+
+ if [ -f /etc/leap/resolv-head ] ; then
+ custom_head=$(cat /etc/leap/resolv-head)
+ else
+ custom_head=""
+ fi
+
+ if [ -f /etc/leap/resolv-tail ] ; then
+ custom_tail=$(cat /etc/leap/resolv-tail)
+ else
+ custom_tail=""
+ fi
+
+ for optionname in ${!foreign_option_*} ; do
+ option="${!optionname}"
+ echo $option
+ part1=$(echo "$option" | cut -d " " -f 1)
+ if [ "$part1" == "dhcp-option" ] ; then
+ part2=$(echo "$option" | cut -d " " -f 2)
+ part3=$(echo "$option" | cut -d " " -f 3)
+ if [ "$part2" == "DNS" ] ; then
+ IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+ fi
+ if [ "$part2" == "DOMAIN" ] ; then
+ IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
+ fi
+ fi
+ done
+ R=""
+ for SS in $IF_DNS_SEARCH ; do
+ R="${R}search $SS
+"
+ done
+ for NS in $IF_DNS_NAMESERVERS ; do
+ R="${R}nameserver $NS
+"
+ done
+ mv /etc/resolv.conf /etc/resolv.conf.bak
+ echo "$comment
+$custom_head
+$R
+$custom_tail" > /etc/resolv.conf
+}
+
+function down() {
+ if [ -f /etc/resolv.conf.bak ] ; then
+ unlink /etc/resolv.conf
+ mv /etc/resolv.conf.bak /etc/resolv.conf
+ fi
+}
+
+case $script_type in
+ up) up ;;
+ down) down ;;
+esac
diff --git a/pkg/osx/Info.plist b/pkg/osx/Info.plist
new file mode 100644
index 00000000..e90d920a
--- /dev/null
+++ b/pkg/osx/Info.plist
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDisplayName</key>
+ <string>leap-client</string>
+ <key>CFBundleExecutable</key>
+ <string>MacOS/app</string>
+ <key>CFBundleIconFile</key>
+ <string>icon-windowed.icns</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>leap-client</string>
+ <key>CFBundlePackageType</key>
+ <string>APPL</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1</string>
+ <key>LSBackgroundOnly</key>
+ <false/>
+</dict>
+</plist>
diff --git a/pkg/osx/Makefile b/pkg/osx/Makefile
new file mode 100644
index 00000000..f2520fcf
--- /dev/null
+++ b/pkg/osx/Makefile
@@ -0,0 +1,46 @@
+#WARNING: You need to run this with an activated VIRTUALENV.
+
+OSX = dist/LEAP\ Client.app/Contents/MacOS/
+GITC = `git rev-parse --short HEAD`
+DMG = "dist/leap-client-$(GITC).dmg"
+INST = "dist/LEAP Client installer.app"
+INSTR = "dist/LEAP Client installer.app/Contents/Resources"
+
+pkg : dist trim installer dmg
+
+dist :
+ ~/pyinstaller/pyinstaller.py -w -s leap-client.spec
+ cp -r /opt/local/Library/Frameworks/QtGui.framework/Versions/4/Resources/qt_menu.nib "dist/LEAP Client.app/Contents/Resources"
+ cp Info.plist "dist/LEAP Client.app/Contents/Info.plist"
+ cp ../../data/images/leap-client.icns "dist/LEAP Client.app/Contents/Resources/icon-windowed.icns"
+
+trim:
+ #XXX this should go properly in pyinstaller spec excludes, but going quick'n'dirty
+ rm $(OSX)QtSvg $(OSX)QtXml $(OSX)QtNetwork $(OSX)QtOpenGL $(OSX)Qt3Support $(OSX)QtSql
+
+installer:
+ #XXX need to fix some paths there (binary, etc)
+ platypus -P install/leap-installer.platypus -y $(INST)
+ #XXX should build tuntap extensions ourselves
+ mkdir $(INSTR)/StartupItems
+ mkdir $(INSTR)/Extensions
+ cp -r /opt/local/Library/StartupItems/tun $(INSTR)/StartupItems
+ cp -r /opt/local/Library/StartupItems/tap $(INSTR)/StartupItems
+ cp -r /opt/local/Library/Extensions/tun.kext $(INSTR)/Extensions
+ cp -r /opt/local/Library/Extensions/tap.kext $(INSTR)/Extensions
+ #copy the binary that we have previously built
+ #XXX not building it yet...
+ cp ../../openvpn/build/openvpn.leap $(INSTR)
+ #copy startup scripts
+ cp install/client.up.sh $(INSTR)
+ cp install/client.down.sh $(INSTR)
+ cp install/ProcessNetworkChanges.plist.template $(INSTR)
+ #Finally, copy application bundle...
+ cp -r "dist/LEAP Client.app" $(INSTR)
+
+dmg :
+ rm -f $(DMG)
+ hdiutil create -format UDBZ -srcfolder $(INST) $(DMG)
+
+clean :
+ rm -rf dist/ build/
diff --git a/pkg/osx/README.rst b/pkg/osx/README.rst
new file mode 100644
index 00000000..48d96ffb
--- /dev/null
+++ b/pkg/osx/README.rst
@@ -0,0 +1,60 @@
+environment setup in osx
+========================
+(I rm'd my README by mistake at some point. Re-do).
+
+basically you need this to setup your environment:
+
+# check and consolidate
+
+# install xcode and macports
+# port -v selfupdate
+# port install python26
+# port install python_select # unneeded?
+# port install py26-pyqt4
+# port install py26-twisted
+# port install py26-pip
+# port install py26-virtualenv
+# port install git-core
+# port install gnutls
+# port install platypus
+
+Requirements
+============
+pyinstaller (in ~/pyinstaller)
+platypus (tested with latest macports)
+
+... + install environment as usual,
+ inside virtualenv.
+
+.. note:: there is something missing here, about troubles building gnutls extension,
+ I think I ended by symlinking global install via macports.
+
+Pyinstaller fix for sip api
+---------------------------
+We need a workaround for setting the right sip api.
+Paste this in the top of pyinstaller/support/rthooks/pyi_rth_qt4plugins.py::
+
+ import sip
+ sip.setapi('QString', 2)
+ sip.setapi('QVariant', 2)
+
+See www.pyinstaller.org/wiki/Recipe/PyQtChangeApiVersion.
+
+Building the package
+====================
+
+Building the binary
+-------------------
+We use the scripts in openvpn/build.zsh
+The packaging Makefile is expecting the final binary in the location::
+
+ ../../openvpn/build/openvpn.leap
+
+Running the build
+-----------------
+IMPORTANT: activate the VIRTUALENV FIRST!
+(you will get an import error otherwise)
+
+For running all steps at once::
+
+ make pkg
diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template
new file mode 100644
index 00000000..faea8dee
--- /dev/null
+++ b/pkg/osx/install/ProcessNetworkChanges.plist.template
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>Label</key>
+ <string>net.tunnelblick.openvpn.process-network-changes</string>
+ <key>ProgramArguments</key>
+ <array>
+ <string>${DIR}/process-network-changes</string>
+ </array>
+ <key>WatchPaths</key>
+ <array>
+ <string>/Library/Preferences/SystemConfiguration</string>
+ </array>
+ </dict>
+</plist>
diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh
new file mode 100755
index 00000000..47f00ed7
--- /dev/null
+++ b/pkg/osx/install/client.down.sh
@@ -0,0 +1,146 @@
+#!/bin/bash -e
+# Note: must be bash; uses bash-specific tricks
+#
+# ******************************************************************************************************************
+# This Tunnelblick script does everything! It handles TUN and TAP interfaces,
+# pushed configurations and DHCP leases. :)
+#
+# This is the "Down" version of the script, executed after the connection is
+# closed.
+#
+# Created by: Nick Williams (using original code and parts of old Tblk scripts)
+#
+# ******************************************************************************************************************
+
+trap "" TSTP
+trap "" HUP
+trap "" INT
+export PATH="/bin:/sbin:/usr/sbin:/usr/bin"
+
+readonly LOG_MESSAGE_COMMAND=$(basename "${0}")
+
+# Quick check - is the configuration there?
+if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then
+ # Configuration isn't there, so we forget it
+ echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting."
+ exit 0
+fi
+
+# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift Tunnelblick options out of the argument list
+
+# Get info saved by the up script
+TUNNELBLICK_CONFIG="$(/usr/sbin/scutil <<-EOF
+ open
+ show State:/Network/OpenVPN
+ quit
+EOF)"
+
+ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')"
+LEASEWATCHER_PLIST_PATH="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')"
+PSID="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')"
+SCRIPT_LOG_FILE="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')"
+# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')"
+# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')"
+# Don't need: PROCESS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')"
+# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')"
+ARG_TAP="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')"
+bRouteGatewayIsDhcp="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')"
+
+# @param String message - The message to log
+logMessage()
+{
+ echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}"
+}
+
+trim()
+{
+ echo ${@}
+}
+
+if ${ARG_TAP} ; then
+ if [ "$bRouteGatewayIsDhcp" == "true" ]; then
+ if [ -z "$dev" ]; then
+ logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly."
+ else
+ set +e
+ ipconfig set "$dev" NONE 2>/dev/null
+ set -e
+ fi
+ fi
+fi
+
+# Issue warning if the primary service ID has changed
+PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF
+ open
+ show State:/Network/OpenVPN
+ quit
+EOF)"
+if [ "${PSID}" != "${PSID_CURRENT}" ] ; then
+ logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}"
+fi
+
+# Remove leasewatcher
+if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ launchctl unload "${LEASEWATCHER_PLIST_PATH}"
+ logMessage "Cancelled monitoring of system configuration changes"
+fi
+
+# Restore configurations
+DNS_OLD="$(/usr/sbin/scutil <<-EOF
+ open
+ show State:/Network/OpenVPN/OldDNS
+ quit
+EOF)"
+WINS_OLD="$(/usr/sbin/scutil <<-EOF
+ open
+ show State:/Network/OpenVPN/OldSMB
+ quit
+EOF)"
+TB_NO_SUCH_KEY="<dictionary> {
+ TunnelblickNoSuchKey : true
+}"
+
+if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then
+ scutil <<- EOF
+ open
+ remove State:/Network/Service/${PSID}/DNS
+ quit
+EOF
+else
+ scutil <<- EOF
+ open
+ get State:/Network/OpenVPN/OldDNS
+ set State:/Network/Service/${PSID}/DNS
+ quit
+EOF
+fi
+
+if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then
+ scutil <<- EOF
+ open
+ remove State:/Network/Service/${PSID}/SMB
+ quit
+EOF
+else
+ scutil <<- EOF
+ open
+ get State:/Network/OpenVPN/OldSMB
+ set State:/Network/Service/${PSID}/SMB
+ quit
+EOF
+fi
+
+logMessage "Restored the DNS and WINS configurations"
+
+# Remove our system configuration data
+scutil <<- EOF
+ open
+ remove State:/Network/OpenVPN/SMB
+ remove State:/Network/OpenVPN/DNS
+ remove State:/Network/OpenVPN/OldSMB
+ remove State:/Network/OpenVPN/OldDNS
+ remove State:/Network/OpenVPN
+ quit
+EOF
+
+exit 0
diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh
new file mode 100755
index 00000000..fc7e341a
--- /dev/null
+++ b/pkg/osx/install/client.up.sh
@@ -0,0 +1,596 @@
+#!/bin/bash -e
+# Note: must be bash; uses bash-specific tricks
+#
+# ******************************************************************************************************************
+# This Tunnelblick script does everything! It handles TUN and TAP interfaces,
+# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :)
+#
+# This is the "Up" version of the script, executed after the interface is
+# initialized.
+#
+# Created by: Nick Williams (using original code and parts of old Tblk scripts)
+#
+# ******************************************************************************************************************
+
+trap "" TSTP
+trap "" HUP
+trap "" INT
+export PATH="/bin:/sbin:/usr/sbin:/usr/bin"
+
+# Process optional arguments (if any) for the script
+# Each one begins with a "-"
+# They come from Tunnelblick, and come first, before the OpenVPN arguments
+# So we set ARG_ script variables to their values and shift them out of the argument list
+# When we're done, only the OpenVPN arguments remain for the rest of the script to use
+ARG_MONITOR_NETWORK_CONFIGURATION="false"
+ARG_RESTORE_ON_DNS_RESET="false"
+ARG_RESTORE_ON_WINS_RESET="false"
+ARG_TAP="false"
+ARG_IGNORE_OPTION_FLAGS=""
+
+while [ {$#} ] ; do
+ if [ "$1" = "-m" ] ; then # Handle the arguments we know about
+ ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values
+ shift # Then shift them out
+ elif [ "$1" = "-d" ] ; then
+ ARG_RESTORE_ON_DNS_RESET="true"
+ shift
+ elif [ "$1" = "-w" ] ; then
+ ARG_RESTORE_ON_WINS_RESET="true"
+ shift
+ elif [ "$1" = "-a" ] ; then
+ ARG_TAP="true"
+ shift
+ elif [ "${1:0:2}" = "-i" ] ; then
+ ARG_IGNORE_OPTION_FLAGS="${1}"
+ shift
+ elif [ "${1:0:2}" = "-a" ] ; then
+ ARG_IGNORE_OPTION_FLAGS="${1}"
+ shift
+ else
+ if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand
+ shift # so the rest of the script sees only the OpenVPN arguments
+ else
+ break
+ fi
+ fi
+done
+
+readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS
+
+# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy
+# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn
+# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn
+# to get the script log path
+# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything.
+readonly TBALTPREFIX="/Library/Application Support/Tunnelblick/Users/"
+readonly TBALTPREFIXLEN="${#TBALTPREFIX}"
+readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}"
+if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then
+ readonly TBBASE="${config:$TBALTPREFIXLEN}"
+ readonly TBSUFFIX="${TBBASE#*/}"
+ readonly TBUSERNAME="${TBBASE%%/*}"
+ readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/Tunnelblick/Configurations/$TBSUFFIX"
+else
+ readonly TBCONFIG="${config}"
+fi
+
+readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')"
+readonly SCRIPT_LOG_FILE="/Library/Application Support/Tunnelblick/Logs/${CONFIG_PATH_DASHES_SLASHES}.script.log"
+
+readonly TB_RESOURCE_PATH=$(dirname "${0}")
+
+LEASEWATCHER_PLIST_PATH="/Library/Application Support/Tunnelblick/LeaseWatch.plist"
+
+readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')"
+
+readonly DEFAULT_DOMAIN_NAME="openvpn"
+
+bRouteGatewayIsDhcp="false"
+
+# @param String message - The message to log
+readonly LOG_MESSAGE_COMMAND=$(basename "${0}")
+logMessage()
+{
+ echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}"
+}
+
+# @param String string - Content to trim
+trim()
+{
+ echo ${@}
+}
+
+# @param String[] dnsServers - The name servers to use
+# @param String domainName - The domain name to use
+# @param \optional String[] winsServers - The WINS servers to use
+setDnsServersAndDomainName()
+{
+ declare -a vDNS=("${!1}")
+ domain=$2
+ declare -a vWINS=("${!3}")
+
+ set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors
+
+ PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF
+ open
+ show State:/Network/Global/IPv4
+ quit
+EOF )
+
+ STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF
+ open
+ show Setup:/Network/Service/${PSID}/DNS
+ quit
+EOF )"
+ if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then
+ readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
+ fi
+ if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then
+ readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
+ fi
+
+ STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF
+ open
+ show Setup:/Network/Service/${PSID}/SMB
+ quit
+EOF )"
+ STATIC_WINS_SERVERS=""
+ STATIC_WORKGROUP=""
+ STATIC_NETBIOSNAME=""
+ if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then
+ STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
+ fi
+ if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then
+ STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")"
+ fi
+ if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then
+ STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")"
+ fi
+ readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME
+
+ if [ ${#vDNS[*]} -eq 0 ] ; then
+ DYN_DNS="false"
+ ALL_DNS="${STATIC_DNS}"
+ elif [ -n "${STATIC_DNS}" ] ; then
+ case "${OSVER}" in
+ 10.6 | 10.7 )
+ # Do nothing - in 10.6 we don't aggregate our configurations, apparently
+ DYN_DNS="false"
+ ALL_DNS="${STATIC_DNS}"
+ ;;
+ 10.4 | 10.5 )
+ DYN_DNS="true"
+ # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's
+ SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')"
+ (( i=0 ))
+ for n in "${vDNS[@]}" ; do
+ if echo "${SDNS}" | grep -q "${n}" ; then
+ unset vDNS[${i}]
+ fi
+ (( i++ ))
+ done
+ if [ ${#vDNS[*]} -gt 0 ] ; then
+ ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")"
+ else
+ DYN_DNS="false"
+ ALL_DNS="${STATIC_DNS}"
+ fi
+ ;;
+ esac
+ else
+ DYN_DNS="true"
+ ALL_DNS="$(trim "${vDNS[*]}")"
+ fi
+ readonly DYN_DNS ALL_DNS
+
+ if [ ${#vWINS[*]} -eq 0 ] ; then
+ DYN_WINS="false"
+ ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
+ elif [ -n "${STATIC_WINS_SERVERS}" ] ; then
+ case "${OSVER}" in
+ 10.6 | 10.7 )
+ # Do nothing - in 10.6 we don't aggregate our configurations, apparently
+ DYN_WINS="false"
+ ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
+ ;;
+ 10.4 | 10.5 )
+ DYN_WINS="true"
+ # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's
+ SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')"
+ (( i=0 ))
+ for n in "${vWINS[@]}" ; do
+ if echo "${SWINS}" | grep -q "${n}" ; then
+ unset vWINS[${i}]
+ fi
+ (( i++ ))
+ done
+ if [ ${#vWINS[*]} -gt 0 ] ; then
+ ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")"
+ else
+ DYN_WINS="false"
+ ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
+ fi
+ ;;
+ esac
+ else
+ DYN_WINS="true"
+ ALL_WINS_SERVERS="$(trim "${vWINS[*]}")"
+ fi
+ readonly DYN_WINS ALL_WINS_SERVERS
+
+ # We double-check that our search domain isn't already on the list
+ SEARCH_DOMAIN="${domain}"
+ case "${OSVER}" in
+ 10.6 | 10.7 )
+ # Do nothing - in 10.6 we don't aggregate our configurations, apparently
+ if [ -n "${STATIC_SEARCH}" ] ; then
+ ALL_SEARCH="${STATIC_SEARCH}"
+ SEARCH_DOMAIN=""
+ else
+ ALL_SEARCH="${SEARCH_DOMAIN}"
+ fi
+ ;;
+ 10.4 | 10.5 )
+ if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then
+ SEARCH_DOMAIN=""
+ fi
+ if [ -z "${SEARCH_DOMAIN}" ] ; then
+ ALL_SEARCH="${STATIC_SEARCH}"
+ else
+ ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")"
+ fi
+ ;;
+ esac
+ readonly SEARCH_DOMAIN ALL_SEARCH
+
+ if ! ${DYN_DNS} ; then
+ NO_DNS="#"
+ fi
+ if ! ${DYN_WINS} ; then
+ NO_WS="#"
+ fi
+ if [ -z "${SEARCH_DOMAIN}" ] ; then
+ NO_SEARCH="#"
+ fi
+ if [ -z "${STATIC_WORKGROUP}" ] ; then
+ NO_WG="#"
+ fi
+ if [ -z "${STATIC_NETBIOSNAME}" ] ; then
+ NO_NB="#"
+ fi
+ if [ -z "${ALL_DNS}" ] ; then
+ AGG_DNS="#"
+ fi
+ if [ -z "${ALL_SEARCH}" ] ; then
+ AGG_SEARCH="#"
+ fi
+ if [ -z "${ALL_WINS_SERVERS}" ] ; then
+ AGG_WINS="#"
+ fi
+
+ # Now, do the aggregation
+ # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from Tunnelblick,
+ # then save old and new DNS and WINS settings
+ # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID)
+ # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script
+ logMessage "Up to two 'No such key' warnings are normal and may be ignored"
+
+ # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS'
+ if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then
+ CORRECT_OLD_DNS_KEY="Setup:"
+ else
+ CORRECT_OLD_DNS_KEY="State:"
+ fi
+
+ # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS'
+ if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then
+ CORRECT_OLD_WINS_KEY="Setup:"
+ else
+ CORRECT_OLD_WINS_KEY="State:"
+ fi
+
+ # If we are not expecting any WINS value, add <TunnelblickNoSuchKey : true> to the expected WINS setup
+ NO_NOSUCH_KEY_WINS="#"
+ if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then
+ NO_NOSUCH_KEY_WINS=""
+ fi
+ readonly NO_NOSUCH_KEY_WINS
+
+ set -e # We instruct bash that it CAN again fail on errors
+
+ scutil <<- EOF
+ open
+ d.init
+ d.add PID # ${PPID}
+ d.add Service ${PSID}
+ d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}"
+ d.add ScriptLogFile "${SCRIPT_LOG_FILE}"
+ d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}"
+ d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}"
+ d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}"
+ d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}"
+ d.add IsTapInterface "${ARG_TAP}"
+ d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}"
+ set State:/Network/OpenVPN
+
+ # First, back up the device's current DNS and WINS configurations
+ # Indicate 'no such key' by a dictionary with a single entry: "TunnelblickNoSuchKey : true"
+ d.init
+ d.add TunnelblickNoSuchKey true
+ get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS
+ set State:/Network/OpenVPN/OldDNS
+
+ d.init
+ d.add TunnelblickNoSuchKey true
+ get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB
+ set State:/Network/OpenVPN/OldSMB
+
+ # Second, initialize the new DNS map
+ d.init
+ ${NO_DNS}d.add ServerAddresses * ${vDNS[*]}
+ ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN}
+ d.add DomainName ${domain}
+ set State:/Network/Service/${PSID}/DNS
+
+ # Third, initialize the WINS map
+ d.init
+ ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME}
+ ${NO_WS}d.add WINSAddresses * ${vWINS[*]}
+ ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP}
+ set State:/Network/Service/${PSID}/SMB
+
+ # Now, initialize the maps that will be compared against the system-generated map
+ # which means that we will have to aggregate configurations of statically-configured
+ # nameservers, and statically-configured search domains
+ d.init
+ ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS}
+ ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH}
+ d.add DomainName ${domain}
+ set State:/Network/OpenVPN/DNS
+
+ d.init
+ ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME}
+ ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS}
+ ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP}
+ ${NO_NOSUCH_KEY_WINS}d.add TunnelblickNoSuchKey true
+ set State:/Network/OpenVPN/SMB
+
+ # We are done
+ quit
+EOF
+
+ logMessage "Saved the DNS and WINS configurations for later use"
+
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then
+ # Generate an updated plist with the path for process-network-changes
+ readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template"
+ sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}"
+ launchctl load "${LEASEWATCHER_PLIST_PATH}"
+ logMessage "Set up to monitor system configuration with process-network-changes"
+ else
+ # Generate an updated plist with the path for leasewatch
+ readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template"
+ sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}"
+ launchctl load "${LEASEWATCHER_PLIST_PATH}"
+ logMessage "Set up to monitor system configuration with leasewatch"
+ fi
+ fi
+}
+
+configureDhcpDns()
+{
+ # whilst ipconfig will have created the neccessary Network Service keys, the DNS
+ # settings won't actually be used by OS X unless the SupplementalMatchDomains key
+ # is added
+ # ref. <http://lists.apple.com/archives/Macnetworkprog/2005/Jun/msg00011.html>
+ # - is there a way to extract the domains from the SC dictionary and re-insert
+ # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call?
+
+ # - wait until we get a lease before extracting the DNS domain name and merging into SC
+ # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-)
+ ipconfig waitall
+
+ unset test_domain_name
+ unset test_name_server
+
+ set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail
+
+ # usually takes at least a few seconds to get a DHCP lease
+ sleep 3
+ n=0
+ while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ]
+ do
+ logMessage "Sleeping for $n seconds to wait for DHCP to finish setup."
+ sleep $n
+ n=`expr $n + 1`
+
+ if [ -z "$test_domain_name" ]; then
+ test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null`
+ fi
+
+ if [ -z "$test_name_server" ]; then
+ test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null`
+ fi
+ done
+
+ sGetPacketOutput=`ipconfig getpacket $dev`
+
+ set -e # We instruct bash that it CAN again fail on individual errors
+
+ #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput"
+
+ unset aNameServers
+ unset aWinsServers
+
+ nNameServerIndex=1
+ nWinsServerIndex=1
+
+ if [ "$sGetPacketOutput" ]; then
+ sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1`
+ #echo $sGetPacketOutput_FirstLine
+
+ if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then
+ set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors
+
+ for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do
+ aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")"
+ let nNameServerIndex++
+ done
+
+ for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do
+ aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")"
+ let nWinsServerIndex++
+ done
+
+ sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"`
+ sDomainName="$(trim "$sDomainName")"
+
+ if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then
+ logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]"
+ setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
+ return 0
+ elif [ ${#aNameServers[*]} -gt 0 ]; then
+ logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
+ setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
+ return 0
+ else
+ # Should we return 1 here and indicate an error, or attempt the old method?
+ logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration."
+ fi
+
+ set -e # We instruct bash that it CAN again fail on errors
+ else
+ # Should we return 1 here and indicate an error, or attempt the old method?
+ logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration."
+ fi
+ fi
+
+ unset sDomainName
+ unset sNameServer
+ unset aNameServers
+
+ sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null`
+ sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null`
+
+ sDomainName="$(trim "$sDomainName")"
+ sNameServer="$(trim "$sNameServer")"
+
+ declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages
+
+ if [ "$sDomainName" -a "$sNameServer" ]; then
+ aNameServers[0]=$sNameServer
+ logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers"
+ setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
+ elif [ "$sNameServer" ]; then
+ aNameServers[0]=$sNameServer
+ logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
+ setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
+ elif [ "$sDomainName" ]; then
+ logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes."
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ logMessage "Will NOT monitor for other network configuration changes."
+ fi
+ else
+ logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made."
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ logMessage "Will NOT monitor for other network configuration changes."
+ fi
+ fi
+
+ return 0
+}
+
+configureOpenVpnDns()
+{
+ unset vForOptions
+ unset vOptions
+ unset aNameServers
+ unset aWinsServers
+
+ nOptionIndex=1
+ nNameServerIndex=1
+ nWinsServerIndex=1
+
+ while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do
+ vOptions[nOptionIndex-1]=${!vForOptions}
+ case ${vOptions[nOptionIndex-1]} in
+ *DOMAIN* )
+ sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")"
+ ;;
+ *DNS* )
+ aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")"
+ let nNameServerIndex++
+ ;;
+ *WINS* )
+ aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")"
+ let nWinsServerIndex++
+ ;;
+ * )
+ logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'"
+ ;;
+ esac
+ let nOptionIndex++
+ done
+
+ if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then
+ logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]"
+ setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
+ elif [ ${#aNameServers[*]} -gt 0 ]; then
+ logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
+ setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
+ else
+ # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened?
+ logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made."
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ logMessage "Will NOT monitor for other network configuration changes."
+ fi
+ fi
+
+ return 0
+}
+
+# We sleep here to allow time for OS X to process network settings
+sleep 2
+
+EXIT_CODE=0
+
+if ${ARG_TAP} ; then
+ # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP)
+ bRouteGatewayIsDhcp="false"
+ if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then
+ bRouteGatewayIsDhcp="true"
+ fi
+
+ if [ "$bRouteGatewayIsDhcp" == "true" ]; then
+ if [ -z "$dev" ]; then
+ logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting."
+ exit 1
+ fi
+
+ ipconfig set "$dev" DHCP
+
+ configureDhcpDns &
+ elif [ "$foreign_option_1" == "" ]; then
+ logMessage "No network configuration changes need to be made."
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ logMessage "Will NOT monitor for other network configuration changes."
+ fi
+ else
+ configureOpenVpnDns
+ EXIT_CODE=$?
+ fi
+else
+ if [ "$foreign_option_1" == "" ]; then
+ logMessage "No network configuration changes need to be made."
+ if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
+ logMessage "Will NOT monitor for other network configuration changes."
+ fi
+ else
+ configureOpenVpnDns
+ EXIT_CODE=$?
+ fi
+fi
+
+exit $EXIT_CODE
diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh
new file mode 100755
index 00000000..2ecfc08e
--- /dev/null
+++ b/pkg/osx/install/install-leapc.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+echo "Installing LEAP Client in /Applications"
+cp -r "LEAP Client.app" "/Applications"
+
+echo "Copying openvpn binary"
+cp -r openvpn.leap /usr/bin
+
+echo "Installing tun/tap drivers"
+cp -r Extensions/* /Library/Extensions
+cp -r StartupItems/* /Library/StartupItems
+
+echo "Loading tun/tap kernel extension"
+/Library/StartupItems/tun/tun start
+
+echo "Installation Finished!"
+
+ln -s /Applications/LEAP\ Client.app/ /Volumes/LEAP\ Client\ installer/
diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus
new file mode 100644
index 00000000..9150961e
--- /dev/null
+++ b/pkg/osx/install/leap-installer.platypus
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>AcceptsFiles</key>
+ <true/>
+ <key>AcceptsText</key>
+ <false/>
+ <key>Authentication</key>
+ <true/>
+ <key>Author</key>
+ <string>Kali Yuga</string>
+ <key>BundledFiles</key>
+ <array/>
+ <key>Creator</key>
+ <string>Platypus-4.7</string>
+ <key>DeclareService</key>
+ <false/>
+ <key>Destination</key>
+ <string>MyPlatypusApp.app</string>
+ <key>DestinationOverride</key>
+ <false/>
+ <key>DevelopmentVersion</key>
+ <false/>
+ <key>DocIcon</key>
+ <string></string>
+ <key>Droppable</key>
+ <false/>
+ <key>ExecutablePath</key>
+ <string>/opt/local/share/platypus/ScriptExec</string>
+ <key>FileTypes</key>
+ <array>
+ <string>****</string>
+ <string>fold</string>
+ </array>
+ <key>IconPath</key>
+ <string></string>
+ <key>Identifier</key>
+ <string>se.leap.LEAPClientInstaller</string>
+ <key>Interpreter</key>
+ <string>/bin/sh</string>
+ <key>InterpreterArgs</key>
+ <array/>
+ <key>Name</key>
+ <string>LEAPClient Installer</string>
+ <key>NibPath</key>
+ <string>/opt/local/share/platypus/MainMenu.nib</string>
+ <key>OptimizeApplication</key>
+ <true/>
+ <key>Output</key>
+ <string>Progress Bar</string>
+ <key>RemainRunning</key>
+ <true/>
+ <key>Role</key>
+ <string>Viewer</string>
+ <key>ScriptArgs</key>
+ <array/>
+ <key>ScriptPath</key>
+ <string>./install/install-leapc.sh</string>
+ <key>Secure</key>
+ <false/>
+ <key>ShowInDock</key>
+ <false/>
+ <key>StatusItemDisplayType</key>
+ <string>Text</string>
+ <key>StatusItemIcon</key>
+ <data>
+ </data>
+ <key>StatusItemTitle</key>
+ <string>MyPlatypusApp</string>
+ <key>Suffixes</key>
+ <array>
+ <string>*</string>
+ </array>
+ <key>TextBackground</key>
+ <string>#ffffff</string>
+ <key>TextEncoding</key>
+ <integer>4</integer>
+ <key>TextFont</key>
+ <string>Monaco</string>
+ <key>TextForeground</key>
+ <string>#000000</string>
+ <key>TextSize</key>
+ <real>10</real>
+ <key>UseXMLPlistFormat</key>
+ <true/>
+ <key>Version</key>
+ <string>1.0</string>
+</dict>
+</plist>
diff --git a/pkg/osx/leap-client.spec b/pkg/osx/leap-client.spec
new file mode 100644
index 00000000..75bf991b
--- /dev/null
+++ b/pkg/osx/leap-client.spec
@@ -0,0 +1,36 @@
+# -*- mode: python -*-
+a = Analysis(['../../src/leap/app.py'],
+ pathex=[
+ '../../src/leap',
+ '/Users/kaliy/leap/leap-client-testbuild/src/leap-client/pkg/osx'],
+ hiddenimports=['atexit'],
+ hookspath=None)
+pyz = PYZ(a.pure)
+exe = EXE(pyz,
+ a.scripts,
+ exclude_binaries=1,
+ name=os.path.join('build/pyi.darwin/leap-client', 'app'),
+ debug=False,
+ strip=True,
+ upx=True,
+ console=False)
+coll = COLLECT(exe,
+ a.binaries +
+ # this will easitly break if we setup the venv
+ # somewhere else. FIXME
+ [('cacert.pem', '../../../../lib/python2.6/site-packages/requests/cacert.pem', 'DATA'),
+ ],
+ a.zipfiles,
+ a.datas,
+ strip=True,
+ upx=True,
+ name=os.path.join('dist', 'app'))
+app = BUNDLE(coll,
+ name=os.path.join('dist', 'leap-client.app'))
+
+import sys
+if sys.platform.startswith("darwin"):
+ app = BUNDLE(coll,
+ name=os.path.join('dist', 'LEAP Client.app'),
+ appname='LEAP Client',
+ version=1)
diff --git a/pkg/postmkvenv.sh b/pkg/postmkvenv.sh
new file mode 100755
index 00000000..593b11da
--- /dev/null
+++ b/pkg/postmkvenv.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# This hook is run after a new virtualenv is activated.
+# ~/.virtualenvs/postmkvirtualenv
+# tested and working in debian
+
+# Symlinks PyQt4 from global installation into virtualenv site-packages
+# XXX TODO:
+# script fails in ubuntu, with path: /usr/lib/pymodules/python2.7/PyQt4
+# use import PyQt4; PyQt4.__path__ instead
+
+platform='unknown'
+unamestr=`uname`
+if [[ "$unamestr" == 'Linux' ]]; then
+ platform='linux'
+elif [[ "$unamestr" == 'Darwin' ]]; then
+ platform='darwin'
+fi
+
+LIBS=( PyQt4 sip.so )
+
+PYTHON_VERSION=python$(python -c "import sys; print (str(sys.version_info[0])+'.'+str(sys.version_info[1]))")
+VAR=( $(which -a $PYTHON_VERSION) )
+
+GET_PYTHON_LIB_CMD="from distutils.sysconfig import get_python_lib; print (get_python_lib())"
+LIB_VIRTUALENV_PATH=$(python -c "$GET_PYTHON_LIB_CMD")
+
+if [[ $platform == 'linux' ]]; then
+ LIB_SYSTEM_PATH=$(${VAR[-1]} -c "$GET_PYTHON_LIB_CMD")
+elif [[ $platform == 'darwin' ]]; then
+ LIB_SYSTEM_PATH=$(/opt/local/bin/python2.6 -c "$GET_PYTHON_LIB_CMD")
+else
+ echo "unsupported platform; not doing symlinks"
+fi
+
+for LIB in ${LIBS[@]}
+do
+ ln -s $LIB_SYSTEM_PATH/$LIB $LIB_VIRTUALENV_PATH/$LIB
+done
diff --git a/pkg/requirements.pip b/pkg/requirements.pip
new file mode 100644
index 00000000..839722de
--- /dev/null
+++ b/pkg/requirements.pip
@@ -0,0 +1,17 @@
+# in order of addition to the project.
+# do not change the ordering.
+
+argparse # only for python 2.6
+requests<1.0.0
+psutil
+netifaces
+pyopenssl
+jsonschema #>0.7
+srp>=1.0.2
+pycrypto
+keyring
+python-dateutil
+sh
+pyxdg
+
+pygeoip # optional
diff --git a/pkg/scripts/leap_client_bootstrap.sh b/pkg/scripts/leap_client_bootstrap.sh
new file mode 100644
index 00000000..6c302d3f
--- /dev/null
+++ b/pkg/scripts/leap_client_bootstrap.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Installs requirements, and
+# clones the latest leap-client
+
+# depends on:
+# openvpn git-core libgnutls-dev python-dev python-qt4 python-setuptools python-virtualenv
+
+# Escape code
+esc=`echo -en "\033"`
+
+# Set colors
+cc_green="${esc}[0;32m"
+cc_yellow="${esc}[0;33m"
+cc_blue="${esc}[0;34m"
+cc_red="${esc}[0;31m"
+cc_normal=`echo -en "${esc}[m\017"`
+
+echo "${cc_yellow}"
+echo "~~~~~~~~~~~~~~~~~~~~~~"
+echo "LEAP "
+echo "client bootstrapping "
+echo "~~~~~~~~~~~~~~~~~~~~~~"
+echo ""
+echo "${cc_green}Creating virtualenv...${cc_normal}"
+
+mkdir leap-client-testbuild
+virtualenv leap-client-testbuild
+source leap-client-testbuild/bin/activate
+
+echo "${cc_green}Installing leap client...${cc_normal}"
+
+# Clone latest git (develop branch)
+# change "develop" for any other branch you want.
+
+
+pip install -e 'git://leap.se/leap_client@develop#egg=leap-client'
+
+cd leap-client-testbuild
+
+# symlink the pyqt libraries to the system libs
+./src/leap-client/pkg/postmkvenv.sh
+
+echo "${cc_green}leap-client installed! =)"
+echo "${cc_yellow}"
+echo "Launch it with: "
+echo "~~~~~~~~~~~~~~~~~~~~~~"
+echo "bin/leap-client"
+echo "~~~~~~~~~~~~~~~~~~~~~~"
+echo "${cc_normal}"
diff --git a/pkg/test-requirements.pip b/pkg/test-requirements.pip
new file mode 100644
index 00000000..a7349bfc
--- /dev/null
+++ b/pkg/test-requirements.pip
@@ -0,0 +1,8 @@
+unittest2 # TODO we should include this dep only for python2.6
+coverage
+mock
+nose
+pep8==1.1
+sphinx>=1.1.2
+nose-exclude
+tox
diff --git a/pkg/tools/with_venv.sh b/pkg/tools/with_venv.sh
new file mode 100755
index 00000000..0e58f1ab
--- /dev/null
+++ b/pkg/tools/with_venv.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+TOOLS=`dirname $0`
+VENV=$TOOLS/../../.venv
+source $VENV/bin/activate && $@
diff --git a/pkg/utils.py b/pkg/utils.py
new file mode 100644
index 00000000..52680ae5
--- /dev/null
+++ b/pkg/utils.py
@@ -0,0 +1,42 @@
+"""
+utils to help in the setup process
+"""
+import os
+import re
+import sys
+
+
+# gets reqs from the first matching file
+def get_reqs_from_files(reqfiles):
+ for reqfile in reqfiles:
+ if os.path.isfile(reqfile):
+ return open(reqfile, 'r').read().split('\n')
+
+
+def parse_requirements(reqfiles=['requirements.txt',
+ 'requirements.pip',
+ 'pkg/requirements.pip']):
+ requirements = []
+ for line in get_reqs_from_files(reqfiles):
+ # -e git://foo.bar/baz/master#egg=foobar
+ if re.match(r'\s*-e\s+', line):
+ requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1',
+ line))
+ # http://foo.bar/baz/foobar/zipball/master#egg=foobar
+ elif re.match(r'\s*https?:', line):
+ requirements.append(re.sub(r'\s*https?:.*#egg=(.*)$', r'\1',
+ line))
+ # -f lines are for index locations, and don't get used here
+ elif re.match(r'\s*-f\s+', line):
+ pass
+
+ # argparse is part of the standard library starting with 2.7
+ # adding it to the requirements list screws distro installs
+ elif line == 'argparse' and sys.version_info >= (2, 7):
+ pass
+ else:
+ if line != '':
+ requirements.append(line)
+
+ #print 'REQUIREMENTS', requirements
+ return requirements