summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-07-01 01:48:50 -0500
committerKali Kaneko <kali@leap.se>2014-07-01 01:48:50 -0500
commit44a3896a86c33cbca4d239c8bd0fe65c0e83b9d0 (patch)
treea2e0c6b0163c6c54e518c8e620e431d3784d8b6c /pkg
parentb2a00d0ce2db905fe79cf9e7c33411f4f37bb943 (diff)
parent1e456b0fff46001641a736bc5932314e9d00b1bc (diff)
Merge branch 'develop' into deb-0.5.3
Diffstat (limited to 'pkg')
-rw-r--r--pkg/linux/README.rst36
-rwxr-xr-xpkg/linux/bitmask-root2
-rwxr-xr-xpkg/linux/leap-install-helper.sh173
-rw-r--r--pkg/linux/polkit/se.leap.bitmask.bundle.policy23
4 files changed, 230 insertions, 4 deletions
diff --git a/pkg/linux/README.rst b/pkg/linux/README.rst
index 220565ff..f89842d3 100644
--- a/pkg/linux/README.rst
+++ b/pkg/linux/README.rst
@@ -3,8 +3,38 @@ Files
In GNU/Linux, we expect these files to be in place::
- update-resolv-conf -> /etc/leap/update-resolv-conf
- resolv-update -> /etc/leap/resolv-update
-
bitmask-root -> /usr/sbin/bitmask-root
polkit/se.leap.bitmask.policy -> /usr/share/polkit-1/actions/se.leap.bitmask.policy
+
+Bundle
+======
+
+The bundle will ask for permission to install to a different path. This search
+path will be used if the flag ``--standalone`` is set::
+
+ bitmask-root -> /usr/local/sbin/bitmask-root
+ polkit/se.leap.bitmask.bundle.policy -> /usr/share/polkit-1/actions/se.leap.bitmask.bundle.policy
+
+When running with ``--standalone`` flag, the openvpn binary is expected in the following path::
+
+ leap-openvpn -> /usr/local/sbin/leap-openvpn
+
+The bundle will use the script ``leap-install-helper.sh`` to copy the needed
+files. If you ever want to use it manually to update the helpers or bins, it
+needs a ``--from-path`` parameter to be passed to it. This points to a folder
+from where all the needed binaries and scripts can be found.
+
+
+Binary hashing
+==============
+
+To be able to update the binaries when needed, the bundles distribute with the
+sha256 hash of the packaged binaries for each release. This info can be found
+in::
+
+ src/leap/bitmask/_binaries.py
+
+That file is generated during the bundling process, by issuing the following
+command from the root folder::
+
+ python setup.py hash_binaries
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index a69250a1..32b8d585 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -67,7 +67,7 @@ OPENVPN_USER = "nobody"
OPENVPN_GROUP = "nogroup"
LEAPOPENVPN = "LEAPOPENVPN"
OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location
-OPENVPN_LEAP_BIN = "/usr/sbin/leap-openvpn" # installed by bundle
+OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle
"""
diff --git a/pkg/linux/leap-install-helper.sh b/pkg/linux/leap-install-helper.sh
new file mode 100755
index 00000000..566dd3d9
--- /dev/null
+++ b/pkg/linux/leap-install-helper.sh
@@ -0,0 +1,173 @@
+#!/bin/bash
+
+# File: leap-install-helper.sh
+# Copy the needed binaries and helper files to their destination.
+# Copyright (C) 2014 LEAP Encryption Access Project.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+LOCAL_SBIN_FOLDER=/usr/local/sbin
+
+POLKIT_FOLDER="/usr/share/polkit-1/actions"
+POLKIT_FILE="se.leap.bitmask.bundle.policy"
+POLKIT_PATH="${POLKIT_FOLDER}/${POLKIT_FILE}"
+
+BITMASK_ROOT_FILE="bitmask-root"
+BITMASK_ROOT_PATH="${LOCAL_SBIN_FOLDER}/${BITMASK_ROOT_FILE}"
+
+OPENVPN_FILE="leap-openvpn"
+OPENVPN_PATH="${LOCAL_SBIN_FOLDER}/${OPENVPN_FILE}"
+
+# The following array stores global files that have been deprecated and we want
+# to remove from the system path, after having dropped them there in the past.
+
+DEPRECATED_FILES=(
+ '/usr/share/polkit-1/actions/net.openvpn.gui.leap.policy'
+)
+
+
+# Variables for parsing and storing the script options.
+
+FROM_PATH=NONE
+REMOVE_OLD_FILES=NO
+INSTALL_BITMASK_ROOT=NO
+INSTALL_POLKIT_FILE=NO
+INSTALL_OPENVPN=NO
+
+
+# Process the options
+
+while [[ $# > 1 ]]
+do
+key="$1"
+shift
+
+case $key in
+ -f|--from-path)
+ FROM_PATH="$1"
+ shift
+ ;;
+ -r|--remove-old-files)
+ REMOVE_OLD_FILES="$1"
+ shift
+ ;;
+ --install-bitmask-root)
+ INSTALL_BITMASK_ROOT="$1"
+ shift
+ ;;
+ --install-polkit-file)
+ INSTALL_POLKIT_FILE="$1"
+ shift
+ ;;
+ --install-openvpn)
+ INSTALL_OPENVPN="$1"
+ shift
+ ;;
+ *)
+ # unknown option
+ ;;
+esac
+done
+echo "LEAP_INSTALL_HELPER"
+echo "-------------------"
+echo FROM_PATH = "${FROM_PATH}"
+echo REMOVE_OLD_FILES = "${REMOVE_OLD_FILES}"
+echo INSTALL_BITMASK_ROOT = "${INSTALL_BITMASK_ROOT}"
+echo INSTALL_POLKIT_FILE = "${INSTALL_POLKIT_FILE}"
+echo INSTALL_OPENVPN = "${INSTALL_OPENVPN}"
+echo
+
+
+#
+# helper functions
+#
+
+function check_current_uid() {
+ current_uid=`id | sed 's/^uid=//;s/(.*$//'`
+ if [ $current_uid != 0 ]
+ then
+ echo "[ERROR] NEED TO BE RUN AS ROOT"
+ exit 1
+ fi
+}
+
+function check_from_path() {
+ if [ $FROM_PATH == NONE ]
+ then
+ echo "[ERROR] YOU NEED TO GIVE --from-path VALUE..."
+ exit 1
+ fi
+}
+
+function remove_old_files() {
+ for file in "${DEPRECATED_FILES[@]}"
+ do
+ rm $file
+ done
+}
+
+function copy_bitmask_root() {
+ mkdir -p "${LOCAL_SBIN_FOLDER}"
+ cp "${FROM_PATH}/${BITMASK_ROOT_FILE}" "${BITMASK_ROOT_PATH}"
+ chmod 744 "${BITMASK_ROOT_PATH}"
+
+}
+
+function copy_polkit_file() {
+ cp "${FROM_PATH}/${POLKIT_FILE}" "${POLKIT_PATH}"
+ chmod 644 "${POLKIT_PATH}"
+}
+
+function copy_openvpn_file() {
+ mkdir -p "${LOCAL_SBIN_FOLDER}"
+ cp "${FROM_PATH}/${OPENVPN_FILE}" "${OPENVPN_PATH}"
+ chmod 744 "${OPENVPN_PATH}"
+
+}
+
+
+#
+# Process options and run functions.
+#
+
+check_current_uid
+
+if [ $INSTALL_BITMASK_ROOT == YES ] || [ $INSTALL_POLKIT_FILE == YES ] || [ $INSTALL_OPENVPN == YES ]
+then
+ check_from_path
+fi
+
+if [ $REMOVE_OLD_FILES == YES ]
+then
+ echo "REMOVING OLD FILES..."
+ remove_old_files
+fi
+
+if [ $INSTALL_BITMASK_ROOT == YES ]
+then
+ echo "INSTALLING bitmask-root..."
+ copy_bitmask_root
+fi
+
+if [ $INSTALL_POLKIT_FILE == YES ]
+then
+ echo "INSTALLING policykit file..."
+ copy_polkit_file
+fi
+
+if [ $INSTALL_OPENVPN == YES ]
+then
+ echo "INSTALLING openvpn..."
+ copy_openvpn_file
+fi
diff --git a/pkg/linux/polkit/se.leap.bitmask.bundle.policy b/pkg/linux/polkit/se.leap.bitmask.bundle.policy
new file mode 100644
index 00000000..58fcaaa8
--- /dev/null
+++ b/pkg/linux/polkit/se.leap.bitmask.bundle.policy
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>LEAP Project</vendor>
+ <vendor_url>http://leap.se/</vendor_url>
+
+ <action id="se.leap.bitmask.bundle.policy">
+ <description>Runs bitmask helper to launch firewall and openvpn (bundle version)</description>
+ <description xml:lang="es">Ejecuta el asistente de bitmask para lanzar el firewall y openvpn (version bundle)</description>
+ <message>Bitmask needs that you authenticate to start</message>
+ <message xml:lang="es">Bitmask necesita autorizacion para comenzar</message>
+ <icon_name>package-x-generic</icon_name>
+ <defaults>
+ <allow_any>yes</allow_any>
+ <allow_inactive>yes</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/local/sbin/bitmask-root</annotate>
+ </action>
+</policyconfig>