diff options
Diffstat (limited to 'pkg/linux')
| -rw-r--r-- | pkg/linux/bitmask-root | 30 | ||||
| -rwxr-xr-x | pkg/linux/build_bundle.sh | 116 |
2 files changed, 27 insertions, 119 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 622a0b8a..6fb1f0b3 100644 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output # CONSTANTS # -VERSION = "4" + +def get_no_group_name(): + """ + Return the right group name to use for the current OS. + Examples: + - Ubuntu: nogroup + - Arch: nobody + + :rtype: str or None + """ + import grp + try: + grp.getgrnam('nobody') + return 'nobody' + except KeyError: + try: + grp.getgrnam('nogroup') + return 'nogroup' + except KeyError: + return None + + +VERSION = "5" SCRIPT = "bitmask-root" NAMESERVER = "10.42.0.1" BITMASK_CHAIN = "bitmask" @@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables" IP6TABLES = "/sbin/ip6tables" OPENVPN_USER = "nobody" -OPENVPN_GROUP = "nogroup" +OPENVPN_GROUP = get_no_group_name() LEAPOPENVPN = "LEAPOPENVPN" OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle @@ -83,10 +105,12 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--group", "nogroup", "--remap-usr1", "SIGTERM", ] +if OPENVPN_GROUP is not None: + FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], diff --git a/pkg/linux/build_bundle.sh b/pkg/linux/build_bundle.sh deleted file mode 100755 index 60151a80..00000000 --- a/pkg/linux/build_bundle.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash -# -# USAGE NOTES: -# -# This script is meant to be used as follows: -# user@host ~ $ ./build_bundle.sh ~/tmp 0.3.2 ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ /media/Shared/CHANGELOG ~/tmp/bundle_out/ -# -# So we would have: -# REPOS_ROOT -> ~/tmp -# VERSION -> 0.3.2 -# TEMPLATE_BUNDLE -> ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ -# JOINT_CHANGELOG -> /media/Shared/CHANGELOG -# DEST -> ~/tmp/bundle_out/ -# -# We need to set different PATHs in order to use a specific version of PySide, -# supposing that we have our compiled pyside in '~/pyside/sandbox', the above command would be: -# user@host ~ $ PYTHONPATH=~/pyside/sandbox/lib/python2.7/site-packages/ LD_LIBRARY_PATH=~/pyside/sandbox/lib/ PATH=$PATH:~/pyside/sandbox/bin/ ./build_bundle.sh ~/tmp 0.3.2 ~/tmp/0.3.1/Bitmask-linux64-0.3.1/ /media/sf_Shared/CHANGELOG ~/tmp/bundle_out/ - - -# Required arguments -REPOS_ROOT=$1 # Root path for all the needed repositories -VERSION=$2 # Version number that we are building -TEMPLATE_BUNDLE=$3 # A template used to create the new bundle -JOINT_CHANGELOG=$4 # Joint changelog for all the repositories -DEST=$5 # Destination folder for the bundle - -# Helper variables -REPOSITORIES="bitmask_client leap_pycommon soledad keymanager leap_mail" -ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/') - -# Bundle structure -LEAP_LIB=$TEMPLATE_BUNDLE/lib/leap/ -BITMASK_BIN=$TEMPLATE_BUNDLE/bitmask -BUNDLE_NAME=Bitmask-linux$ARCH-$VERSION - -# clean template -rm -f $TEMPLATE_BUNDLE/CHANGELOG -rm -f $TEMPLATE_BUNDLE/relnotes.txt -rm -rf $TEMPLATE_BUNDLE/apps/leap -rm -rf $TEMPLATE_BUNDLE/lib/leap/{common,keymanager,soledad,mail} - -# checkout the latest tag in all repos -for repo in $REPOSITORIES; do - cd $REPOS_ROOT/$repo - git checkout master - git pull --ff-only origin master && git fetch - git reset --hard origin/master # this avoids problems if you are in a commit far in the past - # checkout to the closest annotated tag, supress 'detached head' warning - git checkout --quiet `git describe --abbrev=0` -done - -# make: compile ui and resources in client -cd $REPOS_ROOT/bitmask_client -make - -# copy the latest client code to the template -cp -r $REPOS_ROOT/bitmask_client/src/leap $TEMPLATE_BUNDLE/apps/leap - -# setup sdist client -cd $REPOS_ROOT/bitmask_client -python setup.py sdist - -# extract $VERSION and copy _version.py to TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/leap/bitmask/_version.py -# copy _version.py (versioneer) and reqs.txt (requirements) to the bundle template -cd dist -rm -rf leap.bitmask-$VERSION -tar xzf leap.bitmask-$VERSION.tar.gz -cp leap.bitmask-$VERSION/src/leap/bitmask/_version.py $TEMPLATE_BUNDLE/apps/leap/bitmask/_version.py -cp leap.bitmask-$VERSION/src/leap/bitmask/util/reqs.txt $TEMPLATE_BUNDLE/apps/leap/bitmask/util/reqs.txt - -# add the other needed projects to $LEAP_LIB -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/lib/leap/ -cp -r $REPOS_ROOT/leap_pycommon/src/leap/common $LEAP_LIB -cp -r $REPOS_ROOT/soledad/common/src/leap/soledad $LEAP_LIB -cp -r $REPOS_ROOT/soledad/client/src/leap/soledad/client $LEAP_LIB/soledad -cp -r $REPOS_ROOT/leap_mail/src/leap/mail $LEAP_LIB -cp -r $REPOS_ROOT/keymanager/src/leap/keymanager $LEAP_LIB - -# copy bitmask launcher to the bundle template -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/Bitmask -cd $REPOS_ROOT/bitmask_launcher/build/ -make -cp src/launcher $BITMASK_BIN - -# copy launcher.py to template bundle -# e.g. TEMPLATE_BUNDLE/Bitmask.app/Contents/MacOS/apps/ -cd $REPOS_ROOT/bitmask_launcher/src/ -cp launcher.py $TEMPLATE_BUNDLE/apps/ - -# copy relnotes, joint changelog and LICENSE to TEMPLATE_BUNDLE -cp $REPOS_ROOT/bitmask_client/relnotes.txt $TEMPLATE_BUNDLE -cp $JOINT_CHANGELOG $TEMPLATE_BUNDLE/CHANGELOG -cp $REPOS_ROOT/bitmask_client/LICENSE $TEMPLATE_BUNDLE/LICENSE - -# clean *.pyc files -cd $TEMPLATE_BUNDLE -find . -name "*.pyc" -delete - -# remove execution flags (because vbox fs) and set read permissions for all -chmod 644 CHANGELOG LICENSE README - -# create tarball -TMP=/tmp/$BUNDLE_NAME - -rm -rf $TMP && mkdir -p $TMP # clean temp dir -cp -R $TEMPLATE_BUNDLE/* $TMP -cd /tmp -tar cjf $DEST/$BUNDLE_NAME.tar.bz2 $BUNDLE_NAME -cd -rm -rf $TMP - -# go back to develop in all repos -for repo in $REPOSITORIES; do - cd $REPOS_ROOT/$repo - git checkout develop -done |