diff options
Diffstat (limited to 'pkg/linux')
-rw-r--r-- | pkg/linux/README.rst | 36 | ||||
-rwxr-xr-x | pkg/linux/bitmask-root | 2 | ||||
-rwxr-xr-x | pkg/linux/leap-install-helper.sh | 173 | ||||
-rw-r--r-- | pkg/linux/polkit/se.leap.bitmask.bundle.policy | 23 |
4 files changed, 230 insertions, 4 deletions
diff --git a/pkg/linux/README.rst b/pkg/linux/README.rst index 220565ff..f89842d3 100644 --- a/pkg/linux/README.rst +++ b/pkg/linux/README.rst @@ -3,8 +3,38 @@ Files In GNU/Linux, we expect these files to be in place:: - update-resolv-conf -> /etc/leap/update-resolv-conf - resolv-update -> /etc/leap/resolv-update - bitmask-root -> /usr/sbin/bitmask-root polkit/se.leap.bitmask.policy -> /usr/share/polkit-1/actions/se.leap.bitmask.policy + +Bundle +====== + +The bundle will ask for permission to install to a different path. This search +path will be used if the flag ``--standalone`` is set:: + + bitmask-root -> /usr/local/sbin/bitmask-root + polkit/se.leap.bitmask.bundle.policy -> /usr/share/polkit-1/actions/se.leap.bitmask.bundle.policy + +When running with ``--standalone`` flag, the openvpn binary is expected in the following path:: + + leap-openvpn -> /usr/local/sbin/leap-openvpn + +The bundle will use the script ``leap-install-helper.sh`` to copy the needed +files. If you ever want to use it manually to update the helpers or bins, it +needs a ``--from-path`` parameter to be passed to it. This points to a folder +from where all the needed binaries and scripts can be found. + + +Binary hashing +============== + +To be able to update the binaries when needed, the bundles distribute with the +sha256 hash of the packaged binaries for each release. This info can be found +in:: + + src/leap/bitmask/_binaries.py + +That file is generated during the bundling process, by issuing the following +command from the root folder:: + + python setup.py hash_binaries diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 1929b51b..5367a31c 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -67,7 +67,7 @@ OPENVPN_USER = "nobody" OPENVPN_GROUP = "nogroup" LEAPOPENVPN = "LEAPOPENVPN" OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location -OPENVPN_LEAP_BIN = "/usr/sbin/leap-openvpn" # installed by bundle +OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle """ diff --git a/pkg/linux/leap-install-helper.sh b/pkg/linux/leap-install-helper.sh new file mode 100755 index 00000000..566dd3d9 --- /dev/null +++ b/pkg/linux/leap-install-helper.sh @@ -0,0 +1,173 @@ +#!/bin/bash + +# File: leap-install-helper.sh +# Copy the needed binaries and helper files to their destination. +# Copyright (C) 2014 LEAP Encryption Access Project. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +LOCAL_SBIN_FOLDER=/usr/local/sbin + +POLKIT_FOLDER="/usr/share/polkit-1/actions" +POLKIT_FILE="se.leap.bitmask.bundle.policy" +POLKIT_PATH="${POLKIT_FOLDER}/${POLKIT_FILE}" + +BITMASK_ROOT_FILE="bitmask-root" +BITMASK_ROOT_PATH="${LOCAL_SBIN_FOLDER}/${BITMASK_ROOT_FILE}" + +OPENVPN_FILE="leap-openvpn" +OPENVPN_PATH="${LOCAL_SBIN_FOLDER}/${OPENVPN_FILE}" + +# The following array stores global files that have been deprecated and we want +# to remove from the system path, after having dropped them there in the past. + +DEPRECATED_FILES=( + '/usr/share/polkit-1/actions/net.openvpn.gui.leap.policy' +) + + +# Variables for parsing and storing the script options. + +FROM_PATH=NONE +REMOVE_OLD_FILES=NO +INSTALL_BITMASK_ROOT=NO +INSTALL_POLKIT_FILE=NO +INSTALL_OPENVPN=NO + + +# Process the options + +while [[ $# > 1 ]] +do +key="$1" +shift + +case $key in + -f|--from-path) + FROM_PATH="$1" + shift + ;; + -r|--remove-old-files) + REMOVE_OLD_FILES="$1" + shift + ;; + --install-bitmask-root) + INSTALL_BITMASK_ROOT="$1" + shift + ;; + --install-polkit-file) + INSTALL_POLKIT_FILE="$1" + shift + ;; + --install-openvpn) + INSTALL_OPENVPN="$1" + shift + ;; + *) + # unknown option + ;; +esac +done +echo "LEAP_INSTALL_HELPER" +echo "-------------------" +echo FROM_PATH = "${FROM_PATH}" +echo REMOVE_OLD_FILES = "${REMOVE_OLD_FILES}" +echo INSTALL_BITMASK_ROOT = "${INSTALL_BITMASK_ROOT}" +echo INSTALL_POLKIT_FILE = "${INSTALL_POLKIT_FILE}" +echo INSTALL_OPENVPN = "${INSTALL_OPENVPN}" +echo + + +# +# helper functions +# + +function check_current_uid() { + current_uid=`id | sed 's/^uid=//;s/(.*$//'` + if [ $current_uid != 0 ] + then + echo "[ERROR] NEED TO BE RUN AS ROOT" + exit 1 + fi +} + +function check_from_path() { + if [ $FROM_PATH == NONE ] + then + echo "[ERROR] YOU NEED TO GIVE --from-path VALUE..." + exit 1 + fi +} + +function remove_old_files() { + for file in "${DEPRECATED_FILES[@]}" + do + rm $file + done +} + +function copy_bitmask_root() { + mkdir -p "${LOCAL_SBIN_FOLDER}" + cp "${FROM_PATH}/${BITMASK_ROOT_FILE}" "${BITMASK_ROOT_PATH}" + chmod 744 "${BITMASK_ROOT_PATH}" + +} + +function copy_polkit_file() { + cp "${FROM_PATH}/${POLKIT_FILE}" "${POLKIT_PATH}" + chmod 644 "${POLKIT_PATH}" +} + +function copy_openvpn_file() { + mkdir -p "${LOCAL_SBIN_FOLDER}" + cp "${FROM_PATH}/${OPENVPN_FILE}" "${OPENVPN_PATH}" + chmod 744 "${OPENVPN_PATH}" + +} + + +# +# Process options and run functions. +# + +check_current_uid + +if [ $INSTALL_BITMASK_ROOT == YES ] || [ $INSTALL_POLKIT_FILE == YES ] || [ $INSTALL_OPENVPN == YES ] +then + check_from_path +fi + +if [ $REMOVE_OLD_FILES == YES ] +then + echo "REMOVING OLD FILES..." + remove_old_files +fi + +if [ $INSTALL_BITMASK_ROOT == YES ] +then + echo "INSTALLING bitmask-root..." + copy_bitmask_root +fi + +if [ $INSTALL_POLKIT_FILE == YES ] +then + echo "INSTALLING policykit file..." + copy_polkit_file +fi + +if [ $INSTALL_OPENVPN == YES ] +then + echo "INSTALLING openvpn..." + copy_openvpn_file +fi diff --git a/pkg/linux/polkit/se.leap.bitmask.bundle.policy b/pkg/linux/polkit/se.leap.bitmask.bundle.policy new file mode 100644 index 00000000..58fcaaa8 --- /dev/null +++ b/pkg/linux/polkit/se.leap.bitmask.bundle.policy @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>LEAP Project</vendor> + <vendor_url>http://leap.se/</vendor_url> + + <action id="se.leap.bitmask.bundle.policy"> + <description>Runs bitmask helper to launch firewall and openvpn (bundle version)</description> + <description xml:lang="es">Ejecuta el asistente de bitmask para lanzar el firewall y openvpn (version bundle)</description> + <message>Bitmask needs that you authenticate to start</message> + <message xml:lang="es">Bitmask necesita autorizacion para comenzar</message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/local/sbin/bitmask-root</annotate> + </action> +</policyconfig> |