diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/__init__.py | 0 | ||||
-rw-r--r-- | pkg/linux/README | 4 | ||||
-rw-r--r-- | pkg/linux/leap.desktop | 13 | ||||
-rw-r--r-- | pkg/linux/polkit/net.openvpn.gui.leap.policy | 23 | ||||
-rwxr-xr-x | pkg/linux/resolv-update | 90 | ||||
-rw-r--r-- | pkg/utils.py | 55 |
6 files changed, 185 insertions, 0 deletions
diff --git a/pkg/__init__.py b/pkg/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/pkg/__init__.py diff --git a/pkg/linux/README b/pkg/linux/README new file mode 100644 index 00000000..7410789b --- /dev/null +++ b/pkg/linux/README @@ -0,0 +1,4 @@ += Files = +In GNU/Linux, we expect these files to be in place: + +resolv-update -> /etc/leap/resolv-update diff --git a/pkg/linux/leap.desktop b/pkg/linux/leap.desktop new file mode 100644 index 00000000..7a6d39d9 --- /dev/null +++ b/pkg/linux/leap.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=0.1.0 +Encoding=UTF-8 +Name=EIP +Comment=Anonymity and privacy +Comment[en]=Anonymity and privacy +Comment[es]=Anonimato y privacidad +Comment[sv]=Anonymitet och avlyssningsskydd +Exec=leap +Terminal=false +Type=Application +Icon=leap.png +Categories=Network; diff --git a/pkg/linux/polkit/net.openvpn.gui.leap.policy b/pkg/linux/polkit/net.openvpn.gui.leap.policy new file mode 100644 index 00000000..50f991a3 --- /dev/null +++ b/pkg/linux/polkit/net.openvpn.gui.leap.policy @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>LEAP Project</vendor> + <vendor_url>http://leap.se/</vendor_url> + + <action id="net.openvpn,gui.leap.run-openvpn"> + <description>Runs the openvpn binary</description> + <description xml:lang="es">Ejecuta el binario openvpn</description> + <message>OpenVPN needs that you authenticate to start</message> + <message xml:lang="es">OpenVPN necesita autorizacion para comenzar</message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/openvpn</annotate> + </action> +</policyconfig> diff --git a/pkg/linux/resolv-update b/pkg/linux/resolv-update new file mode 100755 index 00000000..a54802e3 --- /dev/null +++ b/pkg/linux/resolv-update @@ -0,0 +1,90 @@ +#!/bin/bash +# +# Parses options from openvpn to update resolv.conf +# +# The only way to enforce that a linux system will not leak DNS +# queries is to replace /etc/resolv.conf with a file that only +# has the DNS resolver specified by the VPN. +# +# That is what this script does. This is what resolvconf is for, +# but sadly it does not always work. +# +# Example envs set from openvpn: +# foreign_option_1='dhcp-option DNS 193.43.27.132' +# foreign_option_2='dhcp-option DNS 193.43.27.133' +# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' +# + +function up() { + + comment=$( +cat <<SETVAR +# +# This is a temporary resolv.conf set by the LEAP Client in order to +# strictly enforce that DNS lookups are secured by the VPN. +# +# When the LEAP Client quits or the VPN connection it manages is dropped, +# this file will be replace with the regularly scheduled /etc/resolv.conf +# +# If you want custom entries to appear in this file while LEAP is running, +# put them in /etc/leap/resolv-head or /etc/leap/resolv-tail. These files +# should only be writable by root. +# + +SETVAR +) + + if [ -f /etc/leap/resolv-head ] ; then + custom_head=$(cat /etc/leap/resolv-head) + else + custom_head="" + fi + + if [ -f /etc/leap/resolv-tail ] ; then + custom_tail=$(cat /etc/leap/resolv-tail) + else + custom_tail="" + fi + + for optionname in ${!foreign_option_*} ; do + option="${!optionname}" + echo $option + part1=$(echo "$option" | cut -d " " -f 1) + if [ "$part1" == "dhcp-option" ] ; then + part2=$(echo "$option" | cut -d " " -f 2) + part3=$(echo "$option" | cut -d " " -f 3) + if [ "$part2" == "DNS" ] ; then + IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3" + fi + if [ "$part2" == "DOMAIN" ] ; then + IF_DNS_SEARCH="$IF_DNS_SEARCH $part3" + fi + fi + done + R="" + for SS in $IF_DNS_SEARCH ; do + R="${R}search $SS +" + done + for NS in $IF_DNS_NAMESERVERS ; do + R="${R}nameserver $NS +" + done + mv /etc/resolv.conf /etc/resolv.conf.bak + echo "$comment +$custom_head +$R +$custom_tail" > /etc/resolv.conf +} + +function down() { + if [ -f /etc/resolv.conf.bak ] ; then + unlink /etc/resolv.conf + mv /etc/resolv.conf.bak /etc/resolv.conf + fi +} + +case $script_type in + up) up ;; + down) down ;; +esac diff --git a/pkg/utils.py b/pkg/utils.py new file mode 100644 index 00000000..c6c57652 --- /dev/null +++ b/pkg/utils.py @@ -0,0 +1,55 @@ +""" +Utils to help in the setup process +""" +import os +import re +import sys + + +def get_reqs_from_files(reqfiles): + """ + Returns the contents of the top requirement file listed as a + string list with the lines + + @param reqfiles: requirement files to parse + @type reqfiles: list of str + """ + for reqfile in reqfiles: + if os.path.isfile(reqfile): + return open(reqfile, 'r').read().split('\n') + + +def parse_requirements(reqfiles=['requirements.txt', + 'requirements.pip', + 'pkg/requirements.pip']): + """ + Parses the requirement files provided + + @param reqfiles: requirement files to parse + @type reqfiles: list of str + """ + + requirements = [] + for line in get_reqs_from_files(reqfiles): + # -e git://foo.bar/baz/master#egg=foobar + if re.match(r'\s*-e\s+', line): + requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1', + line)) + # http://foo.bar/baz/foobar/zipball/master#egg=foobar + elif re.match(r'\s*https?:', line): + requirements.append(re.sub(r'\s*https?:.*#egg=(.*)$', r'\1', + line)) + # -f lines are for index locations, and don't get used here + elif re.match(r'\s*-f\s+', line): + pass + + # argparse is part of the standard library starting with 2.7 + # adding it to the requirements list screws distro installs + elif line == 'argparse' and sys.version_info >= (2, 7): + pass + else: + if line != '': + requirements.append(line) + + #print 'REQUIREMENTS', requirements + return requirements |