summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/__init__.py0
-rw-r--r--pkg/linux/README4
-rw-r--r--pkg/linux/leap.desktop13
-rw-r--r--pkg/linux/polkit/net.openvpn.gui.leap.policy23
-rwxr-xr-xpkg/linux/resolv-update90
-rw-r--r--pkg/utils.py55
6 files changed, 185 insertions, 0 deletions
diff --git a/pkg/__init__.py b/pkg/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/pkg/__init__.py
diff --git a/pkg/linux/README b/pkg/linux/README
new file mode 100644
index 00000000..7410789b
--- /dev/null
+++ b/pkg/linux/README
@@ -0,0 +1,4 @@
+= Files =
+In GNU/Linux, we expect these files to be in place:
+
+resolv-update -> /etc/leap/resolv-update
diff --git a/pkg/linux/leap.desktop b/pkg/linux/leap.desktop
new file mode 100644
index 00000000..7a6d39d9
--- /dev/null
+++ b/pkg/linux/leap.desktop
@@ -0,0 +1,13 @@
+[Desktop Entry]
+Version=0.1.0
+Encoding=UTF-8
+Name=EIP
+Comment=Anonymity and privacy
+Comment[en]=Anonymity and privacy
+Comment[es]=Anonimato y privacidad
+Comment[sv]=Anonymitet och avlyssningsskydd
+Exec=leap
+Terminal=false
+Type=Application
+Icon=leap.png
+Categories=Network;
diff --git a/pkg/linux/polkit/net.openvpn.gui.leap.policy b/pkg/linux/polkit/net.openvpn.gui.leap.policy
new file mode 100644
index 00000000..50f991a3
--- /dev/null
+++ b/pkg/linux/polkit/net.openvpn.gui.leap.policy
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>LEAP Project</vendor>
+ <vendor_url>http://leap.se/</vendor_url>
+
+ <action id="net.openvpn,gui.leap.run-openvpn">
+ <description>Runs the openvpn binary</description>
+ <description xml:lang="es">Ejecuta el binario openvpn</description>
+ <message>OpenVPN needs that you authenticate to start</message>
+ <message xml:lang="es">OpenVPN necesita autorizacion para comenzar</message>
+ <icon_name>package-x-generic</icon_name>
+ <defaults>
+ <allow_any>yes</allow_any>
+ <allow_inactive>yes</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/openvpn</annotate>
+ </action>
+</policyconfig>
diff --git a/pkg/linux/resolv-update b/pkg/linux/resolv-update
new file mode 100755
index 00000000..a54802e3
--- /dev/null
+++ b/pkg/linux/resolv-update
@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+# Parses options from openvpn to update resolv.conf
+#
+# The only way to enforce that a linux system will not leak DNS
+# queries is to replace /etc/resolv.conf with a file that only
+# has the DNS resolver specified by the VPN.
+#
+# That is what this script does. This is what resolvconf is for,
+# but sadly it does not always work.
+#
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+function up() {
+
+ comment=$(
+cat <<SETVAR
+#
+# This is a temporary resolv.conf set by the LEAP Client in order to
+# strictly enforce that DNS lookups are secured by the VPN.
+#
+# When the LEAP Client quits or the VPN connection it manages is dropped,
+# this file will be replace with the regularly scheduled /etc/resolv.conf
+#
+# If you want custom entries to appear in this file while LEAP is running,
+# put them in /etc/leap/resolv-head or /etc/leap/resolv-tail. These files
+# should only be writable by root.
+#
+
+SETVAR
+)
+
+ if [ -f /etc/leap/resolv-head ] ; then
+ custom_head=$(cat /etc/leap/resolv-head)
+ else
+ custom_head=""
+ fi
+
+ if [ -f /etc/leap/resolv-tail ] ; then
+ custom_tail=$(cat /etc/leap/resolv-tail)
+ else
+ custom_tail=""
+ fi
+
+ for optionname in ${!foreign_option_*} ; do
+ option="${!optionname}"
+ echo $option
+ part1=$(echo "$option" | cut -d " " -f 1)
+ if [ "$part1" == "dhcp-option" ] ; then
+ part2=$(echo "$option" | cut -d " " -f 2)
+ part3=$(echo "$option" | cut -d " " -f 3)
+ if [ "$part2" == "DNS" ] ; then
+ IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+ fi
+ if [ "$part2" == "DOMAIN" ] ; then
+ IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
+ fi
+ fi
+ done
+ R=""
+ for SS in $IF_DNS_SEARCH ; do
+ R="${R}search $SS
+"
+ done
+ for NS in $IF_DNS_NAMESERVERS ; do
+ R="${R}nameserver $NS
+"
+ done
+ mv /etc/resolv.conf /etc/resolv.conf.bak
+ echo "$comment
+$custom_head
+$R
+$custom_tail" > /etc/resolv.conf
+}
+
+function down() {
+ if [ -f /etc/resolv.conf.bak ] ; then
+ unlink /etc/resolv.conf
+ mv /etc/resolv.conf.bak /etc/resolv.conf
+ fi
+}
+
+case $script_type in
+ up) up ;;
+ down) down ;;
+esac
diff --git a/pkg/utils.py b/pkg/utils.py
new file mode 100644
index 00000000..c6c57652
--- /dev/null
+++ b/pkg/utils.py
@@ -0,0 +1,55 @@
+"""
+Utils to help in the setup process
+"""
+import os
+import re
+import sys
+
+
+def get_reqs_from_files(reqfiles):
+ """
+ Returns the contents of the top requirement file listed as a
+ string list with the lines
+
+ @param reqfiles: requirement files to parse
+ @type reqfiles: list of str
+ """
+ for reqfile in reqfiles:
+ if os.path.isfile(reqfile):
+ return open(reqfile, 'r').read().split('\n')
+
+
+def parse_requirements(reqfiles=['requirements.txt',
+ 'requirements.pip',
+ 'pkg/requirements.pip']):
+ """
+ Parses the requirement files provided
+
+ @param reqfiles: requirement files to parse
+ @type reqfiles: list of str
+ """
+
+ requirements = []
+ for line in get_reqs_from_files(reqfiles):
+ # -e git://foo.bar/baz/master#egg=foobar
+ if re.match(r'\s*-e\s+', line):
+ requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1',
+ line))
+ # http://foo.bar/baz/foobar/zipball/master#egg=foobar
+ elif re.match(r'\s*https?:', line):
+ requirements.append(re.sub(r'\s*https?:.*#egg=(.*)$', r'\1',
+ line))
+ # -f lines are for index locations, and don't get used here
+ elif re.match(r'\s*-f\s+', line):
+ pass
+
+ # argparse is part of the standard library starting with 2.7
+ # adding it to the requirements list screws distro installs
+ elif line == 'argparse' and sys.version_info >= (2, 7):
+ pass
+ else:
+ if line != '':
+ requirements.append(line)
+
+ #print 'REQUIREMENTS', requirements
+ return requirements