From f88976700b04d7fca7dab5fdc10ce013372f245d Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 28 Aug 2015 12:13:30 -0400 Subject: [pkg] update versions for 0.9.0rc2 --- pkg/leap_versions.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/leap_versions.txt b/pkg/leap_versions.txt index 0351c758..ff0dd91c 100644 --- a/pkg/leap_versions.txt +++ b/pkg/leap_versions.txt @@ -1,4 +1,4 @@ -soledad 0.7.1 -keymanager 0.4.1 -leap_common 0.4.0 -leap_mail 0.4.0rc1 +soledad 0.7.2 +keymanager 0.4.2 +leap_common 0.4.2 +leap_mail 0.4.0rc2 -- cgit v1.2.3 From 4a4288601b4d71b47431e1ea7e10350a31215960 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 1 Sep 2015 16:14:26 -0400 Subject: [pkg] checkout develop in bitmask repo too --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 39fe7717..cd421d16 100644 --- a/Makefile +++ b/Makefile @@ -136,6 +136,7 @@ pull_leapdeps: checkout_leapdeps_develop: for repo in $(LEAP_REPOS); do cd $(CURDIR)/../$$repo && git checkout develop; done + git checkout develop checkout_leapdeps_release: pkg/scripts/checkout_leap_versions.sh -- cgit v1.2.3 From 2fa5d0f38b79d0536652034c3007dfae290ef6fc Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 1 Sep 2015 16:56:46 -0400 Subject: [style] Fix spelling errors in bitmask-root manpage --- docs/man/bitmask-root.1.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/man/bitmask-root.1.rst b/docs/man/bitmask-root.1.rst index dde303ae..b2f955a8 100644 --- a/docs/man/bitmask-root.1.rst +++ b/docs/man/bitmask-root.1.rst @@ -35,8 +35,8 @@ openvpn **start** [ARGS] Starts openvpn. All args are passed to openvpn, and filtered against a list of allowed args. If the next - argument is `restart`, the firewall will not be teared - down in the case of errors lauching openvpn. + argument is `restart`, the firewall will not be torn + down in the case of errors launching openvpn. **stop** Stops openvpn. -- cgit v1.2.3 From 9c39068d292d17fb3c29ec3c53de5250ddfb40d7 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 2 Sep 2015 14:04:01 -0300 Subject: [feat] load credentials from environment variable Look for file defined in the `BITMASK_CREDENTIALS` env variable and load `provider`, `username` and `password` data. Trigger login if they were loaded correctly. The credentials file should look like this: [Credentials] username = my-account@my-provider.com password = secret - Resolves: #7419 --- changes/feature-7419_load-credentials-from-env | 1 + src/leap/bitmask/gui/mainwindow.py | 36 ++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 changes/feature-7419_load-credentials-from-env diff --git a/changes/feature-7419_load-credentials-from-env b/changes/feature-7419_load-credentials-from-env new file mode 100644 index 00000000..7704df01 --- /dev/null +++ b/changes/feature-7419_load-credentials-from-env @@ -0,0 +1 @@ +- Load credentials from environment variables and trigger login. Closes feature #7419. diff --git a/src/leap/bitmask/gui/mainwindow.py b/src/leap/bitmask/gui/mainwindow.py index 312048ba..b0f14aef 100644 --- a/src/leap/bitmask/gui/mainwindow.py +++ b/src/leap/bitmask/gui/mainwindow.py @@ -17,8 +17,11 @@ """ Main window for Bitmask. """ +import os import time +import ConfigParser + from datetime import datetime import psutil @@ -781,6 +784,10 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): if self._wizard: self._load_from_wizard() else: + if self._load_credentials_from_env(): + self._login() + return + domain = self._settings.get_provider() if domain is not None: self._providers.select_provider_by_name(domain) @@ -796,6 +803,35 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): if self._login_widget.load_user_from_keyring(saved_user): self._login() + def _load_credentials_from_env(self): + """ + Load username and password into the login widget from a file specified + in an environment variable. This is useful for test purposes. + + :return: True if credentials were loaded, False otherwise + :rtype: bool + """ + credentials = os.environ.get("BITMASK_CREDENTIALS") + + if credentials is None: + return False + + try: + config = ConfigParser.ConfigParser() + config.read(credentials) + username, domain = config.get('Credentials', 'username').split('@') + password = config.get('Credentials', 'password') + except Exception, e: + print "Error reading credentials file: {0}".format(e) + return False + + self._providers.select_provider_by_name(domain) + self._login_widget.set_provider(domain) + self._login_widget.set_user(username) + self._login_widget.set_password(password) + + return True + def _show_hide_unsupported_services(self): """ Given a set of configured providers, it creates a set of -- cgit v1.2.3 From f55ad5698d989bc8185cb7b5eb552e1adebb0b39 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Mon, 7 Sep 2015 14:18:37 -0300 Subject: [bug] fix argument number on window raise event - Resolves: #7415 --- changes/bug-7415_fix-arguments-on-raise-window-event | 1 + src/leap/bitmask/gui/mainwindow.py | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 changes/bug-7415_fix-arguments-on-raise-window-event diff --git a/changes/bug-7415_fix-arguments-on-raise-window-event b/changes/bug-7415_fix-arguments-on-raise-window-event new file mode 100644 index 00000000..a49922c1 --- /dev/null +++ b/changes/bug-7415_fix-arguments-on-raise-window-event @@ -0,0 +1 @@ +o Fix wrong argument number on window raise event. Close bug #7415. diff --git a/src/leap/bitmask/gui/mainwindow.py b/src/leap/bitmask/gui/mainwindow.py index b0f14aef..c5939a6d 100644 --- a/src/leap/bitmask/gui/mainwindow.py +++ b/src/leap/bitmask/gui/mainwindow.py @@ -1640,14 +1640,12 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): # window handling methods # - def _on_raise_window_event(self, event, content): + def _on_raise_window_event(self, event): """ Callback for the raise window event :param event: The event that triggered the callback. :type event: str - :param content: The content of the event. - :type content: list """ if IS_WIN: locks.raise_window_ack() -- cgit v1.2.3 From 44fdb81e6e70a5db7989856562e4ff2429027016 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Mon, 31 Aug 2015 17:48:53 -0300 Subject: [feat] run bitmask inside a docker container --- docker/Dockerfile | 31 +++++ docker/bitmask-docker.sh | 116 ++++++++++++++++ docker/bitmask-nightly.json | 11 ++ docker/leap_bootstrap.sh | 320 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 478 insertions(+) create mode 100644 docker/Dockerfile create mode 100755 docker/bitmask-docker.sh create mode 100644 docker/bitmask-nightly.json create mode 100755 docker/leap_bootstrap.sh diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..857c3cd0 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,31 @@ +FROM ubuntu:trusty + +MAINTAINER Ivan Alejandro + +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + g++ \ + git \ + libffi-dev \ + libsqlite3-dev \ + libssl-dev \ + openvpn \ + pyside-tools \ + python-dev \ + python-openssl \ + python-pip \ + python-pyside \ + python-setuptools \ + python-virtualenv \ + make realpath lxpolkit policykit-1 iptables && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + + +RUN mkdir -p /bitmask +WORKDIR /bitmask + +COPY leap_bootstrap.sh /bitmask/ + +VOLUME ["/data/"] + +EXPOSE 1984 2013 +ENTRYPOINT ["/bitmask/leap_bootstrap.sh"] diff --git a/docker/bitmask-docker.sh b/docker/bitmask-docker.sh new file mode 100755 index 00000000..af91145b --- /dev/null +++ b/docker/bitmask-docker.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +run(){ + # NOTE: you may need this line if you get an error using ip6tables + # (host needs ip6 kernel modules to use it in the container) + # sudo modprobe ip6_tables + + # NOTE: to get X11 socket forwarding to work we need this + xhost local:root + + CREDS_OPTS='' + if [[ -n $BITMASK_CREDENTIALS ]]; then + BITMASK_CREDENTIALS=`realpath $BITMASK_CREDENTIALS` + CREDS_OPTS="-e BITMASK_CREDENTIALS=/data/credentials.ini -v $BITMASK_CREDENTIALS:/data/credentials.ini" + fi + + docker run --rm -it \ + --net host \ + --privileged \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix$DISPLAY \ + $CREDS_OPTS \ + -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \ + -v `pwd`/data/config:/root/.config/leap \ + -p 1984:1984 -p 2013:2013 \ + --name bitmask \ + test/bitmask run $@ + + # Services' related ports + # eip: ["80", "53", "443", "1194"] + # mail: ["1984", "2013"] + + # logs when no ip6_tables module is not loaded on host: + # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask + # modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.1.6-040106-generic/modules.dep.bin' + # ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) + # Perhaps ip6tables or your kernel needs to be upgraded. + + # logs when ip6_tables module is loaded on host: + # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask + # root@bitmask-container:/bitmask# # success! +} + +shell(){ + xhost local:root + + docker run --rm -it \ + --net host \ + --privileged \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix$DISPLAY \ + -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \ + -v `pwd`/data/config:/root/.config/leap \ + -p 1984:1984 -p 2013:2013 \ + --name bitmask \ + --entrypoint=bash \ + test/bitmask +} + +init(){ + JSON=`realpath $1` + docker run --rm -it \ + -v `pwd`/data:/data \ + -v $JSON:/shared/bitmask.json \ + test/bitmask init ro /shared/bitmask.json +} + +update(){ + JSON=`realpath $1` + docker run --rm -it \ + -v `pwd`/data:/data \ + -v $JSON:/shared/bitmask.json \ + test/bitmask update /shared/bitmask.json +} + +build(){ + docker build -t test/bitmask . +} + +help() { + echo ">> Bitmask on docker" + echo "Run the bitmask app in a docker container." + echo + echo "Usage: $0 {init bitmask.json | update | run | help }" + echo + echo " init : Clone repositories, install dependencies, and get bitmask ready to be used." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " build : Build the docker image for bitmask." + echo " shell : Run a shell inside a bitmask docker container (useful to debug)." + echo " update : Update the repositories and install new deps (if needed)." + echo " run : Run the client (any extra parameters will be sent to the app)." + echo " help : Show this help" + echo +} + + +case "$1" in + run) + run "$@" + ;; + init) + init $2 + ;; + update) + update $2 + ;; + build) + build + ;; + shell) + shell + ;; + *) + help + ;; +esac diff --git a/docker/bitmask-nightly.json b/docker/bitmask-nightly.json new file mode 100644 index 00000000..5b1c3cf0 --- /dev/null +++ b/docker/bitmask-nightly.json @@ -0,0 +1,11 @@ +{ + "version": "nightly", + "tuf_repo": "", + "bitmask_client": "develop", + "soledad": "develop", + "keymanager": "develop", + "leap_mail": "develop", + "leap_pycommon": "develop", + "bitmask_launcher": "develop", + "leap_assets": "master" +} diff --git a/docker/leap_bootstrap.sh b/docker/leap_bootstrap.sh new file mode 100755 index 00000000..efff859d --- /dev/null +++ b/docker/leap_bootstrap.sh @@ -0,0 +1,320 @@ +#!/bin/bash +###################################################################### +# repo-versions.sh +# Copyright (C) 2014, 2015 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +###################################################################### +set -e # Exit immediately if a command exits with a non-zero status. +REPOSITORIES="bitmask_client leap_pycommon soledad keymanager leap_mail bitmask_launcher leap_assets" +PACKAGES="leap_pycommon keymanager soledad/common soledad/client leap_mail bitmask_client" + +_is_docker() { + grep -q docker /proc/1/cgroup +} + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +_is_docker && BASE_PATH="/data/" || BASE_PATH=$SCRIPT_DIR +REPOS_ROOT="$BASE_PATH/repositories" # Root path for all the needed repositories +VENV_DIR="$BASE_PATH/bitmask.venv" # Root path for all the needed repositories + +mkdir -p $REPOS_ROOT + +PS4=">> " # for debugging + +# Escape code +esc=`echo -en "\033"` + +# Set colors +cc_green="${esc}[0;32m" +cc_yellow="${esc}[0;33m" +cc_blue="${esc}[0;34m" +cc_red="${esc}[0;31m" +cc_normal=`echo -en "${esc}[m\017"` + +apt_install_dependencies() { + status="installing system dependencies" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + sudo apt-get install -y git python-dev python-setuptools python-virtualenv python-pip libssl-dev python-openssl libsqlite3-dev g++ openvpn pyside-tools python-pyside libffi-dev + set +x +} + +helpers() { + if [[ "$1" == "cleanup" ]]; then + status="removing helper files" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + sudo rm -f /usr/sbin/bitmask-root + sudo rm -f /usr/share/polkit-1/actions/se.leap.bitmask.policy + set +x + else + status="installing helper files" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + BASE=$REPOS_ROOT/bitmask_client/pkg/linux + sudo mkdir -p /usr/share/polkit-1/actions/ + sudo cp $BASE/bitmask-root /usr/sbin/ + sudo cp $BASE/polkit/se.leap.bitmask.policy /usr/share/polkit-1/actions/ + set +x + fi +} + +clone_repos() { + local status="clone repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + if [[ "$1" == "rw" ]]; then + # read-write remotes: + src="ssh://gitolite@leap.se" + else + # read-only remotes: + src="https://leap.se/git" + fi + cd $REPOS_ROOT + + for repo in $REPOSITORIES; do + [ ! -d $repo ] && git clone $src/$repo + done + + cd - + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + +checkout_repos(){ + local status="checkout repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + for repo in $REPOSITORIES; do + version=$(cat $1 | python -c "import json,sys;obj=json.load(sys.stdin);print obj['$repo'];") + cd $REPOS_ROOT/$repo + git fetch origin && git fetch --tags origin + + if [[ -n `git tag -l | grep $version` ]]; then + # if is a tag + git checkout -f $version + else + # if is a branch + git reset --hard origin/$version + fi + done + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + +create_venv() { + local status="creating virtualenv" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + virtualenv $VENV_DIR && source $VENV_DIR/bin/activate + pip install --upgrade pip # get the latest pip + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +setup_develop() { + local status="installing packages" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + cd $REPOS_ROOT + source $VENV_DIR/bin/activate + + # do a setup develop in every package + for package in $PACKAGES; do + cd $REPOS_ROOT/$package + python setup.py develop --always-unzip + done + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +install_dependencies() { + local status="installing dependencies" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + cd $REPOS_ROOT + source $VENV_DIR/bin/activate + + # install defined 3rd party dependencies for every package + for package in $PACKAGES; do + cd $REPOS_ROOT/$package + pkg/pip_install_requirements.sh + done + + # symlink system's PySide inside the venv + $REPOS_ROOT/bitmask_client/pkg/postmkvenv.sh + + # hack to solve gnupg version problem + pip uninstall -y gnupg && pip install gnupg + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +docker_stuff() { + local status="doing stuff needed to run bitmask on a docker container" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + helpers + lxpolkit & + sleep 0.5 + + # this is needed for pkexec + mkdir -p /var/run/dbus + dbus-daemon --system | true + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +run() { + echo "${cc_green}Status: running client...${cc_normal}" + set -x + + shift # remove 'run' from arg list + passthrough_args=$@ + + _is_docker && docker_stuff + + source $VENV_DIR/bin/activate + python $REPOS_ROOT/bitmask_client/src/leap/bitmask/app.py -d $passthrough_args + + set +x +} + +initialize() { + shift # remove 'init' + echo $@ + if [[ "$1" == "ro" ]]; then + # echo "RO" + shift # remove 'ro' + clone_repos "ro" + else + # echo "RW" + clone_repos + fi + + if [[ -z $1 ]]; then + echo "You need to specify a bitmask.json parameter." + echo "for example:" + cat << EOF +{ + "bitmask_client": "0.7.0", + "soledad": "0.6.3", + "leap_pycommon": "0.3.9", + "keymanager": "0.3.8", + "leap_mail": "0.3.10", + "bitmask_launcher": "0.3.3", + "leap_assets": "master" +} +EOF + exit 1 + fi + + JSON=`realpath $1` + + checkout_repos $JSON + create_venv + install_dependencies + setup_develop + + cd $REPOS_ROOT/bitmask_client/ + make + cd - +} +update() { + local status="updating repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + if [[ -z $1 ]]; then + echo "You need to specify a bitmask.json parameter." + echo "for example:" + cat << EOF +{ + "bitmask_client": "0.7.0", + "soledad": "0.6.3", + "leap_pycommon": "0.3.9", + "keymanager": "0.3.8", + "leap_mail": "0.3.10", + "bitmask_launcher": "0.3.3", + "leap_assets": "master" +} +EOF + exit 1 + fi + + JSON=`realpath $1` + + checkout_repos $JSON + install_dependencies + setup_develop + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + + +help() { + echo ">> LEAP bootstrap - help" + echo "Bootstraps the environment to start developing the bitmask client" + echo "with all the needed repositories and dependencies." + echo + echo "Usage: $0 {init [ro] bitmask.json | update bitmask.json | run | help | deps | helpers}" + echo + echo " init : Initialize repositories, create virtualenv and \`python setup.py develop\` all." + echo " You can use \`init ro\` in order to use the https remotes if you don't have rw access." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " update : Update the repositories and install new deps (if needed)." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " run : Runs the client (any extra parameters will be sent to the app)." + echo " help : Show this help" + echo " -- system helpers --" + echo " deps : Install the system dependencies needed for bitmask dev (Debian based Linux ONLY)." + echo " helpers : Install the helper files needed to use bitmask (Linux only)." + echo " You can use \`helpers cleanup\` to remove those files." + echo +} + + +case "$1" in + init) + initialize "$@" + ;; + update) + update $2 + ;; + helpers) + helpers $2 + ;; + deps) + apt_install_dependencies + ;; + run) + run "$@" + ;; + *) + help + ;; +esac -- cgit v1.2.3 From 418b5f9fdd31886348152e61d6372251c0b7ac9d Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Mon, 31 Aug 2015 17:48:53 -0300 Subject: [feat] install using leap-wheels I did the previous merge against an outdated version of the PR branch (leapcode/pr/889). Sorry! --- docker/leap_bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/leap_bootstrap.sh b/docker/leap_bootstrap.sh index efff859d..195527e3 100755 --- a/docker/leap_bootstrap.sh +++ b/docker/leap_bootstrap.sh @@ -158,7 +158,7 @@ install_dependencies() { # install defined 3rd party dependencies for every package for package in $PACKAGES; do cd $REPOS_ROOT/$package - pkg/pip_install_requirements.sh + pkg/pip_install_requirements.sh --use-leap-wheels done # symlink system's PySide inside the venv -- cgit v1.2.3 From b567cded32e58388f4c88ea04e15bdc86e585a13 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 9 Sep 2015 13:34:35 -0400 Subject: [pkg] add docker/data to ignores --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 23bfbfe8..62b21fd1 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,5 @@ CHANGELOG~ data/bitmask.pro bitmask-resources.png + +docker/data -- cgit v1.2.3 From bf0378257afcb8fa2542e5cf904691ec5fdd74b1 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 9 Sep 2015 13:24:45 -0300 Subject: [feat] use docker to test .deb packages Add scripts to easily test (stable or unstable) debian packages. - Resolves: #6715 --- docker/debian/apt-bitmask.sh | 122 ++++++++++++++++++++++++++++++++ docker/debian/bitmask-on-docker.sh | 23 ++++++ docker/debian/leap-experimental.key | 52 ++++++++++++++ docker/debian/run-docker-for-bitmask.sh | 22 ++++++ 4 files changed, 219 insertions(+) create mode 100755 docker/debian/apt-bitmask.sh create mode 100755 docker/debian/bitmask-on-docker.sh create mode 100644 docker/debian/leap-experimental.key create mode 100755 docker/debian/run-docker-for-bitmask.sh diff --git a/docker/debian/apt-bitmask.sh b/docker/debian/apt-bitmask.sh new file mode 100755 index 00000000..68430aff --- /dev/null +++ b/docker/debian/apt-bitmask.sh @@ -0,0 +1,122 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +distro(){ + # for ubuntu/mint: + name=`lsb_release -a 2>&1 | grep Codename | cut -f2` + + # for debian: + [[ -z $name ]] && name=`grep -oP "VERSION=.*\(\K\w+" /etc/os-release` + + # for debian sid + [[ -z $name ]] && name=`grep -o sid /etc/debian_version` + + declare -A distros + distros=( + ['nadia']='quantal' + ['olivia']='raring' + ['petra']='saucy' + ['qiana']='trusty' + ['rebecca']='trusty' + ['rafaela']='trusty' + ) + + # if name is in the above list -> replace + [ ${distros[$name]+abc} ] && name=${distros[$name]} + + echo $name | tr "[A-Z]" "[a-z]" +} + +is_supported(){ + distros=( + 'wheezy' # Debian 7 - stable + 'jessie' # Debian 8 - testing + 'sid' # Debian unstable + 'quantal' # Ubuntu 12.10 + 'raring' # Ubuntu 13.04 + 'saucy' # Ubuntu 13.10 + 'trusty' # Ubuntu 14.04 + 'utopic' # Ubuntu 14.10 + 'vivid' # Ubuntu 15.04 + ) + + my_distro=`distro` + + for p in "${distros[@]}"; do + if [[ $my_distro = ${p}* ]]; then + echo true + return + fi + done + echo false +} + +if [[ `is_supported` == "false" ]]; then + echo "ERROR: Sorry, your distro (`distro`) is currently not supported." + exit 1 +fi; + +help() { + echo ">> Bitmask .deb automatic installer helper" + echo "This script does all the needed stuff in order to get bitmask stable or unstable into your machine." + echo + echo "Usage: $0 ( stable | unstable | help )" + echo + echo " stable : Install the stable bitmask package." + echo " unstable : Install the unstable bitmask package." + echo " help : Show this help" + echo + echo "NOTE: you need to run this with root privileges." + echo +} + +case ${1:-} in + stable) + REPO='debian' + ;; + unstable) + REPO='experimental' + ;; + *) + help + exit 1 + ;; +esac + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +# ------------------------------- +# instructions from http://deb.leap.se/experimental/ +# run this with admin privileges + +DISTRO=`distro` + +if [[ $REPO == 'debian' ]]; then + # stable + # wget -O- https://dl.bitmask.net/apt.key | apt-key add - + + # HACK: do this twice since the first one fails due to gpg not having a configuration + gpg --recv-key 0x1E34A1828E207901 &> /dev/null || true + gpg --recv-key 0x1E34A1828E207901 + + gpg --armor --export 0x1E34A1828E207901 | apt-key add - +else # $REPO == 'experimental' + if [[ ! -f "leap-experimental.key" ]]; then + echo "ERROR: you need to copy the leap-experimental.key file into this directory." + exit 1 + fi + + # sha256sum leap-experimental.key + echo "ed3f4f3e3e0835a044457451755ae743741d7bafa55bcd31cc464a54e8c5e7f9 leap-experimental.key" | sha256sum -c - + apt-key add leap-experimental.key +fi + +echo "deb http://deb.leap.se/$REPO $DISTRO main" > /etc/apt/sources.list.d/bitmask.list +echo "deb-src http://deb.leap.se/$REPO $DISTRO main" >> /etc/apt/sources.list.d/bitmask.list + +apt-get update +apt-get install -y bitmask diff --git a/docker/debian/bitmask-on-docker.sh b/docker/debian/bitmask-on-docker.sh new file mode 100755 index 00000000..c3e42b22 --- /dev/null +++ b/docker/debian/bitmask-on-docker.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Helper script to install, run and do a screenshot of bitmask + +# You can use this as follows: +# $ docker run -t -i --rm -v `pwd`:/host/ ubuntu:14.04 /bin/bash +# $ cd /host/ +# $ ./bitmask-on-docker.sh stable + +[[ -z $1 ]] && exit 1 + +./apt-bitmask.sh $1 # this does an `apt-get update` +apt-get -y install xinit xvfb imagemagick lxpolkit + +startx -- `which Xvfb` :1 -screen 0 1024x768x24 & +sleep 1 + +DISPLAY=:1 lxpolkit & +sleep 0.5 # bitmask needs polkit to work + +DISPLAY=:1 bitmask & +sleep 2 # wait for bitmask to start + +DISPLAY=:1 import -window root bitmask.png diff --git a/docker/debian/leap-experimental.key b/docker/debian/leap-experimental.key new file mode 100644 index 00000000..a07ec44c --- /dev/null +++ b/docker/debian/leap-experimental.key @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQINBFRiYXMBEAC/96OXISCU9kndpa7zYedBd4NzXppk1hRPDgGH5Ccl7mFYRaaY +abKOJuilvMThBn2GelFRVXrhFT0K6TVCbrAaLHpb7KGpaxgKY/a+mYCA9BAtYkvR +ru4Xh6VhozI5hDlIDCD5og96d7ymYjVaxiN89ilh4j8TL5Bh4PoCaxIbmxHiVmtM +fIKw9LPAvpViC+8iS+x751plK8NFe4lAbSycWh3AdDfM5wSlUpEa1FwFuilo4Jya +upEY9Uk5qLlNTFTBJmVEwKFXT0swb2o62EzN4LbW7yNC69Ign+G+PCNBiYhIdUKJ +6dPAUexaSAxW6NPf/rdMVHY6tBlx41lzPvnF3ysnsoxKGdoU/Jbri4cIJRikMnzW +GFCJmUdEPkAkkKHgGXCipvrM6Amhmp3Kg5PQUIjRafH9CBo0bsPSordtk/GarMe+ +8fxZ0rjyLN17hsgwWKCWBIBvPAB0UTh22xjNDh4jmehn5ijdjqKatchcEu9MsSPA +l5r0aU+cDLghw6c8TmbqYfOK2nkbwBVkctWjlVohnO1PAOdxwQ0gFoZf3o9QIADg +BsZTy2CZCag9OK0NCiMoO47JoAdQiaFcUAJvjOwncoE3SuyKTtKitENuAmzl7xjY +HNyq72t7TKBJaWqzngnIp2nsJVaZ8Va+7hC/xqRbWoXVrY5mp53xwJQoiwARAQAB +tDZMRUFQIGV4cGVyaW1lbnRhbCBhcmNoaXZlIHNpZ25pbmcga2V5IDxzeXNkZXZA +bGVhcC5zZT6JAj4EEwECACgFAlRiYXMCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJEIN8GtU2dCnZ8CEP/iNE4hROU4vE+Zgi31FIAf5ppVBvcnMl +hgqlTwoKDE0dnQIlfYgdWz6yVHm2lZMJZ9FFzL4oPFzz0wKlAfROCAiibnXlUhjn +ehzqvhReMR1Y/lC8vYqryz8RY3FD2tOIeU/w/Nlxq9WAI6bvEd2q0B1GzuGRcunl +YXFP0bMteddE46ZXx19fc/2pze4e1y320BoybsZk4EfRKjdroyFm2I3NJO65cF/M +vzwRNOSnyrAWv5lXlLO9QiQ/YIRKTg7dgQTPV35wER4v9GVPP3VpXIHmwQge2TnE +BoBNExjEM5brLdq7rVHV6xaylTfkK4lbfLnwybnAz8SGE0hAGkprAwCUE/FFRqAw +Xn3hSQBYlZuWe47Mmblc5fBCmQZ8kuCnHF+mLs/mplqARK3x5N5cfwuOZuLaQ/Lh +xhfxk3m1iOR0gkPYgU1ihGhQZabul5EhXvPFnKyiN95yx1PS2o7P+LkpAP+S8syQ +tOOlBsX2dSMRekYRvPNqma94RWaY9qve0RhTjVh0MSjCqc2bYIsx7NfLrwUoeyVU +Bpjmt+29pYsce7w6ybyxvNw8MDIe5//+IRR10Z9QQ6tlj/kUbHdP82lA4OHwGEkN +Jq+fwfJfydXrM6Gjiw3imy6IItGJVP99F9g05cJlniLr2a+IYTe3sAltwl2qhLvA +59LO8Nz5uipAuQINBFRiYXMBEAC5cQEoBMSQLK6AixYahxSQDBLNjWomLduPRyxp +iIQ3v/n5q3puwIvOgsI4u++8ZmTzjzUHpRo3Peqbn/7Dw/TMAa5lvacju1n2dWX2 +StFqPhyP0ysWJF7p8wt/GoFIhM1YiQam1Bz/hELbCmZQZ/65jTkUNksLJbKQrk35 +CfRI2TFfp039ooDrR/i01LC+MNaIKWeNqUNqcnzEmZNn2TpG3730pjLZq4TjnSeE +ZnTwtl0wa2zFA6oN5xyE2XDV8hGwjzUnjHcTsI/zHUHJLQynSFZ45qBd8rCQ1lJw +jkdTaeUoCg9k1S88kslTYGWmZNk14Cy+TdIYy7CvGJIoT/hN/gUtNydTfkxhP/VG +dwmuMbXtYnfq0u78y94QEylvuU06l/ixucLnV60DVA9TdDR/0aw4iH5lw0UoPV31 +qmDOGqlr7dNgCs58ms6k4NGsAsi4VBefvfZAjqmEEAxcoapDW8rITRxBGYqoR8QI +9qA50bS+Z1LFOiJ+B0Yhw3RePQoNwjbCopciOAADTcpVLhc15UGZ+1Co5foc0KqX +G7OQpArwHX/BueGlQpqjtOKnCh9nzEakEHt0phLeISn4wq9FLoDh/8ddymUIl8KB +LpmA0LBZV+lbmUIf7y6wg/sf5ClguRyVjizSjc+vZoDyFzXNdcXyF/n7NRCvU63R +ELUpZQARAQABiQIlBBgBAgAPBQJUYmFzAhsMBQkB4TOAAAoJEIN8GtU2dCnZzd4P +/1qqLBLeKscm7ehBl51ux5D7sW73KN+VUEPma9yypNDh94K/zcCz61gis2ba98Zx +Fkznh6+ugqfFJfA2b1yynxUxmKDJSctVYxYplpTAyvnH/nNJxCTnmMRYl+ZErSOK +jtoqJbH6bcMbDiWCJ0gjT05w63uN9php6VYVpgn45kUwN85C7+xF6k+Ntyw4UmOj +/VjwJLs1k0zeUhZGjJGRLfVB4RZnnmkX9HzGviHJETqKmoN9ES8+Tt4WlBdngsgT +yr8HXFOzc2OxzRmF7rg1FKhCeaP8EoOcvMyp/5ahnEeJotr+z2bcWlK07D8g0uo0 +tjU8r6fUiHwZD+3iQGFXW+MDMTj/CMOem+Phe22Pn9yjPWA3cmQmCFC+523Pckh9 +xHZgPtwq6F/9L3DQeSmwXey5Q2wBbEGLJ/IWHhiDXG6IDy2Go41M0WCojit0b7hm +70mLptA1rIDDs/T/u0MJ3QmkUxqj7+J3l4T3d0Fh2z/KKTdBJhGvx5h2QjxohIjp +b6JsAIBjl85rTqk6yiX8ct/i9LXqA4luEb47Sl1kc2WQyZv6VPmisBeazDXnnpc1 +5vuOdLqp0JhC+iaGPvkQs+ojQBSdIqnYpD0EmircvoW5yhtLflMZdPr3KeFJxmUp +I9i+ZSm7sc6kehlcGqzLr/p7WZvJBmH92AgEpicqDhJe +=10ZN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/docker/debian/run-docker-for-bitmask.sh b/docker/debian/run-docker-for-bitmask.sh new file mode 100755 index 00000000..9ffb400b --- /dev/null +++ b/docker/debian/run-docker-for-bitmask.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# NOTE: to get X11 socket forwarding to work we need this +xhost local:root + +docker run --rm -it \ + --net host \ + --privileged \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix$DISPLAY \ + -v `pwd`:/host/ \ + -p 1984:1984 -p 2013:2013 \ + ubuntu:vivid bash + +# NOTE: what to do next? +# Install bitmask package: +# $ apt-bitmask.sh stable +# Install polkit agent (bitmask needs it): +# $ apt-get install lxpolkit +# Run polkit in background: +# $ lxpolkit & # this will show you a message like: 'No session for pid 5801', ignore it +# Run bitmask: +# $ bitmask -d -- cgit v1.2.3 From b9fe92fd9dfce3ac822adce62c4a1c9aeb8c663e Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 9 Sep 2015 14:13:41 -0400 Subject: [docs] fix broken pypi badge --- README.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 5b611b95..c2738041 100644 --- a/README.rst +++ b/README.rst @@ -3,9 +3,8 @@ Bitmask *your internet encryption toolkit* -.. image:: https://pypip.in/v/leap.bitmask/badge.png - :target: https://crate.io/packages/leap.bitmask -.. image:: https://pypip.in/d/leap.bitmask/badge.png +.. image:: https://badge.fury.io/py/leap.bitmask.svg + :target: http://badge.fury.io/py/leap.bitmask **Bitmask** is the multiplatform desktop client for the services offered by `the LEAP Platform`_. -- cgit v1.2.3 From 580ad326c319113b85c85ce417e461acf15d36fe Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 10 Sep 2015 16:22:03 -0400 Subject: [bug] add compatibility for logbook versions < 0.7.0 for the version in ubuntu trusty, the call for the zeromq handler initialization gets one less argument --- src/leap/bitmask/logs/safezmqhandler.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/leap/bitmask/logs/safezmqhandler.py b/src/leap/bitmask/logs/safezmqhandler.py index 4f7aca9b..4b3d26c7 100644 --- a/src/leap/bitmask/logs/safezmqhandler.py +++ b/src/leap/bitmask/logs/safezmqhandler.py @@ -19,9 +19,11 @@ A thread-safe zmq handler for LogBook. """ import json import threading +from distutils import LooseVersion from logbook.queues import ZeroMQHandler from logbook import NOTSET +from logbook import __version__ as LOGBOOK_VERSION import zmq @@ -53,8 +55,13 @@ class SafeZMQHandler(ZeroMQHandler): # instead of calling the ZeroMQHandler's one. # The best approach may be to inherit directly from `logbook.Handler`. - ZeroMQHandler.__init__(self, uri, level, filter, bubble, context, - multi) + args = (self, uri, level, filter, bubble, context) + + # Workaround for an API change: version 0.6.0 in trusty doesn't accepts + # the multi parameter. + if LooseVersion(LOGBOOK_VERSION) >= LooseVersion('0.7.0'): + args += (multi,) + ZeroMQHandler.__init__(*args) current_id = self._get_caller_id() # we store the socket created on the parent -- cgit v1.2.3 From 557f05cc3a9a767068cc6338dca6c9216200f390 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Thu, 10 Sep 2015 17:32:40 -0300 Subject: [docs] add some docs for new docker stuff - Resolves: #7446 --- docker/README.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 docker/README.rst diff --git a/docker/README.rst b/docker/README.rst new file mode 100644 index 00000000..dcad0ac6 --- /dev/null +++ b/docker/README.rst @@ -0,0 +1,49 @@ +Bitmask and Docker +================== + +Here we have several tools that leverages docker to ease Bitmask testing. + +``bitmask-docker.sh`` is a helper script to ``build`` and ``run`` the bitmask app, +here is an example usage:: + + $ ./bitmask-docker build # build docker image + $ ./bitmask-docker init ro bitmask-nightly.json # initialize all the stuff needed + # .... + $ ./bitmask-docker.sh run + + +``bitmask-nightly.json`` is the version specifier for each bitmask component that +will be used to run bitmask. + +``Dockerfile`` is the file used to build the docker image that will run bitmask. + +``leap_bootstrap.sh`` is the script that takes care of cloning repos, installing +python dependencies, running bitmask, etc. + + +debian/ +------- + +``apt-bitmask.sh`` script that installs bitmask from the debian packages. + +``bitmask-on-docker.sh`` installs bitmask and runs it in a dummy X server, +waits a little and takes a screenshot. + +``leap-experimental.key`` is needed by ``apt-bitmask.sh`` to ``apt-key add`` +and verify apt sources. + +``run-docker-for-bitmask.sh`` is a helper script that runs an ubuntu/debian +container ready to run the ``apt-bitmask.sh`` command, it does (among other +stuff) X11 forwarding to display Bitmask UI on the host linux. + +An example usage:: + + $ ./run-docker-for-bitmask.sh + non-network local connections being added to access control list + root@hostname:/# cd /host/ + root@hostname:/host# ./apt-bitmask.sh unstable + # [... not so relevant output ...] + root@hostname:/host# apt-get install -y lxpolkit # install a small polkit agent + # [... not so relevant output ...] + root@hostname:/host# lxpolkit & # run the polkit agent in the background, ignore the "No session for pid 6034" error. + root@hostname:/host# bitmask -d # tadaa, you have bitmask running in a container! -- cgit v1.2.3 From cd9a84070591e18780bd244925f443351e71d1cb Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 11 Sep 2015 08:40:37 -0400 Subject: [bug] fix import there's an error in the import --- src/leap/bitmask/logs/safezmqhandler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/leap/bitmask/logs/safezmqhandler.py b/src/leap/bitmask/logs/safezmqhandler.py index 4b3d26c7..6d2c4f50 100644 --- a/src/leap/bitmask/logs/safezmqhandler.py +++ b/src/leap/bitmask/logs/safezmqhandler.py @@ -19,7 +19,7 @@ A thread-safe zmq handler for LogBook. """ import json import threading -from distutils import LooseVersion +from distutils.version import LooseVersion from logbook.queues import ZeroMQHandler from logbook import NOTSET -- cgit v1.2.3 From d13bcb34c7636876c69e39399129957a6c11da03 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 9 Sep 2015 17:04:07 -0300 Subject: [pkg] add libzmq dependency This is needed if we use wheels, since the zmq library is not build as it is when we install from code. --- docker/Dockerfile | 1 + docker/leap_bootstrap.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 857c3cd0..d5a7b57e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,6 +8,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-ins libffi-dev \ libsqlite3-dev \ libssl-dev \ + libzmq-dev \ openvpn \ pyside-tools \ python-dev \ diff --git a/docker/leap_bootstrap.sh b/docker/leap_bootstrap.sh index 195527e3..4f553ee7 100755 --- a/docker/leap_bootstrap.sh +++ b/docker/leap_bootstrap.sh @@ -48,7 +48,7 @@ apt_install_dependencies() { status="installing system dependencies" echo "${cc_green}Status: $status...${cc_normal}" set -x - sudo apt-get install -y git python-dev python-setuptools python-virtualenv python-pip libssl-dev python-openssl libsqlite3-dev g++ openvpn pyside-tools python-pyside libffi-dev + sudo apt-get install -y git python-dev python-setuptools python-virtualenv python-pip libssl-dev python-openssl libsqlite3-dev g++ openvpn pyside-tools python-pyside libffi-dev libzmq-dev set +x } -- cgit v1.2.3 From ad0f20ccb2bf9d4e2fda346a061dcfd8342f7561 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 14 Sep 2015 17:50:32 -0400 Subject: [pkg] revert attempt to be compatible with logbook 0.6.0 we need the 'multi' feature all the same, so we'll be depending on logbook >= 0.7.0. --- src/leap/bitmask/logs/safezmqhandler.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/leap/bitmask/logs/safezmqhandler.py b/src/leap/bitmask/logs/safezmqhandler.py index 6d2c4f50..4e5f59e4 100644 --- a/src/leap/bitmask/logs/safezmqhandler.py +++ b/src/leap/bitmask/logs/safezmqhandler.py @@ -19,11 +19,9 @@ A thread-safe zmq handler for LogBook. """ import json import threading -from distutils.version import LooseVersion from logbook.queues import ZeroMQHandler from logbook import NOTSET -from logbook import __version__ as LOGBOOK_VERSION import zmq @@ -55,12 +53,7 @@ class SafeZMQHandler(ZeroMQHandler): # instead of calling the ZeroMQHandler's one. # The best approach may be to inherit directly from `logbook.Handler`. - args = (self, uri, level, filter, bubble, context) - - # Workaround for an API change: version 0.6.0 in trusty doesn't accepts - # the multi parameter. - if LooseVersion(LOGBOOK_VERSION) >= LooseVersion('0.7.0'): - args += (multi,) + args = (self, uri, level, filter, bubble, context, multi) ZeroMQHandler.__init__(*args) current_id = self._get_caller_id() -- cgit v1.2.3 From d77fef90375711883afb16781bcae88c65944b0c Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 15 Sep 2015 13:20:01 -0300 Subject: [pkg] require Logbook 0.7.0 or newer For our logging we need a new logbook feature that was added on 0.7.0. - Resolves: #7449 --- pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 7bc15e25..44915e9d 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -28,4 +28,4 @@ txzmq oauth taskthread -logbook +logbook>=0.7.0 -- cgit v1.2.3 From 961d9e6a1c7a5041d5b019581dbf08f16f29ea53 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 16 Sep 2015 16:07:57 -0400 Subject: [bug] authenticate logout calls to api logout calls were not being authenticated, so we were receiving 401 return code. --- changes/bug-fix-logout-auth | 1 + src/leap/bitmask/crypto/srpauth.py | 22 ++++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) create mode 100644 changes/bug-fix-logout-auth diff --git a/changes/bug-fix-logout-auth b/changes/bug-fix-logout-auth new file mode 100644 index 00000000..0dc09c02 --- /dev/null +++ b/changes/bug-fix-logout-auth @@ -0,0 +1 @@ +- Authenticate properly logout calls to API. diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py index 452bfa66..97a4e958 100644 --- a/src/leap/bitmask/crypto/srpauth.py +++ b/src/leap/bitmask/crypto/srpauth.py @@ -552,12 +552,19 @@ class SRPAuthImpl(object): self._provider_config. get_api_version(), "logout") + cookies = {self.SESSION_ID_KEY: self.get_session_id()} + headers = { + self.AUTHORIZATION_KEY: + "Token token={0}".format(self.get_token()) + } try: - self._session.delete(logout_url, - data=self.get_session_id(), - verify=self._provider_config. - get_ca_cert_path(), - timeout=REQUEST_TIMEOUT) + res = self._session.delete( + logout_url, + cookies=cookies, + headers=headers, + verify=self._provider_config. + get_ca_cert_path(), + timeout=REQUEST_TIMEOUT) except Exception as e: logger.warning("Something went wrong with the logout: %r" % (e,)) @@ -568,7 +575,10 @@ class SRPAuthImpl(object): self.set_token(None) # Also reset the session self._session = self._fetcher.session() - logger.debug("Successfully logged out.") + if res.status_code == 204: + logger.debug("Successfully logged out.") + else: + logger.debug("Logout status code: %s" % res.status_code) def set_session_id(self, session_id): with self._session_id_lock: -- cgit v1.2.3 From 26dc74bcc9afbe45d6082e95a3a72cda16d2941b Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 17 Sep 2015 10:44:44 -0400 Subject: [bug] fix assignment of the incoming service the second callback was actually broken, not being called when it was supposed to be. the reason is that IncomingMail.startService returns a deferred which callback is called with the loopingCall instance only when the loopingCall is stopped. --- changes/bug_7448-fix-logout-auth | 1 + src/leap/bitmask/services/mail/imapcontroller.py | 15 +++++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 changes/bug_7448-fix-logout-auth diff --git a/changes/bug_7448-fix-logout-auth b/changes/bug_7448-fix-logout-auth new file mode 100644 index 00000000..29e69571 --- /dev/null +++ b/changes/bug_7448-fix-logout-auth @@ -0,0 +1 @@ +- Fix hangs during logout. Closes: #7448 diff --git a/src/leap/bitmask/services/mail/imapcontroller.py b/src/leap/bitmask/services/mail/imapcontroller.py index e5313477..5053d897 100644 --- a/src/leap/bitmask/services/mail/imapcontroller.py +++ b/src/leap/bitmask/services/mail/imapcontroller.py @@ -27,6 +27,7 @@ class IMAPController(object): """ IMAP Controller. """ + def __init__(self, soledad, keymanager): """ Initialize IMAP variables. @@ -63,12 +64,11 @@ class IMAPController(object): self._soledad, userid=userid) - def start_incoming_service(incoming_mail): - d = incoming_mail.startService() - d.addCallback(lambda started: incoming_mail) - return d - - def assign_incoming_service(incoming_mail): + def start_and_assign_incoming_service(incoming_mail): + # this returns a deferred that will be called when the looping call + # is stopped, we could add any shutdown/cleanup callback to that + # deferred, but unused by the moment. + incoming_mail.startService() self.incoming_mail_service = incoming_mail return incoming_mail @@ -78,8 +78,7 @@ class IMAPController(object): self._soledad, self.imap_factory, userid) - d.addCallback(start_incoming_service) - d.addCallback(assign_incoming_service) + d.addCallback(start_and_assign_incoming_service) d.addErrback(lambda f: logger.error(f.printTraceback())) def stop_imap_service(self): -- cgit v1.2.3 From 10f6f5b17e0ac1d5d4b433a428efc1beffd999a7 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Wed, 16 Sep 2015 16:23:50 +0200 Subject: [feat] remove taskthread dependency Refactor ivan's code (aa4b684d0682ff9faf1577653fa5ceabbc6e0f20) to remove the time.sleep. - Resolves: #7414 --- changes/feature-7414_remove-taskthread-dependency | 1 + pkg/requirements.pip | 1 - src/leap/bitmask/backend/backend_proxy.py | 21 ++++++++++++++------- 3 files changed, 15 insertions(+), 8 deletions(-) create mode 100644 changes/feature-7414_remove-taskthread-dependency diff --git a/changes/feature-7414_remove-taskthread-dependency b/changes/feature-7414_remove-taskthread-dependency new file mode 100644 index 00000000..e209e80f --- /dev/null +++ b/changes/feature-7414_remove-taskthread-dependency @@ -0,0 +1 @@ +o Remove taskthread dependency, replace with custom (and small) code. Closes #7414. diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 44915e9d..a5d9f2a0 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -27,5 +27,4 @@ txzmq # Remove this when u1db fixes its dependency on oauth oauth -taskthread logbook>=0.7.0 diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py index 30b7c5d1..ae300b32 100644 --- a/src/leap/bitmask/backend/backend_proxy.py +++ b/src/leap/bitmask/backend/backend_proxy.py @@ -27,8 +27,6 @@ import zmq from zmq.eventloop import ioloop from zmq.eventloop import zmqstream -from taskthread import TimerTask - from leap.bitmask.backend.api import API, STOP_REQUEST, PING_REQUEST from leap.bitmask.backend.settings import Settings from leap.bitmask.backend.utils import generate_zmq_certificates_if_needed @@ -141,7 +139,8 @@ class BackendProxy(object): self._do_work = threading.Event() self._work_lock = threading.Lock() self._connection = ZmqREQConnection(self.SERVER, self._set_online) - self._heartbeat = TimerTask(self._ping, delay=self.PING_INTERVAL) + self._heartbeat = threading.Timer(self.PING_INTERVAL, + self._heartbeat_loop) self._ping_event = threading.Event() self.online = False self.settings = Settings() @@ -197,17 +196,25 @@ class BackendProxy(object): """ with self._work_lock: # avoid sending after connection was closed self._do_work.clear() - self._heartbeat.stop() + self._heartbeat.cancel() self._connection.stop() logger.debug("BackendProxy worker stopped.") - def _ping(self): + def _heartbeat_loop(self): """ - Heartbeat helper. - Sends a PING request just to know that the server is alive. + Sends a PING request every PING_INTERVAL just to know that the server + is alive. """ self._send_request(PING_REQUEST) + # lets acquire the lock to prevent heartbeat timer to get cancel while + # we set a new one + with self._work_lock: + if self._do_work.is_set(): + self._heartbeat = threading.Timer(self.PING_INTERVAL, + self._heartbeat_loop) + self._heartbeat.start() + def _api_call(self, *args, **kwargs): """ Call the `api_method` method in backend (through zmq). -- cgit v1.2.3 From 905059dcc203680f86316c83d538f14896adb928 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 17 Sep 2015 22:53:38 -0400 Subject: [style] pep8 fixes --- setup.cfg | 4 ++-- src/leap/bitmask/app.py | 1 + src/leap/bitmask/gui/eip_status.py | 3 ++- src/leap/bitmask/gui/login.py | 6 ++++-- src/leap/bitmask/logs/utils.py | 3 ++- src/leap/bitmask/updater.py | 4 +++- src/leap/bitmask/util/__init__.py | 3 ++- src/leap/bitmask/util/pastebin.py | 8 +++++--- 8 files changed, 21 insertions(+), 11 deletions(-) diff --git a/setup.cfg b/setup.cfg index e91c4adb..1a05d2c3 100644 --- a/setup.cfg +++ b/setup.cfg @@ -9,8 +9,8 @@ repository = https://pypi.python.org/pypi [pep8] ignore = E731 -exclude = *_rc.py,ui_*,_version.py +exclude = *_rc.py,ui_*,_version.py,docker,build,docs,pkg,versioneer.py,_binaries.py,pinned_* [flake8] ignore = E731 -exclude = *_rc.py,ui_*,_version.py +exclude = *_rc.py,ui_*,_version.py,docker,build,docs,pkg,versioneer.py,_binaries.py diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py index a2e2aa1a..c9c02b59 100644 --- a/src/leap/bitmask/app.py +++ b/src/leap/bitmask/app.py @@ -133,6 +133,7 @@ def log_lsb_release_info(logger): for line in distro_info: logger.info(line) + def fix_qtplugins_path(): # This is a small workaround for a bug in macholib, there is a slight typo # in the path for the qt plugins that is added to the dynamic loader path diff --git a/src/leap/bitmask/gui/eip_status.py b/src/leap/bitmask/gui/eip_status.py index 8334c2ee..64a408c4 100644 --- a/src/leap/bitmask/gui/eip_status.py +++ b/src/leap/bitmask/gui/eip_status.py @@ -96,7 +96,8 @@ class EIPStatusWidget(QtGui.QWidget): # Action for the systray self._eip_disabled_action = QtGui.QAction( - u"{0} is {1}".format(self._service_name, self.tr("disabled")), self) + u"{0} is {1}".format( + self._service_name, self.tr("disabled")), self) def connect_backend_signals(self): """ diff --git a/src/leap/bitmask/gui/login.py b/src/leap/bitmask/gui/login.py index 756dd63c..4c2bd9c5 100644 --- a/src/leap/bitmask/gui/login.py +++ b/src/leap/bitmask/gui/login.py @@ -19,10 +19,12 @@ Login widget implementation The login sequence is the following: - _do_login - - backend.provider_setup (check_name_resolution, check_https, download_provider_info) + - backend.provider_setup ( + check_name_resolution, check_https, download_provider_info) - on error: _provider_setup_intermediate - on success: _load_provider_config - - backend.provider_bootstrap (download_ca_cert, check_ca_fingerprint, check_api_certificate) + - backend.provider_bootstrap ( + download_ca_cert, check_ca_fingerprint, check_api_certificate) - on error: _provider_setup_intermediate - on success: _provider_config_loaded - backend.user_login diff --git a/src/leap/bitmask/logs/utils.py b/src/leap/bitmask/logs/utils.py index 683fb542..f709da8b 100644 --- a/src/leap/bitmask/logs/utils.py +++ b/src/leap/bitmask/logs/utils.py @@ -112,7 +112,7 @@ def replace_stdout_stderr_with_logging(logger=None): log.startLogging(sys.stdout) -class QtLogHandler(logbook.Handler, logbook.StringFormatterHandlerMixin): +class QtLogHandler(logbook.Handler, logbook.StringFormatterHandlerMixin): """ Custom log handler which emits a log record with the message properly formatted using a Qt Signal. @@ -186,6 +186,7 @@ class QtLogHandler(logbook.Handler, logbook.StringFormatterHandlerMixin): class _LogController(object): + def __init__(self): self._qt_handler = QtLogHandler(format_string=LOG_FORMAT) self._logbook_controller = None diff --git a/src/leap/bitmask/updater.py b/src/leap/bitmask/updater.py index c35eff5f..7cb23a0a 100644 --- a/src/leap/bitmask/updater.py +++ b/src/leap/bitmask/updater.py @@ -50,6 +50,7 @@ DELAY_KEY = "updater_delay" class Updater(threading.Thread): + def __init__(self): """ Initialize the list of mirrors, paths and other TUF dependencies from @@ -162,7 +163,8 @@ class Updater(threading.Thread): """ Find the remote repo path deneding on the platform. - :return: the path to add to the remote repo url for the specific platform. + :return: the path to add to the remote repo url for the specific + platform. :rtype: str :raises NotImplemented: When the system where bitmask is running is not diff --git a/src/leap/bitmask/util/__init__.py b/src/leap/bitmask/util/__init__.py index 9853803a..b788abd0 100644 --- a/src/leap/bitmask/util/__init__.py +++ b/src/leap/bitmask/util/__init__.py @@ -156,6 +156,7 @@ def flags_to_dict(): return values + def here(module=None): if getattr(sys, 'frozen', False): # we are running in a |PyInstaller| bundle @@ -163,6 +164,6 @@ def here(module=None): else: dirname = os.path.dirname if module: - return dirname(module.__file__) + return dirname(module.__file__) else: return dirname(__file__) diff --git a/src/leap/bitmask/util/pastebin.py b/src/leap/bitmask/util/pastebin.py index a3bdba02..6d50ac9e 100644 --- a/src/leap/bitmask/util/pastebin.py +++ b/src/leap/bitmask/util/pastebin.py @@ -366,7 +366,9 @@ class PastebinAPI(object): Usage Example:: from pastebin import PastebinAPI x = PastebinAPI() - details = x.user_details('453a994e0e2f1efae07f8759e59e075b', 'c57a18e6c0ae228cd4bd16fe36da381a') + details = x.user_details( + '453a994e0e2f1efae07f8759e59e075b', + 'c57a18e6c0ae228cd4bd16fe36da381a') print details MonkeyPuzzle @@ -486,7 +488,8 @@ class PastebinAPI(object): DLiSspYT 1332714730 - Pastebin.py - Python 3.2 Pastebin.com API + Pastebin.py - + Python 3.2 Pastebin.com API 25300 0 0 @@ -609,7 +612,6 @@ class PastebinAPI(object): def paste(self, api_dev_key, api_paste_code, api_user_key=None, paste_name=None, paste_format=None, paste_private=None, paste_expire_date=None): - """Submit a code snippet to Pastebin using the new API. -- cgit v1.2.3 From c110760ac5b710dd7220e639f3c3e25acd43a560 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Fri, 18 Sep 2015 12:53:57 -0300 Subject: [bug] show unread emails after sync complete Right after a complete sync we show the unread emails. - Resolves: #7453 --- changes/bug-7453_sync-completed-vs-unread-emails | 1 + src/leap/bitmask/gui/mail_status.py | 44 ++++++++++++++++++------ 2 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 changes/bug-7453_sync-completed-vs-unread-emails diff --git a/changes/bug-7453_sync-completed-vs-unread-emails b/changes/bug-7453_sync-completed-vs-unread-emails new file mode 100644 index 00000000..57a0552f --- /dev/null +++ b/changes/bug-7453_sync-completed-vs-unread-emails @@ -0,0 +1 @@ +- After a complete sync show the user the amount of unread emails. Closes bug #7453. diff --git a/src/leap/bitmask/gui/mail_status.py b/src/leap/bitmask/gui/mail_status.py index 1a38c8cf..eebae49b 100644 --- a/src/leap/bitmask/gui/mail_status.py +++ b/src/leap/bitmask/gui/mail_status.py @@ -53,6 +53,8 @@ class MailStatusWidget(QtGui.QWidget): self._disabled = True self._started = False + self._unread_mails = 0 + self.ui = Ui_MailStatusWidget() self.ui.setupUi(self) @@ -92,6 +94,8 @@ class MailStatusWidget(QtGui.QWidget): callback=self._mail_handle_soledad_events) register(event=catalog.SOLEDAD_INVALID_AUTH_TOKEN, callback=self.set_soledad_invalid_auth_token) + register(event=catalog.SOLEDAD_DONE_DATA_SYNC, + callback=self._mail_handle_soledad_events) register(event=catalog.MAIL_UNREAD_MESSAGES, callback=self._mail_handle_imap_events) @@ -276,6 +280,14 @@ class MailStatusWidget(QtGui.QWidget): else: ext_status = self.tr("Sync: upload complete.") + ready = 2 + elif event == catalog.SOLEDAD_DONE_DATA_SYNC: + if self._unread_mails > 0: + self._show_unread_mails() + return + else: + ext_status = self.tr("Sync: completed.") + ready = 2 else: leap_assert(False, @@ -395,21 +407,33 @@ class MailStatusWidget(QtGui.QWidget): # We could make this configurable to include all unread mail # or all unread mail in subscribed folders. if self._started: - count = content - if count != "0": - status = self.tr("{0} Unread Emails " - "in your Inbox").format(count) - if count == "1": - status = self.tr("1 Unread Email in your Inbox") - - self._set_mail_status(status, ready=2) - else: - self._set_mail_status("", ready=2) + try: + self._unread_mails = int(content) + except: + self._unread_mails = 0 + + self._show_unread_mails() elif event == catalog.IMAP_SERVICE_STARTED: self._imap_started = True if ext_status is not None: self._set_mail_status(ext_status, ready=1) + def _show_unread_mails(self): + """ + Show the user the amount of unread emails. + """ + count = self._unread_mails + + if count > 0: + status = self.tr("{0} Unread Emails " + "in your Inbox").format(count) + if count == 1: + status = self.tr("1 Unread Email in your Inbox") + + self._set_mail_status(status, ready=2) + else: + self._set_mail_status("", ready=2) + def about_to_start(self): """ Display the correct UI for the point where mail components -- cgit v1.2.3 From 978cbcc4c124fe3dcf05283d0790b828e072be25 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 18 Sep 2015 13:27:37 -0400 Subject: [bug] correctly return expected value for methods that check services these methods were returning None, and therefore breaking soledad password change (since it checks whether mail is enabled before changing soledad pass after srp pass change). - Resolves: #7470 --- changes/bug_7470_fix-service-enabled-method | 1 + src/leap/bitmask/gui/account.py | 4 ++-- src/leap/bitmask/gui/passwordwindow.py | 6 ++++++ 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 changes/bug_7470_fix-service-enabled-method diff --git a/changes/bug_7470_fix-service-enabled-method b/changes/bug_7470_fix-service-enabled-method new file mode 100644 index 00000000..cc63dc57 --- /dev/null +++ b/changes/bug_7470_fix-service-enabled-method @@ -0,0 +1 @@ +- Fix bug with password change. Closes: #7470 diff --git a/src/leap/bitmask/gui/account.py b/src/leap/bitmask/gui/account.py index c941c3fa..81f96389 100644 --- a/src/leap/bitmask/gui/account.py +++ b/src/leap/bitmask/gui/account.py @@ -43,7 +43,7 @@ class Account(): return self._settings.get_enabled_services(self.domain) def is_email_enabled(self): - MX_SERVICE in self.services() + return MX_SERVICE in self.services() def is_eip_enabled(self): - EIP_SERVICE in self.services() + return EIP_SERVICE in self.services() diff --git a/src/leap/bitmask/gui/passwordwindow.py b/src/leap/bitmask/gui/passwordwindow.py index 94cf25da..219a5634 100644 --- a/src/leap/bitmask/gui/passwordwindow.py +++ b/src/leap/bitmask/gui/passwordwindow.py @@ -203,6 +203,12 @@ class PasswordWindow(QtGui.QDialog, Flashable): new_password = self.ui.new_password_lineedit.text() logger.debug("SRP password changed successfully.") + # FIXME ---- both changes need to be made atomically! + # if there is some problem changing password in soledad (for instance, + # it checks for length), any exception raised will be lost and we will + # have an inconsistent state between soledad and srp passwords. + # We need to implement rollaback. + if self.is_soledad_needed(): self._backend.soledad_change_password(new_password=new_password) else: -- cgit v1.2.3 From 68b9e59d695ae896e405fd5f98eb2953dd5c9a2e Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Fri, 18 Sep 2015 16:29:48 -0300 Subject: [bug] track soledad ready state on a shared place Connecting to the `soledad_bootstrap_finished` signal is not enough since the password change window is created after the signal is emitted, that way we were not able to tell when soledad is ready to be used. - Resolves: #7474 --- changes/bug-7474_handle-soledad-ready-properly | 1 + src/leap/bitmask/gui/app.py | 2 ++ src/leap/bitmask/gui/mainwindow.py | 8 +++----- src/leap/bitmask/gui/passwordwindow.py | 5 ++--- src/leap/bitmask/gui/preferenceswindow.py | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 changes/bug-7474_handle-soledad-ready-properly diff --git a/changes/bug-7474_handle-soledad-ready-properly b/changes/bug-7474_handle-soledad-ready-properly new file mode 100644 index 00000000..a2b538bf --- /dev/null +++ b/changes/bug-7474_handle-soledad-ready-properly @@ -0,0 +1 @@ +- Track soledad ready state on a shared place for easy access. Enable password change window. Closes bug #7474. diff --git a/src/leap/bitmask/gui/app.py b/src/leap/bitmask/gui/app.py index 02357b2b..97fd0549 100644 --- a/src/leap/bitmask/gui/app.py +++ b/src/leap/bitmask/gui/app.py @@ -43,6 +43,8 @@ class App(QtGui.QWidget): self.signaler = LeapSignaler() self.signaler.start() + self.soledad_started = False + # periodically check if the backend is alive self._backend_checker = QtCore.QTimer(self) self._backend_checker.timeout.connect(self._check_backend_status) diff --git a/src/leap/bitmask/gui/mainwindow.py b/src/leap/bitmask/gui/mainwindow.py index c5939a6d..387c6283 100644 --- a/src/leap/bitmask/gui/mainwindow.py +++ b/src/leap/bitmask/gui/mainwindow.py @@ -201,8 +201,6 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): self._login_widget.login_offline_finished.connect( self._maybe_run_soledad_setup_checks) - self._soledad_started = False - # This is created once we have a valid provider config self._logged_in_offline = False @@ -544,7 +542,7 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): # XXX: handle differently not logged in user? akm = AdvancedKeyManagement(self, mx_provided, logged_user, - self._backend, self._soledad_started) + self._backend, self.app.soledad_started) akm.show() def _show_preferences(self): @@ -1238,7 +1236,7 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): self._backend.soledad_cancel_bootstrap() self._backend.soledad_close() - self._soledad_started = False + self.app.soledad_started = True def _on_user_logged_in(self): """ @@ -1414,7 +1412,7 @@ class MainWindow(QtGui.QMainWindow, SignalTracker): """ logger.debug("Done bootstrapping Soledad") - self._soledad_started = True + self.app.soledad_started = True self.soledad_ready.emit() ################################################################### diff --git a/src/leap/bitmask/gui/passwordwindow.py b/src/leap/bitmask/gui/passwordwindow.py index 219a5634..d9309b2f 100644 --- a/src/leap/bitmask/gui/passwordwindow.py +++ b/src/leap/bitmask/gui/passwordwindow.py @@ -71,9 +71,10 @@ class PasswordWindow(QtGui.QDialog, Flashable): self.ui.cancel_button.setEnabled(True) self.flash_error(self.tr("Please log in to change your password.")) - if self.is_soledad_needed() and not self._soledad_ready: + if self.is_soledad_needed() and not self.app.soledad_started: self._enable_password_widgets(False) self.ui.cancel_button.setEnabled(True) + self.flash_message( self.tr("Please wait for data storage to be ready.")) @@ -146,7 +147,6 @@ class PasswordWindow(QtGui.QDialog, Flashable): sig.soledad_password_change_error.connect( self._soledad_change_password_problem) - self._soledad_ready = False sig.soledad_bootstrap_finished.connect(self._on_soledad_ready) def _change_password(self): @@ -269,4 +269,3 @@ class PasswordWindow(QtGui.QDialog, Flashable): Signaler.soledad_bootstrap_finished """ self._enable_password_widgets(True) - self._soledad_ready = True diff --git a/src/leap/bitmask/gui/preferenceswindow.py b/src/leap/bitmask/gui/preferenceswindow.py index baa71252..44c4641c 100644 --- a/src/leap/bitmask/gui/preferenceswindow.py +++ b/src/leap/bitmask/gui/preferenceswindow.py @@ -70,7 +70,7 @@ class PreferencesWindow(QtGui.QDialog): # only allow a single preferences window at a time. if PreferencesWindow._current_window is not None: - PreferencesWindow._current_window.close_window() + PreferencesWindow._current_window.close() PreferencesWindow._current_window = self def _add_icons(self): -- cgit v1.2.3 From 262a9a750a573ae6003ebf19d5a1867bc19d28c0 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Mon, 21 Sep 2015 16:48:13 -0300 Subject: [bug] fix typo on backend name --- src/leap/bitmask/gui/passwordwindow.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/leap/bitmask/gui/passwordwindow.py b/src/leap/bitmask/gui/passwordwindow.py index d9309b2f..dedfcb10 100644 --- a/src/leap/bitmask/gui/passwordwindow.py +++ b/src/leap/bitmask/gui/passwordwindow.py @@ -210,7 +210,7 @@ class PasswordWindow(QtGui.QDialog, Flashable): # We need to implement rollaback. if self.is_soledad_needed(): - self._backend.soledad_change_password(new_password=new_password) + self.app.backend.soledad_change_password(new_password=new_password) else: self._change_password_success() -- cgit v1.2.3 From ce63b5a0277b3ff062d04a17af9e9a927b7d9b87 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 2 Sep 2015 16:04:06 -0400 Subject: [feature] retrieve specific smtp certificate. Closes: #4284 --- changes/feature_4284-download-smtp-certs | 1 + src/leap/bitmask/crypto/certs.py | 38 ++++++++++++++-------- src/leap/bitmask/services/mail/smtpbootstrapper.py | 6 ++-- src/leap/bitmask/services/mail/smtpconfig.py | 7 +++- 4 files changed, 35 insertions(+), 17 deletions(-) create mode 100644 changes/feature_4284-download-smtp-certs diff --git a/changes/feature_4284-download-smtp-certs b/changes/feature_4284-download-smtp-certs new file mode 100644 index 00000000..929bd858 --- /dev/null +++ b/changes/feature_4284-download-smtp-certs @@ -0,0 +1 @@ +- Download specific smtp certificate from provider, instead of using the vpn one. Closes: #4284 diff --git a/src/leap/bitmask/crypto/certs.py b/src/leap/bitmask/crypto/certs.py index 4b669376..017af144 100644 --- a/src/leap/bitmask/crypto/certs.py +++ b/src/leap/bitmask/crypto/certs.py @@ -30,7 +30,7 @@ from leap.common import certs as leap_certs logger = get_logger() -def download_client_cert(provider_config, path, session): +def download_client_cert(provider_config, path, session, kind="vpn"): """ Downloads the client certificate for each service. @@ -41,32 +41,45 @@ def download_client_cert(provider_config, path, session): :param session: a fetcher.session instance. For the moment we only support requests.sessions :type session: requests.sessions.Session + :param kind: the kind of certificate being requested. Valid values are + "vpn" or "smtp". + :type kind: string """ - # TODO we should implement the @with_srp_auth decorator - # again. srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() token = srp_auth.get_token() cookies = None if session_id is not None: cookies = {"_session_id": session_id} - cert_uri = "%s/%s/cert" % ( + + if kind == "vpn": + cert_uri_template = "%s/%s/cert" + method = 'get' + params = {} + elif kind == 'smtp': + cert_uri_template = "%s/%s/smtp_cert" + method = 'post' + params = {'address': srp_auth.get_username()} + else: + raise ValueError("Incorrect value passed to kind parameter") + + cert_uri = cert_uri_template % ( provider_config.get_api_uri(), provider_config.get_api_version()) - logger.debug('getting cert from uri: %s' % cert_uri) + + logger.debug('getting %s cert from uri: %s' % (kind, cert_uri)) headers = {} # API v2 will only support token auth, but in v1 we can send both if token is not None: - headers["Authorization"] = 'Token token="{0}"'.format(token) + headers["Authorization"] = 'Token token={0}'.format(token) - res = session.get(cert_uri, - verify=provider_config - .get_ca_cert_path(), - cookies=cookies, - timeout=REQUEST_TIMEOUT, - headers=headers) + call = getattr(session, method) + res = call(cert_uri, verify=provider_config.get_ca_cert_path(), + cookies=cookies, params=params, + timeout=REQUEST_TIMEOUT, + headers=headers, data=params) res.raise_for_status() client_cert = res.content @@ -74,7 +87,6 @@ def download_client_cert(provider_config, path, session): # XXX raise more specific exception. raise Exception("The downloaded certificate is not a " "valid PEM file") - mkdir_p(os.path.dirname(path)) try: diff --git a/src/leap/bitmask/services/mail/smtpbootstrapper.py b/src/leap/bitmask/services/mail/smtpbootstrapper.py index cd871803..a1b520ef 100644 --- a/src/leap/bitmask/services/mail/smtpbootstrapper.py +++ b/src/leap/bitmask/services/mail/smtpbootstrapper.py @@ -87,7 +87,7 @@ class SMTPBootstrapper(AbstractBootstrapper): logger.debug("Using hostname %s for SMTP" % (hostname,)) client_cert_path = self._smtp_config.get_client_cert_path( - self._provider_config, about_to_download=True) + self._userid, self._provider_config, about_to_download=True) if not is_file(client_cert_path): # For re-download if something is wrong with the cert @@ -101,7 +101,7 @@ class SMTPBootstrapper(AbstractBootstrapper): download_client_cert(self._provider_config, client_cert_path, - self._session) + self._session, kind="smtp") def _start_smtp_service(self): """ @@ -117,7 +117,7 @@ class SMTPBootstrapper(AbstractBootstrapper): host = hosts[hostname][self.IP_KEY].encode("utf-8") port = hosts[hostname][self.PORT_KEY] client_cert_path = self._smtp_config.get_client_cert_path( - self._provider_config, about_to_download=True) + self._userid, self._provider_config, about_to_download=True) from leap.mail.smtp import setup_smtp_gateway diff --git a/src/leap/bitmask/services/mail/smtpconfig.py b/src/leap/bitmask/services/mail/smtpconfig.py index 2d8de411..f78b3449 100644 --- a/src/leap/bitmask/services/mail/smtpconfig.py +++ b/src/leap/bitmask/services/mail/smtpconfig.py @@ -53,19 +53,24 @@ class SMTPConfig(ServiceConfig): return self._safe_get_value("locations") def get_client_cert_path(self, + userid, providerconfig=None, about_to_download=False): """ Returns the path to the certificate used by smtp + :param userid: the user id, in user@provider form """ + leap_assert(userid, "Need an userid") leap_assert(providerconfig, "We need a provider") leap_assert_type(providerconfig, ProviderConfig) + username = userid.split("@")[0] + cert_path = os.path.join(get_path_prefix(), "leap", "providers", providerconfig.get_domain(), - "keys", "client", "smtp.pem") + "keys", "client", "smtp_%s.pem" % username) if not about_to_download: leap_assert(os.path.exists(cert_path), -- cgit v1.2.3 From f292d910ae8bf98448dd02cd26e9e4f2ed8f6339 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 21 Sep 2015 15:51:34 -0400 Subject: [bug] add compatibility mode for platform < 0.8 there was a bug in plaform that made webapp not serve correctly the smtp certificates. with this fallback, we try to support platforms < 0.8, although we should deprecate this behavior in bitmask 0.10 --- src/leap/bitmask/services/mail/smtpbootstrapper.py | 25 +++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/src/leap/bitmask/services/mail/smtpbootstrapper.py b/src/leap/bitmask/services/mail/smtpbootstrapper.py index a1b520ef..a577509e 100644 --- a/src/leap/bitmask/services/mail/smtpbootstrapper.py +++ b/src/leap/bitmask/services/mail/smtpbootstrapper.py @@ -18,6 +18,9 @@ SMTP bootstrapping """ import os +import warnings + +from requests.exceptions import HTTPError from leap.bitmask.config.providerconfig import ProviderConfig from leap.bitmask.crypto.certs import download_client_cert @@ -99,9 +102,25 @@ class SMTPBootstrapper(AbstractBootstrapper): check_and_fix_urw_only(client_cert_path) return - download_client_cert(self._provider_config, - client_cert_path, - self._session, kind="smtp") + try: + download_client_cert(self._provider_config, + client_cert_path, + self._session, kind="smtp") + except HTTPError as exc: + if exc.message.startswith('403 Client Error'): + logger.debug( + 'Auth problem downloading smtp certificate... ' + 'It might be a provider problem, will try ' + 'fetching from vpn pool') + warnings.warn( + 'Compatibility hack for platform 0.7 not fully ' + 'supporting smtp certificates. Will be deprecated in ' + 'bitmask 0.10') + download_client_cert(self._provider_config, + client_cert_path, + self._session, kind="vpn") + else: + raise def _start_smtp_service(self): """ -- cgit v1.2.3 From aa31828fca8bb64ace56f6f3b2b94f90ffced3c2 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 22 Sep 2015 14:13:15 -0300 Subject: [pkg] fold in changes --- CHANGELOG.rst | 20 ++++++++++++++++++++ changes/bug-7415_fix-arguments-on-raise-window-event | 1 - changes/bug-7453_sync-completed-vs-unread-emails | 1 - changes/bug-7474_handle-soledad-ready-properly | 1 - changes/bug-fix-logout-auth | 1 - changes/bug_7448-fix-logout-auth | 1 - changes/bug_7470_fix-service-enabled-method | 1 - changes/feature-7414_remove-taskthread-dependency | 1 - changes/feature-7419_load-credentials-from-env | 1 - changes/feature_4284-download-smtp-certs | 1 - 10 files changed, 20 insertions(+), 9 deletions(-) delete mode 100644 changes/bug-7415_fix-arguments-on-raise-window-event delete mode 100644 changes/bug-7453_sync-completed-vs-unread-emails delete mode 100644 changes/bug-7474_handle-soledad-ready-properly delete mode 100644 changes/bug-fix-logout-auth delete mode 100644 changes/bug_7448-fix-logout-auth delete mode 100644 changes/bug_7470_fix-service-enabled-method delete mode 100644 changes/feature-7414_remove-taskthread-dependency delete mode 100644 changes/feature-7419_load-credentials-from-env delete mode 100644 changes/feature_4284-download-smtp-certs diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 952574dc..2114c5ab 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,26 @@ Changelog --------- +0.9.0rc3 September 22 ++++++++++++++++++++++ + +Features +~~~~~~~~ +- `#4284 `_: Download specific smtp certificate from provider, instead of using the vpn one. +- `#7414 `_: Remove taskthread dependency, replace with custom (and small) code. +- `#7419 `_: Load credentials from environment variables and trigger login. + + +Bugfixes +~~~~~~~~ +- `#7415 `_: Fix wrong argument number on window raise event. +- `#7448 `_: Fix hangs during logout. +- `#7453 `_: After a complete sync show the user the amount of unread emails. +- `#7470 `_: Fix bug with password change. +- `#7474 `_: Track soledad ready state on a shared place for easy access. Enable password change window. +- Authenticate properly logout calls to API. + + 0.9.0rc2 August 27 ++++++++++++++++++ diff --git a/changes/bug-7415_fix-arguments-on-raise-window-event b/changes/bug-7415_fix-arguments-on-raise-window-event deleted file mode 100644 index a49922c1..00000000 --- a/changes/bug-7415_fix-arguments-on-raise-window-event +++ /dev/null @@ -1 +0,0 @@ -o Fix wrong argument number on window raise event. Close bug #7415. diff --git a/changes/bug-7453_sync-completed-vs-unread-emails b/changes/bug-7453_sync-completed-vs-unread-emails deleted file mode 100644 index 57a0552f..00000000 --- a/changes/bug-7453_sync-completed-vs-unread-emails +++ /dev/null @@ -1 +0,0 @@ -- After a complete sync show the user the amount of unread emails. Closes bug #7453. diff --git a/changes/bug-7474_handle-soledad-ready-properly b/changes/bug-7474_handle-soledad-ready-properly deleted file mode 100644 index a2b538bf..00000000 --- a/changes/bug-7474_handle-soledad-ready-properly +++ /dev/null @@ -1 +0,0 @@ -- Track soledad ready state on a shared place for easy access. Enable password change window. Closes bug #7474. diff --git a/changes/bug-fix-logout-auth b/changes/bug-fix-logout-auth deleted file mode 100644 index 0dc09c02..00000000 --- a/changes/bug-fix-logout-auth +++ /dev/null @@ -1 +0,0 @@ -- Authenticate properly logout calls to API. diff --git a/changes/bug_7448-fix-logout-auth b/changes/bug_7448-fix-logout-auth deleted file mode 100644 index 29e69571..00000000 --- a/changes/bug_7448-fix-logout-auth +++ /dev/null @@ -1 +0,0 @@ -- Fix hangs during logout. Closes: #7448 diff --git a/changes/bug_7470_fix-service-enabled-method b/changes/bug_7470_fix-service-enabled-method deleted file mode 100644 index cc63dc57..00000000 --- a/changes/bug_7470_fix-service-enabled-method +++ /dev/null @@ -1 +0,0 @@ -- Fix bug with password change. Closes: #7470 diff --git a/changes/feature-7414_remove-taskthread-dependency b/changes/feature-7414_remove-taskthread-dependency deleted file mode 100644 index e209e80f..00000000 --- a/changes/feature-7414_remove-taskthread-dependency +++ /dev/null @@ -1 +0,0 @@ -o Remove taskthread dependency, replace with custom (and small) code. Closes #7414. diff --git a/changes/feature-7419_load-credentials-from-env b/changes/feature-7419_load-credentials-from-env deleted file mode 100644 index 7704df01..00000000 --- a/changes/feature-7419_load-credentials-from-env +++ /dev/null @@ -1 +0,0 @@ -- Load credentials from environment variables and trigger login. Closes feature #7419. diff --git a/changes/feature_4284-download-smtp-certs b/changes/feature_4284-download-smtp-certs deleted file mode 100644 index 929bd858..00000000 --- a/changes/feature_4284-download-smtp-certs +++ /dev/null @@ -1 +0,0 @@ -- Download specific smtp certificate from provider, instead of using the vpn one. Closes: #4284 -- cgit v1.2.3