Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • m1ghtfr3e/bitmask-vpn
  • leap/bitmask-vpn
  • meskio/bitmask-vpn
  • kali/bitmask-vpn
  • nsheep/bitmask-vpn
  • nilesh/bitmask-vpn
  • micah/bitmask-vpn
  • kwadronaut/bitmask-vpn
  • th/bitmask-vpn
  • wxl/bitmask-vpn
  • Nowa-Ammerlaan/bitmask-vpn
  • elijah/bitmask-vpn
  • happysalada/bitmask-vpn
  • JUZZZEE/bitmask-vpn
  • jkito/bitmask-vpn
  • panetone/bitmask-vpn
  • hsilva/bitmask-vpn
  • S0b0tkaZ11gy/bitmask-vpn
  • polster/bitmask-vpn-pahoeohe
  • Kulibin/bitmask-vpn
  • TheMimoGz/bitmask-vpn
  • fifi/bitmask-vpn
  • fly/bitmask-vpn
  • VlKozlove/bitmask-vpn
  • DonMephedrone/bitmask-vpn
  • Arti/bitmask-vpn
  • annxxxxx/bitmask-vpn
  • Arti/arti-bitmask-vpn-fork
  • peanut2/bitmask-vpn
29 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 830 additions and 106 deletions
branding/thirdparty/openvpn/build_openvpn.sh
View file @ 8473f488
......@@ -11,13 +11,13 @@ set -e
#set -x
# [!] This needs to be updated for every release --------------------------
OPENVPN="openvpn-2.5.1"
OPENSSL="1.1.1j"
OPENVPN="openvpn-2.6.6"
OPENSSL="3.2.1"
MBEDTLS="2.25.0"
LZO="lzo-2.10"
ZLIB="zlib-1.2.11"
ZLIB="zlib-1.3.1"
LZO_SHA1="4924676a9bae5db58ef129dc1cebce3baa3c4b5d"
OPENSSL_SHA256="aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf"
OPENSSL_SHA256="83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39"
MBEDTLS_SHA256="f838f670f51070bc6b4ebf0c084affd9574652ded435b064969f36ce4e8b586d"
# -------------------------------------------------------------------------
......@@ -38,7 +38,7 @@ mkdir -p $SRC
SHASUM="/usr/bin/shasum"
ZLIB_KEYS="https://keys.gnupg.net/pks/lookup?op=get&search=0x783FCD8E58BCAFBA"
ZLIB_KEYS="https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x5ed46a6721d365587791e2aa783fcd8e58bcafba"
OPENVPN_KEYS="https://swupdate.openvpn.net/community/keys/security.key.asc"
WGET="wget --prefer-family=IPv4"
......@@ -57,7 +57,7 @@ MAKE="make -j4"
function build_zlib()
{
gpg --fetch-keys $ZLIB_KEYS
gpg --fetch-keys $ZLIB_KEYS
mkdir -p $SRC/zlib && cd $SRC/zlib
if [ ! -f $ZLIB.tar.gz ]; then
......@@ -86,7 +86,7 @@ function build_lzo2()
{
mkdir -p $SRC/lzo2 && cd $SRC/lzo2
if [ ! -f $LZO.tar.gz ]; then
$WGET http://www.oberhumer.com/opensource/lzo/download/$LZO.tar.gz
$WGET https://www.oberhumer.com/opensource/lzo/download/$LZO.tar.gz
fi
sha1=`$SHASUM $LZO.tar.gz | cut -d' ' -f 1`
if [ "${LZO_SHA1}" = "${sha1}" ]; then
......@@ -129,11 +129,28 @@ function build_openssl()
echo "[ ] got: " ${sha256}
exit 1
fi
local openssl_target_platform=""
case "$(uname -m)" in
"x86_64")
openssl_target_platform="darwin64-x86_64-cc"
if [ "$(uname)" == "Linux" ]; then
openssl_target_platform="linux-x86_64"
fi
;;
"arm64")
openssl_target_platform="darwin64-arm64-cc"
if [ "$(uname)" == "Linux" ]; then
openssl_target_platform="linux64-aarch64"
fi
;;
esac
tar zxvf openssl-$OPENSSL.tar.gz
cd openssl-$OPENSSL
# Kudos to Jonathan K. Bullard from Tunnelblick.
# TODO pass cc/arch if osx
./Configure darwin64-x86_64-cc no-shared zlib no-asm --openssldir="$DEST"
./Configure ${openssl_target_platform} no-shared zlib no-asm --openssldir="$DEST"
make build_libs build_apps openssl.pc libssl.pc libcrypto.pc
make DESTDIR=$DEST install_sw
}
......
cmd/bitmask-helper/main.go
View file @ 8473f488
......@@ -16,7 +16,7 @@
package main
import (
"log"
"flag"
"path"
"0xacab.org/leap/bitmask-vpn/pkg/config"
......@@ -31,18 +31,24 @@ const (
var (
Version string
AppName string
socketUid int
socketGid int
)
func init() {
flag.IntVar(&socketUid, "socket-uid", 0, "The UID for the unix socket to listen on")
flag.IntVar(&socketGid, "socket-gid", 0, "The GID for the unix socket to listen on")
}
func main() {
logger, err := config.ConfigureLogger(path.Join(helper.LogFolder, logFile))
if err != nil {
log.Println("Can't configure logger: ", err)
} else {
defer logger.Close()
}
flag.Parse()
config.LogPath = path.Join(config.Path, logFile)
config.ConfigureLogger()
defer config.CloseLogger()
helper.Version = Version
helper.AppName = AppName
// StartHelper is the main entry point - it also handles cli args in windows, and starts the http server.
helper.StartHelper(preferredPort)
helper.StartHelper(preferredPort, socketUid, socketGid)
}
cmd/bitmaskd/main.go 0 → 100644
View file @ 8473f488
package main
import (
"errors"
"flag"
"fmt"
"io/ioutil"
"log"
"os"
"runtime"
"0xacab.org/leap/bitmask-vpn/pkg/backend"
)
func main() {
var c string
var installHelpers bool
flag.StringVar(&c, "c", "", "Config file")
flag.BoolVar(&installHelpers, "i", false, "Install helpers (asks for sudo)")
flag.Parse()
if installHelpers {
backend.InstallHelpers()
os.Exit(0)
}
if len(c) == 0 {
fmt.Println("Please setup a config file with -c")
os.Exit(1)
}
if _, err := os.Stat(c); err == nil {
log.Println("Loading config file from", c)
// all good. we could validate the json.
} else if errors.Is(err, os.ErrNotExist) {
fmt.Println("Cannot find file:", c)
os.Exit(1)
} else {
// Schrodinger: file may or may not exist.
log.Println("Error:", err)
}
providerDefinitionJSON, err := ioutil.ReadFile(c)
if err != nil {
fmt.Println("Error reading config file")
os.Exit(1)
}
// TODO daemonize, or run in foreground to debug.
log.Println("Starting bitmaskd...")
opts := backend.InitOptsFromJSON("riseup", string(providerDefinitionJSON))
opts.DisableAutostart = true
opts.Obfs4 = false
opts.StartVPN = "off"
backend.EnableWebAPI("8000")
backend.InitializeBitmaskContext(opts)
log.Println("Backend initialized")
runtime.Goexit()
fmt.Println("Exit")
}
debian/changelog
View file @ 8473f488
riseup-vpn (0.21.10+1) hirsute; urgency=medium
riseup-vpn (0.21.11) hirsute; urgency=medium
* Release 0.21.10
* Release 0.21.11
-- Kali Kaneko (leap communications) <kali@leap.se> Tue, 22 Jun 2021 18:26:53 +0200
......
debian/control
View file @ 8473f488
......@@ -16,7 +16,7 @@ Depends: ${misc:Depends}, libqt5core5a, libqt5gui5 | libqt5gui5-gles,
libqt5qml5, libqt5widgets5, libstdc++6,
qml-module-qtquick2, qml-module-qtquick-controls2, qml-module-qtquick-dialogs,
qml-module-qtquick-extras, qml-module-qt-labs-platform,
openvpn, policykit-1-gnome | polkit-1-auth-agent, python3
openvpn, policykit-1-gnome | polkit-1-auth-agent, python3, iptables
Description: Easy, fast, and secure VPN service from riseup.net.
.
The service does not require a user account, keep logs, or track you in any
......
docker/0001-build-fix-build-on-ubuntu-23.04-with-qt6.4.patch 0 → 100644
View file @ 8473f488
From 82e3eda5709f1f8dd6bdb898a3c6b71a41cc4e62 Mon Sep 17 00:00:00 2001
From: jkito <belter@riseup.net>
Date: Sun, 25 Aug 2024 17:18:10 +0530
Subject: [PATCH] build: use qt5compat qml module to build on qt6.4 for ubuntu
and debian
---
bitmask.pro | 2 +-
gui/components/ErrorBox.qml | 2 +-
gui/components/Footer.qml | 14 ++++++--------
gui/components/Home.qml | 2 +-
gui/components/InitErrors.qml | 2 +-
gui/components/Locations.qml | 7 +++----
gui/components/MotdBox.qml | 2 +-
gui/components/Preferences.qml | 4 ++--
gui/components/SignalIcon.qml | 7 +++----
gui/components/Splash.qml | 2 +-
gui/components/StatusBox.qml | 2 +-
11 files changed, 21 insertions(+), 25 deletions(-)
diff --git a/bitmask.pro b/bitmask.pro
index bbeacb12..58ba5f2f 100644
--- a/bitmask.pro
+++ b/bitmask.pro
@@ -1,8 +1,8 @@
TARGET = $$TARGET
QT += quickcontrols2 svg
-CONFIG += qt staticlib
CONFIG += c++17 strict_c++
+CONFIG += qt staticlib core5compat
CONFIG += qtquickcompiler
RELEASE = $$RELEASE
diff --git a/gui/components/ErrorBox.qml b/gui/components/ErrorBox.qml
index 5667ed9d..ef8f58fb 100644
--- a/gui/components/ErrorBox.qml
+++ b/gui/components/ErrorBox.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
Item {
diff --git a/gui/components/Footer.qml b/gui/components/Footer.qml
index d534f96a..9df6db62 100644
--- a/gui/components/Footer.qml
+++ b/gui/components/Footer.qml
@@ -2,7 +2,7 @@ import QtQuick
import QtQuick.Controls
import QtQuick.Controls.Material
import QtQuick.Layouts
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
ToolBar {
@@ -49,7 +49,7 @@ ToolBar {
}
Image {
- id: lightning
+ id: lightning
smooth: true
visible: ctx != undefined & root.selectedGateway == "auto"
width: 16
@@ -61,11 +61,10 @@ ToolBar {
verticalCenter: gwButton.verticalCenter
}
}
- MultiEffect {
+ ColorOverlay{
anchors.fill: lightning
source: lightning
- colorizationColor: getLocationColor()
- colorization: 1.0
+ color: getLocationColor()
antialiasing: true
}
@@ -123,11 +122,10 @@ ToolBar {
rightMargin: 20
}
}
- MultiEffect {
+ ColorOverlay{
anchors.fill: gwQuality
source: gwQuality
- colorizationColor: getSignalColor()
- colorization: 1.0
+ color: getSignalColor()
antialiasing: false
}
}
diff --git a/gui/components/Home.qml b/gui/components/Home.qml
index f3bea85a..7830f46d 100644
--- a/gui/components/Home.qml
+++ b/gui/components/Home.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
Page {
StatusBox {
diff --git a/gui/components/InitErrors.qml b/gui/components/InitErrors.qml
index aaf9897b..10b4755c 100644
--- a/gui/components/InitErrors.qml
+++ b/gui/components/InitErrors.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
ErrorBox {
diff --git a/gui/components/Locations.qml b/gui/components/Locations.qml
index 2a188738..6228a58c 100644
--- a/gui/components/Locations.qml
+++ b/gui/components/Locations.qml
@@ -1,7 +1,7 @@
import QtQuick
import QtQuick.Controls
import QtQuick.Layouts
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
@@ -81,11 +81,10 @@ ThemedPage {
//verticalCenterOffset: 3
}
}
- MultiEffect {
+ ColorOverlay{
anchors.fill: lightning
source: lightning
- colorizationColor: "black"
- colorization: 1.0
+ color: "black"
antialiasing: true
}
}
diff --git a/gui/components/MotdBox.qml b/gui/components/MotdBox.qml
index 2c8cdb8b..7b851c0c 100644
--- a/gui/components/MotdBox.qml
+++ b/gui/components/MotdBox.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
Item {
diff --git a/gui/components/Preferences.qml b/gui/components/Preferences.qml
index d8ed6587..a0b6bba6 100644
--- a/gui/components/Preferences.qml
+++ b/gui/components/Preferences.qml
@@ -2,8 +2,8 @@ import QtQuick
import QtQuick.Controls
import QtQuick.Layouts
import QtQuick.Controls.Material
-import QtQuick.Effects
-import QtCore
+import Qt5Compat.GraphicalEffects
+import Qt.labs.settings
import "../themes/themes.js" as Theme
diff --git a/gui/components/SignalIcon.qml b/gui/components/SignalIcon.qml
index 8747f054..38a23710 100644
--- a/gui/components/SignalIcon.qml
+++ b/gui/components/SignalIcon.qml
@@ -1,7 +1,7 @@
import QtQuick
import QtQuick.Controls
import QtQuick.Layouts
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
@@ -41,11 +41,10 @@ Item {
]
}
}
- MultiEffect {
+ ColorOverlay{
anchors.fill: icon
source: icon
- colorizationColor: getQualityColor()
- colorization: 1.0
+ color: getQualityColor()
antialiasing: true
}
diff --git a/gui/components/Splash.qml b/gui/components/Splash.qml
index c9351804..d18cc3ba 100644
--- a/gui/components/Splash.qml
+++ b/gui/components/Splash.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import "../themes/themes.js" as Theme
Page {
diff --git a/gui/components/StatusBox.qml b/gui/components/StatusBox.qml
index d17c2fe0..24a1f8f2 100644
--- a/gui/components/StatusBox.qml
+++ b/gui/components/StatusBox.qml
@@ -1,6 +1,6 @@
import QtQuick
import QtQuick.Controls
-import QtQuick.Effects
+import Qt5Compat.GraphicalEffects
import QtQuick.Layouts
import QtQuick.Templates as T
import QtQuick.Controls.impl
--
2.46.0
docker/Dockerfile
View file @ 8473f488
# An image to build and package the BitmaskVPN (RiseupVPN and other branded builds)
# (c) LEAP Encryption Access Project 2018-2021
FROM ubuntu:20.04 as builder
FROM ubuntu:24.04 as builder
MAINTAINER LEAP Encryption Access Project <info@leap.se>
ARG GO_VERSION=1.22
LABEL Description="An image to build Bitmask Lite" Vendor="LEAP" Version="1.2"
ENV OSXSDK_SHA256="631b4144c6bf75bf7a4d480d685a9b5bda10ee8d03dbf0db829391e2ef858789" \
PATH="$PATH:/osxcross/target/bin:/usr/lib/go-1.14/bin"
PATH="$PATH:/osxcross/target/bin:/usr/lib/go-${GO_VERSION}/bin" \
QMAKE=qmake6
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get upgrade --yes && \
......@@ -16,7 +18,7 @@ RUN apt-get update && apt-get upgrade --yes && \
git curl wget \
libappindicator3-dev libgtk-3-dev \
webkit2gtk-4.0 \
mingw-w64 upx-ucl python snapd \
mingw-w64 upx-ucl python3 snapd \
unzip sudo locales \
devscripts fakeroot debhelper \
clang llvm-dev libxml2-dev uuid-dev \
......@@ -24,60 +26,58 @@ RUN apt-get update && apt-get upgrade --yes && \
xz-utils bzip2 gzip sed cpio libbz2-dev \
software-properties-common dh-golang \
jq \
squashfs-tools \
qtbase5-dev qttools5-dev-tools qt5-qmake g++ qtdeclarative5-dev qt5-default \
golang-1.14-go golang-go golang-golang-x-tools-dev && \
squashfs-tools libgl-dev \
qml-module-qtquick-controls2 libqt6qml6 libqt6svg6-dev qt6-l10n-tools \
qt6-tools-dev qt6-tools-dev-tools qt6-base-dev qt6-base-dev-tools \
qt6-declarative-dev qt6-declarative-dev-tools \
qml6-module-qt5compat-graphicaleffects libqt6core5compat6 libqt6core5compat6-dev \
golang golang-${GO_VERSION}-go golang-golang-x-tools-dev && \
rm -r /var/lib/apt/lists/*
RUN ln -s $(qmake6 -query "QT_INSTALL_BINS")/lrelease /usr/local/bin/lrelease
# osx cross compiling
RUN git clone https://github.com/tpoechtrager/osxcross && \
cd osxcross/tarballs && \
wget https://s3.dockerproject.org/darwin/v2/MacOSX10.10.sdk.tar.xz && \
echo "${OSXSDK_SHA256} *MacOSX10.10.sdk.tar.xz" | sha256sum -c - && \
cd .. && UNATTENDED=1 ./build.sh && \
ln -s /osxcross/target/SDK/MacOSX10.10.sdk/usr/include/objc/NSObjCRuntime.h /osxcross/target/SDK/MacOSX10.10.sdk/usr/include/objc/NSObjcRuntime.h
#RUN git clone https://github.com/tpoechtrager/osxcross && \
# cd osxcross/tarballs && \
# wget https://s3.dockerproject.org/darwin/v2/MacOSX10.10.sdk.tar.xz && \
# echo "${OSXSDK_SHA256} *MacOSX10.10.sdk.tar.xz" | sha256sum -c - && \
# cd .. && UNATTENDED=1 ./build.sh && \
# ln -s /osxcross/target/SDK/MacOSX10.10.sdk/usr/include/objc/NSObjCRuntime.h /osxcross/target/SDK/MacOSX10.10.sdk/usr/include/objc/NSObjcRuntime.h
# bomutils (for osx packaging)
RUN git clone https://github.com/hogliux/bomutils && \
cd bomutils && make && sudo make install
#RUN git clone https://github.com/hogliux/bomutils && \
# cd bomutils && make && sudo make install
# xar (for osx packaging)
RUN git clone https://github.com/VantaInc/xar && \
cd xar/xar && \
./autogen.sh && ./configure && \
make && sudo make install
#RUN git clone https://github.com/VantaInc/xar && \
# cd xar/xar && \
# ./autogen.sh && ./configure && \
# make && sudo make install
# Grab the core18 and core20 snap (which snapcraft uses as a base) from the stable channel
# and unpack it in the proper place, to speed up snapcraft builds in the containers.
RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core18' | jq '.download_url' -r) --output core18.snap
RUN mkdir -p /snap/core18
RUN unsquashfs -d /snap/core18/current core18.snap
RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core20' | jq '.download_url' -r) --output core20.snap
RUN mkdir -p /snap/core20
RUN unsquashfs -d /snap/core20/current core20.snap
# RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core18' | jq '.download_url' -r) --output core18.snap
# RUN mkdir -p /snap/core18
# RUN unsquashfs -d /snap/core18/current core18.snap
# RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core20' | jq '.download_url' -r) --output core20.snap
# RUN mkdir -p /snap/core20
# RUN unsquashfs -d /snap/core20/current core20.snap
# Grab the snapcraft snap from the stable channel and unpack it in the proper
# place.
RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/snapcraft?channel=stable' | jq '.download_url' -r) --output snapcraft.snap
RUN mkdir -p /snap/snapcraft
RUN unsquashfs -d /snap/snapcraft/current snapcraft.snap
# RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/snapcraft?channel=stable' | jq '.download_url' -r) --output snapcraft.snap
# RUN mkdir -p /snap/snapcraft
# RUN unsquashfs -d /snap/snapcraft/current snapcraft.snap
# Create a snapcraft runner (TODO: move version detection to the core of
# snapcraft).
RUN mkdir -p /snap/bin
RUN echo "#!/bin/sh" > /snap/bin/snapcraft
RUN snap_version="$(awk '/^version:/{print $2}' /snap/snapcraft/current/meta/snap.yaml)" && echo "export SNAP_VERSION=\"$snap_version\"" >> /snap/bin/snapcraft
RUN echo 'exec "$SNAP/usr/bin/python3" "$SNAP/bin/snapcraft" "$@"' >> /snap/bin/snapcraft
RUN chmod +x /snap/bin/snapcraft
RUN ln -s /snap/bin/snapcraft /bin/
# cache go modules
RUN rm -rf /gomods && mkdir -p /gomods/packages
WORKDIR /gomods
COPY mods/go.* /gomods/
COPY mods/packages/ /gomods/packages/
RUN go mod download
# RUN mkdir -p /snap/bin
# RUN echo "#!/bin/sh" > /snap/bin/snapcraft
# RUN snap_version="$(awk '/^version:/{print $2}' /snap/snapcraft/current/meta/snap.yaml)" && echo "export SNAP_VERSION=\"$snap_version\"" >> /snap/bin/snapcraft
# RUN echo 'exec "$SNAP/usr/bin/python3" "$SNAP/bin/snapcraft" "$@"' >> /snap/bin/snapcraft
# RUN chmod +x /snap/bin/snapcraft
# RUN ln -s /snap/bin/snapcraft /bin/
COPY builder.sh /
......
docker/builder.sh
View file @ 8473f488
......@@ -6,7 +6,7 @@ export DESTDIR="${HOSTDIR}"/deploy/
rm -rf "${GUESTDIR}"
cp -r "${HOSTDIR}" "${GUESTDIR}"
cd "${GUESTDIR}"
make prepare
make vendor
case $TYPE in
snap)
echo "[+] Building SNAP"
......
docs/build-ppa.md 0 → 100644
View file @ 8473f488
# PPA How to
LEAP team maintains a [ppa repository](https://launchpad.net/~leapcodes) for the clients, pacakges are built for latest two LTS releases of ubuntu
## Pre-requisites
Ensure that all the build dependencies are already installed, you can use `make depends` on most ubuntu and debian version to have the machine
ready to build `bitmask-vpn` debian packages
If `make depends` do not work, it is useful to have the `devscripts` and `equivs` packages installed, these are needed later for building
the source package and installing build dependencies.
PPA expects a signed source package, we have to build this package and then upload to PPA the changes file using the [`dput`](https://manpages.ubuntu.com/manpages/xenial/man1/dput.1.html) tool.
Please refer to official [PPA documentation](https://help.launchpad.net/Packaging/PPA) for how to create an account and add SSH and GPG keys to be able to upload.
## Build signed source package
### Prepare the debian package from templates
```
$ export PROVIDER=riseup # can be riseup, bitmask or calyx
$ make vendor
$ BUILD_RELEASE=yes make prepare_deb
```
> **NOTE**: The above commands will generate a debian directory in `build/riseup/debian` the control file created there can be used to build a dependencies package
* If build depends are not yet installed, build a dependencies package with all the build and runtime dependencies of `bitmask-vpn`:
```
$ cd build/riseup/debian
$ mk-build-deps control
$ apt-get install -f ./riseup-vpn-build-deps_0.24.8_all.deb
```
* Add changes to changelog by copying the entries from the `CHANGELOG` file at the root of the repo
```
# example changelog file for 0.24.8 might look like
$ cd build/riseup/build/riseup-vpn_0.24.8/
$ cat debian/changelog
riseup-vpn (0.24.8~noble) noble; urgency=medium
* Reduces the size of splash screen image
* Disable obfs4 and kcp checkbox in preferences for riseup
* Removes duplicate languages in the language picker in preferences
* Language picker in preferences shows languages sorted alphabetically
* 0.24.8 ubuntu noble release
-- LEAP Encryption Access Project <debian@leap.se> Thu, 05 Sep 2024 03:06:54 +0800
riseup-vpn (0.24.8-6-g92db03c4) unstable; urgency=medium
* Initial package.
-- LEAP Encryption Access Project <debian@leap.se> Mon, 29 Jul 2019 10:00:00 +0100
```
* Bump native dot-version, change release
```
$ cd build/riseup/build/riseup-vpn_0.24.8
# to add a new entry for version 0.24.8 to the changelog file and update the release
$ dch -b -v 0.24.8~noble -D "noble" -m "riseup-vpn release 0.24.8"
```
> **NOTE:** The source tarball's name as set by the `make preapre_deb` step will not match the version we set in the changelog file, since
for PPAs we need to append the distribution name to the version, e.g to build `0.24.8` for `noble` the version is `0.24.8~noble`
> More details about versioning ppa can be found in the PPA docs [versioning section](https://help.launchpad.net/Packaging/PPA/BuildingASourcePackage#versioning)
* We need to rename the source tarball to match the version we set in the `changelog` file:
```
$ cd build/riseup/build
$ mv riseup-vpn_0.24.8.orig.tar.gz riseup-vpn_0.24.8~noble.orig.tar.gz
```
### Build signed source package
```
$ cd build/riseup/build/riseup-vpn_0.24.8
$ debuild -S -k=<key_id_for_signing>
```
### Upload changes file
```
$ cd build/riseup/build
$ dput ppa:leapcodes/ppa riseup-vpn_0.24.8~noble_source.changes
```
docs/build-ppa.rst deleted 100644 → 0
View file @ 4fd7c1a9
ppa howto
=========
* Add changes to changelog (bump native dot-version, change release)
* Upload changes file
.. code:: bash
debuild -i -S
dput --force ppa:kalikaneko/ppa ../riseup-vpn_0.21.2.2_source.changes
Using kali's ppa
----------------
.. code:: bash
sudo gpg --homedir=/tmp --no-default-keyring --keyring /usr/share/keyrings/kali-ppa-archive-keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys 0xbe23fb4a0e9db36ecb9ab8be23638bf72c593bc1
sudo add-apt-repository ppa:kalikaneko/ppa
sudo apt update
sudo apt install riseup-vpn
docs/build-snap-canonical.rst 0 → 100644
View file @ 8473f488
git integration
===============
All seems to be more smooth with the "new" (ahem) github integration (once things *are* working).
Some tips:
- We've got different repos. `riseup-vpn-snap` is the *snap* repo. Import code from upstream, just merge it with `-X theirs`
- If the snap doesn't change, just use `make bump_snap` for upgrading the version from git (TODO we could write this also into the hardcoded version).
- Otherwise, just do `make vendor` and import the snapcraft.yaml generated from the template.
local builds
------------
multipass is the recommended way, but canonical does use lxd so at times some paths etc change.
For your own sanity:
- get a zfs pool on a fast device, and get yourself acquainted with lxd to use that pool.
- don't get too frustrated with networking + lxd. restarting any iptables in your host (if using bridges) usually helps.
- you can use `make local_snap` to use your local lxd infra. it launches with
`--debug`, so you'll be dropped into a local shell to see what the fuck the
manual build of Qt is complaining about.
existential helpline
--------------------
* don't despair. we've all been there.
* snapcraft forum is useful.
* all tech is crap: don't think that you'll be happy reimplementing the whole
app in electron or whatnot. just don't. enjoy life while you can.
* https://forum.snapcraft.io/t/the-sorry-state-of-snapping-qt5-apps/22809
* https://github.com/mozilla-mobile/mozilla-vpn-client/blob/main/scripts/qt5_compile.sh
if you have some time
---------------------
* look into a `clang` build. qt builds fine, but last time I tried there was
some incompatible version (?) that didn't let the qmake build finish.
docs/build-snap-launchpad.rst deleted 100644 → 0
View file @ 4fd7c1a9
launchpad
=========
In launchpad, you need to configure a git source for your project, and define a snap recipe for that source.
Be warned that launchpad does an automatic import every 6 hours.
If you need to do manual builds, you first need to trigger an import. Look for the "import now" button in your source page:
https://code.launchpad.net/~leapsnaps/riseupvpn/+git/riseup_vpn
Then you can trigger a manual build:
https://code.launchpad.net/~leapsnaps/+snap/riseup-vpn/+request-builds
docs/build-win.rst
View file @ 8473f488
......@@ -2,25 +2,33 @@ windows build
=============
The build currently expects MINGW64 environment, on a native windows host.
A cross-compiling procedure (at least for the application binaries) should be possible in the near future, using mxe. (There's already some support for it in `gui/build.sh`).
You should instal: make, wget, as well as a recent Qt5 version (for instance, with chocolatey: choco install make && choco install wget).
You should instal: make, wget, as well as a recent Qt6 version (for instance, with chocolatey: choco install make && choco install wget).
For installing Qt6 use the [`aqt`](https://github.com/miurahr/aqtinstall) tool to install a portable version of Qt.
(In order to avoid makefiles, you are welcome to submit a port of the build scripts using powershell or cscript - see the build.wsf script in openvpn-build for inspiration).
It's recommended to use bash for windows for compatibility (the version that is distributed with git works well so far). In order to avoid makefiles, you are welcome to submit a port of the build scripts using powershell or cscript - see the build.wsf script in openvpn-build for inspiration.
For the installer, install QtIFW for windows (tested with version 3.2.2).
Assuming you have the vendor path in place and correctly configured, all you need to do is `make installer`::
It is useful to source a file with all the needed environment variables::
cat ../build-env
export PATH="/c/Qt/Qt5/bin/":"/c/Qt/QtIFW-3.2.2/bin":$PATH
export WINCERTPASS=certificatepass
export VENDOR_PATH=providers
export PROVIDER=riseup
make generate # FIXME this is not called in win
make vendor && make installer
If you're doing a final release::
export RELEASE=yes
Assuming you have the vendor path in place and correctly configured, all you need to do is `make installer`::
source ../build-env
make vendor
make build
make installer
checking signatures
......@@ -40,7 +48,9 @@ ask again.
adding metadata to binaries
---------------------------
the steps to do release signatures are::
If you're doing a final release::
export RELEASE=yes
make build
make dosign
......@@ -51,6 +61,9 @@ or all together as::
make package_win_release
Please make sure to cleanup the build/ and lib/ dirs if you're building for more than
one vendor.
Uploading installer
-------------------
......
docs/contribution-ideas.md 0 → 100644
View file @ 8473f488
# I have time, how can I help?
## Packaging
* Look into `AppImage` + https://github.com/probonopd/linuxdeployqt.
We've not considered that option too much in the past, but it might give us
a decent, self-contained alternative to snap etc.
## Linux
* Revamp vpn helper architecture: there're problems, of course, but we can try
to isolate the client gui from the vpn helper itself (and "ship it" as
a binary under the single bundle, as I do now with bitmak-root). An idea
that's been floating around for a long time is to recycle the helper
interface, and have a long-lived privileged helper that does the vpn
connection using openvpn3 libr.
elijah was initially supporting a short-lived helper (what we have right now
with bitmask-root), but perhaps the integration can be done right with pkexec
or otherwise (separate users in linux etc). This has the additional advantage
of allowing us to do a very early startup, and not to depend so much on
pkexec + ubuntu's quirks (portability!).
# Other discrete projects
* Secure, automated upgrade mechanism (look at TUF and the Qt Updater Framework).
* Log viewer / log sender
* VPN Traffic panel (statistics, ip, gw health, graph for upload/download speeds)
* Migrate codebase to Qt6
* Reduce the size of custom static builds
* Apple + Windows stores
* Convert snap to use a qt5 base (so that updates are kept small).
* Provider-agnostic bitmask.
* Private bridges mechanism.
* QR-bootstrap
docs/debug.rst
View file @ 8473f488
......@@ -85,3 +85,35 @@ You can also stop it (needs admin)
PS C:\Users\admin> Stop-Service bitmask-helper-v2
To force logging:
.. code:: bash
QT_FORCE_STDERR_LOGGING=1 ./riseup-vpn.exe
We should probably restrict this to non-release versions only.
Environment Variables
~~~~~~~~~~~~~~~~~~~~~
The envs are only used for debugging and developing. The envs affecting the logging behavior are documented in the logging section in the `README <https://0xacab.org/leap/bitmask-vpn/-/blob/main/README.md?ref_type=heads#logging>`_.
- ``SKIP_VERSION_CHECK``: Do not check if there is an update available
- ``LEAP_DRYRUN``: Don't route traffic over VPN (run openvpn with "--pull-filter ignore route" argument) and do not touch firewall rules
- ``MOTD_URL``: Overwrite the MOTD (message of the day) url
- ``SNAP``: If not empty, we expect to be in a Snap environment (client was installed by Snap)
- ``UDP``: If we use UDP, UDP is set to 1. If we use TCP, UDP is set to 0. The value is read by the bitmask-root helper which sets firewall rules on Linux
- ``LEAP_PROVIDER``: Select the provider to use. Must be one of the providers listed in ``gui/providers/providers.json``. File is generated by the Makefile which runs ``./branding/scripts/gen-providers-json``
obfs4
~~~~~
- ``LEAP_PRIVATE_BRIDGE_CERT``: Specify the cert string for the obfs4 bridge to be used
- ``LEAP_PRIVATE_BRIDGE``: Specify the host:port for the obfs4 bridge to be used
Only implemented in v3/vpnweb:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ``LEAP_GW``: Specify the gateway hostname to connect with. It needs to be one of the gateway returned by vpnweb
- ``LEAP_OPENVPN_EXTRA_CONFIG``: Specify a file with extra OpenVPN arguments to use. File should be in json format (in key value format like {"--dev": "tun"} or {"--persist-key": true})
- ``LEAP_KCP``: Enforce the use of KCP in obfsvpn
docs/dev/good-practices.md 0 → 100644
View file @ 8473f488
# QML
* https://github.com/Furkanzmc/QML-Coding-Guide/blob/master/README.md
docs/headless.md 0 → 100644
View file @ 8473f488
# headless mode
As a wise person once said, "you don't want to struggle with Qt every day".
## backend
There's a barebones binary that launches the same backend that the qt5 client uses.
You will need a `providers.json` file containing the parameters for you own deployment. This is usually generated during the vendoring step, but you can manually edit the one for riseup:
```
go build ./cmd/bitmaskd
```
You might need to install the helpers (bitmask-root, polkit policies etc...). Do it manually, or use the embedded files (It will ask for sudo).
```
./bitmaskd -i
```
With the polkit files in place, you can now run bitmask backend in the foreground:
```
./bitmaskd -d gui/providers/providers.json
```
TODO: make it a proper daemon, logging etc.
If you find problems while running (like polkit asking for password every time), you probably need to debug your polkit installation. Every system has its quirks, and bitmask has mostly been tested in debian-based desktops. For arch, you might need to add your user to group wheel.
## firewall
While testing, you are likely to get the iptables firewall leaving you with blocked outgoing connections. You can control `bitmask-root` manually:
```
sudo /usr/sbin/bitmask-root help
sudo /usr/sbin/bitmask-root firewall stop
```
## cli
There's no cli at the moment, but you can use the web api. To authenticate, you need to pass a token that is writen to a temporary file when the backend is initialized:
```
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/status
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/start
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/stop
```
docs/i18n-howto.rst
View file @ 8473f488
......@@ -3,7 +3,7 @@ Howto i18n
The translations are done in transifex. To help us contribute your translations there and/or review the existing
ones:
https://www.transifex.com/otf/bitmask/bitmask-vpn/
https://www.transifex.com/otf/bitmask/bitmask-desktop/
When a string has being modified you need to regenerate the locales:
```
......@@ -11,9 +11,29 @@ When a string has being modified you need to regenerate the locales:
```
To fetch the translations from transifex (API\_TOKEN is the transifex API token):
To fetch the translations from transifex you need to use the Transifex cli:
https://developers.transifex.com/docs/cli and an api (API\_TOKEN is the transifex API
token)
```
API_TOKEN='xxxxxxxxxxx' make locales
API_TOKEN='xxxxxxxxxxx' tx pull
```
If you want to add a new language create an empty file `gui/i18n/main_$lang.ts` before running `make locales`.
If you want to add a new language you can:
```
API_TOKEN='xxxxxxxxxxx' tx pull -a
```
Sometimes language codes are not what you expect. This applies for missing languages as
well. When you check in transifex, you can also see what is used there, for example fa_IR
or es_AR, es or es_CU. When you want to use some language in general instead of some
regional version you can use the mapping in the .tx/config. Examples: fa_IR maps to fa.
For this project we expect files to be like main_es_AR.ts or main_pl.ts See
https://doc.qt.io/QtForMCUs-2.5/qtul-cmake-getting-started.html
Testing the translations
------------------------
Pass the language env vars:
LANG=es_ES LANGUAGE=es_ES make run
docs/linux-build-VMs.rst 0 → 100644
View file @ 8473f488
How to create VMs for building and testing
============================================================
For Debian and Ubuntu, we want to support the two latest LTS (long term support) releases. For each release, we need to build packages for each distro.
Release overview
- https://www.debian.org/releases/
- https://www.releases.ubuntu.com/
Download and setup VMs
-------------------------
To get VMs, you can use:
- quickemu https://github.com/quickemu-project/quickemu
- create Virtualbox VMs by hand
- vagrant
.. code:: bash
mkdir -p ~/leap/vms & cd ~/leap/vms
quickget xubuntu 24.04
quickget xubuntu 22.04
quickget debian 12.5.0 xfce
quickget debian 11.9.0 xfce
# start vm and install OS (with --display spice you have a shared clipboard)
quickemu --vm xubuntu-24.04.conf --display spice
Install tools & dependencies
---------------------------------
.. code:: bash
# install base
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install -y firefox featherpad tmux vim git make fd-find ripgrep magic-wormhole
# install make deps (check branding/templates/debian/control-template)
sudo apt install golang make pkg-config g++ git libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-base-dev libqt6qml6 qt6-declarative-dev dh-golang libgl-dev qt6-5compat-dev qt6-declarative-dev-tools qt6-l10n-tools
# install deps (check branding/templates/debian/control-template)
sudo apt install libqt6core6 libqt6gui6 libqt6qml6 libqt6widgets6 libstdc++6 libqt6svg6 qml6-module-qtquick qml6-module-qtquick-controls qml6-module-qtquick-dialogs qml6-module-qtquick-layouts qml6-module-qtqml-workerscript qml6-module-qtquick-templates qml6-module-qt-labs-settings qml6-module-qtquick-window qml6-module-qt-labs-platform qml6-module-qtcore qml6-module-qt5compat-graphicaleffects openvpn policykit-1-gnome
sudo ln -s $(qmake6 -query "QT_INSTALL_BINS")/lrelease /usr/local/bin/lrelease
If go < 1.20 (Debian 12)
---------------------------------
The go package of Debian 12 is too old (< 1.20). Please install the `golang-go` package of `bookworm-backports`.
- https://backports.debian.org/Instructions/
- https://packages.debian.org/bookworm-backports/golang/golang
Build desktop client
---------------------------------
You can override the version with env VERSION= (required for all targets)
.. code:: bash
git clone https://0xacab.org/leap/bitmask-vpn.git
cd bitmask-vpn
sudo make depends
PROVIDER=bitmask make vendor
QMAKE=qmake6 make build
# install helper on Linux (only for manual testing, gets installed by the pckage)
build/qt/release/bitmask-vpn --install-helpers
Build deb package
---------------------------------
.. code:: bash
# create debian package (you can also set the version with VERSION=)
make package_deb
sudo dpkg -i deploy/bitmask-vpn_0.24.5-66-gd52c528_amd64.deb
docs/release-howto.md 0 → 100644
View file @ 8473f488
# Release procedure
## Prepare source code repo for release
1. Generate the changelog and update the `CHANGELOG` file
```
$ git log --format="- %s" <last_release_tag>..HEAD
```
2. Open a Merge request with the above change
3. Create an annotated tag for the release version, the version for the app is taken from the o/p of `git desribe`
```
# tag should point to the commit that updated the CHANGELOG file
$ git tag -a 0.24.8 HEAD
```
## Build Installers for Windows and MacOS
### Steps to build the windows installer (needs Windows 10 or higher):
1. Generate the installer `.exe` file
```
$ make vendor # make sure to set the PROVIDER env variable to the correct provider
$ make build
$ make installer
```
2. Sign the installer:
```
PS> signtool sign /f .\leap.pfx /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 /p <password_for_cert> <path_to_installer.exe>
```
### Steps to build the MacOS installer (needs MacOS 12 or higher):
1. Generate the installer `.app` file
```
$ make vendor # make sure to set the PROVIDER env variable to the correct provider
$ make build
$ make installer
```
2.Sign the MacOS installer:
```
$ export CODESIGN_IDENTITY=<codesign_id>
$ codesign --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force <path_to_installer.app/Content/MacOS/installer_executable>
```
3. Create DMG to upload for Apple notarization
```
$ mkdir -p build/installer/out && cp -R build/installer/<installer.app> build/installer/out
$ cd build/installer
$ hdiutil create -volname <installer_name> -srcfolder out -ov -format UDZO <output_dmg_name.dmg>
```
4. Upload DMG for notarization
```
$ export APP_PASSWORD=<app_password>
$ xcrun notarytool submit --verbose --apple-id=<appleid> --team-id=<teamid> --password ${APP_PASSWORD} --wait --timeout 30m <path_to_dmg>
# To get logs or the notarization response for debugging
$ xcrun notarytool logs <notarization_id> --apple-id=<appleid> --team-id=<teamid> --password ${APP_PASSWORD}
```
>**IMPORTANT:** Upload builds, renew the *-latest* symlinks and their `lastver` files
>**NOTE:** Update packages for Ubuntu in the [leapcodes PPA](./build-ppa.md)