branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js

+/****************************************************************************
+**
+** Copyright (C) 2020 LEAP Encryption Access Project
+**
+****************************************************************************/
+
+function majorVersion(str)
+{
+    return parseInt(str.split(".", 1));
+}
+
+// from: https://forum.qt.io/topic/114975/qt-installerframework-is-altering-my-string-slashes
+var Dir = new function () {
+    this.toNativeSeparator = function (path) {
+        if (installer.value("os") == "win")
+            return path.replace(/\//g, '\\');
+        return path;
+    }
+};
+
+function cancelInstaller(message)
+{
+    installer.setDefaultPageVisible(QInstaller.Introduction, false);
+    installer.setDefaultPageVisible(QInstaller.TargetDirectory, false);
+    installer.setDefaultPageVisible(QInstaller.ComponentSelection, false);
+    installer.setDefaultPageVisible(QInstaller.ReadyForInstallation, false);
+    installer.setDefaultPageVisible(QInstaller.StartMenuSelection, false);
+    installer.setDefaultPageVisible(QInstaller.PerformInstallation, false);
+    installer.setDefaultPageVisible(QInstaller.LicenseCheck, false);
+
+    var abortText = "<font color='red'>" + message +"</font>";
+    installer.setValue("FinishedText", abortText);
+}
+
+function Component() {
+    if (systemInfo.productType === "macos") {
+        var uid = installer.execute("/usr/bin/id", ["-u"])[0]
+        var gid = installer.execute("/usr/bin/id", ["-g"])[0]
+        installer.setValue("HelperSocketUid", uid.trim())
+        installer.setValue("HelperSocketGid", gid.trim())
+
+        console.log("UID: " + uid)
+        console.log("GID: " + gid)
+    }
+
+    installer.gainAdminRights();
+
+    console.log("OS: " + systemInfo.productType);
+    console.log("Kernel: " + systemInfo.kernelType + "/" + systemInfo.kernelVersion);
+
+    installer.setDefaultPageVisible(QInstaller.TargetDirectory, false);
+
+    if (installer.isInstaller()) {
+        console.log("Checking for existing installation")
+        component.loaded.connect(this, Component.prototype.installerLoaded);
+    }
+
+    // Check whether OS is supported.
+    // start installer with -v to see debug output
+
+    var validOs = false;
+
+    if (systemInfo.kernelType === "winnt") {
+        if (majorVersion(systemInfo.kernelVersion) >= 6)
+            validOs = true;
+    } else if (systemInfo.kernelType === "darwin") {
+        if (majorVersion(systemInfo.kernelVersion) >= 11)
+            validOs = true;
+    } else {
+        if (systemInfo.productType !== "ubuntu"
+                || systemInfo.productVersion !== "20.04") {
+            QMessageBox["warning"]("os.warning", "Installer",
+                                   "Note that the binaries are only tested on Ubuntu 20.04",
+                                   QMessageBox.Ok);
+        }
+        validOs = true;
+    }
+
+    if (!validOs) {
+        cancelInstaller("Installation on " + systemInfo.prettyProductName + " is not supported");
+        return;
+    }
+    console.log("CPU Architecture: " +  systemInfo.currentCpuArchitecture);
+
+    if (systemInfo.productType === "windows") {
+        installer.addWizardPage(component, "InstallForAllUsersCheckBoxForm", QInstaller.LicenseCheck);
+    }
+}
+
+Component.prototype.createOperations = function ()
+{
+    if (systemInfo.productType === "macos") {
+        preInstallOSX();
+    }
+    if (systemInfo.productType === "windows") {
+        preInstallWindows();
+    }
+    // This will actually install the files
+    component.createOperations();
+
+    // And now our custom actions.
+    // See https://doc.qt.io/qtinstallerframework/operations.html for reference
+    //
+    // We can also use this to register different components (different architecture for instance)
+    // See https://doc.qt.io/qtinstallerframework/qt-installer-framework-systeminfo-packages-root-meta-installscript-qs.html
+
+    console.log("installForAllUsers value: " + installer.value("installForAllUsers"));
+    if (systemInfo.productType === "windows") {
+        postInstallWindows();
+        if (installer.value("installForAllUsers") === "true") {
+            installForAllUsersWindows()
+        }
+    } else if (systemInfo.productType === "macos") {
+        uninstallOSX();
+        postInstallOSX();
+    } else {
+        postInstallLinux();
+    }
+}
+
+Component.prototype.installerLoaded = function () {
+    var dir = installer.value("TargetDir")
+    var maintenancetoolPath = Dir.toNativeSeparator(dir + "/uninstall.exe")
+    if (systemInfo.productType == "macos") {
+        maintenancetoolPath = Dir.toNativeSeparator(dir + "/uninstall.app" + "/Contents/MacOS/uninstall")
+    }
+    if (installer.fileExists(dir) && installer.fileExists(maintenancetoolPath)) {
+        console.log("Found existing installation at: " + dir)
+        var result = QMessageBox.warning("uninstallprevious.critical", "Uninstall previous version", "To proceed existing installation needs to be removed. Click OK to remove existing installation.",
+            QMessageBox.Ok | QMessageBox.Cancel);
+        if (result == QMessageBox.Ok) {
+            console.log("Running uninstall using maintenance tool at: " + maintenancetoolPath)
+            installer.execute(maintenancetoolPath, ["purge", "-c"]);
+        }
+        if (result == QMessageBox.Cancel) {
+            cancelInstaller("Need to removed existing installation to proceed.");
+        }
+    }
+}
+
+function preInstallWindows() {
+    console.log("Pre-installation for Windows: check for running bitmask");
+    component.addOperation(
+        "Execute", "{1}", "powershell", "-NonInteractive", "-NoProfile", "-command", "try {Get-Process $BINNAME -ErrorAction Stop} catch { exit 1}",
+        "errormessage=It seems that an old $APPNAME client is running. Please exit the app and run this installer again.",
+    );
+    /* Remove-Service only introduced in PS 6.0 */
+    component.addElevatedOperation(
+        "Execute", "{0}", "powershell", "-NonInteractive", "-NoProfile", "-command",
+        "try {Get-Service bitmask-helper-v2} catch {exit 0}; try {Stop-Service bitmask-helper-v2} catch {}; try {$$srv = Get-Service bitmask-helper-v2; if ($$srv.Status -eq 'Running') {exit 1} else {exit 0};} catch {exit 0}",
+        "errormessage=It seems that bitmask-helper-v2 service is running, and we could not stop it. Please manually uninstall any previous $APPNAME client and run this installer again.",
+    );
+}
+
+function postInstallWindows() {
+    // TODO - we probably need to package different flavors of the installer for windows 8, arm, i386 etc, and change the installer we ship too.
+    var openVpnMsi = Dir.toNativeSeparator(installer.value("TargetDir") + "/openvpn-installer.msi")
+    console.log("Installing OpenVPN binaries and service");
+    component.addElevatedOperation("Execute", "{0}", "msiexec", "/i", openVpnMsi, "ADDLOCAL=OpenVPN.Service,OpenVPN,Drivers,Drivers.TAPWindows6,Drivers.Wintun", "/passive")
+    console.log("Adding shortcut entries...");
+    component.addElevatedOperation("Mkdir", "@StartMenuDir@");
+    component.addElevatedOperation("CreateShortcut", "@TargetDir@\\$BINNAME.exe", "@StartMenuDir@\\$APPNAME.lnk", "workingDirectory=@TargetDir@", "iconPath=@TargetDir@\\icon.ico", "description=Start $APPNAME");
+
+    // TODO I think this one is not being created because the path doesn't exist yet. We might want to do this by hooking on the installation finished signal instead.
+    component.addElevatedOperation(
+        "CreateShortcut",
+        "@TargetDir@\\Uninstall-$APPNAME.exe",
+        "@StartMenuDir@\\Uninstall.lnk"
+    );
+}
+
+function installForAllUsersWindows() {
+    component.addElevatedOperation(
+        "Execute", "{0}", "powershell", "-NonInteractive", "-NoProfile", "-command",
+        "try {New-LocalGroup -Name 'OpenVPN Administrators' -Description 'Group to allow use of openvpn' -ErrorAction Stop} catch [Microsoft.PowerShell.Commands.GroupExistsException] { exit 0 }",
+        "errormessage=Unable to create the 'OpenVPN Administrators' group.",
+        "UNDOEXECUTE", "{0}", "powershell", "-NonInteractive", "-NoProfile", "-command",
+        "try { Remove-LocalGroup -Name 'OpenVPN Administrators' -ErrorAction Stop } catch [Microsoft.PowerShell.Commands.GroupNotFoundException] { exit 0 }",
+        "errormessage=Unable to remove the 'OpenVPN Administrator' group."
+    );
+
+    component.addElevatedOperation(
+        "Execute", "{0}", "powershell", "-NonInteractive", "-NoProfile", "-command",
+        "$$users=(Get-LocalUser | Select-Object Name | where {$$_.Name -NotMatch 'Administrator' -and $$_.Name -NotMatch 'Guest' -and $$_.Name -NotMatch 'DefaultAccount' -and $$_.Name -NotMatch 'WDAGUtilityAccount'}); try {Add-LocalGroupMember -Group 'OpenVPN Administrators' -Member $$users -ErrorAction Stop} catch [Microsoft.PowerShell.Commands.MemberExistsException] {exit 0}",
+        "errormessage=Unable to add users to the 'OpenVPN Administrators' group."
+    );
+}
+
+function preInstallOSX() {
+    console.log("Pre-installation for OSX: check for running bitmask");
+    component.addOperation(
+        "Execute", "{1}", "pgrep", "bitmask-vpn$$", /* $$$$ is escaped by python template: the old app binary was called bitmask-vpn */ 
+        "errormessage=It seems that an old RiseupVPN client is running. Please exit the app and run this installer again.",
+    );
+    component.addOperation(
+        "Execute", "{1}", "pgrep", "bitmask$$", /* $$$$ is escaped by python template: we don't want to catch bitmask app */
+        "errormessage=It seems RiseupVPN, CalyxVPN or LibraryVPN are running. Please exit the app and run this installer again.",
+        "UNDOEXECUTE", "{1}", "pgrep", "bitmask$$", /* $$$$ is escaped: we dont want bitmask app */
+        "errormessage=It seems RiseupVPN, CalyxVPN or LibraryVPN are running. Please exit the app before trying to run the uninstaller again."
+    );
+}
+
+function uninstallOSX() {
+    console.log("Pre-installation for OSX: uninstall previous helpers");
+    // TODO use installer filepath??
+    component.addElevatedOperation(
+        "Execute", "{0}",
+        "@TargetDir@/post-install", "-action=uninstall", "-stage=preinstall", "-appname=@ProductName@",
+        "errormessage=There was an error during the pre-installation script, things might be broken. Please report this error and attach /tmp/bitmask-uninstall.log"
+    );
+}
+
+function postInstallOSX() {
+    var uid = installer.value("HelperSocketUid")
+    var gid = installer.value("HelperSocketGid")
+    console.log("Post-installation for OSX");
+    component.addElevatedOperation(
+        "Execute", "{0}",
+        "@TargetDir@/post-install", "-action=post-install", "-appname=@ProductName@", "-socket-uid=" + uid, "-socket-gid=" + gid,
+        "errormessage=There was an error during the post-installation script, things might be broken. Please report this error and attach the post-install.log file.",
+        "UNDOEXECUTE",
+        "@TargetDir@/post-install", "-action=uninstall", "-appname=@ProductName@"
+    );
+}
+
+function postInstallLinux() {
+    console.log("Post-installation for GNU/Linux");
+    console.log("Maybe you want to use your package manager instead?");
+    component.addOperation("AppendFile", "/tmp/bitmask-installer.log", "this is a test - written from the installer");
+}
+
+function uninstallWindows() {
+    console.log("uninstall for windows: remove openvpn administrators group")
+
+    component.addElevatedOperation(
+        "Execute", "{0}", "powershell", "-NonInteractive", "-NoProfile", "-command",
+        "Remove-LocalGroup -Name 'OpenVPN Administrator' -ErrorAction Ignore",
+    );
+}

branding/templates/qtinstaller/packages/bitmaskvpn/meta/installforallcheckbox.ui

+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+    <class>InstallForAllUsersCheckBoxForm</class>
+    <widget class="QWidget" name="InstallForAllUsersCheckBoxForm">
+        <property name="geometry">
+            <rect>
+                <x>0</x>
+                <y>0</y>
+                <width>412</width>
+                <height>179</height>
+            </rect>
+        </property>
+        <property name="windowTitle">
+            <string>Select Installation Mode</string>
+        </property>
+        <layout class="QVBoxLayout" name="verticalLayout">
+            <property name="margin">
+                <number>10</number>
+            </property>
+            <item>
+                <widget class="QCheckBox" name="installForAllCheckBox">
+                    <property name="font">
+                        <font>
+                            <weight>75</weight>
+                            <bold>true</bold>
+                        </font>
+                    </property>
+                    <property name="text">
+                        <string>Install for All Users on this Computer</string>
+                    </property>
+                    <property name="checked">
+                        <bool>false</bool>
+                    </property>
+                </widget>
+            </item>
+            <item>
+                <widget class="QLabel" name="allUsersLabel">
+                    <property name="text">
+                        <string>The application will be installed for all users on this machine. All users will be added to the OpenVPN Administrators group to enable interaction with OpenVPN.</string>
+                    </property>
+                    <property name="wordWrap">
+                        <bool>true</bool>
+                    </property>
+                    <property name="indent">
+                        <number>25</number>
+                    </property>
+                </widget>
+            </item>
+        </layout>
+    </widget>
+    <resources />
+    <connections />
+</ui>
\ No newline at end of file

branding/templates/qtinstaller/packages/bitmaskvpn/meta/package.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<Package>
+    <DisplayName>$APPNAME</DisplayName>
+    <Description>$APPNAME_PLATFORM</Description>
+    <Version>$VERSION</Version>
+    <ReleaseDate>$TIMESTAMP</ReleaseDate>
+    <Default>false</Default>
+    <RequiresAdminRights>true</RequiresAdminRights>
+    <Script>install.js</Script>
+    <Licenses>
+        <License name="License Agreement" file="LICENSE.txt" />
+    </Licenses>
+    <ForcedInstallation>true</ForcedInstallation>
+    <UserInterfaces>
+        <UserInterface>installforallcheckbox.ui</UserInterface>
+    </UserInterfaces>
+</Package>

branding/templates/qtinstaller/win-data/readme

+windows-specific installer data

branding/templates/snap/generate.py

+#!/usr/bin/env python3
+"""
+generate.py
+
+Generate a snap package for a given provider.
+"""
+
+import json
+import os
+from string import Template
+
+
+TEMPLATE = 'snapcraft-template.yaml'
+SNAPCRAFT = 'snapcraft.yaml'
+
+here = os.path.split(os.path.realpath(__file__))[0]
+data = json.load(open(os.path.join(here, 'data.json')))
+
+binaryName = data['binaryName']
+
+DESKTOP_TEMPLATE = 'local/app.desktop'
+DESKTOP = 'local/{}.desktop'.format(binaryName)
+
+POLKIT_TEMPLATE = 'local/pre/se.leap.bitmask.snap.policy'
+POLKIT_FILE = 'se.leap.bitmask.{}.policy'.format(binaryName)
+POLKIT = 'local/pre/' + POLKIT_FILE
+
+template = Template(open(TEMPLATE).read())
+with open(SNAPCRAFT, 'w') as output:
+    output.write(template.safe_substitute(data))
+
+template = Template(open(DESKTOP_TEMPLATE).read())
+with open(DESKTOP, 'w') as output:
+    output.write(template.safe_substitute(data))
+os.remove(DESKTOP_TEMPLATE)
+
+template = Template(open(POLKIT_TEMPLATE).read())
+with open(POLKIT, 'w') as output:
+    output.write(template.safe_substitute(data))
+os.remove(POLKIT_TEMPLATE)
+
+os.putenv('POLKIT_FILE', POLKIT_FILE)
+os.putenv('APP_NAME', binaryName)
+os.system('cd local/pre && ./pack_installers')
+
+print("[+] Snapcraft spec written to {path}".format(
+    path=os.path.abspath(SNAPCRAFT)))

branding/templates/snap/hooks/install

+#!/usr/bin/env python3
+# DO NOT MODIFY MANUALLY
+# This helper installs the polkit policy file
+# for the RiseupVPN snap.
+# It is generated automatically
+# by the script at "snap/pre/pack_installers"
+import subprocess
+import os
+from base64 import decodebytes as decode
+
+POLKIT = b'PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBvbGljeWNv\nbmZpZyBQVUJMSUMKICItLy9mcmVlZGVza3RvcC8vRFREIFBvbGljeUtpdCBQb2xpY3kgQ29uZmln\ndXJhdGlvbiAxLjAvL0VOIgogImh0dHA6Ly93d3cuZnJlZWRlc2t0b3Aub3JnL3N0YW5kYXJkcy9Q\nb2xpY3lLaXQvMS9wb2xpY3ljb25maWcuZHRkIj4KPHBvbGljeWNvbmZpZz4KCiAgPHZlbmRvcj5M\nRUFQIFByb2plY3Q8L3ZlbmRvcj4KICA8dmVuZG9yX3VybD5odHRwOi8vbGVhcC5zZS88L3ZlbmRv\ncl91cmw+CgogIDxhY3Rpb24gaWQ9InNlLmxlYXAuYml0bWFzay5yaXNldXB2cG4ucG9saWN5Ij4K\nICAgIDxkZXNjcmlwdGlvbj5SdW5zIGJpdG1hc2sgaGVscGVyIHRvIGxhdW5jaCBmaXJld2FsbCBh\nbmQgb3BlbnZwbiAoUmlzZXVwVlBOKTwvZGVzY3JpcHRpb24+CiAgICA8ZGVzY3JpcHRpb24geG1s\nOmxhbmc9ImVzIj5FamVjdXRhIGVsIGFzaXN0ZW50ZSBkZSBiaXRtYXNrIHBhcmEgbGFuemFyIGVs\nIGZpcmV3YWxsIHkgb3BlbnZwbiAoUmlzZXVwVlBOKTwvZGVzY3JpcHRpb24+CiAgICA8bWVzc2Fn\nZT5SaXNldXBWUE4gbmVlZHMgdGhhdCB5b3UgYXV0aGVudGljYXRlIHRvIHN0YXJ0PC9tZXNzYWdl\nPgogICAgPG1lc3NhZ2UgeG1sOmxhbmc9ImVzIj5SaXNldXBWUE4gbmVjZXNpdGEgYXV0b3JpemFj\naW9uIHBhcmEgY29tZW56YXI8L21lc3NhZ2U+CiAgICA8aWNvbl9uYW1lPnBhY2thZ2UteC1nZW5l\ncmljPC9pY29uX25hbWU+IAogICAgPGRlZmF1bHRzPgogICAgICA8YWxsb3dfYW55PnllczwvYWxs\nb3dfYW55PgogICAgICA8YWxsb3dfaW5hY3RpdmU+eWVzPC9hbGxvd19pbmFjdGl2ZT4KICAgICAg\nPGFsbG93X2FjdGl2ZT55ZXM8L2FsbG93X2FjdGl2ZT4KICAgIDwvZGVmYXVsdHM+CiAgICA8YW5u\nb3RhdGUga2V5PSJvcmcuZnJlZWRlc2t0b3AucG9saWN5a2l0LmV4ZWMucGF0aCI+L3NuYXAvYmlu\nL3Jpc2V1cC12cG4uYml0bWFzay1yb290PC9hbm5vdGF0ZT4KICA8L2FjdGlvbj4KPC9wb2xpY3lj\nb25maWc+Cg==\n'
+
+with open('/usr/share/polkit-1/actions/se.leap.bitmask.riseup-vpn.policy', 'w') as polkit:
+    lines = decode(POLKIT).split(b"\n")
+    for line in lines:
+        polkit.write(line.decode() + "\n")
+
+with open('/etc/os-release') as f:
+    release = f.read()
+# this is a workaround for the fact that debian does not place snap desktop entries in a system+wide path.
+if 'ID=debian' in release:
+    desktop_path = "/usr/share/applications/riseup-vpn.desktop"
+    if os.path.exists(desktop_path):
+        os.remove(desktop_path)
+    os.symlink("/snap/riseup-vpn/current/snap/meta/gui/riseup-vpn.desktop", desktop_path)
+    subprocess.call(['update-desktop-database'])

branding/templates/snap/hooks/remove

+#!/bin/sh
+
+echo "Executing remove hook for RiseupVPN"
+rm "/usr/share/polkit-1/actions/se.leap.bitmask.riseup-vpn.policy"
+unlink "/usr/share/applications/riseup-vpn.desktop" || echo "did not remove workaround for global desktop entry"
+echo "done"

branding/templates/snap/local/app.desktop

+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=${applicationName}
+Comment=Anonymous VPN
+Comment[es]=VPN Anonima
+Comment[de]=Anonymous VPN
+Path=/snap/bin/
+Exec=${binaryName}.launcher
+Terminal=false
+Icon=${SNAP}/meta/gui/${binaryName}.png
+Categories=Network;Application;
+StartupNotify=true
+Keywords=VPN;${name};leap
+

branding/templates/snap/local/pre/pack_installers

+#!/usr/bin/env python3
+import os
+import subprocess
+from base64 import encodebytes as encode
+
+HELPDIR = '../../../../../helpers'
+INSTALL = '../../hooks/install'
+
+POLKIT_FILE = os.environ.get('POLKIT_FILE')
+APP_NAME = os.environ.get('APP_NAME')
+
+with open(POLKIT_FILE) as polkit:
+    b64_polkit = encode(polkit.read().encode())
+
+with open(INSTALL, 'w') as install:
+    install.write('#!/usr/bin/env python3\n')
+    install.write('# DO NOT MODIFY MANUALLY\n')
+    install.write('# This helper installs the polkit policy file\n')
+    install.write('# for the ${applicationName} snap.\n')
+    install.write('# It is generated automatically\n')
+    install.write('# by the script at "snap/local/pre/pack_installers"\n')
+    install.write('import subprocess\n')
+    install.write('import os\n')
+    install.write('from base64 import decodebytes as decode\n')
+    install.write("""
+POLKIT = {polkit}
+
+with open('/usr/share/polkit-1/actions/{polkit_file}', 'w') as polkit:
+    lines = decode(POLKIT).split(b"\\n")
+    for line in lines:
+        polkit.write(line.decode() + "\\n")
+
+with open('/etc/os-release') as f:
+    release = f.read()
+# this is a workaround for the fact that debian does not place snap desktop entries in a system+wide path.
+if 'ID=debian' in release:
+    desktop_path = "/usr/share/applications/{app_name}.desktop"
+    if os.path.exists(desktop_path):
+        os.remove(desktop_path)
+    os.symlink("/snap/{app_name}/current/snap/meta/gui/{app_name}.desktop", desktop_path)
+    subprocess.call(['update-desktop-database'])
+""".format(
+        polkit=b64_polkit,
+        polkit_file=POLKIT_FILE,
+        app_name=APP_NAME))
+
+subprocess.Popen(["chmod", "+x", INSTALL])
+print("[+] Done packing installers into the snap install hook...")

branding/templates/vendor/vendor.qrc

+<RCC>
+    <qresource prefix="/vendor/">
+        <file alias="icon.svg">assets/icon.svg</file>
+    </qresource>
+</RCC>

branding/templates/windows/tools/README-cert.txt

+openssl pkcs12 -inkey privatekey.pem -in signing_cert.pem -export -out LEAP.pfx

branding/templates/windows/tools/README-signtool.txt

+Source: https://stackoverflow.com/questions/31869552/how-to-install-signtool-exe-for-windows-10
+-----------------------------------------------------------------------------------------------
+
+If you only want SignTool and really want to minimize the install, here is a way that I just reverse-engineered my way to:
+
+Download the .iso file from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk (current download link is http://go.microsoft.com/fwlink/p/?LinkID=2022797) The .exe download will not work, since it's an online installer that pulls down its dependencies at runtime.
+Unpack the .iso with a tool such as 7-zip.
+Install the Installers/Windows SDK Signing Tools-x86_en-us.msi file - it's only 388 KiB large. For reference, it pulls in its files from the following .cab files, so these are also needed for a standalone install:
+4c3ef4b2b1dc72149f979f4243d2accf.cab (339 KiB)
+    685f3d4691f444bc382762d603a99afc.cab (1002 KiB)
+    e5c4b31ff9997ac5603f4f28cd7df602.cab (389 KiB)
+    e98fa5eb5fee6ce17a7a69d585870b7c.cab (1.2 MiB)
+    There we go - you will now have the signtool.exe file and companions in C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64 (replace x64 with x86, arm or arm64 if you need it for another CPU architecture.)
+
+It is also possible to commit  signtool.exe and the other files from this folder into your version control repository if want to use it in e.g. CI scenarios. I have tried and it seems to work fine.
+
+(All files are probably not necessary since there are also some other .exe tools in this folder that might be responsible for these dependencies, but I am not sure which ones could be removed to make the set of files even smaller. Someone else is free to investigate further in this area. :) I tried to just copy signtool.* and that didn't work, so at least some of the other files are needed.)

branding/thirdparty/openvpn/build.mk

+build_static_openvpn:
+	pkg/thirdparty/openvpn/build_openvpn.sh
+
+upload_openvpn:
+	rsync --rsh='ssh' -avztlpog --progress --partial ~/openvpn_build/sbin/openvpn* downloads.leap.se:./public/thirdparty/linux/openvpn/
+
+download_openvpn:
+	wget https://downloads.leap.se/thirdparty/linux/openvpn/openvpn
+
+clean_openvpn_build:
+	rm -rf ~/openvpn_build

branding/thirdparty/qt5/build-qt5-static.sh

+#!/bin/sh
+
+# Downloads qt5 source file and compiles it statically.
+# See https://wohlsoft.ru/pgewiki/Building_static_Qt_5 for tips
+
+QT5_V="5.12"
+QT5_VER="5.12.9"
+QT5_DIR="qt-everywhere-src-$QT5_VER"
+QT5_TAR="$QT5_DIR.tar.xz"
+QT5_URL="https://download.qt.io/archive/qt/$QT5_V/$QT5_VER/single/$QT5_TAR"
+
+
+# TODO we could use -qt-freetype, but then we have to ship our own fonts.
+
+CONFIG_FLAGS="-prefix $PWD/../qt5-static -release -opensource -confirm-license -platform linux-g++ \
+              -fontconfig -system-freetype \
+              -opengl \
+              -no-ssl \
+              --doubleconversion=qt \
+              --zlib=qt \
+              --libjpeg=no \
+              --icu=no \
+              --libpng=qt --pcre=qt --xcb=qt --harfbuzz=qt \
+              -skip wayland -skip purchasing -skip serialbus -skip qtserialport -skip script -skip scxml -skip speech \
+              -static \
+              -optimize-size -nomake examples -nomake tests"
+
+# --xcb=system
+
+if [ -f "$QT5_TAR" ]; then
+    echo "[+] $QT5_TAR already downloaded."
+else
+    echo "[+] Qt5 source tarball does not exist. Attempting to download..."
+    wget -c $QT5_URL
+fi
+
+tar xf "$QT5_TAR"
+cd $QT5_DIR
+
+./configure ${CONFIG_FLAGS}
+make -j 8 && make install

bitmaskd/events.go → cmd/bitmask-helper/main.go

-// Copyright (C) 2018 LEAP
+// Copyright (C) 2018-2020 LEAP
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -13,38 +13,42 @@
 // You should have received a copy of the GNU General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package bitmask
+package main
 
 import (
-	"log"
-	"net/http"
+	"flag"
+	"path"
+
+	"0xacab.org/leap/bitmask-vpn/pkg/config"
+	"0xacab.org/leap/bitmask-vpn/pkg/helper"
 )
 
 const (
-	statusEvent = "VPN_STATUS_CHANGED"
+	preferredPort = 7171
+	logFile       = "helper.log"
+)
+
+var (
+	Version string
+	AppName string
+
+	socketUid int
+	socketGid int
 )
 
-func (b *Bitmask) eventsHandler() {
-	b.send("events", "register", statusEvent)
-	client := &http.Client{
-		Timeout: 0,
-	}
-	for {
-		resJSON, err := send(b.apiToken, client, "events", "poll")
-		res, ok := resJSON.([]interface{})
-		if err != nil || !ok || len(res) < 1 {
-			continue
-		}
-		event, ok := res[0].(string)
-		if !ok || event != statusEvent {
-			continue
-		}
-
-		status, err := b.GetStatus()
-		if err != nil {
-			log.Printf("Error receiving status: %v", err)
-			continue
-		}
-		b.statusCh <- status
-	}
+func init() {
+	flag.IntVar(&socketUid, "socket-uid", 0, "The UID for the unix socket to listen on")
+	flag.IntVar(&socketGid, "socket-gid", 0, "The GID for the unix socket to listen on")
+}
+
+func main() {
+	flag.Parse()
+	config.LogPath = path.Join(config.Path, logFile)
+	config.ConfigureLogger()
+	defer config.CloseLogger()
+	helper.Version = Version
+	helper.AppName = AppName
+
+	// StartHelper is the main entry point - it also handles cli args in windows, and starts the http server.
+	helper.StartHelper(preferredPort, socketUid, socketGid)
 }

cmd/bitmaskd/main.go

+package main
+
+import (
+	"errors"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"runtime"
+
+	"0xacab.org/leap/bitmask-vpn/pkg/backend"
+)
+
+func main() {
+	var c string
+	var installHelpers bool
+
+	flag.StringVar(&c, "c", "", "Config file")
+	flag.BoolVar(&installHelpers, "i", false, "Install helpers (asks for sudo)")
+	flag.Parse()
+
+	if installHelpers {
+		backend.InstallHelpers()
+		os.Exit(0)
+	}
+
+	if len(c) == 0 {
+		fmt.Println("Please setup a config file with -c")
+		os.Exit(1)
+	}
+
+	if _, err := os.Stat(c); err == nil {
+		log.Println("Loading config file from", c)
+		// all good. we could validate the json.
+	} else if errors.Is(err, os.ErrNotExist) {
+		fmt.Println("Cannot find file:", c)
+		os.Exit(1)
+	} else {
+		// Schrodinger: file may or may not exist.
+		log.Println("Error:", err)
+	}
+
+	providerDefinitionJSON, err := ioutil.ReadFile(c)
+	if err != nil {
+		fmt.Println("Error reading config file")
+		os.Exit(1)
+	}
+
+	// TODO daemonize, or run in foreground to debug.
+	log.Println("Starting bitmaskd...")
+
+	opts := backend.InitOptsFromJSON("riseup", string(providerDefinitionJSON))
+	opts.DisableAutostart = true
+	opts.Obfs4 = false
+	opts.StartVPN = "off"
+	backend.EnableWebAPI("8000")
+	backend.InitializeBitmaskContext(opts)
+
+	log.Println("Backend initialized")
+
+	runtime.Goexit()
+	fmt.Println("Exit")
+}