Unverified Commit eead4d00 authored by Kali Kaneko's avatar Kali Kaneko Committed by meskio

[feat] add make prepare target to Makefile

parent 3cb8f572
......@@ -8,5 +8,7 @@ cmd/bitmask-connect/bitmask-connect
locales/*/out.gotext.json
tools/transifex/transifex
branding/assets/default
.*.swp
*.exe
......@@ -2,6 +2,9 @@
TAGS ?= gtk_3_18
PROVIDER ?= $(shell grep ^'provider =' branding/config/vendor.conf | cut -d '=' -f 2 | tr -d "[:space:]")
DEFAULT_PROVIDER = branding/assets/default/
all: icon locales get build
get:
......@@ -11,6 +14,15 @@ get:
generate:
go generate cmd/bitmask-vpn/main.go
relink_default:
ifneq (,$(wildcard ${DEFAULT_PROVIDER}))
cd branding/assets && unlink default
endif
cd branding/assets && ln -s ${PROVIDER} default
prepare: generate relink_default
branding/scripts/check-ca-crt.py ${PROVIDER} branding/config/vendor.conf
build: $(foreach path,$(wildcard cmd/*),build_$(patsubst cmd/%,%,$(path)))
build_%:
......
Branding for BitmaskVPN
================================================================================
This folder contains everything that is needed to generate a customized built of
BitmaskVPN for your provider.
Configure
--------------------------------------------------------------------------------
- Edit the file at 'branding/config/vendor.conf'. Add all the needed variables.
- Copy your provider CA certificate to 'branding/config/<provider>-ca.crt'
- Make sure that the folder 'branding/assets/<provider>' exists. Copy there all the needed assets.
Build
--------------------------------------------------------------------------------
Run:
PROVIDER=example.org make generate
make build
riseup
\ No newline at end of file
#!/usr/bin/env python3
import re
import sys
import urllib.request
SCRIPT_NAME = 'check-ca-crt.py'
USAGE = '''Check that the stored provider CA matches the one announced online.
Usage: {name} <provider> <uri>
Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME)
def getLocalCert(provider):
sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower()
with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt:
return crt.read().strip()
def getRemoteCert(uri):
fp = urllib.request.urlopen('https://' + uri + '/ca.crt')
remote_cert = fp.read().decode('utf-8').strip()
fp.close()
return remote_cert
if __name__ == '__main__':
if len(sys.argv) != 3:
print('[!] Not enough arguments')
print(USAGE)
sys.exit(1)
provider = sys.argv[1]
uri = sys.argv[2]
local = getLocalCert(provider)
remote = getRemoteCert(uri)
try:
assert local == remote
except AssertionError:
print('[!] ERROR: remote and local CA certs do not match')
sys.exit(1)
else:
print('OK')
/*
DO NOT EDIT --------------------------------------------------
This file has been automatically generated by `go generate`.
Any changes will be overriden.
DO NOT EDIT --------------------------------------------------
*/
package config
/* All these constants are defined in the vendor.conf file
*/
const (
Provider = "$providerURL"
ApplicationName = "$applicationName"
BinaryName = "$binaryName"
DonateURL = "$donateURL"
HelpURL = "$helpURL"
TosURL = "$tosURL"
APIURL = "$apiURL"
GeolocationAPI = "$geolocationAPI"
)
/*
CaCert : a string containing a representation of the provider CA, used to
sign the webapp and openvpn certificates. should be placed in
config/[provider]-ca.crt
*/
var CaCert = []byte(`$caCertString`)
-----BEGIN CERTIFICATE-----
MIIFYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBEMQ4wDAYDVQQKDAVjYWx5
eDEaMBgGA1UECwwRaHR0cHM6Ly9jYWx5eC5uZXQxFjAUBgNVBAMMDWNhbHl4IFJv
b3QgQ0EwHhcNMTMwNzAyMDAwMDAwWhcNMjMwNzAyMDAwMDAwWjBEMQ4wDAYDVQQK
DAVjYWx5eDEaMBgGA1UECwwRaHR0cHM6Ly9jYWx5eC5uZXQxFjAUBgNVBAMMDWNh
bHl4IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDupdnx
Bgat537XOqrZOulE/RvjoXB1S07sy9/MMtksXFoQuWJZRCSTp1Jaqg3H/e9o1nct
LQO91+izfJe07TUyajFl7CfllYgMeyKTYcT85dFwNX4pcIHZr8UpmO0MpGBoR4W1
8cPa3vxAG0CsyUmrASJVyhRouk4qazRosM5RwBxTdMzCK7L3SwqPQoxlY9YmRJlD
XYZlK5VMJd0dj9XxhMeFs5n43R0bsDENryrExSbuxoNfnUoQg3wffKk+Z0gW7YgW
ivPsbObqOgXUuBEU0xr9xMNBpU33ffLIsccrHq1EKp8zGfCOcww6v7+zEadUkVLo
6j/rRhYYgRw9lijZG1rMuV/mTGnUqbjHsdoz5mzkFFWeTSqo44lvhveUyCcwRNmi
2sjS77l0fCTzfreufffFoOEcRVMRfsnJdu/xPeARoXILEx8nQ421mSn6spOZlDQr
Tt0T0BAWt+VNc+m0IGSW3SwS7r5MUyQ/M5GrbQBGi5W2SzPriKZ79YTOwPVmXKLZ
vJoEuKRDkEPJLBAhcD5oSQljOm/Wp/hjmRH4HnI1y4XMshWlDsyRDB1Au5yrsfwN
noFVSskEcbXlZfNgml4lktLBqz+qwsw+voq6Ak7ROKbc0ii5s8+iNMbAtIK7GcFF
kuKKIyRmmGlDim/SDhlNdWo7Ah4Akde7zfWufwIDAQABo2AwXjAdBgNVHQ4EFgQU
AY8+K4ZupAQ+L9ttFJG3vaLBq5gwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMB
Af8wHwYDVR0jBBgwFoAUAY8+K4ZupAQ+L9ttFJG3vaLBq5gwDQYJKoZIhvcNAQEN
BQADggIBAOpXi5o3g/2o2rPa53iG7Zgcy8RpePGgZk6xknGYWeLamEqSh+XWQZ2w
2kQP54bf8HfPj3ugJBWsVtYAs/ltJwzeBfYDrwEJd1N8tw2IRuGlQOWiTAVVLBj4
Zs+dikSuMoA399f/7BlUIEpVLUiV/emTtbkjFnDeKEV9zql6ypR0BtR8Knf8ALvL
YfMsWLvTe4rXeypzxIaE2pn8ttcXLYAX0ml2MofTi5xcDhMn1vznKIvs82xhncQx
I1MJMWqPHNHgJUJpA+y1IFh5LPbpag9PKQ0yQ9sM+/dyGumF2jElsMw71flh/Txr
2dEv8+FNV1pPK26XJZBK24rNWFs30eAFfH9EQCwVla174I4PDoWqsIR7vtQMObDt
Bq34R3TjjJJIt2sCSlYLooWwiK7Q+d/SgYqA+MSDmmwhzm86ToK6cwbCsvuw1AxR
X6VIs4U8wOotgljzX/CSpKqlxcqZjhnAuelZ1+KiN8RHKPj7AzSLYOv/YwTjLTIq
EOxquoNR58uDa5pBG22a7xWbSaKosn/mEl8SrUr6klzzc8Vh09IMoxrw74uLdAg2
1jnrhm7qg91Ttb0aXiqbV+Kg/qQzojdewnnoBFnv4jaQ3y8zDCfMhsBtWlWz4Knb
Zqga1WyRm3Gj1j6IV0oOincYMrw5YA7bgXpwop/Lo/mmliMA14ps
-----END CERTIFICATE-----
......@@ -8,17 +8,31 @@ provider = riseup
name = Riseup
applicationName = RiseupVPN
binaryName = riseup-vpn
providerURL = riseup.net
apiURL = https://api.black.riseup.net/
caURL = https://black.riseup.net/ca.crt
tosURL = https://riseup.net/tos
helpURL = https://riseup.net/support
donateURL = https://riseup.net/donate
apiURL = https://api.black.riseup.net/
geolocationAPI = https://api.black.riseup.net:9001/json
askForDonations = true
donateURL = https://riseup.net/donate
[calyx]
name = Calyx
applicationName = CalyxVPN
binaryName = calyx-vpn
apiURL = https://calyx.org
providerURL = https://calyx.net
tosURL = https://calyx.net/tos
helpURL = https://calyx.net/support
apiURL = https://api.calyx.net:4430/
caURL = https://calyx.net/ca.crt
geolocationAPI = https://api.black.riseup.net:9001/json
askForDonations = true
donateURL = http://example.org
#!/usr/bin/env python3
import re
import sys
import configparser
import urllib.request
SCRIPT_NAME = 'check-ca-crt.py'
USAGE = '''Check that the stored provider CA matches the one announced online.
Usage: {name} <provider> <uri>
Usage: {name} <provider> <config>
Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME)
Example: {name} riseup branding/config/vendor.conf'''.format(name=SCRIPT_NAME)
def getLocalCert(provider):
sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower()
with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt:
with open('branding/config/'
'{provider}-ca.crt'.format(provider=sanitized)) as crt:
return crt.read().strip()
def getRemoteCert(uri):
fp = urllib.request.urlopen('https://' + uri + '/ca.crt')
fp = urllib.request.urlopen(uri)
remote_cert = fp.read().decode('utf-8').strip()
fp.close()
return remote_cert
def getUriForProvider(provider, configfile):
c = configparser.ConfigParser()
c.read(configfile)
return c[provider]['caURL']
if __name__ == '__main__':
if len(sys.argv) != 3:
......@@ -32,7 +40,13 @@ if __name__ == '__main__':
sys.exit(1)
provider = sys.argv[1]
uri = sys.argv[2]
config = sys.argv[2]
try:
uri = getUriForProvider(provider, config)
except IndexError:
print('[!] Misconfigured provider')
sys.exit(1)
local = getLocalCert(provider)
remote = getRemoteCert(uri)
......@@ -43,4 +57,4 @@ if __name__ == '__main__':
print('[!] ERROR: remote and local CA certs do not match')
sys.exit(1)
else:
print('OK')
print('OK: local CA matches what provider announces')
#!/usr/bin/env python3
import datetime
import os
import sys
......@@ -12,11 +13,20 @@ CONFIGFILE = 'config/vendor.conf'
SCRIPT_NAME = 'vendorize'
def getProviderData(config):
default = config['default']['provider']
print("[+] Configured provider:", default)
def getDefaultProvider(config):
provider = os.environ.get('PROVIDER')
if provider:
print('[+] Got provider {} from environemnt'.format(provider))
else:
print('[+] Using default provider from config file')
provider = config['default']['provider']
return provider
c = config[default]
def getProviderData(provider, config):
print("[+] Configured provider:", provider)
c = config[provider]
d = dict()
keys = ('name', 'applicationName', 'binaryName',
......@@ -26,6 +36,9 @@ def getProviderData(config):
for value in keys:
d[value] = c.get(value)
d['timeStamp'] = '{:%Y-%m-%d %H:%M:%S}'.format(
datetime.datetime.now())
return d
......@@ -90,7 +103,8 @@ if __name__ == "__main__":
config = configparser.ConfigParser()
config.read(configfile)
data = getProviderData(config)
provider = getDefaultProvider(config)
data = getProviderData(provider, config)
addCaData(data, configfile)
writeOutput(data, infile, outfile)
......
/*
DO NOT EDIT --------------------------------------------------
This file has been automatically generated by `go generate`.
Any changes will be overriden.
DO NOT EDIT --------------------------------------------------
*/
// Code generated by go generate; DO NOT EDIT.
// This file was generated by vendorize.py
// At $timeStamp
package config
/* All these constants are defined in the vendor.conf file
*/
*/
const (
Provider = "$providerURL"
ApplicationName = "$applicationName"
......
#!/usr/bin/env python3
import os
import sys
from string import Template
import configparser
OUTFILE = 'config.go'
INFILE = 'config.go.tmpl'
CONFIGFILE = 'config/vendor.conf'
SCRIPT_NAME = 'vendorize'
def getProviderData(config):
default = config['default']['provider']
print("[+] Configured provider:", default)
c = config[default]
d = dict()
keys = ('name', 'applicationName', 'binaryName',
'providerURL', 'tosURL', 'helpURL',
'donateURL', 'apiURL', 'geolocationAPI', 'caCertString')
for value in keys:
d[value] = c.get(value)
return d
def addCaData(data, configfile):
provider = data.get('name').lower()
folder, f = os.path.split(configfile)
caFile = os.path.join(folder, provider + '-ca.crt')
if not os.path.isfile(caFile):
bail('[!] Cannot find CA file in {path}'.format(path=caFile))
with open(caFile) as ca:
data['caCertString'] = ca.read().strip()
def writeOutput(data, infile, outfile):
with open(infile) as infile:
s = Template(infile.read())
with open(outfile, 'w') as outf:
outf.write(s.substitute(data))
def bail(msg=None):
if not msg:
print('Usage: {scriptname}.py <template> <config> <output>'.format(
scriptname=SCRIPT_NAME))
else:
print(msg)
sys.exit(1)
if __name__ == "__main__":
infile = outfile = ""
if len(sys.argv) > 4:
bail()
elif len(sys.argv) == 1:
infile = INFILE
outfile = OUTFILE
configfile = CONFIGFILE
else:
try:
infile = sys.argv[1]
configfile = sys.argv[2]
outfile = sys.argv[3]
except IndexError:
bail()
if not os.path.isfile(infile):
bail('[!] Cannot find template in {path}'.format(
path=os.path.abspath(infile)))
elif not os.path.isfile(configfile):
bail('[!] Cannot find config in {path}'.format(
path=os.path.abspath(configfile)))
else:
print('[+] Using {path} as template'.format(
path=os.path.abspath(infile)))
print('[+] Using {path} as config'.format(
path=os.path.abspath(configfile)))
config = configparser.ConfigParser()
config.read(configfile)
data = getProviderData(config)
addCaData(data, configfile)
writeOutput(data, infile, outfile)
print('[+] Wrote configuration for {provider} to {outf}'.format(
provider=data.get('name'),
outf=os.path.abspath(outfile)))
......@@ -15,7 +15,7 @@
package main
//go:generate ../../branding/vendorize.py ../../branding/config.go.tmpl ../../branding/config/vendor.conf ../../pkg/config/config.go
//go:generate ../../branding/scripts/vendorize.py ../../branding/template/config.go ../../branding/config/vendor.conf ../../pkg/config/config.go
import (
"flag"
......
/*
DO NOT EDIT --------------------------------------------------
This file has been automatically generated by `go generate`.
Any changes will be overriden.
DO NOT EDIT --------------------------------------------------
*/
// Code generated by go generate; DO NOT EDIT.
// This file was generated by vendorize.py
// At 2019-07-02 18:39:16
package config
/* All these constants are defined in the vendor.conf file
*/
*/
const (
Provider = "riseup.net"
ApplicationName = "RiseupVPN"
......@@ -26,7 +21,7 @@ const (
CaCert : a string containing a representation of the provider CA, used to
sign the webapp and openvpn certificates. should be placed in
config/[provider]/ca.crt
config/[provider]-ca.crt
*/
var CaCert = []byte(`-----BEGIN CERTIFICATE-----
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment