.gitignore

@@ -25,9 +25,11 @@ docs/cov_html/
 .cache
 coverage.xml
 *,cover
+_trial_temp
 
 # Sphinx documentation
 docs/_build/
+docs/_static
 
 # virtualenv
 .venv/
@@ -35,10 +37,22 @@ venv/
 ENV/
 
 # Javascript, web-ui
-www/node_modules
-www/public
-www/npm-debug.log
-www/leap/bitmask_www/public/
+ui/node_modules
+ui/npm-debug.log
+ui/pydist/leap/bitmask_js
 
 # vim
 *.swp
+
+# PyInstaller
+pkg/pyinst/dist/
+pkg/pyinst/build/
+pkg/launcher/bitmask
+
+NOTES
+
+# logs and screenshots from failed functional tests
+/failures/
+
+# temporary home folders for functional tests
+/tmp/

.gitlab-ci.yml

+---
+stages:
+  - test
+  - publish
+
+variables:
+  DOCKER_DRIVER: overlay
+
+# Cache gems in between stages for this pipeline only
+cache:
+  paths:
+    - .tox/py27-dev
+
+linux_test:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  script:
+    # In this first job, recreate the tox venv from scratch
+    # on start of every pipeline
+    - dpkg -l tox > /dev/null || apt-get -y --no-install-recommends install tox
+    - tox --recreate -e py27-dev
+  tags:
+    - linux
+
+osx_test:
+  stage: test
+  allow_failure: true
+  script:
+    - ls -la /usr/bin/gpg
+    - /usr/local/bin/tox --recreate -e py27-dev
+  tags:
+    - yosemite
+    - osx
+
+bitmask_latest_bundle:
+  image: 0xacab.org:4567/leap/docker/bitmask-bundler:latest
+  stage: publish
+  script:
+    - pkg/build_bundle_with_venv.sh
+    - mv "dist/bitmask-`cat pkg/next-version`" .
+  artifacts:
+    paths:
+      - "bitmask-`cat pkg/next-version`"
+    name: "Bitmask_linux64_latest_${CI_BUILD_REF}"
+    expire_in: 1 month
+  tags:
+    - linux
+
+e2e_test_mail:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  script:
+    - dpkg -l tox gnupg1 haveged  > /dev/null || apt-get -y --no-install-recommends install tox gnupg1 haveged
+    - tox -e py27-dev --notest
+    - source .tox/py27-dev/bin/activate
+    - make dev-latest-backend
+    - mkdir -p /root/.config/leap/
+    - make install_helpers
+    - make test_e2e_mail
+  tags:
+    - linux
+
+e2e_test_vpn:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  script:
+    - dpkg -l tox gnupg1 haveged  > /dev/null || apt-get -y --no-install-recommends install tox gnupg1 haveged
+    - tox -e py27-dev --notest
+    - source .tox/py27-dev/bin/activate
+    - make dev-latest-backend
+    - mkdir -p /root/.config/leap/
+    - make install_helpers
+    - make test_e2e_vpn
+  tags:
+    - linux
+
+e2e_test_conditional_downloads:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  allow_failure: true
+  script:
+    - dpkg -l tox gnupg1 haveged  > /dev/null || apt-get -y --no-install-recommends install tox gnupg1 haveged
+    - tox -e py27-dev --notest
+    - source .tox/py27-dev/bin/activate
+    - make dev-latest-backend
+    - mkdir -p /root/.config/leap/
+    - make install_helpers
+    - make test_e2e_conditional_downloads
+  tags:
+    - linux
+
+functional_tests:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  before_script:
+    - dpkg -l tox > /dev/null || apt-get -y --no-install-recommends install tox
+    - tox -e py27-dev --notest
+    - source .tox/py27-dev/bin/activate
+    - make dev-latest-all
+    - make test_functional_setup
+  script:
+    - make test_functional
+  artifacts:
+    when: on_failure
+    paths:
+      - failures
+    name: "Bitmask_linux64_${CI_BUILD_REF}_e2e_screenshots"
+    expire_in: 1 month
+  tags:
+    - linux
+
+# This is Work In Progress
+#functional_test_bundle:
+#  image: 0xacab.org:4567/leap/bitmask-dev:latest
+#  stage: test_bundle
+#  allow_failure: true
+#  script:
+#    - TEST_MODE='bundle_ci' make test_functional
+#  artifacts:
+#    when: on_failure
+#    paths:
+#      - failures
+#    name: "Bitmask_linux64_${CI_BUILD_REF}_e2e_screenshots"
+#    expire_in: 1 month
+#  tags:
+#    - linux
+
+build_ui:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: test
+  script:
+    - cd ui && make dev-build
+  tags:
+    - linux
+  cache:
+    paths:
+    - ui/node_modules/
+
+build_docker_image:
+  image: 0xacab.org:4567/leap/bitmask-dev:latest
+  stage: publish
+  services:
+    - docker:dind
+  tags:
+    - docker-in-docker
+  only:
+    - branches@leap/bitmask-dev
+  before_script:
+     - >
+       export LAST_COMMIT=$(curl -s --header "PRIVATE-TOKEN: ${LEAP_CODE_O_MATIC_PRIVATE_TOKEN}" https://0xacab.org/api/v4/projects/574/pipelines |
+       python -c "import sys, json; print json.load(sys.stdin)[1]['sha']")
+  script:
+    - >
+      if git diff $LAST_COMMIT HEAD --name-only | egrep '(tests/docker|.gitlab)' || [ "$CI_JOB_MANUAL" == "true" ] ; then
+        if [ "$CI_COMMIT_REF_SLUG" == "master" ]
+        then
+          TAG='latest'
+        else
+          TAG="$CI_COMMIT_REF_SLUG"
+        fi
+        docker --version
+        docker info
+        docker login -u gitlab-ci-token -e sysdev@leap.se -p $CI_JOB_TOKEN $CI_REGISTRY
+        docker build -t ${CI_REGISTRY_IMAGE}:${TAG} tests/docker
+        docker push ${CI_REGISTRY_IMAGE}:${TAG}
+      fi
+
+build_docker_bundle_image:
+  image: 0xacab.org:4567/leap/docker/bitmask-bundler:latest
+  stage: publish
+  services:
+    - docker:dind
+  tags:
+    - docker-in-docker
+  only:
+    - branches@leap/bitmask-dev
+  before_script:
+     - >
+       export LAST_COMMIT=$(curl -s --header "PRIVATE-TOKEN: ${LEAP_CODE_O_MATIC_PRIVATE_TOKEN}" https://0xacab.org/api/v4/projects/574/pipelines |
+       python -c "import sys, json; print json.load(sys.stdin)[1]['sha']")
+  script:
+    - >
+      if git diff $LAST_COMMIT HEAD --name-only | egrep '(pkg/docker_bundle|.gitlab)' || [ "$CI_JOB_MANUAL" == "true" ] ; then
+        if [ "$CI_COMMIT_REF_SLUG" == "master" ]
+        then
+          TAG='latest'
+        else
+          TAG="$CI_COMMIT_REF_SLUG"
+        fi
+        docker --version
+        docker info
+        docker login -u gitlab-ci-token -e sysdev@leap.se -p $CI_JOB_TOKEN $CI_REGISTRY
+        docker build -t ${CI_REGISTRY_IMAGE}:${TAG} pkg/docker_bundle
+        docker push ${CI_REGISTRY_IMAGE}:${TAG}
+      fi
+
+.job_template: &job_definition
+  stage: publish
+  # Only build packages for https://0xacab.org/leap/bitmask-dev, not
+  # for forks
+  only:
+    - master@leap/bitmask-dev
+    - tags@leap/bitmask-dev
+  image: "0xacab.org:4567/leap/gitlab-buildpackage:build_${DIST}_${ARCH}"
+  script:
+    - "pwd; git describe"
+    - build-build-package
+    # Test the package with lintian
+    - build-test-lintian
+    - upload-package
+    # sleep 1h to allow debugging of running container
+    #- sleep 3600
+  artifacts:
+    expire_in: 1w
+    paths:
+    - '*_*.xz'
+    - '*_*.dsc'
+    - '*_amd64.changes'
+    - '*.deb'
+    - 'results/*'
+
+package:amd64_stretch:
+  variables:
+    ARCH: "amd64"
+    DIST: "stretch"
+    REPONAMES: "client"
+    # Default is to fail on warnings, we disable it here
+    # unless all lintian warnings are fixed (#9033)
+    LINTIAN_OPTS: "-X filename-length, --suppress-tags newer-standards-version"
+  <<: *job_definition
+
+package:amd64_buster:
+  variables:
+    ARCH: "amd64"
+    DIST: "buster"
+    REPONAMES: "client"
+    # Default is to fail on warnings, we disable it here
+    # unless all lintian warnings are fixed (#9033)
+    LINTIAN_OPTS: "-X filename-length"
+  <<: *job_definition
+
+package:amd64_sid:
+  variables:
+    ARCH: "amd64"
+    DIST: "sid"
+    REPONAMES: "client"
+    # Default is to fail on warnings, we disable it here
+    # unless all lintian warnings are fixed (#9033)
+    LINTIAN_OPTS: "-X filename-length, --suppress-tags newer-standards-version"
+  <<: *job_definition
+
+package:amd64_artful:
+  variables:
+    ARCH: "amd64"
+    DIST: "artful"
+    REPONAMES: "client"
+    # Default is to fail on warnings, we disable it here
+    # unless all lintian warnings are fixed (#9033)
+    LINTIAN_OPTS: "-X filename-length, --suppress-tags newer-standards-version"
+  <<: *job_definition

.travis.yml

+---
+os: osx
+# Xcode 6.4, OS X 10.10
+osx_image: xcode6.4
+
+# language: python is not supported on OSX
+# see https://github.com/travis-ci/travis-ci/issues/2312
+language: generic
+
+before_install:
+  - brew update
+  - brew install python
+  # Only if we need a newer version of openssl (1.0.2l instead of 1.0.2a-1)
+  # - brew upgrade OpenSSL
+  - pip2 install virtualenv
+  # https://stackoverflow.com/questions/36555679/fatal-error-in-building-sqlcipher-openssl-rand-h-file-not-found
+  - brew link openssl --force --overwrite
+  - virtualenv env -p python2.7
+  - source env/bin/activate
+  - pip2 install tox
+
+script: tox --recreate -e py27-dev

AUTHORS

-Tomás Touceda <chiiph@leap.se>
-Ivan Alejandro <ivanalejandro0@gmail.com>
-Kali Kaneko <kali@leap.se>
-drebs <drebs@leap.se>
-antialias <antialias@leap.se>
-elijah <elijah@riseup.net>
-Ruben Pollan <meskio@sindominio.net>
-k clair <kclair@riseup.net>
-Jaromil <jaromil@dyne.org>
-kwadronaut <kwadronaut@leap.se>
-Duda Dornelles <ddornell@thoughtworks.com>
-Bruno Wagner Goncalves <bwagner@thoughtworks.com>
-Parménides GV <parmegv@sdf.org>
-Neissi Lima <neissi.lima@gmail.com>
-Micah Anderson <micah@riseup.net>
-irregulator <irregulator@riseup.net>

LICENSE

@@ -672,39 +672,3 @@ may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
 <http://www.gnu.org/philosophy/why-not-lgpl.html>.
-
---------------------------------------------------------------------------------
-We are "embedding" PastebinAPI class since currently the installation through
-pip does not work.
-
-file: src/leap/bitmask/util/pastebin.py
-License: GPL
-Author: Ian Havelock
-website: https://github.com/Morrolan/PastebinAPI
---------------------------------------------------------------------------------
-
-Bitmask also uses third party icons:
-
----
-data/images/Arrow-Up-32.png
-data/images/Arrow-Down-32.png
-
-Author: Liam McKay
-License: GNU General Public License - http://en.wikipedia.org/wiki/GNU_General_Public_License
-WebSite: http://wefunction.com/
-IconPackage: WooFunction icon pack - http://www.iconspedia.com/pack/woofunction-icons-4136/
----
-data/images/oxygen-icons/
-
-The following icons were created based on 'mail-unread.png' from oxygen:
-data/images/mail-locked.png
-data/images/mail-unlocked.png
-
-License: LGPL - http://www.gnu.org/licenses/lgpl.html
-Website: http://www.oxygen-icons.org/
---
-data/images/pastebin.png
-
-author: Marco Martin
-License: LGPL
-website: https://www.iconfinder.com/icons/7897/binary_icon

MANIFEST.in

 include versioneer.py
 include src/leap/bitmask/_version.py
+include src/leap/bitmask/core/bitmaskd.tac
+include *.bin

Makefile

-clean:
-	find . -type f -name "*.py[co]" -delete
-	find . -type d -name "__pycache__" -delete
+DIST=dist/bitmask
+NEXT_VERSION = $(shell cat pkg/next-version)
+DIST_VERSION = $(DIST)-$(NEXT_VERSION)/
+
+HEADLESS_DIST=dist/bitmask-nox
+HEADLESS_DIST_VERSION = $(HEADLESS_DIST)-$(NEXT_VERSION)/
+
+ANONVPN_DIST=dist/anonvpn
+ANONVPN_DIST_VERSION = $(ANONVPN_DIST)-$(NEXT_VERSION)/
+
+BITMASK_ROOT = src/leap/bitmask/vpn/helpers/linux/bitmask-root
+POLKIT_POLICY = src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.policy
+SUDO = /usr/bin/sudo
+
+include pkg/bundles/build.mk
+include pkg/thirdparty/openvpn/build.mk
+
+dev-bootstrap:
+	pkg/tools/bitmask-bootstrap.sh
 
 dev-mail:
-	pip install -e '.[mail]'
-	pip install -e www
+	pip install -U -e '.[mail]'
+
+dev-gui: install_pixelated
+	pip install -U -e '.[gui]'
+
+dev-backend:
+	pip install -U -e '.[backend]'
 
-dev-all:
-	pip install -e '.[all]'
+dev-all: install_pixelated
+	pip install -I --install-option="--bundled" pysqlcipher
+	pip install -U -e '.[all]'
+
+dev-latest-leap:
+	pip install -U -e 'git+https://0xacab.org/leap/leap_pycommon@master#egg=leap.common'
+	pip install -U -e 'git+https://0xacab.org/leap/soledad@master#egg=leap.soledad'
+
+dev-latest-backend: dev-backend dev-latest-leap
+
+dev-latest-all: dev-all dev-latest-leap
+
+upgrade-all:
+	python pkg/tools/upgrade_all.py
 
 uninstall:
 	pip uninstall leap.bitmask
+
+test:
+	tox
+
+test_e2e_mail: install_helpers
+	tests/e2e/e2e-test-mail.sh
+
+test_e2e_vpn: install_helpers
+	tests/e2e/e2e-test-vpn.sh
+
+test_e2e_conditional_downloads: install_helpers
+	tests/e2e/conditional_downloads.py
+
+test_functional_setup:
+	pip install -U behave selenium
+
+test_functional: install_helpers
+	test -f /usr/bin/lxpolkit && lxpolkit &
+	xvfb-run --server-args="-screen 0 1280x1024x24" behave --tags ~@wip --tags @smoke tests/functional/features -k --no-capture -D host=localhost
+
+test_functional_graphical:
+	behave --tags ~@wip --tags @smoke tests/functional/features -k --no-capture -D host=localhost
+
+test_functional_graphical_wip:
+	behave --tags @wip tests/functional/features -k --no-capture -D host=localhost
+
+install_helpers:
+	# if there's no sudo, assumming this is running as root by the CI
+	test -f $(SUDO) && sudo cp $(BITMASK_ROOT) /usr/local/sbin/ || cp $(BITMASK_ROOT) /usr/local/sbin/
+	test -f $(SUDO) && sudo cp $(POLKIT_POLICY) /usr/share/polkit-1/actions/se.bitmask.bundle.policy || cp $(POLKIT_POLICY) /usr/share/polkit-1/actions/se.bitmask.bundle.policy
+
+install_pixelated:
+	pip install leap.pixelated leap.pixelated-www
+
+qt-resources:
+	pyrcc5 pkg/branding/icons.qrc -o src/leap/bitmask/gui/app_rc.py
+
+doc:
+	cd docs && make html
+
+bundle_in_virtualenv:
+	pkg/build_bundle_with_venv.sh
+
+bundle_in_virtualenv_osx:
+	pkg/build_osx_bundle_with_venv.sh
+
+package_in_docker:
+	# needs docker_ce and gitlab-runner from upstream
+	gitlab-runner exec docker package:amd64_stretch
+
+bundler_image:
+	cd pkg/docker_bundler && make bundler
+
+bundle_in_docker:
+	# needs a docker container called 'bitmask-bundler-apt', created with 'make bundler_image'
+	# XXX why was it needed to specify -u `id -u` again? if it's something with gilab CI we might need
+	# to chown it first.
+	cat pkg/bundle_from_docker | docker run -i -v /srv/bitmask-builds:/dist -w /dist -e REPO="$(REPO)" -e BRANCH="$(BRANCH)" bitmask-bundler-apt bash
+
+bundle_riseupvpn:
+	# needs a docker container called 'bitmask-bundler-apt', created with 'make bundler_image'
+	# XXX why was it needed to specify -u `id -u` again? if it's something with gilab CI we might need
+	# to chown it first.
+	cat pkg/bundle_riseupvpn_from_docker | docker run -i -v /srv/bitmask-builds:/dist -w /dist -e REPO="$(REPO)" -e BRANCH="$(BRANCH)" bitmask-bundler-apt bash
+
+bundle_in_docker_virtualenv:
+	# this runs bundles inside a virtualenv. it is kind of slow because it compiles all python extensions in dependencies each time.
+	cat pkg/bundle_from_docker_venv | docker run -i -v ~/leap/bitmask-dev:/dist -w /dist -u `id -u` -e REPO="$(REPO)" -e BRANCH="$(BRANCH)" bitmask-bundler-venv bash
+	mkdir -p dist/
+	cp -r bitmaskbuild/$(DIST_VERSION) dist/
+	rm -rf bitmaskbuild
+
+upload:
+	python setup.py sdist bdist_wheel --universal upload --sign -i kali@leap.se -r pypi
+
+clean:
+	find . -type f -name "*.py[co]" -delete
+	find . -type d -name "__pycache__" -delete

NEWS

+Ticket numbers in this file can be looked up by visiting
+http://0xacab.org/leap/bitmask-dev/issues/<number>
+
+Bitmask 0.10.0
+==============
+
+Features
+--------
+
+Bugfixes
+--------
+
+Documentation
+-------------
+
+Other
+-----

README.rst

 Bitmask
-===========
+===========================================================
 
 *Your internet encryption toolkit*
 
 .. image:: https://badge.fury.io/py/leap.bitmask.svg
     :target: http://badge.fury.io/py/leap.bitmask
+.. image:: https://0xacab.org/leap/bitmask-dev/badges/master/build.svg
+    :target: https://0xacab.org/leap/bitmask-dev/pipelines
+.. image:: https://readthedocs.org/projects/bitmask/badge/?version=latest
+   :target: http://bitmask.readthedocs.io/en/latest/?badge=latest
+   :alt: Documentation Status
 .. image:: https://img.shields.io/badge/IRC-leap-blue.svg
    :target: http://webchat.freenode.net/?channels=%23leap&uio=d4
    :alt: IRC
@@ -19,67 +24,124 @@ also used as a set of libraries to communicate with the different services from
 third party applications.
 
 It is written in python using `Twisted`_  and licensed under the `GPL3`_. The
-Graphical User Interface is written in html+js and uses `PyQt5`_ for serving the
-application.
+Graphical User Interface is written in html+js and uses `PyQt5`_ for serving
+the application.
 
 .. _`the LEAP Platform`: https://github.com/leapcode/leap_platform
 .. _`Twisted`: https://twistedmatrix.com
 .. _`PyQt5`: https://pypi.python.org/pypi/PyQt5
 .. _`GPL3`: http://www.gnu.org/licenses/gpl.txt
 
+Package under development!
+-----------------------------------------------------------
+
+The previous client using PySide has been deprecated (Bitmask version 0.9.2,
+still available at the http://github.com/leapcode/bitmask_client repo).
+
+
 Read the Docs!
-------------------
+-----------------------------------------------------------
 
-The latest documentation is available at `LEAP`_.
+There is documentation about Bitmask `for users`_ and `for developers`_. For
+developers, be sure to read the sections on `hacking`_ and `contributing_`.
+Testers should read the section on `testing and QA`_.
 
-.. _`LEAP`: https://leap.se/en/docs/client
+.. _`for users`: https://leap.se/en/docs/client
+.. _`for developers`: https://bitmask.readthedocs.io
+.. _`hacking`: https://bitmask.readthedocs.io/en/latest/hacking/index.html
+.. _`contributing`: https://bitmask.readthedocs.io/en/latest/hacking/contributing.html#contributing
+.. _`testing and QA`: https://bitmask.readthedocs.io/en/latest/testing/index.html
 
 Bugs
-====
+===========================================================
 
 Please report any bugs `in our bug tracker`_.
 
-.. _`in our bug tracker`: https://leap.se/code/projects/report-issues 
+.. _`in our bug tracker`: https://0xacab.org/leap/bitmask-dev/issues/
+
+Logs
+----
+
+If you want to watch the logs, from the command line::
+
+  bitmaskctl logs watch
+
+The paste command can be handy to do bug reports (needs ``pastebinit`` installed
+in the system)::
+
+  bitmaskctl logs send
+
+but do not upload anything that you do not want to make public ;)
 
 
 Development
-==============
+===========================================================
 
-Tests
------
+Running Tests
+-----------------------------------------------------------
 
 You need tox to run the tests. If you don't have it in your system yet::
 
   pip install tox
 
-And then run all the tests::
+And then run all the python tests::
 
   tox
 
-If you are developing against a non-published branch of ``leap.common`` or
-``leap.soledad``, run instead::
+There are some minimal end-to-end tests::
+
+  make test_e2e
 
-  tox -e py27-dev
+For testing the UI (aka ``bitmask-js``) you need to have ``mocha``
+installed. You can run ui tests like this::
+
+  cd ui && make test
+
+More info abou testing can be found in the ``docs/hacking/testing`` document.
 
-This expects ``leap_common`` and ``soledad`` repos to be checked out in the
-parent folder.
 
 Hacking
--------
+-----------------------------------------------------------
+
+In order to run bitmask in a development environment, you must activate a 
+`virtualenv`_ and install the various leap-related python packages using ``pip
+install -e``. This installs them as links to the source code, so
+that your code changes are immediately reflected in the packages imported from
+within the virtualenv.
+
+The various ``make dev-*`` commands will run the appropriate ``pip install``
+commands for you.
+
+If you want to setup your whole development environment in a single step, and
+you are running a debian-based system, you can use::
+
+  make dev-bootstrap
+
+That should install all the system dependencies, create a virtualenv for you,
+and drop you in a shell inside that virtualenv. In the future, you can enter this
+`virtualenv`_ again by using `pew`_::
+
+  pew workon bitmask
+
+To upgrade regularly the python dependencies installed inside your virtualenv,
+you can run::
 
-If you want to develop for the encrypted mail service, execute inside your virtualenv::
+  make upgrade-all
 
-  make dev-mail
+inside your virtualenv, and it will install any new version of your
+dependencies that is found in `pypi`_.
 
-If you want to develop for the gui client too, you have to have installed the
-python2 bindings for Qt5 in your system (in debian: ``apt install python-pyqt5 
-python-pyqt5.qtwebkit``). After ensuring this, you can do::
+Check out the ``docs/hacking`` page for more extense instructions `to get
+you started`_.
 
-  make dev-all
+.. _`to get you started`: https://bitmask.readthedocs.io/en/latest/hacking/
+.. _`pew`: https://pypi.python.org/pypi/pew
+.. _`virtualenv`: https://pypi.python.org/pypi/virtualenv
+.. _`pypi`: https://pypi.python.org
 
 
 License
-=======
+===========================================================
 
 .. image:: https://raw.github.com/leapcode/bitmask_client/develop/docs/user/gpl.png
 

bench/keymanager/Makefile

+# This makefile is currently intended to make it easy to generate the
+# benchmarking graphs.
+
+RESULTS_FILE = tests/results.json
+GRAPH_PREFIX = benchmark
+
+GRAPH_FILE = $(GRAPH_PREFIX)-test_gpg_init.svg
+
+all: $(GRAPH_FILE)
+
+#
+# rules for generating one graph with the results of all speed tests
+#
+
+$(RESULTS_FILE):
+	tox -v test_gpg_speed.py -- -v --pdb -s \
+	    --benchmark-max-time=2.0 \
+	    --benchmark-json=$(subst tests/,,$@)
+
+$(GRAPH_FILE): $(RESULTS_FILE)
+	py.test-benchmark compare $< --histogram $(GRAPH_PREFIX)
+
+
+#
+# rule for generating one graph for each graph
+#
+
+test:
+	tox -v test_gpg_speed.py -- -v --pdb -s \
+	    --benchmark-histogram=gpg_speed \
+	    --benchmark-storage=./graphs/ \
+	    --benchmark-save=keymanager_gpg_speed \
+
+clean:
+	rm -f $(RESULTS_FILE) $(GRAPH_PREFIX)*.svg
+
+.PHONY: all test graph

bench/keymanager/TODO

+- tune test params (max time, number of iterations, etc)

bench/keymanager/conftest.py

+# -*- coding: utf-8 -*-
+# conftest.py
+# Copyright (C) 2016 LEAP Encryption Acess Project
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Fixtures for the benchmarks for leap.bitmask.keymanager
+"""
+
+import pytest
+
+from leap.bitmask.keymanager.keys import build_key_from_dict
+from leap.bitmask.keymanager.wrapper import TempGPGWrapper
+
+from common import ADDRESS
+from common import KEY_FINGERPRINT
+from common import PUBLIC_KEY
+from common import PRIVATE_KEY
+from common import ADDRESS_2
+from common import KEY_FINGERPRINT_2
+from common import PUBLIC_KEY_2
+from common import PRIVATE_KEY_2
+
+
+@pytest.fixture
+def wrapper(keys=None):
+    return TempGPGWrapper(keys=keys)
+
+
+def _get_key(address, key_fingerprint, key_data, private):
+    kdict = {
+        'uids': [address],
+        'fingerprint': key_fingerprint,
+        'key_data': key_data,
+        'private': private,
+        'length': 4096,
+        'expiry_date': 0,
+        'refreshed_at': 1311239602,
+    }
+    key = build_key_from_dict(kdict)
+    return key
+
+
+@pytest.fixture
+def public_key():
+    return _get_key(ADDRESS, KEY_FINGERPRINT, PUBLIC_KEY, False)
+
+
+@pytest.fixture
+def public_key_2():
+    return _get_key(ADDRESS_2, KEY_FINGERPRINT_2, PUBLIC_KEY_2, False)
+
+
+@pytest.fixture
+def openpgp_keys():
+    return [
+        _get_key(ADDRESS, KEY_FINGERPRINT, PUBLIC_KEY, False),
+        _get_key(ADDRESS_2, KEY_FINGERPRINT_2, PUBLIC_KEY_2, False),
+        _get_key(ADDRESS, KEY_FINGERPRINT, PRIVATE_KEY, True),
+        _get_key(ADDRESS_2, KEY_FINGERPRINT_2, PRIVATE_KEY_2, True),
+    ]

bench/keymanager/test_openpgp_speed.py

+# -*- coding: utf-8 -*-
+# test_opengpg_speed.py
+# Copyright (C) 2016 LEAP Encryption Acess Project
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Benchmarking for the leap.bitmask.keymanager.openpgp module
+"""
+
+import commands
+import pytest
+
+from functools import partial
+
+from gnupg import GPG
+from leap.bitmask.keymanager.wrapper import TempGPGWrapper
+
+from common import CIPHERTEXT
+from common import SIGNEDTEXT
+
+
+GROUP_INIT = 'initialization only'
+GROUP_CRYPTO = 'crypto only'
+GROUP_INIT_AND_CRYPTO = 'initialization and crypto'
+
+
+# the gnupg module gets the binary version each time the GPG object is
+# initialized. In some platforms this takes hundreds of milliseconds, and
+# sometimes more than a second. This is currently a known bug. For making it
+# evident, we provide a way to bypass the version check by monkeypatching the
+# actual function that does the job.
+
+def get_gpg_version():
+    output = commands.getoutput(
+        'gpg --list-config --with-colons | grep version')
+    version = output.split(':').pop()
+    return version
+
+
+GPG_VERSION = get_gpg_version()
+
+
+def mock_gpg_get_version(monkeypatch):
+    def _setver(self):
+        self.binary_version = GPG_VERSION
+    monkeypatch.setattr(
+        GPG, '_check_sane_and_get_gpg_version', _setver)
+
+
+#
+# generic speed test creator
+#
+
+def create_test(fun, num_keys=0, mock_get_version=True, init=None, group=None):
+
+    @pytest.mark.benchmark(group=group)
+    def test(tmpdir, benchmark, openpgp_keys, monkeypatch):
+
+        if mock_get_version:
+            mock_gpg_get_version(monkeypatch)
+
+        if init:
+            res = init(tmpdir, benchmark, openpgp_keys, monkeypatch, num_keys)
+            benchmark(fun, res)
+        else:
+            benchmark(
+                fun, tmpdir, benchmark, openpgp_keys, monkeypatch, num_keys)
+
+    return test
+
+
+#
+# gpg initializarion: 0, 1 and 2 keys
+#
+
+def gpg_init_only(tmpdir, benchmark, openpgp_keys, monkeypatch, num_keys):
+    keys = openpgp_keys[0:num_keys]
+    gpg = GPG(homedir=tmpdir.dirname)
+    for key in keys:
+        gpg.import_keys(key.key_data)
+
+
+test_gpg_init_nokey_slow = create_test(
+    gpg_init_only, num_keys=0,
+    mock_get_version=False,
+    group=GROUP_INIT)
+test_gpg_init_1key_slow = create_test(
+    gpg_init_only, num_keys=1,
+    mock_get_version=False,
+    group=GROUP_INIT)
+test_gpg_init_2keys_slow = create_test(
+    gpg_init_only, num_keys=2,
+    mock_get_version=False,
+    group=GROUP_INIT)
+
+test_gpg_init_nokey = create_test(
+    gpg_init_only, num_keys=0,
+    group=GROUP_INIT)
+test_gpg_init_1key = create_test(
+    gpg_init_only, num_keys=1,
+    group=GROUP_INIT)
+test_gpg_init_2keys = create_test(
+    gpg_init_only, num_keys=2,
+    group=GROUP_INIT)
+
+
+#
+# wrapper initialization: 0, 1 and 2 keys
+#
+
+def wrapper_init_only(tmpdir, benchmark, openpgp_keys, monkeypatch, num_keys):
+    keys = openpgp_keys[0:num_keys]
+    wrapper = TempGPGWrapper(keys=keys)
+    with wrapper as gpg:
+        assert GPG == type(gpg)
+
+
+test_wrapper_init_nokey_slow = create_test(
+    wrapper_init_only, num_keys=0,
+    mock_get_version=False,
+    group=GROUP_INIT)
+test_wrapper_init_1key_slow = create_test(
+    wrapper_init_only, num_keys=1,
+    mock_get_version=False,
+    group=GROUP_INIT)
+test_wrapper_init_2keys_slow = create_test(
+    wrapper_init_only, num_keys=2,
+    mock_get_version=False,
+    group=GROUP_INIT)
+
+test_wrapper_init_nokey = create_test(
+    wrapper_init_only, num_keys=0,
+    group=GROUP_INIT)
+test_wrapper_init_1key = create_test(
+    wrapper_init_only, num_keys=1,
+    group=GROUP_INIT)
+test_wrapper_init_2keys = create_test(
+    wrapper_init_only, num_keys=2,
+    group=GROUP_INIT)
+
+
+#
+# initialization + encryption
+#
+
+PLAINTEXT = ' ' * 10000  # 10 KB
+
+
+def gpg_init_exec(fun, tmpdir, benchmark, openpgp_keys, monkeypatch, _):
+    pubkey = openpgp_keys[0]
+    privkey = openpgp_keys[2]  # this is PRIVATE_KEY
+    gpg = GPG(homedir=tmpdir.dirname)
+    gpg.import_keys(pubkey.key_data)
+    gpg.import_keys(privkey.key_data)
+    fun((gpg, pubkey, privkey))
+
+
+def wrapper_init_exec(fun, tmpdir, benchmark, openpgp_keys, monkeypatch, _):
+    pubkey = openpgp_keys[0]
+    privkey = openpgp_keys[2]
+    wrapper = TempGPGWrapper(keys=[pubkey, privkey])
+    wrapper._build_keyring()
+    fun((wrapper._gpg, pubkey, privkey))
+
+
+def gpg_enc(res):
+    gpg, pubkey, _ = res
+    ciphertext = gpg.encrypt(PLAINTEXT, pubkey.fingerprint)
+    assert ciphertext.ok
+    assert len(ciphertext.data)
+
+
+test_gpg_init_enc = create_test(
+    partial(gpg_init_exec, gpg_enc),
+    group=GROUP_INIT_AND_CRYPTO)
+test_wrapper_init_enc = create_test(
+    partial(wrapper_init_exec, gpg_enc),
+    group=GROUP_INIT_AND_CRYPTO)
+
+
+#
+# initialization + decryption
+#
+
+def gpg_dec(res):
+    gpg, _, _ = res
+    plaintext = gpg.decrypt(CIPHERTEXT)
+    assert plaintext.ok
+    assert len(plaintext.data)
+
+
+test_gpg_init_dec = create_test(
+    partial(gpg_init_exec, gpg_dec),
+    group=GROUP_INIT_AND_CRYPTO)
+test_wrapper_init_dec = create_test(
+    partial(wrapper_init_exec, gpg_dec),
+    group=GROUP_INIT_AND_CRYPTO)
+
+
+#
+# initialization + sign
+#
+
+def gpg_sign(res):
+    gpg, _, privkey = res
+    gpg.import_keys(privkey.key_data)
+    signed = gpg.sign(PLAINTEXT, default_key=privkey.fingerprint)
+    assert signed.status == 'begin signing'
+    assert len(signed.data) > len(PLAINTEXT)
+    assert '-----BEGIN PGP SIGNATURE-----' in signed.data
+    assert '-----END PGP SIGNATURE-----' in signed.data
+
+
+test_gpg_init_sign = create_test(
+    partial(gpg_init_exec, gpg_sign),
+    group=GROUP_INIT_AND_CRYPTO)
+test_wrapper_init_sign = create_test(
+    partial(wrapper_init_exec, gpg_sign),
+    group=GROUP_INIT_AND_CRYPTO)
+
+
+#
+# initialization + verify
+#
+
+def gpg_verify(res):
+    gpg, _, privkey = res
+    signed = gpg.verify(SIGNEDTEXT)
+    assert signed.valid
+
+
+test_gpg_init_verify = create_test(
+    partial(gpg_init_exec, gpg_verify),
+    group=GROUP_INIT_AND_CRYPTO)
+test_wrapper_init_verify = create_test(
+    partial(wrapper_init_exec, gpg_verify),
+    group=GROUP_INIT_AND_CRYPTO)
+
+
+#
+# encryption only
+#
+
+def gpg_init(tmpdir, benchmark, openpgp_keys, monkeypatch, _):
+    pubkey = openpgp_keys[0]
+    privkey = openpgp_keys[2]  # this is PRIVATE_KEY
+    gpg = GPG(homedir=tmpdir.dirname)
+    gpg.import_keys(pubkey.key_data)
+    gpg.import_keys(privkey.key_data)
+    return gpg, pubkey, privkey
+
+
+def wrapper_init(tmpdir, benchmark, openpgp_keys, monkeypatch, _):
+    pubkey = openpgp_keys[0]
+    privkey = openpgp_keys[2]
+    wrapper = TempGPGWrapper(keys=[pubkey, privkey])
+    wrapper._build_keyring()
+    return wrapper._gpg, pubkey, privkey
+
+
+test_gpg_enc = create_test(
+    gpg_enc, init=gpg_init, group=GROUP_CRYPTO)
+test_wrapper_enc = create_test(
+    gpg_enc, init=wrapper_init, group=GROUP_CRYPTO)
+
+
+#
+# decryption only
+#
+
+test_gpg_dec = create_test(
+    gpg_dec,
+    init=gpg_init, group=GROUP_CRYPTO)
+test_wrapper_dec = create_test(
+    gpg_dec,
+    init=wrapper_init, group=GROUP_CRYPTO)
+
+
+#
+# sign only
+#
+
+test_gpg_sign = create_test(
+    gpg_sign, init=gpg_init, group=GROUP_CRYPTO)
+test_wrapper_sign = create_test(
+    gpg_sign, init=wrapper_init, group=GROUP_CRYPTO)
+
+
+#
+# verify only
+#
+
+test_gpg_verify = create_test(
+    gpg_verify, init=gpg_init, group=GROUP_CRYPTO)
+test_wrapper_verify = create_test(
+    gpg_verify, init=wrapper_init, group=GROUP_CRYPTO)

debian/bitmask-chromium.install

+/usr/bin/bitmask_chromium
+/usr/lib/python2.7/dist-packages/leap/bitmask/chrome/

debian/bitmask-core.install

+/usr/bin/bitmaskd
+/usr/bin/bitmaskctl
+/usr/lib/python2.7/dist-packages/leap/bitmask/core/
+/usr/lib/python2.7/dist-packages/leap/bitmask/cli/
+/usr/lib/python2.7/dist-packages/leap/bitmask/bonafide/
+/usr/lib/python2.7/dist-packages/leap/bitmask/__init__.py
+/usr/lib/python2.7/dist-packages/leap/bitmask/_version.py
+/usr/lib/python2.7/dist-packages/leap/bitmask/util.py
+/usr/lib/python2.7/dist-packages/leap/bitmask/hooks.py
+/usr/lib/python2.7/dist-packages/leap/bitmask/config.py
+/usr/lib/python2.7/dist-packages/leap.bitmask-*.egg-info

debian/bitmask-js.install

+ui/pydist/leap/bitmask_js/ /usr/lib/python2.7/dist-packages/leap

debian/bitmask-mail.install

+/usr/lib/python2.7/dist-packages/leap/bitmask/mail/
+/usr/lib/python2.7/dist-packages/leap/bitmask/keymanager/

debian/bitmask-mua.install

+src/leap/bitmask/mua /usr/lib/python2.7/dist-packages/leap/bitmask/mua

debian/bitmask-qt.desktop

+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Bitmask
+Comment=Secure Communication
+Comment[es]=Secure Communication
+Comment[de]=Secure Communication
+Exec=bitmask %U
+Terminal=false
+Icon=bitmask
+Categories=Network;Application;
+StartupNotify=true
+X-AppInstall-Package=bitmask
+Keywords=email;messaging;encryption;vpn;leap