From b64735ed5e3c7121970463f632af0e603dca4af2 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:09:01 +0100 Subject: [PATCH 1/6] Merge revamped linux pkgs from portmaster-linux-pkgs repo --- .github/workflows/linux-arch.yml | 22 - .github/workflows/linux-deb.yml | 69 -- .github/workflows/linux.yml | 190 +++++ linux/.chglog.yml | 7 + linux/.gitignore | 8 +- linux/Makefile | 59 ++ linux/PKGBUILD | 72 +- linux/README.md | 16 +- linux/arch.install | 180 ++++- linux/build.sh | 13 - linux/debian/changelog | 61 -- linux/debian/clean | 1 - linux/debian/compat | 1 - linux/debian/control | 16 - linux/debian/copyright | 671 ------------------ linux/debian/debhelper-build-stamp | 1 - linux/debian/portmaster.config | 8 - linux/debian/portmaster.install | 10 - linux/debian/portmaster.templates | 7 - linux/debian/portmaster.triggers | 2 - linux/debian/postinst | 43 -- linux/debian/postrm | 16 - linux/debian/preinst | 17 - linux/debian/rules | 28 - linux/debian/source/format | 1 - linux/nfpm.yaml.template | 101 +++ linux/pkgrev | 1 + linux/portmaster.desktop | 2 +- linux/{debian => }/portmaster.service | 20 +- linux/portmaster_notifier.desktop | 3 +- linux/schema.json | 624 ++++++++++++++++ linux/templates/PKGBUILD | 55 ++ linux/templates/arch.install | 28 + linux/templates/postinstall.sh | 42 ++ linux/templates/postremove.sh | 39 + linux/templates/preinstall.sh | 11 + linux/templates/preremove.sh | 34 + linux/templates/rules | 11 + linux/templates/snippets/common.sh | 7 + .../snippets/install-systemd-utils.sh | 34 + linux/templates/snippets/post-install.sh | 40 ++ linux/templates/snippets/post-remove.sh | 11 + linux/templates/snippets/post-upgrade.sh | 23 + linux/templates/snippets/pre-remove.sh | 11 + linux/tests/common.sh | 63 ++ linux/tests/test-install.sh | 66 ++ linux/tests/test-uninstall.sh | 48 ++ linux/tests/test-upgrade.sh | 8 + 48 files changed, 1744 insertions(+), 1057 deletions(-) delete mode 100644 .github/workflows/linux-arch.yml delete mode 100644 .github/workflows/linux-deb.yml create mode 100644 .github/workflows/linux.yml create mode 100644 linux/.chglog.yml create mode 100644 linux/Makefile delete mode 100755 linux/build.sh delete mode 100644 linux/debian/changelog delete mode 100644 linux/debian/clean delete mode 100644 linux/debian/compat delete mode 100644 linux/debian/control delete mode 100644 linux/debian/copyright delete mode 100644 linux/debian/debhelper-build-stamp delete mode 100644 linux/debian/portmaster.config delete mode 100644 linux/debian/portmaster.install delete mode 100644 linux/debian/portmaster.templates delete mode 100644 linux/debian/portmaster.triggers delete mode 100644 linux/debian/postinst delete mode 100644 linux/debian/postrm delete mode 100644 linux/debian/preinst delete mode 100755 linux/debian/rules delete mode 100644 linux/debian/source/format create mode 100644 linux/nfpm.yaml.template create mode 100644 linux/pkgrev rename linux/{debian => }/portmaster.service (70%) create mode 100644 linux/schema.json create mode 100644 linux/templates/PKGBUILD create mode 100644 linux/templates/arch.install create mode 100644 linux/templates/postinstall.sh create mode 100644 linux/templates/postremove.sh create mode 100644 linux/templates/preinstall.sh create mode 100644 linux/templates/preremove.sh create mode 100644 linux/templates/rules create mode 100644 linux/templates/snippets/common.sh create mode 100644 linux/templates/snippets/install-systemd-utils.sh create mode 100644 linux/templates/snippets/post-install.sh create mode 100644 linux/templates/snippets/post-remove.sh create mode 100644 linux/templates/snippets/post-upgrade.sh create mode 100644 linux/templates/snippets/pre-remove.sh create mode 100644 linux/tests/common.sh create mode 100755 linux/tests/test-install.sh create mode 100755 linux/tests/test-uninstall.sh create mode 100755 linux/tests/test-upgrade.sh diff --git a/.github/workflows/linux-arch.yml b/.github/workflows/linux-arch.yml deleted file mode 100644 index 89dddc8..0000000 --- a/.github/workflows/linux-arch.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Arch Linux - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - build-arch: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - uses: ./.github/actions/build-arch - id: build - - - uses: actions/upload-artifact@v1 - with: - name: ${{ steps.build.outputs.filename }} - path: ${{ steps.build.outputs.filename }} \ No newline at end of file diff --git a/.github/workflows/linux-deb.yml b/.github/workflows/linux-deb.yml deleted file mode 100644 index 234e9a7..0000000 --- a/.github/workflows/linux-deb.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Debian / Ubuntu - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - build-deb: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - uses: ./.github/actions/build-deb - id: build - with: - args: --unsigned-source --unsigned-changes --no-sign - - - uses: actions/upload-artifact@v1 - with: - name: portmaster.deb - path: ${{ steps.build.outputs.filename }} - - # once more but with the package version - - uses: actions/upload-artifact@v1 - with: - name: ${{ steps.build.outputs.filename }} - path: ${{ steps.build.outputs.filename }} - - install-ubuntu: - name: ${{ matrix.container }} - runs-on: ubuntu-latest - needs: build-deb - container: ${{ matrix.container }} - strategy: - matrix: - container: - - "ubuntu:latest" - - "ubuntu:18.04" - #- "ubuntu:19.04" # apt update fails - - "ubuntu:20.04" - steps: - - uses: actions/checkout@v2 - - name: Download .deb installer - uses: actions/download-artifact@v1 - with: - name: portmaster.deb - - - name: Update package index - run: apt update - - - name: Install CAs - run: apt install -y --no-install-recommends ca-certificates - - - name: Install libnetfilter-queue1 - run: apt install -y --no-install-recommends libnetfilter-queue1 - - - name: Install Portmaster - run: bash -c "set -e ; PMSTART_UPDATE_AGENT=GitHub dpkg -i ./portmaster.deb/*.deb" - - - name: Verify executable portmaster-start - run: bash -c "set -e ; [[ -x /var/lib/portmaster/portmaster-start ]] || exit 1" - - - name: Check core downloaded - run: bash -c "set -e ; [[ -x $(ls /var/lib/portmaster/updates/linux_amd64/core/portmaster-core*) ]] || exit 1" - - - name: Uninstall - run: dpkg -r portmaster diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml new file mode 100644 index 0000000..8ed18f1 --- /dev/null +++ b/.github/workflows/linux.yml @@ -0,0 +1,190 @@ +name: Build, Lint and Test +on: push + +jobs: + shellcheck: + name: Shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + with: + ignore: templates tests + + build: + name: Build artifacts + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Install nfpm@latest + run: curl -o /tmp/nfpm.tar.gz -sSL https://github.com/goreleaser/nfpm/releases/download/v2.7.1/nfpm_2.7.1_Linux_x86_64.tar.gz && cd /tmp && tar xf /tmp/nfpm.tar.gz && sudo mv nfpm /usr/local/bin && sudo chmod a+x /usr/local/bin/nfpm + + - name: Install gomplate + run: sudo curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 && sudo chmod +x /usr/local/bin/gomplate + + - name: Build packages + run: make all + + - name: Upload artifacts + uses: actions/upload-artifact@v2 + with: + name: portmaster-current + path: dist/* + + - name: Build with next pkgrev + run: make clean && make increase-pkgrev && make all + + - name: Upload artifacts with next pkgrev + uses: actions/upload-artifact@v2 + with: + name: portmaster-next + path: dist/* + + test-ubuntu: + name: Test DEB package (ubuntu VM) + runs-on: ubuntu-latest + needs: build + steps: + - uses: actions/download-artifact@v2 + with: + name: portmaster-current + + - name: Install tooling + run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" + env: + DEBIAN_FRONTEND: noninteractive + + - name: Install dependencies + run: sudo apt-get install -y libnetfilter-queue1 ca-certificates + env: + DEBIAN_FRONTEND: noninteractive + + - name: Install deb package + run: yes | sudo dpkg -i ./portmaster_*.deb + + - uses: actions/checkout@v2 + - name: Verify installation + run: ./tests/test-install.sh + + - uses: actions/download-artifact@v2 + with: + name: portmaster-next + path: ./next + + - name: "Upgrade to next pkgrev" + run: yes | sudo dpkg -i ./next/portmaster_*.deb || ls -R + + - name: Verify upgrade + run: ./tests/test-upgrade.sh + + - name: Uninstall portmaster + run: sudo apt-get remove -y portmaster + + - name: Verify uninstallation + run: ./tests/test-uninstall.sh + + test-deb: + name: Test DEB package + runs-on: ubuntu-latest + strategy: + matrix: + container: + - hugojosefson/popos + - ubuntu:latest + - ubuntu:rolling + - ubuntu:xenial + - debian:stable + - debian:unstable + - debian:oldstable + - debian:testing + - linuxmintd/mint20-amd64 + - linuxmintd/mint19-amd64 + needs: build + steps: + - uses: actions/download-artifact@v2 + with: + name: portmaster-current + + - name: Install tooling + run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" + env: + DEBIAN_FRONTEND: noninteractive + + - name: Install dependencies + run: sudo apt-get install -y libnetfilter-queue1 ca-certificates + env: + DEBIAN_FRONTEND: noninteractive + + - name: Install deb package + run: yes | sudo dpkg -i ./portmaster_*.deb + + - uses: actions/checkout@v2 + - name: Verify installation + run: sudo ./tests/test-install.sh + + - uses: actions/download-artifact@v2 + with: + name: portmaster-next + path: ./next + + - name: "Upgrade to next pkgrev" + run: yes | sudo dpkg -i ./next/portmaster_*.deb + + - name: Verify upgrade + run: ./tests/test-upgrade.sh + + - name: Uninstall portmaster + run: sudo apt-get remove -y portmaster + + - name: Verify uninstallation + run: ./tests/test-uninstall.sh + + test-rpm: + name: Test RPM package + runs-on: ubuntu-latest + needs: build + strategy: + matrix: + container: + - fedora:32 + - fedora:33 + - fedora:34 + - centos:7 + - centos:8 + container: ${{ matrix.container }} + steps: + - uses: actions/download-artifact@v2 + with: + name: portmaster-current + + - name: Install tooling + run: yum install -y systemd desktop-file-utils procps-ng + + # we use yum localinstall instead of dnf install because + # not all tested distro versions have dnf available and those + # that have dnf have it aliased as yum. + - name: Install package + run: yum localinstall -y ./portmaster-*.rpm + + - uses: actions/checkout@v2 + - name: Verify installation + run: ./tests/test-install.sh + + - uses: actions/download-artifact@v2 + with: + name: portmaster-next + path: ./next + + - name: "Upgrade to next pkgrev" + run: yum localinstall -y ./next/portmaster-*.rpm + + - name: Verify upgrade + run: ./tests/test-upgrade.sh + + - name: Uninstall portmaster + run: yum remove -y portmaster + + - name: Verify uninstallation + run: ./tests/test-uninstall.sh diff --git a/linux/.chglog.yml b/linux/.chglog.yml new file mode 100644 index 0000000..60a2066 --- /dev/null +++ b/linux/.chglog.yml @@ -0,0 +1,7 @@ +conventional-commits: false +deb: + distribution: [] + urgency: "" +debug: false +owner: "Safing ICS Technologies GmbH" +package-name: "portmaster" diff --git a/linux/.gitignore b/linux/.gitignore index 155ff45..d02a4f1 100644 --- a/linux/.gitignore +++ b/linux/.gitignore @@ -1,5 +1,5 @@ -/src -/portmaster.service -/pkg -/portmaster-*-x86_64.pkg.tar.xz +/portmaster-start +/scripts /icons +/nfpm.yaml +/dist diff --git a/linux/Makefile b/linux/Makefile new file mode 100644 index 0000000..4434cb2 --- /dev/null +++ b/linux/Makefile @@ -0,0 +1,59 @@ +#!/usr/bin/make -f +STARTURL ?= https://updates.safing.io/latest/linux_amd64/start/portmaster-start\?CI +NFPM ?= nfpm + +.PHONY: icons test-debian test-ubuntu nfpm.yaml + +all: deb rpm + +nfpm.yaml: portmaster-start + sed -e "s/^version:.*$$/version: v$(shell ./portmaster-start version --short)-$(shell cat ./pkgrev)/g" ./nfpm.yaml.template > ./nfpm.yaml + +build: icons nfpm.yaml gen-scripts gen-pkgbuild + +icons: + for res in 16 32 48 96 128 ; do \ + mkdir -p icons/$${res}x$${res} ; \ + convert ./portmaster_logo.png -resize "$${res}x$${res}" "icons/$${res}x$${res}/portmaster.png" ; \ + done + +portmaster-start: + curl --fail --user-agent GitHub -o portmaster-start $(STARTURL) + chmod +x ./portmaster-start + +deb: distdir build + $(NFPM) package --packager deb -t dist + +rpm: distdir build + $(NFPM) package --packager rpm -t dist + +distdir: + mkdir -p ./dist + +clean: + rm -r ./portmaster-start ./scripts ./dist icons/ PKGBUILD arch.install nfpm.yaml src pkg portmaster-bin-*.pkg.tar.xz|| true + +test-debian: build deb + docker run -ti --rm -v $(shell pwd)/dist:/work -w /work debian:latest bash -c 'apt update && apt install -y ca-certificates && dpkg -i /work/portmaster*.deb ; bash' + +test-ubuntu: build deb + docker run -ti --rm -v $(shell pwd)/dist:/work -w /work ubuntu:latest bash -c 'apt update && apt install -y ca-certificates && dpkg -i /work/portmaster*.deb ; bash' + +increase-pkgrev: + bash -c 'rev=$$(cat pkgrev) ; ((rev++)) ; echo $${rev} > ./pkgrev' + +reset-pkgrev: + echo 1 > ./pkgrev + +gen-scripts: + mkdir -p ./scripts + for file in "rules" "preinstall.sh" "postinstall.sh" "preremove.sh" "postremove.sh"; do \ + gomplate -f "templates/$${file}" > "./scripts/$${file}" ; \ + done; + +gen-pkgbuild: nfpm.yaml + gomplate -d "nfpm=./nfpm.yaml" -f templates/arch.install > arch.install + gomplate -d "nfpm=./nfpm.yaml" -f templates/PKGBUILD > PKGBUILD + +lint: + shellcheck ./scripts/* ./arch.install \ No newline at end of file diff --git a/linux/PKGBUILD b/linux/PKGBUILD index 042c176..3ded317 100644 --- a/linux/PKGBUILD +++ b/linux/PKGBUILD @@ -1,51 +1,55 @@ -# Maintainer: Patrick Pacher -pkgname=portmaster -pkgver=0.5.2 +# Maintainer: Safing ICS Technologies +# +# Application Firewall: Block Mass Surveillance - Love Freedom +# The Portmaster enables you to protect your data on your device. You +# are back in charge of your outgoing connections: you choose what data +# you share and what data stays private. Read more on docs.safing.io. +# +pkgname=portmaster-bin +pkgver=0.7.0 pkgrel=1 pkgdesc='Application Firewall: Block Mass Surveillance - Love Freedom' arch=('x86_64') +url='https://safing.io/portmaster' license=('AGPL3') -install=arch.install -depends=('libnetfilter_queue' 'webkit2gtk') +depends=('libnetfilter_queue') makedepends=('imagemagick') # for convert optdepends=('libappindicator-gtk3: for systray indicator') options=('!strip') -#changelog= +provides=('portmaster') +conflicts=('portmaster') +install=arch.install source=("portmaster-start::https://updates.safing.io/linux_amd64/start/portmaster-start_v${pkgver//./-}" - './portmaster.desktop' - './portmaster_notifier.desktop' - './portmaster_logo.png' - "portmaster.service::file://$(pwd)/debian/portmaster.service") + 'portmaster.desktop' + 'portmaster_notifier.desktop' + 'portmaster_logo.png' + "portmaster.service") noextract=('portmaster-start') -md5sums=('e267b0b2913fc84babcd805264b2d0f7' - '19864fff9d542c427acb727636ac5390' - 'cebfc4aa5f12a1da9b9ebf70f26f0d6f' - 'c5484dd4e42606f8141abdc4e04d5d61' - 'a568e92f6a6f219ded28d8bfd1d6e1f5') +sha256sums=('6ade636aaf2b608f251972fd98b25a8020b301023a6377e5275de5195a132e7f' + '7b0c03e4552dd86caeff2d628b13346cfe70a646af11abac6555e348e46c28da' + '490b586f185218fdd947e8f12aa2dc412d78d89c8ce9b8ef5a75cb2e5ffb94ae' + 'ecb02625952594af86d3b53762363c1e227c2b9604fc9c9423682fc87a92a957' + 'ab64bed0d7300b21a5d594fc94cf491e7782febf5faf90cd18ffe00b9fd9144b') prepare() { for res in 16 32 48 96 128 ; do - local iconpath=${pkgname}-${pkgver}/icons/${res}x${res}/apps - mkdir -p ${iconpath} ; - convert ./portmaster_logo.png -resize ${res}x${res} ${iconpath}/portmaster.png ; + local iconpath="${srcdir}/icons/${res}x${res}/" + mkdir -p "${iconpath}" ; + convert ./portmaster_logo.png -resize "${res}x${res}" "${iconpath}/portmaster.png" ; done } -build() { - mkdir -p ${pkgname}-${pkgver}/data - chmod a+x ${srcdir}/portmaster-start - ${srcdir}/portmaster-start --data ${pkgname}-${pkgver}/data update -} - package() { - mkdir -p ${pkgdir}/var/lib/portmaster - mkdir -p ${pkgdir}/usr/lib/systemd/system - mkdir -p ${pkgdir}/usr/share/icons/hicolor/ - mkdir -p ${pkgdir}/usr/share/applications/ - cp ${srcdir}/portmaster.service ${pkgdir}/usr/lib/systemd/system/portmaster.service - cp ${srcdir}/portmaster-start ${pkgdir}/var/lib/portmaster/ - cp -r ${srcdir}/${pkgname}-${pkgver}/data/* ${pkgdir}/var/lib/portmaster/ - cp -r ${srcdir}/${pkgname}-${pkgver}/icons/* ${pkgdir}/usr/share/icons/hicolor/ - cp ${srcdir}/portmaster.desktop ${pkgdir}/usr/share/applications/ - cp ${srcdir}/portmaster_notifier.desktop ${pkgdir}/usr/share/applications/ + install -Dm 0755 "${srcdir}/portmaster-start" "${pkgdir}/opt/safing/portmaster/portmaster-start" + install -Dm 0644 "${srcdir}/portmaster.desktop" "${pkgdir}/opt/safing/portmaster/portmaster.desktop" + install -Dm 0644 "${srcdir}/portmaster_notifier.desktop" "${pkgdir}/opt/safing/portmaster/portmaster_notifier.desktop" + install -dm 0755 "${pkgdir}/etc/xdg/autostart" + ln -s "/opt/safing/portmaster/portmaster_notifier.desktop" "${pkgdir}/etc/xdg/autostart/portmaster_notifier.desktop" + install -Dm 0644 "${srcdir}/portmaster.service" "${pkgdir}/opt/safing/portmaster/portmaster.service" + install -Dm 0644 "${srcdir}/icons/32x32/portmaster.png" "${pkgdir}/usr/share/pixmaps/portmaster.png" + install -Dm 0644 "${srcdir}/icons/16x16/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/16x16/apps/portmaster.png" + install -Dm 0644 "${srcdir}/icons/32x32/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/32x32/apps/portmaster.png" + install -Dm 0644 "${srcdir}/icons/48x48/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/48x48/apps/portmaster.png" + install -Dm 0644 "${srcdir}/icons/96x96/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/96x96/apps/portmaster.png" + install -Dm 0644 "${srcdir}/icons/128x128/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/128x128/apps/portmaster.png" } diff --git a/linux/README.md b/linux/README.md index 7875cdd..4d918b8 100644 --- a/linux/README.md +++ b/linux/README.md @@ -1,15 +1,5 @@ -# Linux Packages +# Linux Package Scripts -## Debian Package +## Building Packages -How to build: - -1. install requirements: `apt install debhelper` -2. `./build.sh` - - this will download the latest portmaster-start - - results will be in parent dir -3. copy to dist directory with versioned file name - -Note: The resulting debian package is currently not -being signed. We are still in the process of figuring -out the best and most trusted way to do this. +Run `make`. diff --git a/linux/arch.install b/linux/arch.install index b656e62..7d8d45e 100644 --- a/linux/arch.install +++ b/linux/arch.install @@ -1,4 +1,178 @@ +post_install() { + log() { + echo "$@" + } + # + # Prepares systemd support by creating a symlink for the .service file + # and enabling/disabling certain features of our .service unit based on + # the available systemd version. + # + installSystemdSupport() { + local changed="False" + if command -V systemctl >/dev/null 2>&1; then + local systemd_version="$(systemctl --version | head -1 | sed -n 's/systemd \([0-9]*\).*/\1/p')" + # not all distros have migrated /lib to /usr/lib yet but all that + # have provide a symlink from /lib -> /usr/lib so we just prefix with + # /lib here. + ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||: + + # rhel/centos8 does not yet have ProtectKernelLogs available + if [ "${systemd_version}" -lt 244 ]; then + sed -i "s/^ProtectKernelLogs/#ProtectKernelLogs/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + # SystemCallFilter groups are added in 231 so make sure we comment it out + if [ "${systemd_version}" -lt 231 ]; then + sed -i "s/^SystemCall/#SystemCall/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then + systemctl daemon-reload ||: + fi + + log "Configuring portmaster.service to launch at boot" + systemctl enable portmaster.service ||: + fi + } + # + # install .desktop files, either using desktop-file-install when available + # or by just copying the files into /usr/share/applications. + # + if command -V desktop-file-install >/dev/null 2>&1; then + desktop-file-install /opt/safing/portmaster/portmaster.desktop ||: + desktop-file-install /opt/safing/portmaster/portmaster_notifier.desktop ||: + elif [ -d /usr/share/applications ]; then + cp /opt/safing/portmaster/portmaster.desktop /usr/share/applications 2>/dev/null ||: + cp /opt/safing/portmaster/portmaster_notifier.desktop /usr/share/applications 2>/dev/null ||: + fi + + installSystemdSupport + + # + # Fix selinux permissions for portmaster-start + # + if command -V getenforce >/dev/null 2>&1; then + chcon -t bin_t /opt/safing/portmaster/portmaster-start + fi + + # + # Prepare the installation directory tree + # + /opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster clean-structure + + # + # Finally, trigger downloading modules. As this requires internet access + # it is more likely to fail and is thus the last thing we do. + # + if [ "${skip_downloads}" = "True" ]; then + log "Downloading of Portmaster modules skipped!" + log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n" + return + fi + log "Downloading portmaster modules. This may take a while ..." + /opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update --update-agent "${download_agent}" 2>/dev/null >/dev/null || ( + log "Failed to download modules" + log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n" + ) +} + +post_upgrade() { + log() { + echo "$@" + } + # + # Prepares systemd support by creating a symlink for the .service file + # and enabling/disabling certain features of our .service unit based on + # the available systemd version. + # + installSystemdSupport() { + local changed="False" + if command -V systemctl >/dev/null 2>&1; then + local systemd_version="$(systemctl --version | head -1 | sed -n 's/systemd \([0-9]*\).*/\1/p')" + # not all distros have migrated /lib to /usr/lib yet but all that + # have provide a symlink from /lib -> /usr/lib so we just prefix with + # /lib here. + ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||: + + # rhel/centos8 does not yet have ProtectKernelLogs available + if [ "${systemd_version}" -lt 244 ]; then + sed -i "s/^ProtectKernelLogs/#ProtectKernelLogs/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + # SystemCallFilter groups are added in 231 so make sure we comment it out + if [ "${systemd_version}" -lt 231 ]; then + sed -i "s/^SystemCall/#SystemCall/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then + systemctl daemon-reload ||: + fi + + log "Configuring portmaster.service to launch at boot" + systemctl enable portmaster.service ||: + fi + } + # + # As of 0.4.0 portmaster-control has been renamed to portmaster-start + # and is not placed in /usr/bin anymore. Unfortunately, the postrm script + # of the old installer does not get rid of portmaster-control so we should + # take care during an upgrade. + # + rm /usr/bin/portmaster-control 2>/dev/null >&2 ||: + + # + # If there's already a /var/lib/portmaster installation we're going to move + # configs and databases and remove the complete directory + # The preinstall.sh already checked that /var/lib/portmaster/updates MUST NOT + # exist so we should be safe to touch the databases here. + # + if [ -d /var/lib/portmaster ]; then + if [ ! -d /opt/safing/portmaster/config.json ]; then + log "Migrating from previous installation at /var/lib/portmaster to /opt/safing/portmaster ..." + mv /var/lib/portmaster/databases /opt/safing/portmaster/databases ||: + mv /var/lib/portmaster/config.json /opt/safing/portmaster/config.json ||: + fi + log "Removing previous installation directory at /var/lib/portmaster" + rm -r /var/lib/portmaster 2>/dev/null >&2 ||: + fi + +} + +pre_remove() { + log() { + echo "$@" + } + # stop the portmaster service and disable it if it's enabled. + if command -V systemctl >/dev/null 2>&1; then + if (systemctl -q is-active portmaster.service); then + log "Stopping portmaster.service" + systemctl stop portmaster.service ||: + fi + if (systemctl -q is-enabled portmaster.service); then + log "Disabling portmaster.service to launch at boot" + systemctl disable portmaster.service ||: + fi + fi +} + post_remove() { - echo "Removing portmaster modules" - rm -f var/lib/portmaster/updates -} \ No newline at end of file + log() { + echo "$@" + } + rm -rf /opt/safing/portmaster/updates ||: + + # file is marked as a ghost on RPM system so it might have + # been automatically deleted by the package manager. + rm /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||: + rm /usr/share/applications/portmaster.desktop 2>/dev/null >&2 ||: + rm /usr/share/applications/portmaster_notifier.desktop 2>/dev/null >&2 ||: + + if [ "$1" = "purge" ]; then + rm -rf /opt/safing/portmaster ||: + fi + +} diff --git a/linux/build.sh b/linux/build.sh deleted file mode 100755 index 26f9570..0000000 --- a/linux/build.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Check for prerequisites. -if [[ $(which convert) == "" ]]; then - echo "cannot find command convert, please install imagemagick" - exit 1 -fi -if [[ $(which dpkg-buildpackage) == "" ]]; then - echo "cannot find command dpkg-buildpackage, please install debhelper" - exit 1 -fi - -dpkg-buildpackage --no-sign diff --git a/linux/debian/changelog b/linux/debian/changelog deleted file mode 100644 index a982d47..0000000 --- a/linux/debian/changelog +++ /dev/null @@ -1,61 +0,0 @@ -portmaster (0.5.2.0) buster; urgency=low - - * Fix ExecStop directives that clean up iptables. - * Remove workaround that started systemd-resolved when stopping. - * Update to portmaster-start 0.5.2. - - -- Safing Mon, 08 Mar 2021 13:00:00 +0100 - -portmaster (0.5.1.0) buster; urgency=low - - * Update to portmaster-start 0.5.1. - - -- Safing Mon, 08 Mar 2021 13:00:00 +0100 - -portmaster (0.5.0.0) buster; urgency=low - - * Update icons. - * Update to portmaster-start 0.5.0. - - -- Safing Wed, 25 Nov 2020 09:40:00 +0200 - -portmaster (0.4.2.1) buster; urgency=low - - * Fix Restart= stanza in systemd service unit - - -- Safing Thu, 01 Oct 2020 16:50:46 +0200 - -portmaster (0.4.2.0) buster; urgency=low - - * Update to portmaster-start 0.4.2. - - -- Safing Wed, 05 Aug 2020 09:30:01 +0200 - -portmaster (0.4.1.3) buster; urgency=low - - * Update to compat 11. - * Keep portmaster.service running until upgrade finished. - * Keep updates folder during installation. - - -- Safing Mon, 03 Aug 2020 15:07:33 +0200 - -portmaster (0.4.1.2) buster; urgency=low - - * Fix application icon - * Remove SystemCallFilter as it's broken on Mint 19 - - -- Safing Thu, 30 Jul 2020 09:36:25 +0200 - -portmaster (0.4.1.0) buster; urgency=medium - - * Updated systemd service file - * Migrate from portmaster-control to portmaster-start - - -- Safing Tue, 21 Jul 2020 14:27:12 +0200 - -portmaster (0.0.0.1) bionic; urgency=medium - - * Packaging with dpkg-buildpackage. Version number is currently not updated - - -- Safing Wed, 03 Jul 2019 17:07:21 +0200 - diff --git a/linux/debian/clean b/linux/debian/clean deleted file mode 100644 index 12ac7ce..0000000 --- a/linux/debian/clean +++ /dev/null @@ -1 +0,0 @@ -portmaster-start diff --git a/linux/debian/compat b/linux/debian/compat deleted file mode 100644 index b4de394..0000000 --- a/linux/debian/compat +++ /dev/null @@ -1 +0,0 @@ -11 diff --git a/linux/debian/control b/linux/debian/control deleted file mode 100644 index 3b28a3a..0000000 --- a/linux/debian/control +++ /dev/null @@ -1,16 +0,0 @@ -Source: portmaster -Section: net -Priority: optional -Maintainer: Safing -Build-Depends: debhelper (>= 11) -Homepage: https://safing.io/ - -Package: portmaster -Architecture: amd64 -Pre-Depends: ${misc:Depends} -Depends: libnetfilter-queue1, libc6, ${shlibs:Depends} -Recommends: gir1.2-harfbuzz-0.0, libappindicator3-1 -Description: Application Firewall - The Portmaster enables you to protect your data on your device. You - are back in charge of your outgoing connections: you choose what data - you share and what data stays private. Read more on docs.safing.io. diff --git a/linux/debian/copyright b/linux/debian/copyright deleted file mode 100644 index 1c93c9c..0000000 --- a/linux/debian/copyright +++ /dev/null @@ -1,671 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: portmaster -Upstream-Contact: Safing ICS Technologies GmbH -Source: https://www.github.com/safing/portmaster - -Files: * -Copyright: Safing ICS Technologies GmbH -License: AGPL-3 - -License: AGPL-3 - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - . - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - . - Preamble - . - The GNU Affero General Public License is a free, copyleft license for - software and other kinds of works, specifically designed to ensure - cooperation with the community in the case of network server software. - . - The licenses for most software and other practical works are designed - to take away your freedom to share and change the works. By contrast, - our General Public Licenses are intended to guarantee your freedom to - share and change all versions of a program--to make sure it remains free - software for all its users. - . - When we speak of free software, we are referring to freedom, not - price. Our General Public Licenses are designed to make sure that you - have the freedom to distribute copies of free software (and charge for - them if you wish), that you receive source code or can get it if you - want it, that you can change the software or use pieces of it in new - free programs, and that you know you can do these things. - . - Developers that use our General Public Licenses protect your rights - with two steps: (1) assert copyright on the software, and (2) offer - you this License which gives you legal permission to copy, distribute - and/or modify the software. - . - A secondary benefit of defending all users' freedom is that - improvements made in alternate versions of the program, if they - receive widespread use, become available for other developers to - incorporate. Many developers of free software are heartened and - encouraged by the resulting cooperation. However, in the case of - software used on network servers, this result may fail to come about. - The GNU General Public License permits making a modified version and - letting the public access it on a server without ever releasing its - source code to the public. - . - The GNU Affero General Public License is designed specifically to - ensure that, in such cases, the modified source code becomes available - to the community. It requires the operator of a network server to - provide the source code of the modified version running there to the - users of that server. Therefore, public use of a modified version, on - a publicly accessible server, gives the public access to the source - code of the modified version. - . - An older license, called the Affero General Public License and - published by Affero, was designed to accomplish similar goals. This is - a different license, not a version of the Affero GPL, but Affero has - released a new version of the Affero GPL which permits relicensing under - this license. - . - The precise terms and conditions for copying, distribution and - modification follow. - . - TERMS AND CONDITIONS - . - 0. Definitions. - . - "This License" refers to version 3 of the GNU Affero General Public License. - . - "Copyright" also means copyright-like laws that apply to other kinds of - works, such as semiconductor masks. - . - "The Program" refers to any copyrightable work licensed under this - License. Each licensee is addressed as "you". "Licensees" and - "recipients" may be individuals or organizations. - . - To "modify" a work means to copy from or adapt all or part of the work - in a fashion requiring copyright permission, other than the making of an - exact copy. The resulting work is called a "modified version" of the - earlier work or a work "based on" the earlier work. - . - A "covered work" means either the unmodified Program or a work based - on the Program. - . - To "propagate" a work means to do anything with it that, without - permission, would make you directly or secondarily liable for - infringement under applicable copyright law, except executing it on a - computer or modifying a private copy. Propagation includes copying, - distribution (with or without modification), making available to the - public, and in some countries other activities as well. - . - To "convey" a work means any kind of propagation that enables other - parties to make or receive copies. Mere interaction with a user through - a computer network, with no transfer of a copy, is not conveying. - . - An interactive user interface displays "Appropriate Legal Notices" - to the extent that it includes a convenient and prominently visible - feature that (1) displays an appropriate copyright notice, and (2) - tells the user that there is no warranty for the work (except to the - extent that warranties are provided), that licensees may convey the - work under this License, and how to view a copy of this License. If - the interface presents a list of user commands or options, such as a - menu, a prominent item in the list meets this criterion. - . - 1. Source Code. - . - The "source code" for a work means the preferred form of the work - for making modifications to it. "Object code" means any non-source - form of a work. - . - A "Standard Interface" means an interface that either is an official - standard defined by a recognized standards body, or, in the case of - interfaces specified for a particular programming language, one that - is widely used among developers working in that language. - . - The "System Libraries" of an executable work include anything, other - than the work as a whole, that (a) is included in the normal form of - packaging a Major Component, but which is not part of that Major - Component, and (b) serves only to enable use of the work with that - Major Component, or to implement a Standard Interface for which an - implementation is available to the public in source code form. A - "Major Component", in this context, means a major essential component - (kernel, window system, and so on) of the specific operating system - (if any) on which the executable work runs, or a compiler used to - produce the work, or an object code interpreter used to run it. - . - The "Corresponding Source" for a work in object code form means all - the source code needed to generate, install, and (for an executable - work) run the object code and to modify the work, including scripts to - control those activities. However, it does not include the work's - System Libraries, or general-purpose tools or generally available free - programs which are used unmodified in performing those activities but - which are not part of the work. For example, Corresponding Source - includes interface definition files associated with source files for - the work, and the source code for shared libraries and dynamically - linked subprograms that the work is specifically designed to require, - such as by intimate data communication or control flow between those - subprograms and other parts of the work. - . - The Corresponding Source need not include anything that users - can regenerate automatically from other parts of the Corresponding - Source. - . - The Corresponding Source for a work in source code form is that - same work. - . - 2. Basic Permissions. - . - All rights granted under this License are granted for the term of - copyright on the Program, and are irrevocable provided the stated - conditions are met. This License explicitly affirms your unlimited - permission to run the unmodified Program. The output from running a - covered work is covered by this License only if the output, given its - content, constitutes a covered work. This License acknowledges your - rights of fair use or other equivalent, as provided by copyright law. - . - You may make, run and propagate covered works that you do not - convey, without conditions so long as your license otherwise remains - in force. You may convey covered works to others for the sole purpose - of having them make modifications exclusively for you, or provide you - with facilities for running those works, provided that you comply with - the terms of this License in conveying all material for which you do - not control copyright. Those thus making or running the covered works - for you must do so exclusively on your behalf, under your direction - and control, on terms that prohibit them from making any copies of - your copyrighted material outside their relationship with you. - . - Conveying under any other circumstances is permitted solely under - the conditions stated below. Sublicensing is not allowed; section 10 - makes it unnecessary. - . - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - . - No covered work shall be deemed part of an effective technological - measure under any applicable law fulfilling obligations under article - 11 of the WIPO copyright treaty adopted on 20 December 1996, or - similar laws prohibiting or restricting circumvention of such - measures. - . - When you convey a covered work, you waive any legal power to forbid - circumvention of technological measures to the extent such circumvention - is effected by exercising rights under this License with respect to - the covered work, and you disclaim any intention to limit operation or - modification of the work as a means of enforcing, against the work's - users, your or third parties' legal rights to forbid circumvention of - technological measures. - . - 4. Conveying Verbatim Copies. - . - You may convey verbatim copies of the Program's source code as you - receive it, in any medium, provided that you conspicuously and - appropriately publish on each copy an appropriate copyright notice; - keep intact all notices stating that this License and any - non-permissive terms added in accord with section 7 apply to the code; - keep intact all notices of the absence of any warranty; and give all - recipients a copy of this License along with the Program. - . - You may charge any price or no price for each copy that you convey, - and you may offer support or warranty protection for a fee. - . - 5. Conveying Modified Source Versions. - . - You may convey a work based on the Program, or the modifications to - produce it from the Program, in the form of source code under the - terms of section 4, provided that you also meet all of these conditions: - . - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - . - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - . - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - . - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - . - A compilation of a covered work with other separate and independent - works, which are not by their nature extensions of the covered work, - and which are not combined with it such as to form a larger program, - in or on a volume of a storage or distribution medium, is called an - "aggregate" if the compilation and its resulting copyright are not - used to limit the access or legal rights of the compilation's users - beyond what the individual works permit. Inclusion of a covered work - in an aggregate does not cause this License to apply to the other - parts of the aggregate. - . - 6. Conveying Non-Source Forms. - . - You may convey a covered work in object code form under the terms - of sections 4 and 5, provided that you also convey the - machine-readable Corresponding Source under the terms of this License, - in one of these ways: - . - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - . - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - . - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - . - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - . - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - . - A separable portion of the object code, whose source code is excluded - from the Corresponding Source as a System Library, need not be - included in conveying the object code work. - . - A "User Product" is either (1) a "consumer product", which means any - tangible personal property which is normally used for personal, family, - or household purposes, or (2) anything designed or sold for incorporation - into a dwelling. In determining whether a product is a consumer product, - doubtful cases shall be resolved in favor of coverage. For a particular - product received by a particular user, "normally used" refers to a - typical or common use of that class of product, regardless of the status - of the particular user or of the way in which the particular user - actually uses, or expects or is expected to use, the product. A product - is a consumer product regardless of whether the product has substantial - commercial, industrial or non-consumer uses, unless such uses represent - the only significant mode of use of the product. - . - "Installation Information" for a User Product means any methods, - procedures, authorization keys, or other information required to install - and execute modified versions of a covered work in that User Product from - a modified version of its Corresponding Source. The information must - suffice to ensure that the continued functioning of the modified object - code is in no case prevented or interfered with solely because - modification has been made. - . - If you convey an object code work under this section in, or with, or - specifically for use in, a User Product, and the conveying occurs as - part of a transaction in which the right of possession and use of the - User Product is transferred to the recipient in perpetuity or for a - fixed term (regardless of how the transaction is characterized), the - Corresponding Source conveyed under this section must be accompanied - by the Installation Information. But this requirement does not apply - if neither you nor any third party retains the ability to install - modified object code on the User Product (for example, the work has - been installed in ROM). - . - The requirement to provide Installation Information does not include a - requirement to continue to provide support service, warranty, or updates - for a work that has been modified or installed by the recipient, or for - the User Product in which it has been modified or installed. Access to a - network may be denied when the modification itself materially and - adversely affects the operation of the network or violates the rules and - protocols for communication across the network. - . - Corresponding Source conveyed, and Installation Information provided, - in accord with this section must be in a format that is publicly - documented (and with an implementation available to the public in - source code form), and must require no special password or key for - unpacking, reading or copying. - . - 7. Additional Terms. - . - "Additional permissions" are terms that supplement the terms of this - License by making exceptions from one or more of its conditions. - Additional permissions that are applicable to the entire Program shall - be treated as though they were included in this License, to the extent - that they are valid under applicable law. If additional permissions - apply only to part of the Program, that part may be used separately - under those permissions, but the entire Program remains governed by - this License without regard to the additional permissions. - . - When you convey a copy of a covered work, you may at your option - remove any additional permissions from that copy, or from any part of - it. (Additional permissions may be written to require their own - removal in certain cases when you modify the work.) You may place - additional permissions on material, added by you to a covered work, - for which you have or can give appropriate copyright permission. - . - Notwithstanding any other provision of this License, for material you - add to a covered work, you may (if authorized by the copyright holders of - that material) supplement the terms of this License with terms: - . - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - . - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - . - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - . - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - . - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - . - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - . - All other non-permissive additional terms are considered "further - restrictions" within the meaning of section 10. If the Program as you - received it, or any part of it, contains a notice stating that it is - governed by this License along with a term that is a further - restriction, you may remove that term. If a license document contains - a further restriction but permits relicensing or conveying under this - License, you may add to a covered work material governed by the terms - of that license document, provided that the further restriction does - not survive such relicensing or conveying. - . - If you add terms to a covered work in accord with this section, you - must place, in the relevant source files, a statement of the - additional terms that apply to those files, or a notice indicating - where to find the applicable terms. - . - Additional terms, permissive or non-permissive, may be stated in the - form of a separately written license, or stated as exceptions; - the above requirements apply either way. - . - 8. Termination. - . - You may not propagate or modify a covered work except as expressly - provided under this License. Any attempt otherwise to propagate or - modify it is void, and will automatically terminate your rights under - this License (including any patent licenses granted under the third - paragraph of section 11). - . - However, if you cease all violation of this License, then your - license from a particular copyright holder is reinstated (a) - provisionally, unless and until the copyright holder explicitly and - finally terminates your license, and (b) permanently, if the copyright - holder fails to notify you of the violation by some reasonable means - prior to 60 days after the cessation. - . - Moreover, your license from a particular copyright holder is - reinstated permanently if the copyright holder notifies you of the - violation by some reasonable means, this is the first time you have - received notice of violation of this License (for any work) from that - copyright holder, and you cure the violation prior to 30 days after - your receipt of the notice. - . - Termination of your rights under this section does not terminate the - licenses of parties who have received copies or rights from you under - this License. If your rights have been terminated and not permanently - reinstated, you do not qualify to receive new licenses for the same - material under section 10. - . - 9. Acceptance Not Required for Having Copies. - . - You are not required to accept this License in order to receive or - run a copy of the Program. Ancillary propagation of a covered work - occurring solely as a consequence of using peer-to-peer transmission - to receive a copy likewise does not require acceptance. However, - nothing other than this License grants you permission to propagate or - modify any covered work. These actions infringe copyright if you do - not accept this License. Therefore, by modifying or propagating a - covered work, you indicate your acceptance of this License to do so. - . - 10. Automatic Licensing of Downstream Recipients. - . - Each time you convey a covered work, the recipient automatically - receives a license from the original licensors, to run, modify and - propagate that work, subject to this License. You are not responsible - for enforcing compliance by third parties with this License. - . - An "entity transaction" is a transaction transferring control of an - organization, or substantially all assets of one, or subdividing an - organization, or merging organizations. If propagation of a covered - work results from an entity transaction, each party to that - transaction who receives a copy of the work also receives whatever - licenses to the work the party's predecessor in interest had or could - give under the previous paragraph, plus a right to possession of the - Corresponding Source of the work from the predecessor in interest, if - the predecessor has it or can get it with reasonable efforts. - . - You may not impose any further restrictions on the exercise of the - rights granted or affirmed under this License. For example, you may - not impose a license fee, royalty, or other charge for exercise of - rights granted under this License, and you may not initiate litigation - (including a cross-claim or counterclaim in a lawsuit) alleging that - any patent claim is infringed by making, using, selling, offering for - sale, or importing the Program or any portion of it. - . - 11. Patents. - . - A "contributor" is a copyright holder who authorizes use under this - License of the Program or a work on which the Program is based. The - work thus licensed is called the contributor's "contributor version". - . - A contributor's "essential patent claims" are all patent claims - owned or controlled by the contributor, whether already acquired or - hereafter acquired, that would be infringed by some manner, permitted - by this License, of making, using, or selling its contributor version, - but do not include claims that would be infringed only as a - consequence of further modification of the contributor version. For - purposes of this definition, "control" includes the right to grant - patent sublicenses in a manner consistent with the requirements of - this License. - . - Each contributor grants you a non-exclusive, worldwide, royalty-free - patent license under the contributor's essential patent claims, to - make, use, sell, offer for sale, import and otherwise run, modify and - propagate the contents of its contributor version. - . - In the following three paragraphs, a "patent license" is any express - agreement or commitment, however denominated, not to enforce a patent - (such as an express permission to practice a patent or covenant not to - sue for patent infringement). To "grant" such a patent license to a - party means to make such an agreement or commitment not to enforce a - patent against the party. - . - If you convey a covered work, knowingly relying on a patent license, - and the Corresponding Source of the work is not available for anyone - to copy, free of charge and under the terms of this License, through a - publicly available network server or other readily accessible means, - then you must either (1) cause the Corresponding Source to be so - available, or (2) arrange to deprive yourself of the benefit of the - patent license for this particular work, or (3) arrange, in a manner - consistent with the requirements of this License, to extend the patent - license to downstream recipients. "Knowingly relying" means you have - actual knowledge that, but for the patent license, your conveying the - covered work in a country, or your recipient's use of the covered work - in a country, would infringe one or more identifiable patents in that - country that you have reason to believe are valid. - . - If, pursuant to or in connection with a single transaction or - arrangement, you convey, or propagate by procuring conveyance of, a - covered work, and grant a patent license to some of the parties - receiving the covered work authorizing them to use, propagate, modify - or convey a specific copy of the covered work, then the patent license - you grant is automatically extended to all recipients of the covered - work and works based on it. - . - A patent license is "discriminatory" if it does not include within - the scope of its coverage, prohibits the exercise of, or is - conditioned on the non-exercise of one or more of the rights that are - specifically granted under this License. You may not convey a covered - work if you are a party to an arrangement with a third party that is - in the business of distributing software, under which you make payment - to the third party based on the extent of your activity of conveying - the work, and under which the third party grants, to any of the - parties who would receive the covered work from you, a discriminatory - patent license (a) in connection with copies of the covered work - conveyed by you (or copies made from those copies), or (b) primarily - for and in connection with specific products or compilations that - contain the covered work, unless you entered into that arrangement, - or that patent license was granted, prior to 28 March 2007. - . - Nothing in this License shall be construed as excluding or limiting - any implied license or other defenses to infringement that may - otherwise be available to you under applicable patent law. - . - 12. No Surrender of Others' Freedom. - . - If conditions are imposed on you (whether by court order, agreement or - otherwise) that contradict the conditions of this License, they do not - excuse you from the conditions of this License. If you cannot convey a - covered work so as to satisfy simultaneously your obligations under this - License and any other pertinent obligations, then as a consequence you may - not convey it at all. For example, if you agree to terms that obligate you - to collect a royalty for further conveying from those to whom you convey - the Program, the only way you could satisfy both those terms and this - License would be to refrain entirely from conveying the Program. - . - 13. Remote Network Interaction; Use with the GNU General Public License. - . - Notwithstanding any other provision of this License, if you modify the - Program, your modified version must prominently offer all users - interacting with it remotely through a computer network (if your version - supports such interaction) an opportunity to receive the Corresponding - Source of your version by providing access to the Corresponding Source - from a network server at no charge, through some standard or customary - means of facilitating copying of software. This Corresponding Source - shall include the Corresponding Source for any work covered by version 3 - of the GNU General Public License that is incorporated pursuant to the - following paragraph. - . - Notwithstanding any other provision of this License, you have - permission to link or combine any covered work with a work licensed - under version 3 of the GNU General Public License into a single - combined work, and to convey the resulting work. The terms of this - License will continue to apply to the part which is the covered work, - but the work with which it is combined will remain governed by version - 3 of the GNU General Public License. - . - 14. Revised Versions of this License. - . - The Free Software Foundation may publish revised and/or new versions of - the GNU Affero General Public License from time to time. Such new versions - will be similar in spirit to the present version, but may differ in detail to - address new problems or concerns. - . - Each version is given a distinguishing version number. If the - Program specifies that a certain numbered version of the GNU Affero General - Public License "or any later version" applies to it, you have the - option of following the terms and conditions either of that numbered - version or of any later version published by the Free Software - Foundation. If the Program does not specify a version number of the - GNU Affero General Public License, you may choose any version ever published - by the Free Software Foundation. - . - If the Program specifies that a proxy can decide which future - versions of the GNU Affero General Public License can be used, that proxy's - public statement of acceptance of a version permanently authorizes you - to choose that version for the Program. - . - Later license versions may give you additional or different - permissions. However, no additional obligations are imposed on any - author or copyright holder as a result of your choosing to follow a - later version. - . - 15. Disclaimer of Warranty. - . - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY - APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT - HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY - OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, - THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM - IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF - ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - . - 16. Limitation of Liability. - . - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING - WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS - THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY - GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE - USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF - DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD - PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), - EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF - SUCH DAMAGES. - . - 17. Interpretation of Sections 15 and 16. - . - If the disclaimer of warranty and limitation of liability provided - above cannot be given local legal effect according to their terms, - reviewing courts shall apply local law that most closely approximates - an absolute waiver of all civil liability in connection with the - Program, unless a warranty or assumption of liability accompanies a - copy of the Program in return for a fee. - . - END OF TERMS AND CONDITIONS - . - How to Apply These Terms to Your New Programs - . - If you develop a new program, and you want it to be of the greatest - possible use to the public, the best way to achieve this is to make it - free software which everyone can redistribute and change under these terms. - . - To do so, attach the following notices to the program. It is safest - to attach them to the start of each source file to most effectively - state the exclusion of warranty; and each file should have at least - the "copyright" line and a pointer to where the full notice is found. - . - - Copyright (C) - . - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - . - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - . - Also add information on how to contact you by electronic and paper mail. - . - If your software can interact with users remotely through a computer - network, you should also make sure that it provides a way for users to - get its source. For example, if your program is a web application, its - interface could display a "Source" link that leads users to an archive - of the code. There are many ways you could offer source, and different - solutions will be better for different programs; see section 13 for the - specific requirements. - . - You should also get your employer (if you work as a programmer) or school, - if any, to sign a "copyright disclaimer" for the program, if necessary. - For more information on this, and how to apply and follow the GNU AGPL, see - . diff --git a/linux/debian/debhelper-build-stamp b/linux/debian/debhelper-build-stamp deleted file mode 100644 index 3d7f4bd..0000000 --- a/linux/debian/debhelper-build-stamp +++ /dev/null @@ -1 +0,0 @@ -portmaster diff --git a/linux/debian/portmaster.config b/linux/debian/portmaster.config deleted file mode 100644 index 07fe9c0..0000000 --- a/linux/debian/portmaster.config +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -e - -. /usr/share/debconf/confmodule - -db_input high portmaster/auto_updates || true -db_go - -# DEBHELPER # diff --git a/linux/debian/portmaster.install b/linux/debian/portmaster.install deleted file mode 100644 index 5b4e025..0000000 --- a/linux/debian/portmaster.install +++ /dev/null @@ -1,10 +0,0 @@ -portmaster_notifier.desktop /etc/xdg/autostart/ -portmaster-start /var/lib/portmaster -portmaster.desktop /usr/share/applications/ -portmaster_notifier.desktop /usr/share/applications/ -icons/32/portmaster.png /usr/share/pixmaps/ -icons/16/portmaster.png /usr/share/icons/hicolor/16x16/apps/ -icons/32/portmaster.png /usr/share/icons/hicolor/32x32/apps/ -icons/48/portmaster.png /usr/share/icons/hicolor/48x48/apps/ -icons/96/portmaster.png /usr/share/icons/hicolor/96x96/apps/ -icons/128/portmaster.png /usr/share/icons/hicolor/128x128/apps/ diff --git a/linux/debian/portmaster.templates b/linux/debian/portmaster.templates deleted file mode 100644 index f291136..0000000 --- a/linux/debian/portmaster.templates +++ /dev/null @@ -1,7 +0,0 @@ -Template: portmaster/auto_updates -Type: note -Description: Portmaster updates itself automatically - -Template: portmaster/remove_required -Type: note -Description: Detected an old and incompatible portmaster installation that needs to be purged first. Please execute `apt purge portmaster` and reboot. \ No newline at end of file diff --git a/linux/debian/portmaster.triggers b/linux/debian/portmaster.triggers deleted file mode 100644 index 44f91a9..0000000 --- a/linux/debian/portmaster.triggers +++ /dev/null @@ -1,2 +0,0 @@ -activate update-icon-caches -activate update-desktop-database diff --git a/linux/debian/postinst b/linux/debian/postinst deleted file mode 100644 index c5be903..0000000 --- a/linux/debian/postinst +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -e - -. /usr/share/debconf/confmodule - -chmod a+x /var/lib/portmaster/portmaster-start - -log() { - echo "\e[1mportmaster: \e[0m $@" -} - -print_dl_help() { - log "" - log "\e[33;1mWARN: $1\e[0m" - log "downloading modules can be initiated by starting the Portmaster service or by running:" - log "/var/lib/portmaster/portmaster-start --data=/var/lib/portmaster update" - log "" -} - -# -# Skip downloading updates if there's already -# stable.json available. -# -if [ ! -f "/var/lib/portmaster/updates/stable.json" ] -then - if [ -z "${PM_SKIP_DOWNLOAD}" ] - then - log "downloading modules, this may take a while" - PMSTART_UPDATE_AGENT=${PMSTART_UPDATE_AGENT:=Start} - /var/lib/portmaster/portmaster-start --data=/var/lib/portmaster update --update-agent ${PMSTART_UPDATE_AGENT} || \ - ( - print_dl_help "Downloading modules failed!" - log "installation successfull" - ) - else - print_dl_help "skipped downloading modules!" - fi -fi - -# with 0.4.0 portmaster-control has ben renamed to portmaster-start -# and is not placed into /usr/bin anymore. -rm /usr/bin/portmaster-control 2>/dev/null >&2 || true - -#DEBHELPER# diff --git a/linux/debian/postrm b/linux/debian/postrm deleted file mode 100644 index 33f41a7..0000000 --- a/linux/debian/postrm +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -e - -#DEBHELPER# - -case "$1" in - purge) - rm -rf /var/lib/portmaster - ;; - remove) - rm -rf /var/lib/portmaster/updates - ;; - upgrade) - # We don't want to remove anything in the upgrade - # phase. - ;; -esac \ No newline at end of file diff --git a/linux/debian/preinst b/linux/debian/preinst deleted file mode 100644 index 1fc52c0..0000000 --- a/linux/debian/preinst +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -e - -. /usr/share/debconf/confmodule - -if [ -d /var/lib/portmaster ] && - [ "$2" = "0.0.0-1" ] -then - db_input high portmaster/remove_required - db_go - - echo "\e[31;1mportmaster: \e[0m Detected unsupported portmaster installation $2. Uninstallation is required!" - echo "\e[31;1mportmaster: \e[0m \tapt purge portmaster" - - exit 1 -fi - -#DEBHELPER# diff --git a/linux/debian/rules b/linux/debian/rules deleted file mode 100755 index 170e492..0000000 --- a/linux/debian/rules +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/make -f -STARTURL ?= https://updates.safing.io/latest/linux_amd64/start/portmaster-start\?CI - -.PHONY: icons - -# We don't build here, we download the built binaries -build: icons portmaster-start - -%: - dh $@ - -#portmaster.png: -# convert logo.png -resize 32x32 portmaster.png - -icons: - for res in 16 32 48 96 128 ; do \ - mkdir -p icons/$$res ; \ - convert ./portmaster_logo.png -resize $${res}x$${res} icons/$${res}/portmaster.png ; \ - done - -portmaster-start: - curl --fail --user-agent GitHub -o portmaster-start $(STARTURL) - -#Don't run strip for go-binaries -override_dh_strip: - -override_dh_installsystemd: - dh_installsystemd -r \ No newline at end of file diff --git a/linux/debian/source/format b/linux/debian/source/format deleted file mode 100644 index 89ae9db..0000000 --- a/linux/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/linux/nfpm.yaml.template b/linux/nfpm.yaml.template new file mode 100644 index 0000000..0b56521 --- /dev/null +++ b/linux/nfpm.yaml.template @@ -0,0 +1,101 @@ +# yaml-language-server: $schema=./schema.json +name: "portmaster" +arch: "amd64" +platform: "linux" +version: # set by make template +section: "default" +priority: "extra" +maintainer: "Safing ICS Technologies " +description: | + Application Firewall: Block Mass Surveillance - Love Freedom + The Portmaster enables you to protect your data on your device. You + are back in charge of your outgoing connections: you choose what data + you share and what data stays private. Read more on docs.safing.io. +vendor: "Safing ICS Technologies" +homepage: "https://safing.io" +license: "AGPL" +#changelog: "changelog.yaml" +contents: +- src: portmaster-start + dst: /opt/safing/portmaster/portmaster-start + file_info: + mode: 0755 + +- src: portmaster.desktop + dst: /opt/safing/portmaster/portmaster.desktop + +- src: /opt/safing/portmaster/portmaster.desktop + dst: /usr/share/applications/portmaster.desktop + type: ghost + +- src: portmaster_notifier.desktop + dst: /opt/safing/portmaster/portmaster_notifier.desktop + +- src: portmaster_notifier.desktop + dst: /usr/share/applications/portmaster_notifier.desktop + type: ghost + +- src: /opt/safing/portmaster/portmaster_notifier.desktop + dst: /etc/xdg/autostart/portmaster_notifier.desktop + type: symlink + +- src: portmaster.service + dst: /opt/safing/portmaster/portmaster.service +- src: portmaster.service + dst: /lib/systemd/system/portmaster.service + type: ghost + +# +# Icons +# +- src: icons/32x32/portmaster.png + dst: /usr/share/pixmaps/portmaster.png +- src: icons/16x16/portmaster.png + dst: /usr/share/icons/hicolor/16x16/apps/portmaster.png +- src: icons/32x32/portmaster.png + dst: /usr/share/icons/hicolor/32x32/apps/portmaster.png +- src: icons/48x48/portmaster.png + dst: /usr/share/icons/hicolor/48x48/apps/portmaster.png +- src: icons/96x96/portmaster.png + dst: /usr/share/icons/hicolor/96x96/apps/portmaster.png +- src: icons/128x128/portmaster.png + dst: /usr/share/icons/hicolor/128x128/apps/portmaster.png +scripts: + preinstall: ./scripts/preinstall.sh + postinstall: ./scripts/postinstall.sh + preremove: ./scripts/preremove.sh + postremove: ./scripts/postremove.sh + +overrides: + deb: + depends: + - libc6 + - libnetfilter-queue1 + recommends: + - libappindicator3-1 +# - gir1.2-harfbuzz-0.0 + rpm: + depends: + - glibc-devel + - libnetfilter_queue + recommends: + - libappindicator + suggests: + # Gnome-40 does not provide a systray anymore by default + # The following extension re-adds support for appindicator + # Note: users must still configure and enable the extension, + # theres nothing we can do. + - gnome-shell-extension-appindicator + +rpm: + # The package group. This option is deprecated by most distros + # but required by old distros like CentOS 5 / EL 5 and earlier. + group: Unspecified + +deb: + scripts: + rules: ./scripts/rules + triggers: + activate: + - update-icon-caches + - update-desktop-database \ No newline at end of file diff --git a/linux/pkgrev b/linux/pkgrev new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/linux/pkgrev @@ -0,0 +1 @@ +1 diff --git a/linux/portmaster.desktop b/linux/portmaster.desktop index d398e08..de4b5b4 100644 --- a/linux/portmaster.desktop +++ b/linux/portmaster.desktop @@ -1,7 +1,7 @@ [Desktop Entry] Name=Portmaster GenericName=Application Firewall -Exec=/var/lib/portmaster/portmaster-start app --data=/var/lib/portmaster +Exec=/opt/safing/portmaster/portmaster-start app --data=/opt/safing/portmaster Icon=portmaster Terminal=false Type=Application diff --git a/linux/debian/portmaster.service b/linux/portmaster.service similarity index 70% rename from linux/debian/portmaster.service rename to linux/portmaster.service index f74e1a4..83b0481 100644 --- a/linux/debian/portmaster.service +++ b/linux/portmaster.service @@ -5,6 +5,7 @@ Documentation=https://docs.safing.io Before=nss-lookup.target network.target shutdown.target After=systemd-networkd.service Conflicts=shutdown.target +Conflicts=firewalld.service Wants=nss-lookup.target [Service] @@ -20,7 +21,7 @@ Environment=LOGLEVEL=info Environment=PORTMASTER_ARGS= EnvironmentFile=-/etc/default/portmaster ProtectSystem=true -#ReadWritePaths=/opt/safing/portmaster +#ReadWritePaths=/var/lib/portmaster #ReadWritePaths=/run/xtables.lock RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictNamespaces=yes @@ -35,19 +36,10 @@ PrivateDevices=yes AmbientCapabilities=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override CapabilityBoundingSet=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override SystemCallArchitectures=native -# -# Seems like at least Mint19 does not have the system-service -# call group so we leave that feature disabled for now. -# -#SystemCallFilter=@system-service @module -#SystemCallErrorNumber=EPERM -ExecStart=/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster core -- --log $LOGLEVEL $PORTMASTER_ARGS -ExecStopPost=-/sbin/iptables -F C17 -ExecStopPost=-/sbin/iptables -t mangle -F C170 -ExecStopPost=-/sbin/iptables -t mangle -F C171 -ExecStopPost=-/sbin/ip6tables -F C17 -ExecStopPost=-/sbin/ip6tables -t mangle -F C170 -ExecStopPost=-/sbin/ip6tables -t mangle -F C171 +SystemCallFilter=@system-service @module +SystemCallErrorNumber=EPERM +ExecStart=/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster core -- $PORTMASTER_ARGS +ExecStopPost=-/opt/safing/portmaster/portmaster-start recover-iptables [Install] WantedBy=multi-user.target diff --git a/linux/portmaster_notifier.desktop b/linux/portmaster_notifier.desktop index bd4d209..e34a1c4 100644 --- a/linux/portmaster_notifier.desktop +++ b/linux/portmaster_notifier.desktop @@ -1,8 +1,9 @@ [Desktop Entry] Name=Portmaster Notifier GenericName=Application Firewall Notifier -Exec=/var/lib/portmaster/portmaster-start notifier --data=/var/lib/portmaster +Exec=/opt/safing/portmaster/portmaster-start notifier --data=/opt/safing/portmaster Icon=portmaster Terminal=false Type=Application Categories=System +NoDisplay=true diff --git a/linux/schema.json b/linux/schema.json new file mode 100644 index 0000000..7a86825 --- /dev/null +++ b/linux/schema.json @@ -0,0 +1,624 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Config", + "description": "nFPM configuration definition file", + "definitions": { + "APK": { + "properties": { + "signature": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/APKSignature", + "title": "apk signature" + }, + "scripts": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/APKScripts", + "title": "apk scripts" + } + }, + "additionalProperties": false, + "type": "object" + }, + "APKScripts": { + "properties": { + "preupgrade": { + "type": "string", + "title": "pre upgrade script" + }, + "postupgrade": { + "type": "string", + "title": "post upgrade script" + } + }, + "additionalProperties": false, + "type": "object" + }, + "APKSignature": { + "properties": { + "key_file": { + "type": "string", + "title": "key file", + "examples": [ + "key.gpg" + ] + }, + "key_id": { + "type": "string", + "title": "key id", + "examples": [ + "bc8acdd415bd80b3" + ] + }, + "key_name": { + "type": "string", + "title": "key name", + "default": "maintainer_email.rsa.pub", + "examples": [ + "origin" + ] + } + }, + "additionalProperties": false, + "type": "object" + }, + "Config": { + "required": [ + "name", + "arch", + "version" + ], + "properties": { + "replaces": { + "items": { + "type": "string" + }, + "type": "array", + "title": "replaces directive" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array", + "title": "provides directive" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array", + "title": "depends directive" + }, + "recommends": { + "items": { + "type": "string" + }, + "type": "array", + "title": "recommends directive" + }, + "suggests": { + "items": { + "type": "string" + }, + "type": "array", + "title": "suggests directive" + }, + "conflicts": { + "items": { + "type": "string" + }, + "type": "array", + "title": "conflicts directive" + }, + "contents": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Content" + }, + "type": "array", + "title": "files to add to the package" + }, + "empty_folders": { + "items": { + "type": "string" + }, + "type": "array", + "title": "empty folders to be created when installing the package" + }, + "scripts": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Scripts", + "title": "scripts to execute" + }, + "rpm": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RPM", + "title": "rpm-specific settings" + }, + "deb": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Deb", + "title": "deb-specific settings" + }, + "apk": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/APK", + "title": "apk-specific settings" + }, + "name": { + "type": "string", + "title": "package name" + }, + "arch": { + "type": "string", + "title": "target architecture", + "examples": [ + "amd64" + ] + }, + "platform": { + "type": "string", + "title": "target platform", + "default": "linux", + "examples": [ + "linux" + ] + }, + "epoch": { + "type": "string", + "title": "version epoch", + "default": "extracted from version", + "examples": [ + "2" + ] + }, + "version": { + "type": "string", + "title": "version", + "examples": [ + "v1.0.2", + "2.0.1" + ] + }, + "version_schema": { + "enum": [ + "semver", + "none" + ], + "type": "string", + "title": "version schema", + "default": "semver" + }, + "release": { + "type": "string", + "title": "version release", + "examples": [ + "1" + ] + }, + "prerelease": { + "type": "string", + "title": "version prerelease", + "default": "extracted from version" + }, + "version_metadata": { + "type": "string", + "title": "version metadata", + "examples": [ + "git" + ] + }, + "section": { + "type": "string", + "title": "package section", + "examples": [ + "default" + ] + }, + "priority": { + "type": "string", + "title": "package priority", + "examples": [ + "extra" + ] + }, + "maintainer": { + "type": "string", + "title": "package maintainer", + "examples": [ + "me@example.com" + ] + }, + "description": { + "type": "string", + "title": "package description" + }, + "vendor": { + "type": "string", + "title": "package vendor", + "examples": [ + "MyCorp" + ] + }, + "homepage": { + "type": "string", + "title": "package homepage", + "examples": [ + "https://example.com" + ] + }, + "license": { + "type": "string", + "title": "package license", + "examples": [ + "MIT" + ] + }, + "changelog": { + "type": "string", + "title": "package changelog", + "description": "see https://github.com/goreleaser/chglog for more details", + "examples": [ + "changelog.yaml" + ] + }, + "disable_globbing": { + "type": "boolean", + "title": "wether to disable file globbing" + }, + "overrides": { + "patternProperties": { + ".*": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Overridables" + } + }, + "type": "object", + "title": "overrides", + "description": "override some fields when packaging with a specific packager" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Content": { + "properties": { + "src": { + "type": "string" + }, + "dst": { + "type": "string" + }, + "type": { + "type": "string" + }, + "packager": { + "type": "string" + }, + "file_info": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ContentFileInfo" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ContentFileInfo": { + "required": [ + "group" + ], + "properties": { + "owner": { + "type": "string" + }, + "group": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "mtime": { + "type": "string", + "format": "date-time" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Deb": { + "properties": { + "scripts": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DebScripts", + "title": "scripts" + }, + "triggers": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DebTriggers", + "title": "triggers" + }, + "breaks": { + "items": { + "type": "string" + }, + "type": "array", + "title": "breaks" + }, + "signature": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DebSignature", + "title": "signature" + } + }, + "additionalProperties": false, + "type": "object" + }, + "DebScripts": { + "properties": { + "rules": { + "type": "string", + "title": "rules" + }, + "templates": { + "type": "string", + "title": "templates" + }, + "config": { + "type": "string", + "title": "config" + } + }, + "additionalProperties": false, + "type": "object" + }, + "DebSignature": { + "properties": { + "key_file": { + "type": "string", + "title": "key file", + "examples": [ + "key.gpg" + ] + }, + "key_id": { + "type": "string", + "title": "key id", + "examples": [ + "bc8acdd415bd80b3" + ] + }, + "type": { + "enum": [ + "origin", + "maint", + "archive" + ], + "type": "string", + "title": "signer role", + "default": "origin" + } + }, + "additionalProperties": false, + "type": "object" + }, + "DebTriggers": { + "properties": { + "interest": { + "items": { + "type": "string" + }, + "type": "array", + "title": "interest" + }, + "interest_await": { + "items": { + "type": "string" + }, + "type": "array", + "title": "interest await" + }, + "interest_noawait": { + "items": { + "type": "string" + }, + "type": "array", + "title": "interest noawait" + }, + "activate": { + "items": { + "type": "string" + }, + "type": "array", + "title": "activate" + }, + "activate_await": { + "items": { + "type": "string" + }, + "type": "array", + "title": "activate await" + }, + "activate_noawait": { + "items": { + "type": "string" + }, + "type": "array", + "title": "activate noawait" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Overridables": { + "properties": { + "replaces": { + "items": { + "type": "string" + }, + "type": "array", + "title": "replaces directive" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array", + "title": "provides directive" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array", + "title": "depends directive" + }, + "recommends": { + "items": { + "type": "string" + }, + "type": "array", + "title": "recommends directive" + }, + "suggests": { + "items": { + "type": "string" + }, + "type": "array", + "title": "suggests directive" + }, + "conflicts": { + "items": { + "type": "string" + }, + "type": "array", + "title": "conflicts directive" + }, + "contents": { + "items": { + "$ref": "#/definitions/Content" + }, + "type": "array", + "title": "files to add to the package" + }, + "empty_folders": { + "items": { + "type": "string" + }, + "type": "array", + "title": "empty folders to be created when installing the package" + }, + "scripts": { + "$ref": "#/definitions/Scripts", + "title": "scripts to execute" + }, + "rpm": { + "$ref": "#/definitions/RPM", + "title": "rpm-specific settings" + }, + "deb": { + "$ref": "#/definitions/Deb", + "title": "deb-specific settings" + }, + "apk": { + "$ref": "#/definitions/APK", + "title": "apk-specific settings" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RPM": { + "properties": { + "scripts": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RPMScripts", + "title": "rpm-specific scripts" + }, + "group": { + "type": "string", + "title": "package group", + "examples": [ + "Unspecified" + ] + }, + "summary": { + "type": "string", + "title": "package summary" + }, + "compression": { + "enum": [ + "gzip", + "lzma", + "xz" + ], + "type": "string", + "title": "compression algorithm to be used", + "default": "gzip" + }, + "signature": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RPMSignature", + "title": "rpm signature" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RPMScripts": { + "properties": { + "pretrans": { + "type": "string", + "title": "pretrans script" + }, + "posttrans": { + "type": "string", + "title": "posttrans script" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RPMSignature": { + "properties": { + "key_file": { + "type": "string", + "title": "key file", + "examples": [ + "key.gpg" + ] + }, + "key_id": { + "type": "string", + "title": "key id", + "examples": [ + "bc8acdd415bd80b3" + ] + } + }, + "additionalProperties": false, + "type": "object" + }, + "Scripts": { + "properties": { + "preinstall": { + "type": "string", + "title": "pre install" + }, + "postinstall": { + "type": "string", + "title": "post install" + }, + "preremove": { + "type": "string", + "title": "pre remove" + }, + "postremove": { + "type": "string", + "title": "post remove" + } + }, + "additionalProperties": false, + "type": "object" + } + } + } diff --git a/linux/templates/PKGBUILD b/linux/templates/PKGBUILD new file mode 100644 index 0000000..3ea6eb1 --- /dev/null +++ b/linux/templates/PKGBUILD @@ -0,0 +1,55 @@ +{{/* Template file expects repo root as working directory */}} +{{- $nfpm := (datasource "nfpm") -}} +# Maintainer: {{ $nfpm.maintainer }} +# +{{ strings.Indent 1 "# " $nfpm.description -}} +# +pkgname=portmaster-bin +pkgver={{ index ($nfpm.version | strings.TrimPrefix "v" | strings.SplitN "-" 2) 0 }} +pkgrel={{ index ($nfpm.version | strings.SplitN "-" 2) 1 }} +pkgdesc='Application Firewall: Block Mass Surveillance - Love Freedom' +arch=('x86_64') +url='https://safing.io/portmaster' +license=('AGPL3') +depends=('libnetfilter_queue') +makedepends=('imagemagick') # for convert +optdepends=('libappindicator-gtk3: for systray indicator') +options=('!strip') +provides=('portmaster') +conflicts=('portmaster') +install=arch.install +source=("portmaster-start::https://updates.safing.io/linux_amd64/start/portmaster-start_v${pkgver//./-}" + 'portmaster.desktop' + 'portmaster_notifier.desktop' + 'portmaster_logo.png' + "portmaster.service") +noextract=('portmaster-start') +sha256sums=('{{ file.Read "portmaster-start" | crypto.SHA256 }}' + '{{ file.Read "portmaster.desktop" | crypto.SHA256 }}' + '{{ file.Read "portmaster_notifier.desktop" | crypto.SHA256 }}' + '{{ file.Read "portmaster_logo.png" | crypto.SHA256 }}' + '{{ file.Read "portmaster.service" | crypto.SHA256 }}') + +prepare() { + for res in 16 32 48 96 128 ; do + local iconpath="${srcdir}/icons/${res}x${res}/" + mkdir -p "${iconpath}" ; + convert ./portmaster_logo.png -resize "${res}x${res}" "${iconpath}/portmaster.png" ; + done +} + +package() { + {{- range $nfpm.contents }} + {{- if not (index . "type") }} + {{- $mode := 0644 }} + {{- with (index . "file_info") }} + {{- $mode = (or (index . "mode") 0644 ) }} + {{- else }} + {{- end }} + install -Dm {{ printf "%#o" $mode }} "${srcdir}/{{.src}}" "${pkgdir}{{.dst}}" + {{- else if eq (index . "type") "symlink" }} + install -dm 0755 "${pkgdir}{{ path.Dir .dst }}" + ln -s "{{.src}}" "${pkgdir}{{.dst}}" + {{- end }} + {{- end }} +} diff --git a/linux/templates/arch.install b/linux/templates/arch.install new file mode 100644 index 0000000..5e34bc6 --- /dev/null +++ b/linux/templates/arch.install @@ -0,0 +1,28 @@ +{{/* Template file expects repo root as working directory */}} +{{- define "log" -}} + log() { + echo "$@" + } +{{- end -}} + +post_install() { + {{ template "log" }} +{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }} +{{ file.Read "templates/snippets/post-install.sh" | strings.Indent 4 " " }} +} + +post_upgrade() { + {{ template "log" }} +{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }} +{{ file.Read "templates/snippets/post-upgrade.sh" | strings.Indent 4 " " }} +} + +pre_remove() { + {{ template "log" }} +{{ file.Read "templates/snippets/pre-remove.sh" | strings.Indent 4 " " }} +} + +post_remove() { + {{ template "log" }} +{{ file.Read "templates/snippets/post-remove.sh" | strings.Indent 4 " " }} +} diff --git a/linux/templates/postinstall.sh b/linux/templates/postinstall.sh new file mode 100644 index 0000000..6e1991a --- /dev/null +++ b/linux/templates/postinstall.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +{{ file.Read "templates/snippets/common.sh"}} + +download_agent="${PMSTART_UPDATE_AGENT:=Start}" +skip_downloads="${PMSTART_SKIP_DOWNLOAD:=False}" + +{{ file.Read "templates/snippets/install-systemd-utils.sh" }} + +cleanInstall() { +{{ file.Read "templates/snippets/post-install.sh" | strings.Indent 4 " " }} +} + +upgrade() { +{{ file.Read "templates/snippets/post-upgrade.sh" | strings.Indent 4 " " }} + + cleanInstall +} + +# Step 2, check if this is a clean install or an upgrade +action="$1" +if [ "$1" = "configure" ] && [ -z "$2" ]; then + # Alpine linux does not pass args, and deb passes $1=configure + action="install" +elif [ "$1" = "configure" ] && [ -n "$2" ]; then + # deb passes $1=configure $2= + action="upgrade" +fi + +case "$action" in + "1" | "install") + cleanInstall + ;; + "2" | "upgrade") + upgrade + ;; + *) + # Alpine + # $1 == version being installed + cleanInstall + ;; +esac diff --git a/linux/templates/postremove.sh b/linux/templates/postremove.sh new file mode 100644 index 0000000..0848ba0 --- /dev/null +++ b/linux/templates/postremove.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +{{ file.Read "templates/snippets/common.sh"}} + +uninstall() { +{{ file.Read "templates/snippets/post-remove.sh" | strings.Indent 4 " " }} +} + +action="$1" +if [ "$1" = "remove" ] && [ -z "$2" ]; then + # Alpine linux does not pass args + # deb passes $1=remove + # rpm passes $1=0 + action="uninstall" +elif [ "$1" = "purge" ] && [ -z "$2" ]; then + # deb passes $1=purge, Alpine and RPM does not have purge at all + action="purge" +elif [ "$1" = "upgrade" ] && [ -n "$2" ]; then + # deb passes $1=upgrade $2=version + # rpm passes $1=1 + action="upgrade" +fi + +case "$action" in + "0" | "uninstall" | "purge") + log "post remove of complete uninstall" + uninstall "$action" + ;; + "1" | "upgrade") + log "post remove of upgrade" + ;; + *) + # $1 == version being installed + log "post remove of alpine" + log "Alpine linux is not yet supported" + exit 1 + ;; +esac + diff --git a/linux/templates/preinstall.sh b/linux/templates/preinstall.sh new file mode 100644 index 0000000..4bc10b6 --- /dev/null +++ b/linux/templates/preinstall.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +{{ file.Read "templates/snippets/common.sh"}} + +if [ -d /var/lib/portmaster/updates ]; then + log "Detected previous installation of Portmaster at" + log "/var/lib/portmaster" + log "Please uninstall the portmaster package and try again!" + log "You settings will be migrated automatically during re-installation." + exit 1 +fi \ No newline at end of file diff --git a/linux/templates/preremove.sh b/linux/templates/preremove.sh new file mode 100644 index 0000000..01667b0 --- /dev/null +++ b/linux/templates/preremove.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +{{ file.Read "templates/snippets/common.sh" }} + +preremove() { +{{ file.Read "templates/snippets/pre-remove.sh" | strings.Indent 4 " " }} +} + +action="$1" +if [ "$1" = "remove" ] && [ -z "$2" ]; then + # Alpine linux does not pass args + # deb passes $1=remove + # rpm passes $1=0 + action="uninstall" +elif [ "$1" = "upgrade" ] && [ -n "$2" ]; then + # deb passes $1=upgrade $2=version + # rpm passes $1=1 + action="upgrade" +fi + +case "$action" in + "0" | "uninstall") + preremove + ;; + "1" | "upgrade") + # this is pre-remove of an upgrade + true; + ;; + *) + # $1 == version being installed + log "Alpine linux is not yet supported" + exit 1 + ;; +esac \ No newline at end of file diff --git a/linux/templates/rules b/linux/templates/rules new file mode 100644 index 0000000..95586b9 --- /dev/null +++ b/linux/templates/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +#export DH_VERBOSE = 1 + +%: + dh $@ + +#Don't run strip for go-binaries +override_dh_strip: + +override_dh_installsystemd: + dh_installsystemd -r diff --git a/linux/templates/snippets/common.sh b/linux/templates/snippets/common.sh new file mode 100644 index 0000000..e9c69cb --- /dev/null +++ b/linux/templates/snippets/common.sh @@ -0,0 +1,7 @@ +# common.sh +# +log() { + printf "\033[33;1mportmaster:\033[0m %s\n" "$@" +} + +set -e diff --git a/linux/templates/snippets/install-systemd-utils.sh b/linux/templates/snippets/install-systemd-utils.sh new file mode 100644 index 0000000..64a0d99 --- /dev/null +++ b/linux/templates/snippets/install-systemd-utils.sh @@ -0,0 +1,34 @@ +# +# Prepares systemd support by creating a symlink for the .service file +# and enabling/disabling certain features of our .service unit based on +# the available systemd version. +# +installSystemdSupport() { + local changed="False" + if command -V systemctl >/dev/null 2>&1; then + local systemd_version="$(systemctl --version | head -1 | sed -n 's/systemd \([0-9]*\).*/\1/p')" + # not all distros have migrated /lib to /usr/lib yet but all that + # have provide a symlink from /lib -> /usr/lib so we just prefix with + # /lib here. + ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||: + + # rhel/centos8 does not yet have ProtectKernelLogs available + if [ "${systemd_version}" -lt 244 ]; then + sed -i "s/^ProtectKernelLogs/#ProtectKernelLogs/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + # SystemCallFilter groups are added in 231 so make sure we comment it out + if [ "${systemd_version}" -lt 231 ]; then + sed -i "s/^SystemCall/#SystemCall/g" /opt/safing/portmaster/portmaster.service ||: + changed="True" + fi + + if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then + systemctl daemon-reload ||: + fi + + log "Configuring portmaster.service to launch at boot" + systemctl enable portmaster.service ||: + fi +} \ No newline at end of file diff --git a/linux/templates/snippets/post-install.sh b/linux/templates/snippets/post-install.sh new file mode 100644 index 0000000..0d41b9f --- /dev/null +++ b/linux/templates/snippets/post-install.sh @@ -0,0 +1,40 @@ +# +# install .desktop files, either using desktop-file-install when available +# or by just copying the files into /usr/share/applications. +# +if command -V desktop-file-install >/dev/null 2>&1; then + desktop-file-install /opt/safing/portmaster/portmaster.desktop ||: + desktop-file-install /opt/safing/portmaster/portmaster_notifier.desktop ||: +elif [ -d /usr/share/applications ]; then + cp /opt/safing/portmaster/portmaster.desktop /usr/share/applications 2>/dev/null ||: + cp /opt/safing/portmaster/portmaster_notifier.desktop /usr/share/applications 2>/dev/null ||: +fi + +installSystemdSupport + +# +# Fix selinux permissions for portmaster-start +# +if command -V getenforce >/dev/null 2>&1; then + chcon -t bin_t /opt/safing/portmaster/portmaster-start +fi + +# +# Prepare the installation directory tree +# +/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster clean-structure + +# +# Finally, trigger downloading modules. As this requires internet access +# it is more likely to fail and is thus the last thing we do. +# +if [ "${skip_downloads}" = "True" ]; then + log "Downloading of Portmaster modules skipped!" + log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n" + return +fi +log "Downloading portmaster modules. This may take a while ..." +/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update --update-agent "${download_agent}" 2>/dev/null >/dev/null || ( + log "Failed to download modules" + log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n" +) \ No newline at end of file diff --git a/linux/templates/snippets/post-remove.sh b/linux/templates/snippets/post-remove.sh new file mode 100644 index 0000000..66e59e6 --- /dev/null +++ b/linux/templates/snippets/post-remove.sh @@ -0,0 +1,11 @@ +rm -rf /opt/safing/portmaster/updates ||: + +# file is marked as a ghost on RPM system so it might have +# been automatically deleted by the package manager. +rm /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||: +rm /usr/share/applications/portmaster.desktop 2>/dev/null >&2 ||: +rm /usr/share/applications/portmaster_notifier.desktop 2>/dev/null >&2 ||: + +if [ "$1" = "purge" ]; then + rm -rf /opt/safing/portmaster ||: +fi diff --git a/linux/templates/snippets/post-upgrade.sh b/linux/templates/snippets/post-upgrade.sh new file mode 100644 index 0000000..0c8f0d5 --- /dev/null +++ b/linux/templates/snippets/post-upgrade.sh @@ -0,0 +1,23 @@ +# +# As of 0.4.0 portmaster-control has been renamed to portmaster-start +# and is not placed in /usr/bin anymore. Unfortunately, the postrm script +# of the old installer does not get rid of portmaster-control so we should +# take care during an upgrade. +# +rm /usr/bin/portmaster-control 2>/dev/null >&2 ||: + +# +# If there's already a /var/lib/portmaster installation we're going to move +# configs and databases and remove the complete directory +# The preinstall.sh already checked that /var/lib/portmaster/updates MUST NOT +# exist so we should be safe to touch the databases here. +# +if [ -d /var/lib/portmaster ]; then + if [ ! -d /opt/safing/portmaster/config.json ]; then + log "Migrating from previous installation at /var/lib/portmaster to /opt/safing/portmaster ..." + mv /var/lib/portmaster/databases /opt/safing/portmaster/databases ||: + mv /var/lib/portmaster/config.json /opt/safing/portmaster/config.json ||: + fi + log "Removing previous installation directory at /var/lib/portmaster" + rm -r /var/lib/portmaster 2>/dev/null >&2 ||: +fi diff --git a/linux/templates/snippets/pre-remove.sh b/linux/templates/snippets/pre-remove.sh new file mode 100644 index 0000000..3fc4a86 --- /dev/null +++ b/linux/templates/snippets/pre-remove.sh @@ -0,0 +1,11 @@ +# stop the portmaster service and disable it if it's enabled. +if command -V systemctl >/dev/null 2>&1; then + if (systemctl -q is-active portmaster.service); then + log "Stopping portmaster.service" + systemctl stop portmaster.service ||: + fi + if (systemctl -q is-enabled portmaster.service); then + log "Disabling portmaster.service to launch at boot" + systemctl disable portmaster.service ||: + fi +fi \ No newline at end of file diff --git a/linux/tests/common.sh b/linux/tests/common.sh new file mode 100644 index 0000000..d9fd662 --- /dev/null +++ b/linux/tests/common.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# +# Utility methods for writing debug, warning and error messages +# for github-actions. +# +error_count=0 +debug() { + printf "::debug::%s\n" "$@" +} +info() { + printf "::notice::%s\n" "$@" +} +error() { + ((error_count++)) + printf "::error::%s\n" "$@" +} +warn() { + printf "::warning::%s\n" "$@" +} +group() { + printf "::group::%s\n" "$1" +} +endgroup() { + printf "::endgroup::\n" +} + +# +# Source /etc/os-release and gather some facts +# for os/distribution specific tests +# +. /etc/os-release + +systemd_running="" + +# is_systemd_running lazily detects if systemd is running in the current +# environment. +is_systemd_running() { + if [ "${systemd_running}" = "" ]; then + systemd_running="False" + if [ "$(pgrep systemd | head -n1)" = "1" ]; then + debug "Found systemd running at $(pgrep systemd | head -1)" + systemd_running="True" + fi + fi + + if [ "${systemd_running}" = "True" ]; then + return 0 + fi + + return 1 +} + +finish_tests() { + # + # Abort with a non-zero exit code if we found at least one + # error. + # + if [ "$error_count" -gt 0 ]; then + echo "::error::${error_count} errors encountered" + exit 1 + fi +} \ No newline at end of file diff --git a/linux/tests/test-install.sh b/linux/tests/test-install.sh new file mode 100755 index 0000000..37a7602 --- /dev/null +++ b/linux/tests/test-install.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +. ${SCRIPT_DIR}/common.sh + +# +# Perform our tests +# +group "Systemd Integration" + # + # the following tests only work if the system is booted using + # systemd + # + if is_systemd_running ; then + debug "Test if portmaster.service can be reached" + if ! systemctl cat portmaster.service 2>/dev/null >&2 ; then + error "portmaster.service not found" + else + debug "portmaster.service found by systemd" + fi + else + debug "Skipping systemctl checks ..." + fi + + # + # The following tests should work without the daemon running except + # on Mint19 ... + # + if ! [ "${VERSION}" = "19 (Tara)" ] || is_systemd_running ; then # Skip systemd tests on Mint19 ... + debug "Use systemd-analyze to verify portmaster.service" + if ! systemd-analyze verify portmaster.service ; then + error "systemd-analyze returned an error for portmaster.service" + else + debug "systemd-analyze check successful" + fi + else + debug "Skipping systemd-analyze checks ..." + fi +endgroup + +group "Desktop file" + debug "Testing portmaster.desktop" + if ! desktop-file-validate /usr/share/applications/portmaster.desktop ; then + error "portmaster.desktop seems invalid" + else + debug "portmaster.desktop seems valid" + fi + + debug "Testing portmaster_notifier.desktop" + if ! desktop-file-validate /usr/share/applications/portmaster_notifier.desktop ; then + error "portmaster_notifier.desktop seems invalid" + else + debug "portmaster_notifier.desktop seems valid" + fi +endgroup + +group "Modules" + if ! [ -e /opt/safing/portmaster/updates/stable.json ]; then + error "Expected stable.json to have been downloaded" + else + debug "stable.json correctly downloaded from update server" + fi +endgroup + + +finish_tests \ No newline at end of file diff --git a/linux/tests/test-uninstall.sh b/linux/tests/test-uninstall.sh new file mode 100755 index 0000000..2ca7365 --- /dev/null +++ b/linux/tests/test-uninstall.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +. ${SCRIPT_DIR}/common.sh + +group "Ensure portmaster is not running" + if is_systemd_running; then + if systemctl is-active portmaster.service ; then + error "portmaster.service should have been stopped on uninstall" + fi + else + debug "Skipping systemd service check ..." + fi +endgroup + +# +# A normal uninstallation should keep user data +# and logs in-place +# +# group "Settings and logs are kept" +# if ! [ -d /opt/safing/portmaster/databases ] ; then +# error "Portmaster databases should have been left in tree" +# else +# debug "Portmaster databases are left in tree as expected" +# fi +# +# if ! [ -e /opt/safing/portmaster/config.json ]; then +# error "Portmaster global settings should have been left in tree" +# else +# debug "Portmaster global settings are left in tree as expected" +# fi +# +# if ! [ -d /opt/safing/portmaster/logs ] ; then +# error "Portmaster logs should have been left in tree" +# else +# debug "Portmaster logs are left in tree as expected" +# fi +# endgroup + +group "Binaries are deleted" +if [ -d /opt/safing/portmaster/updates ]; then + error "Updates directory should have been removed" +else + debug "Updates directory has been removed as expected" +fi +endgroup + +finish_tests \ No newline at end of file diff --git a/linux/tests/test-upgrade.sh b/linux/tests/test-upgrade.sh new file mode 100755 index 0000000..da888bf --- /dev/null +++ b/linux/tests/test-upgrade.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +# run installation tests here as well. +. ${SCRIPT_DIR}/test-install.sh + +finish_tests \ No newline at end of file From 68898f4950b56f8ff869e11a2368acda3d82a847 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:12:54 +0100 Subject: [PATCH 2/6] Add linux working-directory to linux CI jobs --- .github/workflows/linux.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 8ed18f1..d004062 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -8,6 +8,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Run ShellCheck + working-directory: linux uses: ludeeus/action-shellcheck@master with: ignore: templates tests @@ -26,21 +27,25 @@ jobs: - name: Build packages run: make all + working-directory: linux - name: Upload artifacts uses: actions/upload-artifact@v2 with: name: portmaster-current path: dist/* + working-directory: linux - name: Build with next pkgrev run: make clean && make increase-pkgrev && make all + working-directory: linux - name: Upload artifacts with next pkgrev uses: actions/upload-artifact@v2 with: name: portmaster-next path: dist/* + working-directory: linux test-ubuntu: name: Test DEB package (ubuntu VM) @@ -50,6 +55,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current + working-directory: linux - name: Install tooling run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" @@ -63,27 +69,33 @@ jobs: - name: Install deb package run: yes | sudo dpkg -i ./portmaster_*.deb + working-directory: linux - uses: actions/checkout@v2 - name: Verify installation run: ./tests/test-install.sh + working-directory: linux - uses: actions/download-artifact@v2 with: name: portmaster-next path: ./next + working-directory: linux - name: "Upgrade to next pkgrev" run: yes | sudo dpkg -i ./next/portmaster_*.deb || ls -R + working-directory: linux - name: Verify upgrade run: ./tests/test-upgrade.sh + working-directory: linux - name: Uninstall portmaster run: sudo apt-get remove -y portmaster - name: Verify uninstallation run: ./tests/test-uninstall.sh + working-directory: linux test-deb: name: Test DEB package @@ -106,6 +118,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current + working-directory: linux - name: Install tooling run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" @@ -119,27 +132,33 @@ jobs: - name: Install deb package run: yes | sudo dpkg -i ./portmaster_*.deb + working-directory: linux - uses: actions/checkout@v2 - name: Verify installation run: sudo ./tests/test-install.sh + working-directory: linux - uses: actions/download-artifact@v2 with: name: portmaster-next path: ./next + working-directory: linux - name: "Upgrade to next pkgrev" run: yes | sudo dpkg -i ./next/portmaster_*.deb + working-directory: linux - name: Verify upgrade run: ./tests/test-upgrade.sh + working-directory: linux - name: Uninstall portmaster run: sudo apt-get remove -y portmaster - name: Verify uninstallation run: ./tests/test-uninstall.sh + working-directory: linux test-rpm: name: Test RPM package @@ -158,6 +177,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current + working-directory: linux - name: Install tooling run: yum install -y systemd desktop-file-utils procps-ng @@ -167,24 +187,30 @@ jobs: # that have dnf have it aliased as yum. - name: Install package run: yum localinstall -y ./portmaster-*.rpm + working-directory: linux - uses: actions/checkout@v2 - name: Verify installation run: ./tests/test-install.sh + working-directory: linux - uses: actions/download-artifact@v2 with: name: portmaster-next path: ./next + working-directory: linux - name: "Upgrade to next pkgrev" run: yum localinstall -y ./next/portmaster-*.rpm + working-directory: linux - name: Verify upgrade run: ./tests/test-upgrade.sh + working-directory: linux - name: Uninstall portmaster run: yum remove -y portmaster - name: Verify uninstallation run: ./tests/test-uninstall.sh + working-directory: linux From e1f59c273a665d877944f3a12620d824674211a6 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:22:36 +0100 Subject: [PATCH 3/6] Improve and fix linux workflow --- .github/workflows/linux.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index d004062..e112f55 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -1,5 +1,10 @@ -name: Build, Lint and Test -on: push +name: Linux + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] jobs: shellcheck: @@ -8,10 +13,10 @@ jobs: steps: - uses: actions/checkout@v2 - name: Run ShellCheck - working-directory: linux uses: ludeeus/action-shellcheck@master with: ignore: templates tests + working-directory: linux build: name: Build artifacts From 258ec0a97fd65c7e3dc8a6cb9efe6f2599cbca1b Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:31:11 +0100 Subject: [PATCH 4/6] Use the linux path instead of the working-directory option as much as possible --- .github/workflows/linux.yml | 69 +++++++++++++------------------------ 1 file changed, 24 insertions(+), 45 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index e112f55..d450e49 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -15,8 +15,7 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master with: - ignore: templates tests - working-directory: linux + ignore: windows linux/templates linux/tests build: name: Build artifacts @@ -38,8 +37,7 @@ jobs: uses: actions/upload-artifact@v2 with: name: portmaster-current - path: dist/* - working-directory: linux + path: linux/dist/* - name: Build with next pkgrev run: make clean && make increase-pkgrev && make all @@ -49,8 +47,7 @@ jobs: uses: actions/upload-artifact@v2 with: name: portmaster-next - path: dist/* - working-directory: linux + path: linux/dist/* test-ubuntu: name: Test DEB package (ubuntu VM) @@ -60,7 +57,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current - working-directory: linux + path: linux - name: Install tooling run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" @@ -73,34 +70,28 @@ jobs: DEBIAN_FRONTEND: noninteractive - name: Install deb package - run: yes | sudo dpkg -i ./portmaster_*.deb - working-directory: linux + run: yes | sudo dpkg -i ./linux/portmaster_*.deb - uses: actions/checkout@v2 - name: Verify installation - run: ./tests/test-install.sh - working-directory: linux + run: ./linux/tests/test-install.sh - uses: actions/download-artifact@v2 with: name: portmaster-next - path: ./next - working-directory: linux + path: linux/next - name: "Upgrade to next pkgrev" - run: yes | sudo dpkg -i ./next/portmaster_*.deb || ls -R - working-directory: linux + run: yes | sudo dpkg -i ./linux/next/portmaster_*.deb || ls -R - name: Verify upgrade - run: ./tests/test-upgrade.sh - working-directory: linux + run: ./linux/tests/test-upgrade.sh - name: Uninstall portmaster run: sudo apt-get remove -y portmaster - name: Verify uninstallation - run: ./tests/test-uninstall.sh - working-directory: linux + run: ./linux/tests/test-uninstall.sh test-deb: name: Test DEB package @@ -123,7 +114,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current - working-directory: linux + path: linux - name: Install tooling run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils" @@ -136,34 +127,28 @@ jobs: DEBIAN_FRONTEND: noninteractive - name: Install deb package - run: yes | sudo dpkg -i ./portmaster_*.deb - working-directory: linux + run: yes | sudo dpkg -i ./linux/portmaster_*.deb - uses: actions/checkout@v2 - name: Verify installation - run: sudo ./tests/test-install.sh - working-directory: linux + run: sudo ./linux/tests/test-install.sh - uses: actions/download-artifact@v2 with: name: portmaster-next - path: ./next - working-directory: linux + path: ./linux/next - name: "Upgrade to next pkgrev" - run: yes | sudo dpkg -i ./next/portmaster_*.deb - working-directory: linux + run: yes | sudo dpkg -i ./linux/next/portmaster_*.deb - name: Verify upgrade - run: ./tests/test-upgrade.sh - working-directory: linux + run: ./linux/tests/test-upgrade.sh - name: Uninstall portmaster run: sudo apt-get remove -y portmaster - name: Verify uninstallation - run: ./tests/test-uninstall.sh - working-directory: linux + run: ./linux/tests/test-uninstall.sh test-rpm: name: Test RPM package @@ -182,7 +167,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: portmaster-current - working-directory: linux + path: linux - name: Install tooling run: yum install -y systemd desktop-file-utils procps-ng @@ -191,31 +176,25 @@ jobs: # not all tested distro versions have dnf available and those # that have dnf have it aliased as yum. - name: Install package - run: yum localinstall -y ./portmaster-*.rpm - working-directory: linux + run: yum localinstall -y ./linux/portmaster-*.rpm - uses: actions/checkout@v2 - name: Verify installation - run: ./tests/test-install.sh - working-directory: linux + run: ./linux/tests/test-install.sh - uses: actions/download-artifact@v2 with: name: portmaster-next - path: ./next - working-directory: linux + path: ./linux/next - name: "Upgrade to next pkgrev" - run: yum localinstall -y ./next/portmaster-*.rpm - working-directory: linux + run: yum localinstall -y ./linux/next/portmaster-*.rpm - name: Verify upgrade - run: ./tests/test-upgrade.sh - working-directory: linux + run: ./linux/tests/test-upgrade.sh - name: Uninstall portmaster run: yum remove -y portmaster - name: Verify uninstallation - run: ./tests/test-uninstall.sh - working-directory: linux + run: ./linux/tests/test-uninstall.sh From be1b22e906593d50034cbee0a162366860653cdf Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:45:35 +0100 Subject: [PATCH 5/6] Remove old github actions --- .github/actions/build-arch/Dockerfile | 6 ------ .github/actions/build-arch/action.yml | 13 ------------- .github/actions/build-arch/entrypoint.sh | 22 ---------------------- .github/actions/build-deb/Dockerfile | 19 ------------------- .github/actions/build-deb/action.yml | 15 --------------- .github/actions/build-deb/entrypoint.sh | 15 --------------- .github/workflows/linux.yml | 2 +- 7 files changed, 1 insertion(+), 91 deletions(-) delete mode 100644 .github/actions/build-arch/Dockerfile delete mode 100644 .github/actions/build-arch/action.yml delete mode 100755 .github/actions/build-arch/entrypoint.sh delete mode 100644 .github/actions/build-deb/Dockerfile delete mode 100644 .github/actions/build-deb/action.yml delete mode 100755 .github/actions/build-deb/entrypoint.sh diff --git a/.github/actions/build-arch/Dockerfile b/.github/actions/build-arch/Dockerfile deleted file mode 100644 index 23fa61f..0000000 --- a/.github/actions/build-arch/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM greyltc/archlinux-aur:latest - -RUN pacman -Suyy --noconfirm && pacman -S --needed --noconfirm imagemagick libnetfilter_queue xz webkit2gtk - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/build-arch/action.yml b/.github/actions/build-arch/action.yml deleted file mode 100644 index 893eed3..0000000 --- a/.github/actions/build-arch/action.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: 'Build ArchLinux AUR package' -description: 'Build a ArchLinux AUR package' -outputs: - filename: - description: 'Name of the built `.pkg.tar.xz` file' - -runs: - using: docker - image: Dockerfile - -branding: - icon: package - color: gray-dark diff --git a/.github/actions/build-arch/entrypoint.sh b/.github/actions/build-arch/entrypoint.sh deleted file mode 100755 index 6620def..0000000 --- a/.github/actions/build-arch/entrypoint.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -e -cd linux - -# Create user "docker" because makepkg refuses to run as root. -id docker || (echo creating user docker; useradd docker) -chown -R docker:docker . - -# Set PKGDEST to a location where user "docker" can write. -export PKGDEST="." -# Reset PKGEXT to it's default (it's different in the build-container). -export PKGEXT=".pkg.tar.xz" - -# Build package. -su docker -c makepkg - -# Check result and prepare for uploading. -ls -lah -pkgname=$(ls *.pkg.tar*) -mv $pkgname ../$pkgname -echo ::set-output name=filename::$pkgname diff --git a/.github/actions/build-deb/Dockerfile b/.github/actions/build-deb/Dockerfile deleted file mode 100644 index 5fcf69a..0000000 --- a/.github/actions/build-deb/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM debian:buster -LABEL maintainer="Patrick Pacher " - - -# Installs the `dpkg-buildpackage` command -RUN apt-get update \ - && apt-get install curl build-essential debhelper devscripts equivs imagemagick -y --no-install-recommends \ - && apt-get clean - -# Install portmaster dependencies -RUN apt-get update \ - && apt-get install libnetfilter-queue1 -y --no-install-recommends \ - && apt-get clean - -# Copies your code file from your action repository to the filesystem path `/` of the container -COPY entrypoint.sh /entrypoint.sh - -# Code file to execute when the docker container starts up (`entrypoint.sh`) -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/build-deb/action.yml b/.github/actions/build-deb/action.yml deleted file mode 100644 index 72c71f6..0000000 --- a/.github/actions/build-deb/action.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: 'Build DEB package on buster' -description: 'Build a Debian package, using the latest version of Debian Buster' -outputs: - filename: - description: 'Name of the built `.deb` file' - filename-dbgsym: - description: 'Name of the built `.deb` file for debug symbols' - -runs: - using: docker - image: Dockerfile - -branding: - icon: package - color: gray-dark diff --git a/.github/actions/build-deb/entrypoint.sh b/.github/actions/build-deb/entrypoint.sh deleted file mode 100755 index 0e1d73c..0000000 --- a/.github/actions/build-deb/entrypoint.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -e - -cd linux - -# Set the install command to be used by mk-build-deps (use --yes for non-interactive) -install_tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" - -mk-build-deps --install --tool="${install_tool}" debian/control -dpkg-buildpackage $@ - -cd .. -ls -lah -filename=`ls *.deb | grep -v -- -dbgsym` -echo ::set-output name=filename::$filename \ No newline at end of file diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index d450e49..5bc35da 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -15,7 +15,7 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master with: - ignore: windows linux/templates linux/tests + ignore_paths: windows linux/templates linux/tests build: name: Build artifacts From fa17c02983ac20cf8913f1f7b22e5d77071ff782 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 7 Dec 2021 17:52:19 +0100 Subject: [PATCH 6/6] Fix shellcheck linter error --- .github/actions/build-nsis/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-nsis/entrypoint.sh b/.github/actions/build-nsis/entrypoint.sh index 0d9f03a..06e6ef3 100755 --- a/.github/actions/build-nsis/entrypoint.sh +++ b/.github/actions/build-nsis/entrypoint.sh @@ -5,6 +5,6 @@ cd windows make -mv *.exe ../ +mv ./*.exe ../ filename='portmaster-installer.exe' echo ::set-output name=filename::$filename \ No newline at end of file