diff mbox series

[bug#48729,v5,24/25] gnu: Add bitmask.

Message ID 20210618065416.22391-24-rg@raghavgururajan.name
State Accepted
Headers show
Series [bug#48729,v5,01/25] gnu: Add go-github-com-rakyll-statik. | expand

Commit Message

Raghav Gururajan June 18, 2021, 6:54 a.m. UTC 
* gnu/packages/vpn.scm (bitmask): New variable.

Co-authored-by: Jorge Gomez <jgart@disroot.org>
---
 gnu/packages/vpn.scm | 204 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 204 insertions(+)

Comments

M June 18, 2021, 6:22 p.m. UTC | #1 
Raghav Gururajan via Guix-patches via schreef op vr 18-06-2021 om 02:54 [-0400]:
> +         (add-after 'check 'check-continued
> +           (lambda _
> +             ;; To run bitmask test.
> +             (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
> +               (delete-file "Makefile")
> +               (invoke "qmake" "test.pro")
> +               ;; Tests require display-server.
> +               (setenv "QT_QPA_PLATFORM" "offscreen")
> +               ;; Tests look for $XDG_RUNTIME_DIR.
> +               (setenv "XDG_RUNTIME_DIR" (getenv "TEMP"))
> +               ;; Tests write to $HOME.
> +               (setenv "HOME" (getenv "TEMP"))
> +               (invoke "make" "check"))))

I'd make this

  (lambda* (#:key tests? #:allow-other-keys)
    (when tests?
      [do-stuff]))

That way, the package transformation --without-tests=bitmask
should work. (Try "guix build --without-tests=bitmask bitmask".)

Greetings,
Maxime.
M June 18, 2021, 6:45 p.m. UTC | #2 
Raghav Gururajan via Guix-patches via schreef op vr 18-06-2021 om 02:54 [-0400]:
> +       (snippet
> +        `(begin
> +           ;; To remove bundled thirdparty sources.
> +           (delete-file-recursively "branding/thirdparty")
> +           ;; To generate version.go file.
> +           (call-with-output-file "pkg/config/version/version.go"
> +             (lambda (port)
> +               (format port "package version\n")
> +               (format port "\n")
> +               (format port (string-append "var VERSION = \"" ,version "\""))))
> +           #t))))

Snippets can be G-expressions. Personally, I'd go with a G-expression
instead of an S-expression, because

* that makes it more obvious it is staged code, and not, say, SXML
* G-exps are cool [citation needed]

> +    (build-system go-build-system)
> +    (arguments [...])

A bit large, but all the code there seems required
Seems ok, though not being able to build i18n files is a bit
unfortunate.

> +    (synopsis "White-label VPN client by LEAP")

About ‘White-label’: this seems an odd thing to say about software.
Here is a definition, in case we are talking about different things:

From Wikipedia (https://en.wikipedia.org/w/index.php?title=White-label_product&oldid=1028825641):

‘A white-label product is a product or service produced by one company (the producer)
that other companies (the marketers) rebrand to make it appear as if they had made
it.[1][2] The name derives from the image of a white label on the packaging that can
be filled in with the marketer's trade dress. White label products are sold by retailers
with their own trademark but the products themselves are manufactured by a third party.[3]’

bitmask isn't a product or a service, it's just software.
It is also not sold.  I don't see how ‘white-label’ can apply to bitmask.

Also, I don't see what value adding "White-label" to the synopsis
provides to users(*).

(*) Here, ‘users’ are all people using Guix. Including people hacking on Guix
    (‘developers’).

I'd drop "White-label" from the synopsis.

Greetings,
Maxime.
Raghav Gururajan June 20, 2021, 8:11 a.m. UTC | #3 
Hi Maxime!

> I'd make this
> 
>    (lambda* (#:key tests? #:allow-other-keys)
>      (when tests?
>        [do-stuff]))
> 
> That way, the package transformation --without-tests=bitmask
> should work. (Try "guix build --without-tests=bitmask bitmask".)

Ah I forgot about this, thanks for reminding me. :)

Regards,
RG.
Raghav Gururajan June 20, 2021, 9:52 a.m. UTC | #4 
Hi Maxime!

> Snippets can be G-expressions. Personally, I'd go with a G-expression
> instead of an S-expression, because
> 
> * that makes it more obvious it is staged code, and not, say, SXML
> * G-exps are cool [citation needed]
> 
>> +    (build-system go-build-system)
>> +    (arguments [...])

I see. Would you be able to illustrate with a snippet please? I haven't 
used G-exps much.

> A bit large, but all the code there seems required
> Seems ok, though not being able to build i18n files is a bit
> unfortunate.

Yeah. TypeScript shenanigans with the i18n.

>> +    (synopsis "White-label VPN client by LEAP")
> 
> About ‘White-label’: this seems an odd thing to say about software.
> Here is a definition, in case we are talking about different things:
> 
>  From Wikipedia (https://en.wikipedia.org/w/index.php?title=White-label_product&oldid=1028825641):
> 
> ‘A white-label product is a product or service produced by one company (the producer)
> that other companies (the marketers) rebrand to make it appear as if they had made
> it.[1][2] The name derives from the image of a white label on the packaging that can
> be filled in with the marketer's trade dress. White label products are sold by retailers
> with their own trademark but the products themselves are manufactured by a third party.[3]’
> 
> bitmask isn't a product or a service, it's just software.
> It is also not sold.  I don't see how ‘white-label’ can apply to bitmask.
> 
> Also, I don't see what value adding "White-label" to the synopsis
> provides to users(*).
> 
> (*) Here, ‘users’ are all people using Guix. Including people hacking on Guix
>      (‘developers’).
> 
> I'd drop "White-label" from the synopsis.

I used white-label because bitmask is neither a service provider on its 
own nor tied-to/developed-for specific provider. Whichever supported 
provider is chosen the application name, icons, logo etc becomes that of 
the provider. In other words, the app re-brands itself based on chosen 
VPN provider.

But I'll change the while-label to generic, in the synopsis.

Regards,
RG.
M June 20, 2021, 11:31 a.m. UTC | #5 
Raghav Gururajan schreef op zo 20-06-2021 om 05:52 [-0400]:
> I used white-label because bitmask is neither a service provider on its 
> own nor tied-to/developed-for specific provider. Whichever supported 
> provider is chosen the application name, icons, logo etc becomes that of 
> the provider. In other words, the app re-brands itself based on chosen 
> VPN provider.

This seems like a trademark disaster to happen ...
except that bitmask seems to have some kind of agreement with the VPN
providers (see https://bitmask.net/en#providers), so this ‘rebranding’
is ok I guess.

> But I'll change the while-label to generic, in the synopsis.

To make sure I got the terminology right:

‘service provider’: gratis or paid provider for a virtual private network?

I don't see why one would tie software to a specific service provider?
Besides that the software needs to support the network protocols used
by the service providers of course.

I don't see _why_ bitmask would change the name of the application
depending on the service provider, but whatever I guess. I mean,
IceCat doesn't rename itself to ‘$ISP's Totally Secure Surfer’,
e-mail clients don't rename theirselves to ‘$ISP MyMail’,
depending on the Internet service provider.

‘generic’ LGTM.

Greetings,
Maxime.
M June 20, 2021, 11:43 a.m. UTC | #6 
Raghav Gururajan schreef op zo 20-06-2021 om 05:52 [-0400]:
> Hi Maxime!
> 
> > Snippets can be G-expressions. Personally, I'd go with a G-expression
> > instead of an S-expression, because
> > 
> > * that makes it more obvious it is staged code, and not, say, SXML
> > * G-exps are cool [citation needed]
> > 
> > > +    (build-system go-build-system)
> > > +    (arguments [...])
> 
> I see. Would you be able to illustrate with a snippet please? I haven't 
> used G-exps much.

Here's an example, from the guile-2.2 package, using a S-exp:

              (snippet '(begin
                          (for-each delete-file
                                    (find-files "prebuilt" "\\.go$"))
                          #t))))

and equivalently, using a G-exp

              (snippet #~(begin
                           (for-each delete-file
                                     (find-files "prebuilt" "\\.go$"))
                           #t))))

Basically, replace the ' with #~.
Here, using a G-exp doesn't buy much though, besides making it
a bit more obvious the code is staged.  G-exps can be useful
if, say, 'sed' or 'tar' or something needs to be run during
the snippet. (E.g., something like
#~(invoke* #+(file-append tar "/bin/tar") args ...))

Greetings,
Maxime
Raghav Gururajan June 22, 2021, 4:53 a.m. UTC | #7 
Hi Maxime!

> This seems like a trademark disaster to happen ...
> except that bitmask seems to have some kind of agreement with the VPN
> providers (see https://bitmask.net/en#providers), so this ‘rebranding’
> is ok I guess.

Yeah, the VPN provider configuration is done in source-code (i.e. before 
compilation). The official bitmask source will only come with VPN 
providers that LEAP (https://leap.se/) trusts and have understanding 
with. But I'm not sure how it deals with users from modifying 
source-code with custom VPN provider's branding. Since Guix distributes 
the official source-code, we should be fine.

> To make sure I got the terminology right:
> 
> ‘service provider’: gratis or paid provider for a virtual private network?

Yes.

> I don't see why one would tie software to a specific service provider?
> Besides that the software needs to support the network protocols used
> by the service providers of course.

Bitmask is tied to, not one but multiple-providers. Current tie-ups 
include RiseupVPN (https://riseup.net/en/vpn), CalyxVPN 
(https://calyx.net/), and LibraryVPN (https://libraryvpn.org/).

> I don't see _why_ bitmask would change the name of the application
> depending on the service provider, but whatever I guess. I mean,
> IceCat doesn't rename itself to ‘$ISP's Totally Secure Surfer’,
> e-mail clients don't rename theirselves to ‘$ISP MyMail’,
> depending on the Internet service provider.

I had the same thought. Usually VPN providers have their own client. But 
VPN providers who are non-profit/collective/etc, do not have 
dev-resources to develop and maintain app. So the providers I mentioned 
above, collaborate with bitmask. The bitmask project provides them the 
opportunity to re-brand the client as if it was developed by the them. 
This is white-labelling in a sense. :)

Regards,
RG.
Raghav Gururajan June 22, 2021, 4:55 a.m. UTC | #8 
Hi Maxime!

> Basically, replace the ' with #~.
> Here, using a G-exp doesn't buy much though, besides making it
> a bit more obvious the code is staged.  G-exps can be useful
> if, say, 'sed' or 'tar' or something needs to be run during
> the snippet. (E.g., something like
> #~(invoke* #+(file-append tar "/bin/tar") args ...))

Thanks for the explanation.

Since g-exp doesn't do much here, I'd like to keep the s-exp. :)

Btw, I have sent v6. Let me know your thoughts.

Regards,
RG.
diff mbox series

Patch

diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index a952e3f0db..eb8710fe09 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -15,6 +15,8 @@ 
 ;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
 ;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
 ;;; Copyright © 2020 David Dashyan <mail@davie.li>
+;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name>
+;;; Copyright © 2021 Jorge Gomez <jgart@disroot.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,9 +39,12 @@ 
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system copy)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system go)
   #:use-module (guix build-system linux-module)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system qt)
   #:use-module (guix utils)
   #:use-module (gnu packages)
   #:use-module (gnu packages admin)
@@ -51,7 +56,9 @@ 
   #:use-module (gnu packages compression)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gettext)
+  #:use-module (gnu packages gl)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages golang)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
@@ -59,6 +66,7 @@ 
   #:use-module (gnu packages nss)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-build)
   #:use-module (gnu packages python-crypto)
@@ -69,6 +77,202 @@ 
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml))
 
+(define-public bitmask
+  (package
+    (name "bitmask")
+    (version "0.21.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri
+        (git-reference
+         (url "https://0xacab.org/leap/bitmask-vpn")
+         (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1b0cdgh4mqvalvknck1zjy7dhmjfyhbmn9knya6ymx8dqan308sr"))
+       (modules
+        '((guix build utils)))
+       (snippet
+        `(begin
+           ;; To remove bundled thirdparty sources.
+           (delete-file-recursively "branding/thirdparty")
+           ;; To generate version.go file.
+           (call-with-output-file "pkg/config/version/version.go"
+             (lambda (port)
+               (format port "package version\n")
+               (format port "\n")
+               (format port (string-append "var VERSION = \"" ,version "\""))))
+           #t))))
+    (build-system go-build-system)
+    (arguments
+     `(#:imported-modules
+       ((guix build cmake-build-system)
+        (guix build copy-build-system)
+        (guix build python-build-system)
+        (guix build qt-build-system)
+        ,@%go-build-system-modules)
+       #:modules
+       (((guix build copy-build-system)
+         #:prefix copy:)
+        ((guix build python-build-system)
+         #:prefix python:)
+        ((guix build qt-build-system)
+         #:prefix qt:)
+        (guix build utils)
+        (guix build go-build-system))
+       #:unpack-path "0xacab.org/leap/bitmask-vpn"
+       #:import-path "0xacab.org/leap/bitmask-vpn/cmd/bitmask-helper"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'setup-go-environment 'insert-missing-sources
+           ;; For some reason this package is left out.
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((shapeshifter
+                     (assoc-ref inputs "go-0xacab-org-leap-shapeshifter"))
+                    (shapeshifter-src (string-append shapeshifter "/src")))
+               (copy-recursively shapeshifter-src "src"))))
+         (add-after 'unpack 'patch
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
+               ;; To use 'emersion/go-autostart',
+               ;; instead of 'ProtonMail/go-autostart',
+               ;; as the latter no longer exists.
+               (substitute* (find-files "." "\\.go$")
+                 (("github.com/ProtonMail/go-autostart")
+                  "github.com/emersion/go-autostart"))
+               ;; To use correct paths for referenced items.
+               (let* ((out (assoc-ref outputs "out"))
+                      (policy-dir (string-append out "/share/polkit-1/actions"))
+                      (policy-file "se.leap.bitmask.policy")
+                      (policy-path (string-append policy-dir "/" policy-file))
+                      (ip (string-append (assoc-ref inputs "iproute")
+                                         "/sbin/ip"))
+                      (iptables (string-append (assoc-ref inputs "iptables")
+                                               "/sbin/iptables"))
+                      (ip6tables (string-append (assoc-ref inputs "iptables")
+                                                "/sbin/ip6tables"))
+                      (sysctl (string-append (assoc-ref inputs "procps")
+                                             "/sbin/sysctl"))
+                      (pkttyagent (string-append (assoc-ref inputs "polkit")
+                                                 "/bin/pkttyagent"))
+                      (openvpn (string-append (assoc-ref inputs "openvpn")
+                                              "/sbin/openvpn"))
+                      (bitmask-root (string-append (assoc-ref outputs "out")
+                                                   "/sbin/bitmask-root")))
+                 (substitute* (find-files "." "(\\.go$|\\.policy$|bitmask-root)")
+                   (("swhich\\(\"ip\"\\)")
+                    (string-append "\"" ip "\""))
+                   (("swhich\\(\"iptables\"\\)")
+                    (string-append "\"" iptables "\""))
+                   (("swhich\\(\"ip6tables\"\\)")
+                    (string-append "\"" ip6tables "\""))
+                   (("swhich\\(\"sysctl\"\\)")
+                    (string-append "\"" sysctl "\""))
+                   (("/usr/.*(kit|agent|agent-1)") pkttyagent)
+                   (("fingerprint-polkit-agent") "pkttyagent")
+                   (("/usr/sbin/openvpn") openvpn)
+                   (("/usr/sbin/bitmask-root") bitmask-root)
+                   (("/usr/local/sbin/bitmask-root") bitmask-root)
+                   (("/usr/share.*\\.policy") policy-path)))
+               (substitute* (find-files "." "\\.pro$")
+                 ;; To use correct path for goshim files,
+                 ;; which are generated in 'build-continued phase.
+                 (("-L.*/lib") "-L./lib")
+                 ;; FIXME: Unable to build i18n files.
+                 (("TRANSLATIONS.*i18n.*$") "")
+                 (("RESOURCES.*i18n.*$") "")))))
+         (add-after 'build 'build-continued
+           (lambda _
+             ;; To generate goshim library and header files.
+             (let* ((dir "src/0xacab.org/leap/bitmask-vpn")
+                    (source (string-append dir "/gui/backend.go"))
+                    (target (string-append dir "/lib/libgoshim.a")))
+               (mkdir-p (string-append dir "/lib"))
+               (invoke "go" "build" "-buildmode=c-archive" "-o" target source))
+             ;; To build bitmask application.
+             (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
+               (delete-file "Makefile")
+               (invoke "qmake" "bitmask.pro")
+               (invoke "make" "release/bitmask"))))
+         (add-after 'check 'check-continued
+           (lambda _
+             ;; To run bitmask test.
+             (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
+               (delete-file "Makefile")
+               (invoke "qmake" "test.pro")
+               ;; Tests require display-server.
+               (setenv "QT_QPA_PLATFORM" "offscreen")
+               ;; Tests look for $XDG_RUNTIME_DIR.
+               (setenv "XDG_RUNTIME_DIR" (getenv "TEMP"))
+               ;; Tests write to $HOME.
+               (setenv "HOME" (getenv "TEMP"))
+               (invoke "make" "check"))))
+         (add-after 'install 'install-continued
+           (lambda args
+             (apply (assoc-ref copy:%standard-phases 'install)
+                    #:install-plan
+                    ;; To install bitmask program.
+                    '(("src/0xacab.org/leap/bitmask-vpn/release"
+                       "bin"
+                       #:include ("bitmask"))
+                      ;; To install bitmask-root script.
+                      ("src/0xacab.org/leap/bitmask-vpn/helpers"
+                       "sbin"
+                       #:include ("bitmask-root"))
+                      ;; To install polkit policy.
+                      ("src/0xacab.org/leap/bitmask-vpn/helpers"
+                       "share/polkit-1/actions"
+                       #:include ("se.leap.bitmask.policy")))
+                    args)))
+         (add-after 'install-continued 'post-install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bitmask (string-append out "/bin/bitmask"))
+                    (bitmask-root (string-append out "/sbin/bitmask-root")))
+               ;; To make bitmask-root script executable.
+               (chmod bitmask-root #o776))))
+         (add-after 'post-install 'python-wrap
+           (assoc-ref python:%standard-phases 'wrap))
+         (add-after 'python-wrap 'qt-wrap
+           (assoc-ref qt:%standard-phases 'qt-wrap)))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("iproute" ,iproute)
+       ("iptables" ,iptables)
+       ("mesa" ,mesa)
+       ("openvpn" ,openvpn)
+       ("polkit" ,polkit)
+       ("procps" ,procps)
+       ("python" ,python)
+       ("qtbase" ,qtbase-5)
+       ("qtdeclarative" ,qtdeclarative)
+       ("qtquickcontrols" ,qtquickcontrols)
+       ("qtquickcontrols2" ,qtquickcontrols2)))
+    (propagated-inputs
+     `(("go-0xacab-org-leap-shapeshifter"
+        ,go-0xacab-org-leap-shapeshifter)
+       ("go-github-com-apparentlymart-go-openvpn-mgmt"
+        ,go-github-com-apparentlymart-go-openvpn-mgmt)
+       ("go-github-com-emersion-go-autostart"
+        ,go-github-com-emersion-go-autostart)
+       ("go-github-com-keybase-go-ps"
+        ,go-github-com-keybase-go-ps)
+       ("go-github-com-rakyll-statik"
+        ,go-github-com-rakyll-statik)
+       ("go-github-com-sevlyar-go-daemon"
+        ,go-github-com-sevlyar-go-daemon)
+       ("go-golang-org-x-sys" ,go-golang-org-x-sys)))
+    (synopsis "White-label VPN client by LEAP")
+    (description "Bitmask, by @acronym{LEAP, LEAP Encryption Access Project},
+is an application to provide easy and secure encrypted communication with a
+@acronym{VPN, Virtual Private Network}.  It allows you to select from a variety
+of trusted service provider all from one app.  Current providers include Riseup
+Networks and The Calyx Institute.")
+    (home-page "https://bitmask.net/")
+    (license license:gpl3+)))
+
 (define-public gvpe
   (package
     (name "gvpe")