spior 0.3.5 → 0.3.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/CHANGELOG.md +6 -0
  4. data/README.md +12 -2
  5. data/lib/auth.rb +7 -1
  6. data/lib/spior/iptables/rules.rb +9 -3
  7. data/lib/spior/ipv6.rb +13 -0
  8. data/lib/spior/service/enable.rb +29 -4
  9. data/lib/spior/tor/config.rb +1 -1
  10. data/lib/spior/tor/data.rb +2 -1
  11. data/lib/spior/tor/stop.rb +0 -7
  12. data/lib/spior/version.rb +1 -1
  13. data/spior.gemspec +2 -2
  14. data.tar.gz.sig +0 -0
  15. metadata +6 -6
  16. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ecae8f75479fb87d8b09a28ea74c86728923802feb7b6c495af0c6e455dfc986
4
- data.tar.gz: 442c8fbf6ea54e45b6b48abc4ba5de582ae09ae73bd71c1fce497ea082c929c1
3
+ metadata.gz: 6e9226877b6a3f11c1b02a6cea0dd51f6342096772624dbf332fdf7928c77f5e
4
+ data.tar.gz: 00b1d3325b22ddf4ef2bd3423125151a1cfaa951670d7ceeb3e7eb8a071e0d5d
5
5
  SHA512:
6
- metadata.gz: fe92411f967699b8cd29129f174030bb44a0d6ea2616fa5ff579e0879da63dfce83ce7bfeadfbed7e536141a882ff118315f730d3a26e45d8756bf9aed416130
7
- data.tar.gz: 2195a94c764fcdecc221d2cea1688ca241901ac948cb02fb285b2c4c234b2f73335b2c44bd227014e795e32621b8221616dcaaecada2e95e779fad543d21ffff
6
+ metadata.gz: 26fe94bd00c3fdfe3e4edfac13bb75780ed00401bb218c90f35496d0b084bec68785cb71461c3ddbbef1d9df7d4ee9c5751dc4be3c2997627114d6511ea17f55
7
+ data.tar.gz: e1b403d42966e8010d3634b7cddb50e0df4bef5539891534b3da4ed6ebc3c45afb4e6fb63cd8744efaa730974e5898036770ee94a9b5bcc652b6becc13ba0b52
checksums.yaml.gz.sig CHANGED
Binary file
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## 0.3.7, release 2023-10-27
2
+ * Persist mode may require manual intervention to work, look the [readme](https://github.com/szorfein/spior/tree/master#left-over)
3
+ * Persist and runtime corrected on Voidlinux.
4
+ * Spior check the presence of 'simple_firewall.rules' when you use the --clearnet
5
+ * Create a `/etc/sysctl.d/40-ipv6.conf` with the persist mode in order to block ipv6 at boot.
6
+
1
7
  ## 0.3.5, release 2023-10-26
2
8
  * Better code style, only 11 alerts from rubocop.
3
9
  * spior -t also block ipv6 traffic, no need to reboot.
data/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
  <br/>
5
5
 
6
6
  [![Gem Version](https://badge.fury.io/rb/spior.svg)](https://badge.fury.io/rb/spior)
7
- ![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/develop)
7
+ ![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/devel)
8
8
  [![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
9
9
  ![GitHub](https://img.shields.io/github/license/szorfein/spior)
10
10
 
@@ -54,6 +54,16 @@ Return to clearnet navigation
54
54
 
55
55
  ## Left Over
56
56
 
57
+ ### Troubleshoooting
58
+ When you enable the `--persist` mode, Spior try to block ipv6 with sysctl. It can fail on some system, so you may need to manually disable ipv6 via kernel argument.
59
+ An exemple with GRUB, edit `/etc/default/grub.cfg` and change the line bellow:
60
+
61
+ ```
62
+ GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
63
+ ```
64
+
65
+ Recompile the initrd after that and it should be good.
66
+
57
67
  ### Issues
58
68
  For any questions, comments, feedback or issues, submit a [new issue](https://github.com/szorfein/spior/issues/new).
59
69
 
@@ -61,4 +71,4 @@ For any questions, comments, feedback or issues, submit a [new issue](https://gi
61
71
  + https://rubyreferences.github.io/rubyref
62
72
  + https://rubystyle.guide/
63
73
  + https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
64
- + https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
74
+ + https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
data/lib/auth.rb CHANGED
@@ -10,7 +10,7 @@ class Auth
10
10
  end
11
11
 
12
12
  def mkdir(path)
13
- return unless File.exist?(path)
13
+ return if Dir.exist?(path)
14
14
 
15
15
  x("mkdir -p #{path}")
16
16
  end
@@ -21,6 +21,12 @@ class Auth
21
21
  x("sysctl -w #{flag}=#{value}")
22
22
  end
23
23
 
24
+ def write(content, file)
25
+ temp = Tempfile.new
26
+ File.write(temp.path, "#{content}\n")
27
+ x("cp #{temp.path} #{file}")
28
+ end
29
+
24
30
  protected
25
31
 
26
32
  def search_app
data/lib/spior/iptables/rules.rb CHANGED
@@ -43,6 +43,8 @@ module Spior
43
43
  end
44
44
 
45
45
  def search_for_comment(filename)
46
+ return false unless File.exist? filename
47
+
46
48
  File.open(filename) do |f|
47
49
  f.each do |line|
48
50
  return true if line.match(/saved by Spior/)
@@ -72,13 +74,15 @@ module Spior
72
74
  end
73
75
 
74
76
  def restoring_older_rules(filename)
75
- files = %W[#{filename}-backup #{filename}]
77
+ files = %W[#{filename}-backup /etc/iptables/simple_firewall.rules #{filename}]
76
78
  files.each do |f|
77
79
  next unless File.exist?(f) || search_for_comment(f)
78
80
 
79
81
  Iptables::Root.new.stop!
80
82
  Msg.p "Found older rules #{f}, restoring..."
81
- Helpers::Exec.new('iptables-restore').run(f)
83
+ Helpers::Exec.new('cp').run("#{f} #{@save_path}")
84
+ Helpers::Exec.new('iptables-restore').run(@save_path)
85
+
82
86
  return true
83
87
  end
84
88
  false
@@ -88,7 +92,9 @@ module Spior
88
92
 
89
93
  def search_iptables_config
90
94
  case Nomansland.distro?
91
- when :archlinux || :void
95
+ when :archlinux
96
+ '/etc/iptables/iptables.rules'
97
+ when :void
92
98
  '/etc/iptables/iptables.rules'
93
99
  when :debian
94
100
  '/etc/iptables.up.rules'
data/lib/spior/ipv6.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'auth'
5
+ require 'interfacez'
5
6
 
6
7
  module Spior
7
8
  # Block or Allow ipv6 traffic with sysctl
@@ -22,6 +23,18 @@ module Spior
22
23
  Msg.p 'ipv6 blocked' if @changed
23
24
  end
24
25
 
26
+ def block_persist
27
+ Auth.new.mkdir '/etc/sysctl.d'
28
+ interfaces = ['net.ipv6.conf.all.disable_ipv6 = 1',
29
+ 'net.ipv6.conf.default.disable_ipv6 = 1']
30
+ Interfacez.all { |i| interfaces << "net.ipv6.conf.#{i}.disable_ipv6 = 1" }
31
+ if Process::Sys.getuid == '0'
32
+ File.write('/etc/sysctl.d/40-ipv6.conf', interfaces.join("\n"))
33
+ else
34
+ Auth.new.write(interfaces.join("\n"), '/etc/sysctl.d/40-ipv6.conf')
35
+ end
36
+ end
37
+
25
38
  private
26
39
 
27
40
  def apply_option(flag, value)
data/lib/spior/service/enable.rb CHANGED
@@ -17,6 +17,8 @@ module Spior
17
17
  for_gentoo
18
18
  when :archlinux
19
19
  for_arch
20
+ when :void
21
+ for_void
20
22
  else
21
23
  Msg.report 'Your distro is not yet supported.'
22
24
  end
@@ -37,13 +39,23 @@ module Spior
37
39
  else
38
40
  Msg.report 'Init no yet supported for start Iptables at boot'
39
41
  end
42
+ Ipv6.new.block_persist
40
43
  end
41
44
 
42
45
  def for_arch
43
46
  Iptables::Rules.new.save
44
47
  Tor::Config.new(Tempfile.new('torrc')).backup
45
48
  systemd_enable('iptables', 'tor')
46
- Msg.p 'Services enabled for Archlinux...'
49
+ Ipv6.new.block_persist
50
+ Msg.p 'Persist enabled for Arch...'
51
+ end
52
+
53
+ def for_void
54
+ Iptables::Rules.new.save
55
+ Tor::Config.new(Tempfile.new('torrc')).backup
56
+ runit_enable('iptables', 'tor')
57
+ Ipv6.new.block_persist
58
+ Msg.p 'Persist enabled for Void...'
47
59
  end
48
60
 
49
61
  private
@@ -51,15 +63,28 @@ module Spior
51
63
  def systemd_enable(*services)
52
64
  systemctl = Helpers::Exec.new('systemctl')
53
65
  services.each do |s|
54
- Msg.p "Search for service #{s}..."
55
- systemctl.run("enable #{s}") unless system("systemctl is-enabled #{s}")
66
+ next if system("systemctl is-enabled #{s} >/dev/null")
67
+
68
+ systemctl.run("enable #{s}")
69
+ Msg.p "Enabling #{s}..."
70
+ end
71
+ end
72
+
73
+ def runit_enable(*services)
74
+ services.each do |s|
75
+ next if File.exist? "/var/service/#{s}"
76
+
77
+ Helpers::Exec.new('ln').run("-s /etc/sv/#{s} /var/service/#{s}")
78
+ Msg.p "Enabling #{s}"
56
79
  end
57
80
  end
58
81
 
59
82
  def systemd_start(service)
60
83
  systemctl = Helpers::Exec.new('systemctl')
84
+ return if system("systemctl is-active #{service} >/dev/null")
85
+
61
86
  Msg.p "Search for service #{service}..."
62
- systemctl.run("start #{service}") unless system("systemctl is-active #{service}")
87
+ systemctl.run("start #{service}")
63
88
  end
64
89
  end
65
90
  end
data/lib/spior/tor/config.rb CHANGED
@@ -106,7 +106,7 @@ module Spior
106
106
  end
107
107
 
108
108
  def digest_match?(src, dest)
109
- return unless File.exist?(dest)
109
+ return unless File.exist?(dest) && File.readable?(dest)
110
110
 
111
111
  md5_src = Digest::MD5.file src
112
112
  md5_dest = Digest::MD5.file dest
data/lib/spior/tor/data.rb CHANGED
@@ -34,7 +34,8 @@ module Spior
34
34
  def search(option_name)
35
35
  File.open('/etc/tor/torrc') do |f|
36
36
  f.each do |line|
37
- return Regexp.last_match(1) if line.match(%r{#{option_name} ([a-z0-9./]*)}i)
37
+ line.match(%r{^#{option_name} ([a-z0-9./]*)}i) and
38
+ return Regexp.last_match(1)
38
39
  end
39
40
  end
40
41
  false
data/lib/spior/tor/stop.rb CHANGED
@@ -7,13 +7,6 @@ module Spior
7
7
  # It also kill previous instance run by Spior
8
8
  class Stop
9
9
  def initialize
10
- old_pid = `pgrep -f "tor -f /tmp/torrc*"`.chomp
11
-
12
- if old_pid != ''
13
- Msg.p "Found old pid > #{old_pid}, killing it..."
14
- Helpers::Exec.new('kill').run("-9 #{old_pid}")
15
- end
16
-
17
10
  nomansland
18
11
  end
19
12
 
data/lib/spior/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spior
4
- VERSION = '0.3.5'
4
+ VERSION = '0.3.7'
5
5
  end
data/spior.gemspec CHANGED
@@ -40,7 +40,7 @@ Gem::Specification.new do |s|
40
40
  s.required_ruby_version = '>= 2.6'
41
41
 
42
42
  s.add_runtime_dependency('interfacez', '~> 1.0')
43
- s.add_runtime_dependency('nomansland', '~> 0.0')
43
+ s.add_runtime_dependency('nomansland', '~> 0.0.5')
44
44
  s.add_runtime_dependency('rainbow', '~> 3.1')
45
- s.add_runtime_dependency('tty-which', '~> 0.5')
45
+ s.add_runtime_dependency('tty-which', '~> 0.5.0')
46
46
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spior
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.5
4
+ version: 0.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - szorfein
@@ -36,7 +36,7 @@ cert_chain:
36
36
  urXgRIzALxd/xazPCnoLSXPzfJSI6Y77S1EBvhPd9RaSO8IyH9RhPDP9mnTvW2Kl
37
37
  NAUnoL+txK5a
38
38
  -----END CERTIFICATE-----
39
- date: 2023-10-26 00:00:00.000000000 Z
39
+ date: 2023-10-27 00:00:00.000000000 Z
40
40
  dependencies:
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: interfacez
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '0.0'
61
+ version: 0.0.5
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '0.0'
68
+ version: 0.0.5
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rainbow
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '0.5'
89
+ version: 0.5.0
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '0.5'
96
+ version: 0.5.0
97
97
  description: " A tool to make TOR your default gateway\n"
98
98
  email: szorfein@protonmail.com
99
99
  executables:
metadata.gz.sig CHANGED
Binary file