spior 0.3.6 → 0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +6 -0
- data/README.md +12 -2
- data/lib/auth.rb +7 -1
- data/lib/spior/iptables/rules.rb +5 -3
- data/lib/spior/ipv6.rb +13 -0
- data/lib/spior/service/enable.rb +29 -4
- data/lib/spior/version.rb +1 -1
- data/spior.gemspec +2 -2
- data.tar.gz.sig +0 -0
- metadata +6 -6
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e9226877b6a3f11c1b02a6cea0dd51f6342096772624dbf332fdf7928c77f5e
|
4
|
+
data.tar.gz: 00b1d3325b22ddf4ef2bd3423125151a1cfaa951670d7ceeb3e7eb8a071e0d5d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26fe94bd00c3fdfe3e4edfac13bb75780ed00401bb218c90f35496d0b084bec68785cb71461c3ddbbef1d9df7d4ee9c5751dc4be3c2997627114d6511ea17f55
|
7
|
+
data.tar.gz: e1b403d42966e8010d3634b7cddb50e0df4bef5539891534b3da4ed6ebc3c45afb4e6fb63cd8744efaa730974e5898036770ee94a9b5bcc652b6becc13ba0b52
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
## 0.3.7, release 2023-10-27
|
2
|
+
* Persist mode may require manual intervention to work, look the [readme](https://github.com/szorfein/spior/tree/master#left-over)
|
3
|
+
* Persist and runtime corrected on Voidlinux.
|
4
|
+
* Spior check the presence of 'simple_firewall.rules' when you use the --clearnet
|
5
|
+
* Create a `/etc/sysctl.d/40-ipv6.conf` with the persist mode in order to block ipv6 at boot.
|
6
|
+
|
1
7
|
## 0.3.5, release 2023-10-26
|
2
8
|
* Better code style, only 11 alerts from rubocop.
|
3
9
|
* spior -t also block ipv6 traffic, no need to reboot.
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
<br/>
|
5
5
|
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/spior.svg)](https://badge.fury.io/rb/spior)
|
7
|
-
![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/
|
7
|
+
![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/devel)
|
8
8
|
[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
|
9
9
|
![GitHub](https://img.shields.io/github/license/szorfein/spior)
|
10
10
|
|
@@ -54,6 +54,16 @@ Return to clearnet navigation
|
|
54
54
|
|
55
55
|
## Left Over
|
56
56
|
|
57
|
+
### Troubleshoooting
|
58
|
+
When you enable the `--persist` mode, Spior try to block ipv6 with sysctl. It can fail on some system, so you may need to manually disable ipv6 via kernel argument.
|
59
|
+
An exemple with GRUB, edit `/etc/default/grub.cfg` and change the line bellow:
|
60
|
+
|
61
|
+
```
|
62
|
+
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
|
63
|
+
```
|
64
|
+
|
65
|
+
Recompile the initrd after that and it should be good.
|
66
|
+
|
57
67
|
### Issues
|
58
68
|
For any questions, comments, feedback or issues, submit a [new issue](https://github.com/szorfein/spior/issues/new).
|
59
69
|
|
@@ -61,4 +71,4 @@ For any questions, comments, feedback or issues, submit a [new issue](https://gi
|
|
61
71
|
+ https://rubyreferences.github.io/rubyref
|
62
72
|
+ https://rubystyle.guide/
|
63
73
|
+ https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
|
64
|
-
+ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
|
74
|
+
+ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
|
data/lib/auth.rb
CHANGED
@@ -10,7 +10,7 @@ class Auth
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def mkdir(path)
|
13
|
-
return if
|
13
|
+
return if Dir.exist?(path)
|
14
14
|
|
15
15
|
x("mkdir -p #{path}")
|
16
16
|
end
|
@@ -21,6 +21,12 @@ class Auth
|
|
21
21
|
x("sysctl -w #{flag}=#{value}")
|
22
22
|
end
|
23
23
|
|
24
|
+
def write(content, file)
|
25
|
+
temp = Tempfile.new
|
26
|
+
File.write(temp.path, "#{content}\n")
|
27
|
+
x("cp #{temp.path} #{file}")
|
28
|
+
end
|
29
|
+
|
24
30
|
protected
|
25
31
|
|
26
32
|
def search_app
|
data/lib/spior/iptables/rules.rb
CHANGED
@@ -43,7 +43,7 @@ module Spior
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def search_for_comment(filename)
|
46
|
-
return unless File.exist? filename
|
46
|
+
return false unless File.exist? filename
|
47
47
|
|
48
48
|
File.open(filename) do |f|
|
49
49
|
f.each do |line|
|
@@ -74,13 +74,15 @@ module Spior
|
|
74
74
|
end
|
75
75
|
|
76
76
|
def restoring_older_rules(filename)
|
77
|
-
files = %W[#{filename}-backup #{filename}]
|
77
|
+
files = %W[#{filename}-backup /etc/iptables/simple_firewall.rules #{filename}]
|
78
78
|
files.each do |f|
|
79
79
|
next unless File.exist?(f) || search_for_comment(f)
|
80
80
|
|
81
81
|
Iptables::Root.new.stop!
|
82
82
|
Msg.p "Found older rules #{f}, restoring..."
|
83
|
-
Helpers::Exec.new('
|
83
|
+
Helpers::Exec.new('cp').run("#{f} #{@save_path}")
|
84
|
+
Helpers::Exec.new('iptables-restore').run(@save_path)
|
85
|
+
|
84
86
|
return true
|
85
87
|
end
|
86
88
|
false
|
data/lib/spior/ipv6.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'auth'
|
5
|
+
require 'interfacez'
|
5
6
|
|
6
7
|
module Spior
|
7
8
|
# Block or Allow ipv6 traffic with sysctl
|
@@ -22,6 +23,18 @@ module Spior
|
|
22
23
|
Msg.p 'ipv6 blocked' if @changed
|
23
24
|
end
|
24
25
|
|
26
|
+
def block_persist
|
27
|
+
Auth.new.mkdir '/etc/sysctl.d'
|
28
|
+
interfaces = ['net.ipv6.conf.all.disable_ipv6 = 1',
|
29
|
+
'net.ipv6.conf.default.disable_ipv6 = 1']
|
30
|
+
Interfacez.all { |i| interfaces << "net.ipv6.conf.#{i}.disable_ipv6 = 1" }
|
31
|
+
if Process::Sys.getuid == '0'
|
32
|
+
File.write('/etc/sysctl.d/40-ipv6.conf', interfaces.join("\n"))
|
33
|
+
else
|
34
|
+
Auth.new.write(interfaces.join("\n"), '/etc/sysctl.d/40-ipv6.conf')
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
25
38
|
private
|
26
39
|
|
27
40
|
def apply_option(flag, value)
|
data/lib/spior/service/enable.rb
CHANGED
@@ -17,6 +17,8 @@ module Spior
|
|
17
17
|
for_gentoo
|
18
18
|
when :archlinux
|
19
19
|
for_arch
|
20
|
+
when :void
|
21
|
+
for_void
|
20
22
|
else
|
21
23
|
Msg.report 'Your distro is not yet supported.'
|
22
24
|
end
|
@@ -37,13 +39,23 @@ module Spior
|
|
37
39
|
else
|
38
40
|
Msg.report 'Init no yet supported for start Iptables at boot'
|
39
41
|
end
|
42
|
+
Ipv6.new.block_persist
|
40
43
|
end
|
41
44
|
|
42
45
|
def for_arch
|
43
46
|
Iptables::Rules.new.save
|
44
47
|
Tor::Config.new(Tempfile.new('torrc')).backup
|
45
48
|
systemd_enable('iptables', 'tor')
|
46
|
-
|
49
|
+
Ipv6.new.block_persist
|
50
|
+
Msg.p 'Persist enabled for Arch...'
|
51
|
+
end
|
52
|
+
|
53
|
+
def for_void
|
54
|
+
Iptables::Rules.new.save
|
55
|
+
Tor::Config.new(Tempfile.new('torrc')).backup
|
56
|
+
runit_enable('iptables', 'tor')
|
57
|
+
Ipv6.new.block_persist
|
58
|
+
Msg.p 'Persist enabled for Void...'
|
47
59
|
end
|
48
60
|
|
49
61
|
private
|
@@ -51,15 +63,28 @@ module Spior
|
|
51
63
|
def systemd_enable(*services)
|
52
64
|
systemctl = Helpers::Exec.new('systemctl')
|
53
65
|
services.each do |s|
|
54
|
-
|
55
|
-
|
66
|
+
next if system("systemctl is-enabled #{s} >/dev/null")
|
67
|
+
|
68
|
+
systemctl.run("enable #{s}")
|
69
|
+
Msg.p "Enabling #{s}..."
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def runit_enable(*services)
|
74
|
+
services.each do |s|
|
75
|
+
next if File.exist? "/var/service/#{s}"
|
76
|
+
|
77
|
+
Helpers::Exec.new('ln').run("-s /etc/sv/#{s} /var/service/#{s}")
|
78
|
+
Msg.p "Enabling #{s}"
|
56
79
|
end
|
57
80
|
end
|
58
81
|
|
59
82
|
def systemd_start(service)
|
60
83
|
systemctl = Helpers::Exec.new('systemctl')
|
84
|
+
return if system("systemctl is-active #{service} >/dev/null")
|
85
|
+
|
61
86
|
Msg.p "Search for service #{service}..."
|
62
|
-
systemctl.run("start #{service}")
|
87
|
+
systemctl.run("start #{service}")
|
63
88
|
end
|
64
89
|
end
|
65
90
|
end
|
data/lib/spior/version.rb
CHANGED
data/spior.gemspec
CHANGED
@@ -40,7 +40,7 @@ Gem::Specification.new do |s|
|
|
40
40
|
s.required_ruby_version = '>= 2.6'
|
41
41
|
|
42
42
|
s.add_runtime_dependency('interfacez', '~> 1.0')
|
43
|
-
s.add_runtime_dependency('nomansland', '~> 0.0')
|
43
|
+
s.add_runtime_dependency('nomansland', '~> 0.0.5')
|
44
44
|
s.add_runtime_dependency('rainbow', '~> 3.1')
|
45
|
-
s.add_runtime_dependency('tty-which', '~> 0.5')
|
45
|
+
s.add_runtime_dependency('tty-which', '~> 0.5.0')
|
46
46
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spior
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- szorfein
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
36
36
|
urXgRIzALxd/xazPCnoLSXPzfJSI6Y77S1EBvhPd9RaSO8IyH9RhPDP9mnTvW2Kl
|
37
37
|
NAUnoL+txK5a
|
38
38
|
-----END CERTIFICATE-----
|
39
|
-
date: 2023-10-
|
39
|
+
date: 2023-10-27 00:00:00.000000000 Z
|
40
40
|
dependencies:
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: interfacez
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 0.0.5
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 0.0.5
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rainbow
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +86,14 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
89
|
+
version: 0.5.0
|
90
90
|
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
96
|
+
version: 0.5.0
|
97
97
|
description: " A tool to make TOR your default gateway\n"
|
98
98
|
email: szorfein@protonmail.com
|
99
99
|
executables:
|
metadata.gz.sig
CHANGED
Binary file
|