RubyGems - spior - Versions diffs - 0.3.6 → 0.3.7 - Mend

spior 0.3.6 → 0.3.7

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07b4daf3d6c06b689e2d584b43e419eb4e9e9ea8e19c4bf71c3116428955f957
-  data.tar.gz: '08699ad87b9abc01147df75938c744268e33d313955bb046b736ad674f93820e'
+  metadata.gz: 6e9226877b6a3f11c1b02a6cea0dd51f6342096772624dbf332fdf7928c77f5e
+  data.tar.gz: 00b1d3325b22ddf4ef2bd3423125151a1cfaa951670d7ceeb3e7eb8a071e0d5d
 SHA512:
-  metadata.gz: 92014306180514cf8b3f9bea57544054fc961127161a6ca8e067a7baeaec256fc365ca8c6e58fe4f88bfeb7f01c24b85350d7ac031dd44e4532b7c8c5ddbc497
-  data.tar.gz: 2971e056165009f5ef1dda7dcbc5e282ba1769076ffc99d439e3b8741a44d1aeb01197087b628e3f6103b1d23cfbb1861bfa27d1c843c52a5bb0e84caeba03f2
+  metadata.gz: 26fe94bd00c3fdfe3e4edfac13bb75780ed00401bb218c90f35496d0b084bec68785cb71461c3ddbbef1d9df7d4ee9c5751dc4be3c2997627114d6511ea17f55
+  data.tar.gz: e1b403d42966e8010d3634b7cddb50e0df4bef5539891534b3da4ed6ebc3c45afb4e6fb63cd8744efaa730974e5898036770ee94a9b5bcc652b6becc13ba0b52

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,9 @@
+## 0.3.7, release 2023-10-27
+* Persist mode may require manual intervention to work, look the [readme](https://github.com/szorfein/spior/tree/master#left-over)
+* Persist and runtime corrected on Voidlinux.
+* Spior check the presence of 'simple_firewall.rules' when you use the --clearnet
+* Create a `/etc/sysctl.d/40-ipv6.conf` with the persist mode in order to block ipv6 at boot.
 ## 0.3.5, release 2023-10-26
 * Better code style, only 11 alerts from rubocop.
 * spior -t also block ipv6 traffic, no need to reboot.

data/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 <br/>
 [![Gem Version](https://badge.fury.io/rb/spior.svg)](https://badge.fury.io/rb/spior)
-![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/develop)
+![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/devel)
 [![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
 ![GitHub](https://img.shields.io/github/license/szorfein/spior)
@@ -54,6 +54,16 @@ Return to clearnet navigation
 ## Left Over
+### Troubleshoooting
+When you enable the `--persist` mode, Spior try to block ipv6 with sysctl. It can fail on some system, so you may need to manually disable ipv6 via kernel argument.
+An exemple with GRUB, edit `/etc/default/grub.cfg` and change the line bellow:
+```
+GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
+```
+Recompile the initrd after that and it should be good.
 ### Issues
 For any questions, comments, feedback or issues, submit a [new issue](https://github.com/szorfein/spior/issues/new).
@@ -61,4 +71,4 @@ For any questions, comments, feedback or issues, submit a [new issue](https://gi
 + https://rubyreferences.github.io/rubyref
 + https://rubystyle.guide/
 + https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
-+ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
++ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md

data/lib/auth.rb CHANGED Viewed

@@ -10,7 +10,7 @@ class Auth
   end
   def mkdir(path)
-    return if File.exist?(path)
+    return if Dir.exist?(path)
     x("mkdir -p #{path}")
   end
@@ -21,6 +21,12 @@ class Auth
     x("sysctl -w #{flag}=#{value}")
   end
+  def write(content, file)
+    temp = Tempfile.new
+    File.write(temp.path, "#{content}\n")
+    x("cp #{temp.path} #{file}")
+  end
   protected
   def search_app

data/lib/spior/iptables/rules.rb CHANGED Viewed

@@ -43,7 +43,7 @@ module Spior
       end
       def search_for_comment(filename)
-        return unless File.exist? filename
+        return false unless File.exist? filename
         File.open(filename) do |f|
           f.each do |line|
@@ -74,13 +74,15 @@ module Spior
       end
       def restoring_older_rules(filename)
-        files = %W[#{filename}-backup #{filename}]
+        files = %W[#{filename}-backup /etc/iptables/simple_firewall.rules #{filename}]
         files.each do |f|
           next unless File.exist?(f) || search_for_comment(f)
           Iptables::Root.new.stop!
           Msg.p "Found older rules #{f}, restoring..."
-          Helpers::Exec.new('iptables-restore').run(f)
+          Helpers::Exec.new('cp').run("#{f} #{@save_path}")
+          Helpers::Exec.new('iptables-restore').run(@save_path)
           return true
         end
         false

data/lib/spior/ipv6.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 require 'auth'
+require 'interfacez'
 module Spior
   # Block or Allow ipv6 traffic with sysctl
@@ -22,6 +23,18 @@ module Spior
       Msg.p 'ipv6 blocked' if @changed
     end
+    def block_persist
+      Auth.new.mkdir '/etc/sysctl.d'
+      interfaces = ['net.ipv6.conf.all.disable_ipv6 = 1',
+                    'net.ipv6.conf.default.disable_ipv6 = 1']
+      Interfacez.all { |i| interfaces << "net.ipv6.conf.#{i}.disable_ipv6 = 1" }
+      if Process::Sys.getuid == '0'
+        File.write('/etc/sysctl.d/40-ipv6.conf', interfaces.join("\n"))
+      else
+        Auth.new.write(interfaces.join("\n"), '/etc/sysctl.d/40-ipv6.conf')
+      end
+    end
     private
     def apply_option(flag, value)

data/lib/spior/service/enable.rb CHANGED Viewed

@@ -17,6 +17,8 @@ module Spior
           for_gentoo
         when :archlinux
           for_arch
+        when :void
+          for_void
         else
           Msg.report 'Your distro is not yet supported.'
         end
@@ -37,13 +39,23 @@ module Spior
         else
           Msg.report 'Init no yet supported for start Iptables at boot'
         end
+        Ipv6.new.block_persist
       end
       def for_arch
         Iptables::Rules.new.save
         Tor::Config.new(Tempfile.new('torrc')).backup
         systemd_enable('iptables', 'tor')
-        Msg.p 'Services enabled for Archlinux...'
+        Ipv6.new.block_persist
+        Msg.p 'Persist enabled for Arch...'
+      end
+      def for_void
+        Iptables::Rules.new.save
+        Tor::Config.new(Tempfile.new('torrc')).backup
+        runit_enable('iptables', 'tor')
+        Ipv6.new.block_persist
+        Msg.p 'Persist enabled for Void...'
       end
       private
@@ -51,15 +63,28 @@ module Spior
       def systemd_enable(*services)
         systemctl = Helpers::Exec.new('systemctl')
         services.each do |s|
-          Msg.p "Search for service #{s}..."
-          systemctl.run("enable #{s}") unless system("systemctl is-enabled #{s}")
+          next if system("systemctl is-enabled #{s} >/dev/null")
+          systemctl.run("enable #{s}")
+          Msg.p "Enabling #{s}..."
+        end
+      end
+      def runit_enable(*services)
+        services.each do |s|
+          next if File.exist? "/var/service/#{s}"
+          Helpers::Exec.new('ln').run("-s /etc/sv/#{s} /var/service/#{s}")
+          Msg.p "Enabling #{s}"
         end
       end
       def systemd_start(service)
         systemctl = Helpers::Exec.new('systemctl')
+        return if system("systemctl is-active #{service} >/dev/null")
         Msg.p "Search for service #{service}..."
-        systemctl.run("start #{service}") unless system("systemctl is-active #{service}")
+        systemctl.run("start #{service}")
       end
     end
   end

data/lib/spior/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spior
-  VERSION = '0.3.6'
+  VERSION = '0.3.7'
 end

data/spior.gemspec CHANGED Viewed

@@ -40,7 +40,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.6'
   s.add_runtime_dependency('interfacez', '~> 1.0')
-  s.add_runtime_dependency('nomansland', '~> 0.0')
+  s.add_runtime_dependency('nomansland', '~> 0.0.5')
   s.add_runtime_dependency('rainbow', '~> 3.1')
-  s.add_runtime_dependency('tty-which', '~> 0.5')
+  s.add_runtime_dependency('tty-which', '~> 0.5.0')
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spior
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.3.7
 platform: ruby
 authors:
 - szorfein
@@ -36,7 +36,7 @@ cert_chain:
   urXgRIzALxd/xazPCnoLSXPzfJSI6Y77S1EBvhPd9RaSO8IyH9RhPDP9mnTvW2Kl
   NAUnoL+txK5a
   -----END CERTIFICATE-----
-date: 2023-10-26 00:00:00.000000000 Z
+date: 2023-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: interfacez
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: 0.0.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: 0.0.5
 - !ruby/object:Gem::Dependency
   name: rainbow
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: 0.5.0
 description: "    A tool to make TOR your default gateway\n"
 email: szorfein@protonmail.com
 executables:

metadata.gz.sig CHANGED Viewed

Binary file