headless mode stub

atanarjuat 3 months ago committed by kali kaneko (leap communications)
parent d7749dca00
commit caaf48aa11

@ -0,0 +1,64 @@
package main
import (
func main() {
var c string
var installHelpers bool
flag.StringVar(&c, "c", "", "Config file")
flag.BoolVar(&installHelpers, "i", false, "Install helpers (asks for sudo)")
if installHelpers {
if len(c) == 0 {
fmt.Println("Please setup a config file with -c")
if _, err := os.Stat(c); err == nil {
log.Println("Loading config file from", c)
// all good. we could validate the json.
} else if errors.Is(err, os.ErrNotExist) {
fmt.Println("Cannot find file:", c)
} else {
// Schrodinger: file may or may not exist.
log.Println("Error:", err)
providerDefinitionJSON, err := ioutil.ReadFile(c)
if err != nil {
fmt.Println("Error reading config file")
// TODO daemonize, or run in foreground to debug.
log.Println("Starting bitmaskd...")
opts := backend.InitOptsFromJSON("riseup", string(providerDefinitionJSON))
opts.DisableAutostart = true
opts.Obfs4 = false
opts.StartVPN = "off"
log.Println("Backend initialized")

@ -0,0 +1,50 @@
# headless mode
As a wise person once said, "you don't want to struggle with Qt every day".
## backend
There's a barebones binary that launches the same backend that the qt5 client uses.
You will need a `providers.json` file containing the parameters for you own deployment. This is usually generated during the vendoring step, but you can manually edit the one for riseup:
go build ./cmd/bitmaskd
You might need to install the helpers (bitmask-root, polkit policies etc...). Do it manually, or use the embedded files (It will ask for sudo).
./bitmaskd -i
With the polkit files in place, you can now run bitmask backend in the foreground:
./bitmaskd -d gui/providers/providers.json
TODO: make it a proper daemon, logging etc.
If you find problems while running (like polkit asking for password every time), you probably need to debug your polkit installation. Every system has its quirks, and bitmask has mostly been tested in debian-based desktops. For arch, you might need to add your user to group wheel.
## firewall
While testing, you are likely to get the iptables firewall leaving you with blocked outgoing connections. You can control `bitmask-root` manually:
sudo /usr/sbin/bitmask-root help
sudo /usr/sbin/bitmask-root firewall stop
## cli
There's no cli at the moment, but you can use the web api. To authenticate, you need to pass a token that is writen to a temporary file when the backend is initialized:
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/status
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/start
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/stop

@ -231,7 +231,7 @@ func EnableMockBackend() {
func EnableWebAPI(port string) {
intPort, err := strconv.Atoi(port)
if err != nil {
log.Fatal("Cannot parse port", port)
log.Fatal("Cannot parse port:", port)
go enableWebAPI(intPort)

@ -101,7 +101,7 @@ func setConfigOpts(opts *InitOpts, conf *config.Config) {
conf.SkipLaunch = opts.SkipLaunch
if opts.StartVPN != "" {
if opts.StartVPN != "on" && opts.StartVPN != "off" {
log.Println("-start-vpn should be 'on' or 'off'")
log.Println("-start-vpn should be 'on' or 'off', not ", opts.StartVPN)
} else {
conf.StartVPN = opts.StartVPN == "on"

@ -11,6 +11,8 @@ import (
const verURI = "https://downloads.leap.se/RiseupVPN/"
var VERSION string
// returns true if there's a newer version string published on the server
// this needs to manually bump latest version for every platform in the
// downloads server.

@ -85,6 +85,14 @@ func copyAsRoot(orig, dest string, isExec bool) {
err = cmd.Run()
} else {
if isRoot() {
cmd = exec.Command("chmod", "644", dest)
} else {
cmd = exec.Command("sudo", "chmod", "644", dest)
err = cmd.Run()
fmt.Println("> done")