From d2f4c800e00128effedf5341488df69bc78826b7 Mon Sep 17 00:00:00 2001 From: Ronald Ip Date: Sat, 5 Jul 2014 22:24:05 +0800 Subject: [PATCH 1/5] Bugfix: Default catch-all rule should be 'Ignore'. Any other option makes no sense. --- ChangeLog | 3 +++ README.md | 6 +++--- features/gen_basic.feature | 7 ------- lib/ovpnmcgen.rb | 2 +- 4 files changed, 7 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 468803e..0ff9513 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ += 0.4.2 / Unreleased + * Bugfix: Default catch-all rule should be 'Ignore', any other option does not make sense. + = 0.4.1 / 2014-05-07 * Bugfix: SSIDs specified as a string in configfile now correctly output as arrays. (#a9e638) diff --git a/README.md b/README.md index 9c6921e..d7c9ad6 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Although there are many possible VPN-on-Demand (VoD) triggers, this utility curr - Else if wireless SSID matches any specified with `--untrusted-ssids`, unconditionally bring up the VPN connection on the next network attempt. - Else if the primary network interface becomes Wifi (any SSID except those above), unconditionally bring up the VPN connection on the next network attempt. - Else if the primary network interface becomes Cellular, leave any existing VPN connection up, but do not reconnect on demand. -- Else, unconditionally bring up the VPN connection on the next network attempt. +- Else, leave any existing VPN connection up, but do not reconnect on demand. Note: The other match triggers, such as `DNSDomainMatch`, `DNSServerAddressMatch`, and per-connection domain inspection (`ActionParameters`), are not implemented. I reckon some kind of DSL will need to be built to support them; pull-requests are welcome. @@ -91,7 +91,7 @@ For 'paranoid' security level, the following algorithm is executed upon network - Else if wireless SSID matches any specified with `--untrusted-ssids`, unconditionally bring up the VPN connection on the next network attempt. - Else if the primary network interface becomes Wifi (any SSID except those above), unconditionally bring up the VPN connection on the next network attempt. - Else if the primary network interface becomes Cellular, unconditionally bring up the VPN connection on the next network attempt. -- Else, unconditionally bring up the VPN connection on the next network attempt. +- Else, leave any existing VPN connection up, but do not reconnect on demand. For 'medium' security level, the following algorithm is executed upon network changes, in order: @@ -99,7 +99,7 @@ For 'medium' security level, the following algorithm is executed upon network ch - Else if wireless SSID matches any specified with `--untrusted-ssids`, unconditionally bring up the VPN connection on the next network attempt. - Else if the primary network interface becomes Wifi (any SSID except those above), leave any existing VPN connection up, but do not reconnect on demand. - Else if the primary network interface becomes Cellular, leave any existing VPN connection up, but do not reconnect on demand. -- Else, unconditionally bring up the VPN connection on the next network attempt. +- Else, leave any existing VPN connection up, but do not reconnect on demand. ### URL Probe diff --git a/features/gen_basic.feature b/features/gen_basic.feature index 7b87f74..5258f26 100644 --- a/features/gen_basic.feature +++ b/features/gen_basic.feature @@ -143,13 +143,6 @@ Feature: Basic Generate Functionality """ URLStringProbe """ - And the output should not match: - """ - - \s*Action - \s*Ignore - \s* - """ Scenario: The [un]trusted-ssids flags are set. When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --trusted-ssids trusted1,trusted2 --untrusted-ssids evil3,evil4 cucumber aruba` diff --git a/lib/ovpnmcgen.rb b/lib/ovpnmcgen.rb index 238e81c..52b83c0 100644 --- a/lib/ovpnmcgen.rb +++ b/lib/ovpnmcgen.rb @@ -90,7 +90,7 @@ def generate(inputs = {}) end } vodDefault = { # Default catch-all - 'Action' => 'Connect' + 'Action' => 'Ignore' } # Insert URLStringProbe conditions when enabled with --url-probe From 8a37944cc23c38bcbd445dfe6fe266e7942baed7 Mon Sep 17 00:00:00 2001 From: Ronald Ip Date: Sat, 5 Jul 2014 22:31:42 +0800 Subject: [PATCH 2/5] Updated documentation to refer to app config feature. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d7c9ad6..6ea6475 100644 --- a/README.md +++ b/README.md @@ -359,6 +359,9 @@ Output similar to above: ## TODO - Config file to specify global options, such as `--cafile`, `--tafile`, `--host`, `--[un]trusted-ssids`. + + See commit `#d9c015618` for feature. + - Batch-operation mode, with CSV-file as input, and a CSV UUID-index file to track generated profiles as output. The same UUID should be used for profile updates, so that iOS knows which profile to replace, especially in MDM environments. From bfb550e16c86b604fc5280ef7c29792b32953b07 Mon Sep 17 00:00:00 2001 From: Ronald Ip Date: Sat, 5 Jul 2014 22:51:36 +0800 Subject: [PATCH 3/5] Allow JRuby tests to soft fail as they take too long. --- .travis.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index c74d09e..461f0ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,9 +3,9 @@ before_install: - gem update bundler - bundle version rvm: - - 1.9.3 - - 2.0.0 - - 2.1 + - "1.9.3" + - "2.0.0" + - "2.1" - ruby-head - jruby-19mode @@ -13,3 +13,5 @@ matrix: fast_finish: true allow_failures: - rvm: ruby-head + - rvm: jruby-19mode + From d77f6b260c15f188fb751b3dae05ea56a90fcb40 Mon Sep 17 00:00:00 2001 From: Ronald Ip Date: Sat, 5 Jul 2014 23:21:36 +0800 Subject: [PATCH 4/5] Allow Travis-CI to push pre-release gems to RubyGems. --- .travis.yml | 11 +++++++++++ ovpnmcgen.rb.gemspec | 1 + 2 files changed, 12 insertions(+) diff --git a/.travis.yml b/.travis.yml index 461f0ee..491d20c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,9 @@ language: ruby + before_install: - gem update bundler - bundle version + rvm: - "1.9.3" - "2.0.0" @@ -15,3 +17,12 @@ matrix: - rvm: ruby-head - rvm: jruby-19mode +deploy: + provider: rubygems + api_key: + secure: BQQeiJ84RINkM5Pxm7zFSAbOS2T5THi+37CoswQXe5eTi+0PIl14plWJByGOj2ho2e6kam5XU/VUgQzDexhkFz174QDP+BIuhdNxRMuMqgKuffi0Cyb9CM7JybpsB+Yd97X3nNxiubR/qoJPQ5nvG1SvCuF2TK3Zq8cL5VfxZ9o= + gem: ovpnmcgen.rb + on: + tags: true + repo: "iphoting/ovpnmcgen.rb" + branch: master diff --git a/ovpnmcgen.rb.gemspec b/ovpnmcgen.rb.gemspec index e557af8..ec1c679 100644 --- a/ovpnmcgen.rb.gemspec +++ b/ovpnmcgen.rb.gemspec @@ -6,6 +6,7 @@ require 'ovpnmcgen/version' Gem::Specification.new do |spec| spec.name = "ovpnmcgen.rb" spec.version = Ovpnmcgen::VERSION + spec.version = "#{spec.version}-pre-#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV['TRAVIS'] spec.authors = ["Ronald Ip"] spec.email = ["myself@iphoting.com"] spec.summary = Ovpnmcgen::SUMMARY From ebafdb6f3ff56b4d4c656ef098dcd725c102732f Mon Sep 17 00:00:00 2001 From: Ronald Ip Date: Sat, 5 Jul 2014 23:25:40 +0800 Subject: [PATCH 5/5] v0.4.2. --- ChangeLog | 2 +- lib/ovpnmcgen/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ff9513..3a48c41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -= 0.4.2 / Unreleased += 0.4.2 / 2014-07-05 * Bugfix: Default catch-all rule should be 'Ignore', any other option does not make sense. = 0.4.1 / 2014-05-07 diff --git a/lib/ovpnmcgen/version.rb b/lib/ovpnmcgen/version.rb index bbf7a3f..fe6119f 100644 --- a/lib/ovpnmcgen/version.rb +++ b/lib/ovpnmcgen/version.rb @@ -1,4 +1,4 @@ module Ovpnmcgen - VERSION = "0.4.1" + VERSION = "0.4.2" SUMMARY = "An OpenVPN iOS Configuration Profile (.mobileconfig) Utility" end