Skip to main content
Help the Python Software Foundation raise $60,000 USD by December 31st!  Building the PSF Q4 Fundraiser

The Internet Encryption Toolkit: Encrypted Internet Proxy and Encrypted Mail.

Project description


your internet encryption toolkit IRC

Bitmask is the multiplatform desktop client for the services offered by the LEAP Platform.

It is written in python using PySide and licensed under the GPL3. Currently we distribute pre-compiled bundles for Linux, OSX and Windows.

Read the Docs!

The latest documentation is available at LEAP.


Bitmask is released under the terms of the GNU GPL version 3 or later.


We welcome contributions! see the Contribution guidelines


0.9.0 October 28

  • #4284: Download specific smtp certificate from provider, instead of using the vpn one.
  • #5526: Make “check” button selected by default.
  • #6359: Adapt bitmask to the new events api on leap.common.
  • #6360: Use txzmq in backend.
  • #6368: Add support to the new async-api of keymanager.
  • #6683: Add ability to generate sumo tarball.
  • #6713: Add support for xfce-polkit agent.
  • #6876: Update api port for pinned riseup.
  • #7139: Use logbook zmq handler to centralize logging.
  • #7140: Implement a thread-safe zmq handler for logbook.
  • #7141: Add log handler to display colored logs on the terminal.
  • #7142: Add log handler to store logs on bitmask.log.
  • #7143: Adapt existing log filter/silencer to the new logbook handler.
  • #7144: Replace logging handler with logbook handler bitmask-wide.
  • #7162: Log LSB-release info if available.
  • #7180: Add log rotation for bitmask.log.
  • #7184: Forward twisted logs to logging and handle logging logs with logbook.
  • #7250: Enable ‘–danger’ for stable versions.
  • #7291: Move the updater code from the launcher to the client.
  • #7342: Added script for the pyinstaller bundle.
  • #7353: Add notifications of soledad sync progress to UI.
  • #7356: Allow to disable EIP component on build.
  • #7414: Remove taskthread dependency, replace with custom (and small) code.
  • #7419: Load credentials from environment variables and trigger login.
  • #7471: Disable email firewall if we are running inside a docker container.
  • Add support to the new async-api of soledad
  • #6418: Cannot change preseeded providers if checks for one fail.
  • #6424: Do not disable autostart if the quit is triggered by a system logout.
  • #6536, #6568, #6691: Refactor soledad sync to do it the twisted way.
  • #6541: Client must honor the ports specified in eip-service.json.
  • #6594: Handle disabled registration on provider.
  • #6654: Regression fix, login attempt is made against previously selected provider.
  • #6682: Handle user cancel keyring open operation, this prevents a bitmask freeze.
  • #6894: Change ‘ip’ command location to support Fedora/RHEL distros.
  • #7093: Fix controller attribute error.
  • #7126: Don’t run the event server on the backend for the standalone bundle since the launcher takes care of that.
  • #7149: Start the events server when reactor is running.
  • #7185: Log contains exported PGP Private Key.
  • #7222: Run the zmq log subscriber in the background to avoid hitting the zmq’s buffer limits.
  • #7273: Logbook subscriber stop fails if not started.
  • #7273: ZMQError: address already in use - logbook subscriber already started.
  • #7281: Support a provider not providing location for the eip gateways.
  • #7319: Raise the maxfiles limit in OSX
  • #7343: Clean up and fix the tests.
  • #7415: Fix wrong argument number on window raise event.
  • #7448: Fix hangs during logout.
  • #7451: Assign the timeout ‘call later’ before starting the sync to prevent race conditions.
  • #7453: After a complete sync show the user the amount of unread emails.
  • #7470: Fix bug with password change.
  • #7474: Track soledad ready state on a shared place for easy access. Enable password change window.
  • #7503: Handle soledad init fail after several retries.
  • #7512: Pass on standalone flag to common.
  • #7512: Store logs in the right place.
  • #7512: Store zmq certs in the right path.
  • Authenticate properly logout calls to API.
  • Fix soledad bootstrap sync retries.
  • Fix the bootstrap script for developers so it works on Fedora/RHEL systems where there is /usr/lib64 for python libs.
  • Remove bubble argument from the logbook NullHandler

0.8.1 February 25

  • #6646: Gracefully fall back to ZMQ ipc sockets with restricted access if CurveZMQ is not available.
  • #6717: Split changes log into changelog and history.
  • #6654: Regression fix, login attempt is made against previously selected provider.
  • #6058: Support ‘nobody’ (used on Arch) as well as ‘nogroup’ as group names.

0.8.0 January 04 – “Charlie and the code refactory”

  • #5873: Allow frontend and backend to be run separately.
  • Refactor login widgets/logic.
  • Improved changelog :).
  • #6058: Support ‘nobody’ (used on Arch) as well as ‘nogroup’ as group names.
  • #6123: Forward the right environment data to subprocess call.
  • #6150: Do not allow Bitmask to start if there is no polkit agent running.
  • #6631: Fix failing tests.
  • #6638: Fix set initialization to support python 2.6.
  • #6652: Fix regression: polkit agent is not automatically launched.
  • #6654: Login attempt is made against previously selected provider.
  • Create zmq certificates if they don’t exist.
  • Disable ‘–offline’ flag temporarily.
  • Make pkg/tuf/ handle removals in the repo.
  • Reduce the wait for running threads timeout on quit.

0.7.0 December 12 – the “One window to rule them all, and in the darkness bind them.” release:

  • Select current provider on EIP preferences. Closes #5815.
  • Handle logout correctly when we stop_services to launch the wizard. Related to #5815.
  • Properly remove /tmp/bitmask.lock. Closes #5866.
  • Hide EIP Start button and display correct warning on missing helpers files. Closes #5945.
  • Save default provider if changed on the combo box. Closes #5995.
  • Update the EIP status on provider change. Closes #5996.
  • Update and get ready to start a provider on change. Closes #5997.
  • Use python2 to run bitmask-root to work fine on systems with python3 as default. Closes #6048.
  • Use python2.7 in bitmask-root shebang since is the common name for python 2 in Ubuntu, Debian, Arch. Related to #6048.
  • Remove dict comprenension in util, for 2.6 compat.
  • Login shall not wait for eip to finish if eip is not able to start. Closes #5994
  • Properly send the token for querying the EIP certificate. Fixes #6060.
  • Code cleanup and logging improvements.
  • Add email firewall blocking other users to access bitmask imap & smtp. Closes #6040
  • Remove the Advanced Key Management since we don’t support stable mail yet. Closes #6087.
  • Single combined preferences window. Closes #4704, #4119, #5885.
  • Fix soledad imports (#5989).
  • Make pkg/tuf/ handle removals in the repo
  • Remove instructions/references of mail from the client. Closes #6140.
  • Add support for the internal LXDE polkit agent. Closes #6043.
  • Allow the server to set a custom –fragment openvpn option (#5933)
  • Add as pinned provider. Closes #6518.

For older entries look at the HISTORY.rst file.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for leap.bitmask, version 0.9.0
Filename, size File type Python version Upload date Hashes
Filename, size (511.8 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page