Skip to content

Commit

Permalink
Merge pull request #1995 from kcning/opensnitch-1.6.6
Browse files Browse the repository at this point in the history
app-admin/{opensnitch,-ebpf-module}: add 1.6.6
  • Loading branch information
blshkv authored Jul 9, 2024
2 parents d6b3cce + f628620 commit 6a0ca69
Show file tree
Hide file tree
Showing 4 changed files with 211 additions and 0 deletions.
1 change: 1 addition & 0 deletions app-admin/opensnitch-ebpf-module/Manifest
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
DIST opensnitch-1.6.5.1.gh.tar.gz 1354814 BLAKE2B a3e0ce0b799a59d8d5e5cf9adc16d73b710d42b5325774118da3886a8c25507ef3a3e618796a56edd0cdde2ba8730604275a36d560e105d51744abef42fb833c SHA512 8ea1ad5a00c6b8c4649db5774e2fe7997ebdd52ed24610084ba236992c740b31b2bb19a88778b68d880aad54ff21a387d7388bdb4a8692a0456a4afbd7f47347
DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit linux-info

DESCRIPTION="eBPF process monitor module for opensnitch"
HOMEPAGE="https://github.com/evilsocket/opensnitch"
# NOTE: app-admin/opensnitch and this ebuild share the same source
SRC_URI="
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.gh.tar.gz
"

S="${WORKDIR}/opensnitch-${PV}"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~amd64"
IUSE="dist-kernel"

EBPF_DIR=ebpf_prog
MINKV=5.5 # only compatible with kernels >= 5.5

RDEPEND="
dist-kernel? ( virtual/dist-kernel:= )
~app-admin/opensnitch-$PV
"

DEPEND="
virtual/linux-sources
>=sys-kernel/linux-headers-${MINKV}
"

BDEPEND="
sys-devel/bc
sys-devel/clang
sys-devel/llvm
"

RESTRICT="strip test"
QA_PREBUILT="*"

pkg_setup() {
# see https://github.com/evilsocket/opensnitch/discussions/978
local CONFIG_CHECK="
CGROUP_BPF
BPF_EVENTS
FTRACE_SYSCALLS
KPROBES_ON_FTRACE
KPROBE_EVENTS
UPROBE_EVENTS
"

linux-info_pkg_setup
kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required"
}

src_compile() {
MODULES_MAKEARGS+=(
ARCH="x86"
EXTRA_FLAGS="-fno-stack-protector -fcf-protection"
KERNEL_DIR="${KV_DIR}"
KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr
)
emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die
llvm-strip -g "$EBPF_DIR"/opensnitch*.o
}

src_install(){
insinto /usr/lib/opensnitchd/ebpf/
doins "$EBPF_DIR"/opensnitch.o
doins "$EBPF_DIR"/opensnitch-dns.o
doins "$EBPF_DIR"/opensnitch-procs.o
}
2 changes: 2 additions & 0 deletions app-admin/opensnitch/Manifest
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
DIST opensnitch-1.6.5.1-deps.tar.gz 51527916 BLAKE2B f2c3fd8fa3f325ac86d072d9a5d2f40b82f8925970a846822aea42ca4ff849fde716c9dd13f91da7268dcc06bc85764f5633e1acaf1ccd392f76ae071e949690 SHA512 ee1d2613814e9cdbef1c63c96dfa6c328b43d7becc2285e445686d743c78b2026550f60ac63984a9a2fb1b620fcebdd6be6db1b1aa855795dbdc460087e7cfe5
DIST opensnitch-1.6.5.1.gh.tar.gz 1354814 BLAKE2B a3e0ce0b799a59d8d5e5cf9adc16d73b710d42b5325774118da3886a8c25507ef3a3e618796a56edd0cdde2ba8730604275a36d560e105d51744abef42fb833c SHA512 8ea1ad5a00c6b8c4649db5774e2fe7997ebdd52ed24610084ba236992c740b31b2bb19a88778b68d880aad54ff21a387d7388bdb4a8692a0456a4afbd7f47347
DIST opensnitch-1.6.6-deps.tar.gz 52512745 BLAKE2B 5333a4cf94a19fba18a18ff2a0fac46d02f8b3ea65b772bbf3dee39d023cb3073b3e5247aa9061d23f77d04e950863536753c5c83d7ce7ce8bf809d74f96180a SHA512 9dcace493782cf061520fb94b9855d8f249216b6b2df8ee69e9aa534a72e562b41e36c72a2c4f4fbedc785a7f024d3f0645050d2eda2d11c2ac997c570d0af4f
DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f
134 changes: 134 additions & 0 deletions app-admin/opensnitch/opensnitch-1.6.6.ebuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

DISTUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{10..12} )
inherit distutils-r1 go-module linux-info systemd xdg-utils

DESCRIPTION="Desktop application firewall"
HOMEPAGE="https://github.com/evilsocket/opensnitch"

SRC_URI="
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.gh.tar.gz
https://github.com/kcning/opensnitch/archive/refs/tags/${PV}.tar.gz -> ${P}-deps.tar.gz
"

LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~amd64"
IUSE="+audit bpf +iptables +nftables systemd"
REQUIRED_USE="|| ( iptables nftables )"

DEPEND=">=dev-lang/go-1.19
net-libs/libnetfilter_queue
dev-go/go-protobuf
dev-go/protoc-gen-go-grpc
"
RDEPEND="
dev-python/grpcio-tools[${PYTHON_USEDEP}]
dev-python/notify2[${PYTHON_USEDEP}]
dev-python/python-slugify[${PYTHON_USEDEP}]
dev-python/pyinotify[${PYTHON_USEDEP}]
dev-python/PyQt5[network,sql,${PYTHON_USEDEP}]
bpf? ( ~app-admin/opensnitch-ebpf-module-$PV )
"

RESTRICT+=" test"

pkg_setup() {
# see https://github.com/evilsocket/opensnitch/discussions/978
local CONFIG_CHECK="
INET_TCP_DIAG
INET_UDP_DIAG
INET_RAW_DIAG
INET_DIAG_DESTROY
NETFILTER_NETLINK_ACCT
NETFILTER_NETLINK_QUEUE
NF_CONNTRACK
NF_CT_NETLINK
PROC_FS
"

# config needed for the audit monitoring method
use audit && CONFIG_CHECK+="
AUDIT
"

# config needed for using iptables as firewall
use iptables && CONFIG_CHECK+="
NETFILTER_XT_MATCH_CONNTRACK
NETFILTER_XT_TARGET_NFQUEUE
"

# config needed for using nftables as firewall
use nftables && CONFIG_CHECK+="
NFT_CT
NFT_QUEUE
"

linux-info_pkg_setup
}

PATCHES=(
"${FILESDIR}/fix-setup.py.patch"
)

src_unpack() {
unpack ${A} # skip go module verification
}

src_prepare() {
rm -rf ui/tests || die
use systemd && eapply "${FILESDIR}/systemd.patch"
default
}

src_compile() {
emake protocol || die

pushd ui || die
pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc} || die
# workaround for namespace conflict
# see https://github.com/evilsocket/opensnitch/issues/496
# and https://github.com/evilsocket/opensnitch/pull/442
sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die
popd > /dev/null || die

pushd daemon || die
GOCACHE="${T}/go-cache" \
GOMODCACHE="${WORKDIR}/${PN}-${PV}/vendor" \
ego build -v -buildmode=pie -o opensnitchd || die
popd > /dev/null || die

pushd ui || die
distutils-r1_src_compile
popd > /dev/null || die
}

src_install(){
pushd ui || die
distutils-r1_src_install
popd > /dev/null || die

pushd daemon || die
dobin opensnitchd
insinto /etc/opensnitchd/rules
insinto /etc/opensnitchd/
doins default-config.json
doins system-fw.json
popd > /dev/null || die

if use systemd; then
pushd daemon || die
systemd_dounit opensnitchd.service
popd > /dev/null || die
else
newinitd "${FILESDIR}"/opensnitch.initd ${PN}
fi
}

pkg_postinst() {
xdg_icon_cache_update
}

0 comments on commit 6a0ca69

Please sign in to comment.