-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1995 from kcning/opensnitch-1.6.6
app-admin/{opensnitch,-ebpf-module}: add 1.6.6
- Loading branch information
Showing
4 changed files
with
211 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
DIST opensnitch-1.6.5.1.gh.tar.gz 1354814 BLAKE2B a3e0ce0b799a59d8d5e5cf9adc16d73b710d42b5325774118da3886a8c25507ef3a3e618796a56edd0cdde2ba8730604275a36d560e105d51744abef42fb833c SHA512 8ea1ad5a00c6b8c4649db5774e2fe7997ebdd52ed24610084ba236992c740b31b2bb19a88778b68d880aad54ff21a387d7388bdb4a8692a0456a4afbd7f47347 | ||
DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f |
74 changes: 74 additions & 0 deletions
74
app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.6.6.ebuild
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# Copyright 1999-2024 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=8 | ||
|
||
inherit linux-info | ||
|
||
DESCRIPTION="eBPF process monitor module for opensnitch" | ||
HOMEPAGE="https://github.com/evilsocket/opensnitch" | ||
# NOTE: app-admin/opensnitch and this ebuild share the same source | ||
SRC_URI=" | ||
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.gh.tar.gz | ||
" | ||
|
||
S="${WORKDIR}/opensnitch-${PV}" | ||
LICENSE="GPL-3" | ||
SLOT="0" | ||
KEYWORDS="~amd64" | ||
IUSE="dist-kernel" | ||
|
||
EBPF_DIR=ebpf_prog | ||
MINKV=5.5 # only compatible with kernels >= 5.5 | ||
|
||
RDEPEND=" | ||
dist-kernel? ( virtual/dist-kernel:= ) | ||
~app-admin/opensnitch-$PV | ||
" | ||
|
||
DEPEND=" | ||
virtual/linux-sources | ||
>=sys-kernel/linux-headers-${MINKV} | ||
" | ||
|
||
BDEPEND=" | ||
sys-devel/bc | ||
sys-devel/clang | ||
sys-devel/llvm | ||
" | ||
|
||
RESTRICT="strip test" | ||
QA_PREBUILT="*" | ||
|
||
pkg_setup() { | ||
# see https://github.com/evilsocket/opensnitch/discussions/978 | ||
local CONFIG_CHECK=" | ||
CGROUP_BPF | ||
BPF_EVENTS | ||
FTRACE_SYSCALLS | ||
KPROBES_ON_FTRACE | ||
KPROBE_EVENTS | ||
UPROBE_EVENTS | ||
" | ||
|
||
linux-info_pkg_setup | ||
kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required" | ||
} | ||
|
||
src_compile() { | ||
MODULES_MAKEARGS+=( | ||
ARCH="x86" | ||
EXTRA_FLAGS="-fno-stack-protector -fcf-protection" | ||
KERNEL_DIR="${KV_DIR}" | ||
KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr | ||
) | ||
emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die | ||
llvm-strip -g "$EBPF_DIR"/opensnitch*.o | ||
} | ||
|
||
src_install(){ | ||
insinto /usr/lib/opensnitchd/ebpf/ | ||
doins "$EBPF_DIR"/opensnitch.o | ||
doins "$EBPF_DIR"/opensnitch-dns.o | ||
doins "$EBPF_DIR"/opensnitch-procs.o | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,4 @@ | ||
DIST opensnitch-1.6.5.1-deps.tar.gz 51527916 BLAKE2B f2c3fd8fa3f325ac86d072d9a5d2f40b82f8925970a846822aea42ca4ff849fde716c9dd13f91da7268dcc06bc85764f5633e1acaf1ccd392f76ae071e949690 SHA512 ee1d2613814e9cdbef1c63c96dfa6c328b43d7becc2285e445686d743c78b2026550f60ac63984a9a2fb1b620fcebdd6be6db1b1aa855795dbdc460087e7cfe5 | ||
DIST opensnitch-1.6.5.1.gh.tar.gz 1354814 BLAKE2B a3e0ce0b799a59d8d5e5cf9adc16d73b710d42b5325774118da3886a8c25507ef3a3e618796a56edd0cdde2ba8730604275a36d560e105d51744abef42fb833c SHA512 8ea1ad5a00c6b8c4649db5774e2fe7997ebdd52ed24610084ba236992c740b31b2bb19a88778b68d880aad54ff21a387d7388bdb4a8692a0456a4afbd7f47347 | ||
DIST opensnitch-1.6.6-deps.tar.gz 52512745 BLAKE2B 5333a4cf94a19fba18a18ff2a0fac46d02f8b3ea65b772bbf3dee39d023cb3073b3e5247aa9061d23f77d04e950863536753c5c83d7ce7ce8bf809d74f96180a SHA512 9dcace493782cf061520fb94b9855d8f249216b6b2df8ee69e9aa534a72e562b41e36c72a2c4f4fbedc785a7f024d3f0645050d2eda2d11c2ac997c570d0af4f | ||
DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
# Copyright 1999-2024 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=8 | ||
|
||
DISTUTILS_USE_PEP517=setuptools | ||
PYTHON_COMPAT=( python3_{10..12} ) | ||
inherit distutils-r1 go-module linux-info systemd xdg-utils | ||
|
||
DESCRIPTION="Desktop application firewall" | ||
HOMEPAGE="https://github.com/evilsocket/opensnitch" | ||
|
||
SRC_URI=" | ||
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.gh.tar.gz | ||
https://github.com/kcning/opensnitch/archive/refs/tags/${PV}.tar.gz -> ${P}-deps.tar.gz | ||
" | ||
|
||
LICENSE="GPL-3" | ||
SLOT="0" | ||
KEYWORDS="~amd64" | ||
IUSE="+audit bpf +iptables +nftables systemd" | ||
REQUIRED_USE="|| ( iptables nftables )" | ||
|
||
DEPEND=">=dev-lang/go-1.19 | ||
net-libs/libnetfilter_queue | ||
dev-go/go-protobuf | ||
dev-go/protoc-gen-go-grpc | ||
" | ||
RDEPEND=" | ||
dev-python/grpcio-tools[${PYTHON_USEDEP}] | ||
dev-python/notify2[${PYTHON_USEDEP}] | ||
dev-python/python-slugify[${PYTHON_USEDEP}] | ||
dev-python/pyinotify[${PYTHON_USEDEP}] | ||
dev-python/PyQt5[network,sql,${PYTHON_USEDEP}] | ||
bpf? ( ~app-admin/opensnitch-ebpf-module-$PV ) | ||
" | ||
|
||
RESTRICT+=" test" | ||
|
||
pkg_setup() { | ||
# see https://github.com/evilsocket/opensnitch/discussions/978 | ||
local CONFIG_CHECK=" | ||
INET_TCP_DIAG | ||
INET_UDP_DIAG | ||
INET_RAW_DIAG | ||
INET_DIAG_DESTROY | ||
NETFILTER_NETLINK_ACCT | ||
NETFILTER_NETLINK_QUEUE | ||
NF_CONNTRACK | ||
NF_CT_NETLINK | ||
PROC_FS | ||
" | ||
|
||
# config needed for the audit monitoring method | ||
use audit && CONFIG_CHECK+=" | ||
AUDIT | ||
" | ||
|
||
# config needed for using iptables as firewall | ||
use iptables && CONFIG_CHECK+=" | ||
NETFILTER_XT_MATCH_CONNTRACK | ||
NETFILTER_XT_TARGET_NFQUEUE | ||
" | ||
|
||
# config needed for using nftables as firewall | ||
use nftables && CONFIG_CHECK+=" | ||
NFT_CT | ||
NFT_QUEUE | ||
" | ||
|
||
linux-info_pkg_setup | ||
} | ||
|
||
PATCHES=( | ||
"${FILESDIR}/fix-setup.py.patch" | ||
) | ||
|
||
src_unpack() { | ||
unpack ${A} # skip go module verification | ||
} | ||
|
||
src_prepare() { | ||
rm -rf ui/tests || die | ||
use systemd && eapply "${FILESDIR}/systemd.patch" | ||
default | ||
} | ||
|
||
src_compile() { | ||
emake protocol || die | ||
|
||
pushd ui || die | ||
pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc} || die | ||
# workaround for namespace conflict | ||
# see https://github.com/evilsocket/opensnitch/issues/496 | ||
# and https://github.com/evilsocket/opensnitch/pull/442 | ||
sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die | ||
popd > /dev/null || die | ||
|
||
pushd daemon || die | ||
GOCACHE="${T}/go-cache" \ | ||
GOMODCACHE="${WORKDIR}/${PN}-${PV}/vendor" \ | ||
ego build -v -buildmode=pie -o opensnitchd || die | ||
popd > /dev/null || die | ||
|
||
pushd ui || die | ||
distutils-r1_src_compile | ||
popd > /dev/null || die | ||
} | ||
|
||
src_install(){ | ||
pushd ui || die | ||
distutils-r1_src_install | ||
popd > /dev/null || die | ||
|
||
pushd daemon || die | ||
dobin opensnitchd | ||
insinto /etc/opensnitchd/rules | ||
insinto /etc/opensnitchd/ | ||
doins default-config.json | ||
doins system-fw.json | ||
popd > /dev/null || die | ||
|
||
if use systemd; then | ||
pushd daemon || die | ||
systemd_dounit opensnitchd.service | ||
popd > /dev/null || die | ||
else | ||
newinitd "${FILESDIR}"/opensnitch.initd ${PN} | ||
fi | ||
} | ||
|
||
pkg_postinst() { | ||
xdg_icon_cache_update | ||
} |