fix sed issues; align more with Arch upstream PKGBUILD

3 files changed, 140 insertions, 31 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 313f3841a35f..3da54a87f73c 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = opensnitch-git
 	pkgdesc = A GNU/Linux port of the Little Snitch application firewall
-	pkgver = 1.6.0rc2.r21.564c263
+	pkgver = 1.6.0rc5.r7.c2352d0
 	pkgrel = 1
 	url = https://github.com/evilsocket/opensnitch
 	install = opensnitch.install
@@ -12,25 +12,40 @@ pkgbase = opensnitch-git
 	license = GPL3
 	makedepends = git
 	makedepends = go
-	makedepends = python-setuptools
 	makedepends = python-grpcio-tools
+	makedepends = python-build
+	makedepends = python-installer
+	makedepends = python-wheel
+	makedepends = python-setuptools
+	makedepends = python-nspektr
+	makedepends = python-jaraco.text
 	makedepends = qt5-tools
+	depends = hicolor-icon-theme
 	depends = libnetfilter_queue
 	depends = libpcap
 	depends = python-grpcio
 	depends = python-protobuf
-	depends = python-pyinotify
 	depends = python-slugify
 	depends = python-pyqt5
-	optdepends = logrotate: for logfile rotation support
+	depends = python-pyinotify
+	depends = python-notify2
+	optdepends = logrotate: logfile rotation
 	optdepends = opensnitch-ebpf-module-git: eBPF process monitor method (non-hardened kernel only)
-	optdepends = python-notify2: desktop notifications
-	optdepends = python-pyasn: display network names
-	optdepends = python-qt-material-git: theming
+	optdepends = python-pyasn: display network names of IP
+	optdepends = python-qt-material-git: extra ui themes
 	provides = opensnitch
 	conflicts = opensnitch
 	backup = etc/opensnitchd/default-config.json
+	backup = etc/opensnitchd/system-fw.json
 	source = git+https://github.com/evilsocket/opensnitch.git
+	source = fix-systemd-service.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/remove-debian-path.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/fix-setup.py.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/tmpfiles.conf
 	sha256sums = SKIP
+	sha256sums = 9c3b312492c8127ca5e766cc5d6a8f8abcc5212be0d012e9f91c0258db4e9970
+	sha256sums = 4485913927e77c2edf46afcec9c2fbd6b1b6c8139d43d3b587b39ae2afdde398
+	sha256sums = e77d2f6a6ada2761a987828e00c7725dee0c06bdb8793ae414d0df7fb1eb44a7
+	sha256sums = 09bd2cda97f74033617fd31efce8eba68eac03b29ea6d0f55aba2cef18824a72
 
 pkgname = opensnitch-git
diff --git a/PKGBUILD b/PKGBUILD
index 4c6b8d7d5f78..7d31b352f78f 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,27 +3,62 @@
 # Contributor: lsf
 # Contributor: Adam Hose <adis@blad.is>
 pkgname=opensnitch-git
-pkgver=1.6.0rc2.r21.564c263
+pkgver=1.6.0rc5.r7.c2352d0
 pkgrel=1
 pkgdesc="A GNU/Linux port of the Little Snitch application firewall"
 arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
 url="https://github.com/evilsocket/opensnitch"
 license=('GPL3')
-makedepends=('git' 'go' 'python-setuptools'
-             'python-grpcio-tools' 'qt5-tools')
-depends=('libnetfilter_queue' 'libpcap' 'python-grpcio' 'python-protobuf'
-         'python-pyinotify' 'python-slugify' 'python-pyqt5')
-optdepends=('logrotate: for logfile rotation support'
-            'opensnitch-ebpf-module-git: eBPF process monitor method (non-hardened kernel only)'
-            'python-notify2: desktop notifications'
-            'python-pyasn: display network names'
-            'python-qt-material-git: theming')
+makedepends=(
+  'git'
+  'go'
+  'python-grpcio-tools'
+  'python-build'
+  'python-installer'
+  'python-wheel'
+  'python-setuptools'
+  'python-nspektr'
+  'python-jaraco.text'
+  'qt5-tools'
+)
+depends=(
+  'hicolor-icon-theme'
+  'libnetfilter_queue'
+  'libpcap' # check: do we still need this? Arch upstream says no?
+  'python-grpcio'
+  'python-protobuf'
+  'python-slugify'
+  'python-pyqt5'
+  'python-pyinotify'
+  'python-notify2'
+)
+optdepends=(
+ 'logrotate: logfile rotation'
+ 'opensnitch-ebpf-module-git: eBPF process monitor method (non-hardened kernel only)'
+ 'python-pyasn: display network names of IP'
+ 'python-qt-material-git: extra ui themes')
 provides=("${pkgname%-git}")
 conflicts=("${pkgname%-git}")
-backup=("etc/${pkgname%-git}d/default-config.json")
+backup=(
+  "etc/${pkgname%-git}d/default-config.json"
+  "etc/${pkgname%-git}d/system-fw.json"
+)
 install="${pkgname%-git}.install"
-source=('git+https://github.com/evilsocket/opensnitch.git')
-sha256sums=('SKIP')
+_arch_svntogit=https://raw.githubusercontent.com/archlinux/svntogit-community
+_arch_commit=eebb5fb16ed15251d3ead163e8e4b4229c21a999
+_arch_git_url=${_arch_svntogit}/${_arch_commit}/trunk/
+source=(
+  'git+https://github.com/evilsocket/opensnitch.git'
+  "fix-systemd-service.patch"
+  "${_arch_git_url}remove-debian-path.patch"
+  "${_arch_git_url}fix-setup.py.patch"
+  "${_arch_git_url}tmpfiles.conf"
+)
+sha256sums=('SKIP'
+            '9c3b312492c8127ca5e766cc5d6a8f8abcc5212be0d012e9f91c0258db4e9970'
+            '4485913927e77c2edf46afcec9c2fbd6b1b6c8139d43d3b587b39ae2afdde398'
+            'e77d2f6a6ada2761a987828e00c7725dee0c06bdb8793ae414d0df7fb1eb44a7'
+            '09bd2cda97f74033617fd31efce8eba68eac03b29ea6d0f55aba2cef18824a72')
 
 pkgver() {
   cd "$srcdir/${pkgname%-git}"
@@ -35,8 +70,27 @@ prepare() {
   go clean -modcache
 
   cd "$srcdir/${pkgname%-git}"
-  sed -i 's|local/bin|bin|g' "daemon/${pkgname%-git}d.service"
-  sed -i 's|/usr/lib/python3/dist-packages/data/|/usr/lib/python3.10/site-packages/pyasn/data/|g' ui/opensnitch/utils.py
+
+  # Arch upstream patches
+
+  # TODO file an upstream bug
+  # * fix an issue with setup.py installing to python's site-packages instead
+  # of /usr
+  # * prefer scaled SVG instead of pixellated 48x48 PNG
+  patch -p1 -i "$srcdir/fix-setup.py.patch"
+
+  # TODO file an upstream bug
+  # fix a couple of issues with the systemd services
+  # (slightly adapted Arch upstream patch)
+  patch -p1 -i "$srcdir/fix-systemd-service.patch"
+
+  # TODO file an upstream bug
+  # remove Debian-specific path from sys.path
+  patch -p1 -i "$srcdir/remove-debian-path.patch"
+
+  # other fixes
+
+  sed -i 's|/usr/lib/python3/dist-packages/data/|/usr/lib/python3.10/site-packages/pyasn/data/|g' ui/opensnitch/utils/__init__.py
   sed -i 's|/usr/lib/python3/dist-packages/|/usr/lib/python3.10/site-packages/|g' ui/bin/opensnitch-ui
 }
 
@@ -62,8 +116,9 @@ build() {
 
   pushd ui
   pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc
-  sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2*
-  python setup.py build
+  # sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2*
+  python -m build --wheel --no-isolation
+  # python setup.py build
   popd
   go clean -modcache
 
@@ -77,15 +132,17 @@ build() {
 
 package() {
   cd "$srcdir/${pkgname%-git}"
-  pushd ui
-  export PYTHONHASHSEED=0 # to hopefully avoid annoying keychain popups
-  python setup.py install --root="$pkgdir/" --optimize=1 --skip-build
-  popd
+  # pushd ui
+  # export PYTHONHASHSEED=0 # to hopefully avoid annoying keychain popups
+  # python setup.py install --root="$pkgdir/" --optimize=1 --skip-build
+  # popd
 
   install -d "$pkgdir/etc/${pkgname%-git}d/rules"
   install -Dm755 "daemon/${pkgname%-git}d" -t "$pkgdir/usr/bin"
   install -Dm644 "daemon/${pkgname%-git}d.service" -t \
     "$pkgdir/usr/lib/systemd/system"
+  install -vDm644 "$srcdir/tmpfiles.conf" \
+    "$pkgdir/usr/lib/tmpfiles.d/${pkgname%-git}.conf"
   # install -Dm644 "daemon/${pkgname%-git}d-ebpf.service" -t \
     # "$pkgdir/usr/lib/systemd/system"
   install -Dm644 daemon/default-config.json -t "$pkgdir/etc/${pkgname%-git}d"
@@ -93,7 +150,10 @@ package() {
   install -Dm644 "utils/packaging/daemon/deb/debian/${pkgname%-git}.logrotate" \
     "$pkgdir/etc/logrotate.d/${pkgname%-git}"
 
-  # clean up test dir to avoid conflicts with other packages
-  # that also do not clear up the test dir ^^
-  rm -rf "$pkgdir/usr/lib/python3.10/site-packages/tests"
+  # python ui
+  python -m installer --destdir="$pkgdir" ui/dist/*.whl
+
+  # tests are in site-packages, big no-no
+  local site_packages=$(python -c "import site; print(site.getsitepackages()[0])")
+  rm -rf "$pkgdir/$site_packages/tests"
 }
diff --git a/fix-systemd-service.patch b/fix-systemd-service.patch
new file mode 100644
index 000000000000..be16ae30e298
--- /dev/null
+++ b/fix-systemd-service.patch
@@ -0,0 +1,34 @@
+diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service
+index 3f05fad..0aea7fc 100644
+--- a/daemon/opensnitchd.service
++++ b/daemon/opensnitchd.service
+@@ -4,9 +4,7 @@ Documentation=https://github.com/evilsocket/opensnitch/wiki
+ 
+ [Service]
+ Type=simple
+-PermissionsStartOnly=true
+-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
+-ExecStart=/usr/local/bin/opensnitchd -rules-path /etc/opensnitchd/rules
++ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
+ Restart=always
+ RestartSec=30
+ TimeoutStopSec=10
+diff --git a/utils/packaging/daemon/deb/debian/opensnitch.service b/utils/packaging/daemon/deb/debian/opensnitch.service
+index b4301a5..6fc91f3 100644
+--- a/utils/packaging/daemon/deb/debian/opensnitch.service
++++ b/utils/packaging/daemon/deb/debian/opensnitch.service
+@@ -1,13 +1,11 @@
+ [Unit]
+ Description=Application firewall OpenSnitch
+-Documentation=https://github.com/gustavo-iniguez-goya/opensnitch/wiki
++Documentation=https://github.com/evilsocket/opensnitch/wiki
+ Wants=network.target
+ After=network.target
+ 
+ [Service]
+ Type=simple
+-PermissionsStartOnly=true
+-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
+ ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
+ Restart=always
+ RestartSec=30