diff options
| -rw-r--r-- | .SRCINFO | 58 | ||||
| -rw-r--r-- | .gitignore | 8 | ||||
| -rw-r--r-- | PKGBUILD | 207 | ||||
| -rw-r--r-- | fix-systemd-service.patch | 34 | ||||
| -rw-r--r-- | nosudo.patch | 51 | ||||
| -rw-r--r-- | opensnitch.install | 21 |
6 files changed, 258 insertions, 121 deletions
@@ -1,29 +1,51 @@ pkgbase = opensnitch-git - pkgdesc = A GNU/Linux port of the Little Snitch application firewall. - pkgver = 20181008.359_c10e7a3 + pkgdesc = A GNU/Linux port of the Little Snitch application firewall + pkgver = 1.6.0rc5.r84.e1afd24 pkgrel = 2 + url = https://github.com/evilsocket/opensnitch + install = opensnitch.install arch = i686 arch = x86_64 - license = GPL + arch = armv6h + arch = armv7h + arch = aarch64 + license = GPL3 makedepends = git - makedepends = go-pie - makedepends = dep + makedepends = go + makedepends = python-grpcio-tools + makedepends = python-build + makedepends = python-installer + makedepends = python-wheel makedepends = python-setuptools - makedepends = python-pip + makedepends = python-nspektr + makedepends = python-jaraco.text + makedepends = qt5-tools + depends = hicolor-icon-theme + depends = libnetfilter_queue + depends = libpcap depends = python-grpcio - depends = python-grpcio-tools - depends = python-pyinotify + depends = python-protobuf + depends = python-slugify depends = python-pyqt5 - depends = python-unicode-slugify - depends = libpcap - depends = libnetfilter_queue - depends = desktop-file-utils + depends = python-pyinotify + depends = python-notify2 + optdepends = logrotate: logfile rotation + optdepends = opensnitch-ebpf-module-git: eBPF process monitor method (non-hardened kernel only) + optdepends = python-pyasn: display network names of IP + optdepends = python-qt-material-git: extra ui themes provides = opensnitch - provides = opensnitch-ui - source = git://github.com/evilsocket/opensnitch.git - source = nosudo.patch - md5sums = SKIP - md5sums = eb5a6c83c3816220799e678e32572705 + conflicts = opensnitch + backup = etc/opensnitchd/default-config.json + backup = etc/opensnitchd/system-fw.json + source = git+https://github.com/evilsocket/opensnitch.git + source = fix-systemd-service.patch + source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/remove-debian-path.patch + source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/fix-setup.py.patch + source = https://raw.githubusercontent.com/archlinux/svntogit-community/eebb5fb16ed15251d3ead163e8e4b4229c21a999/trunk/tmpfiles.conf + sha256sums = SKIP + sha256sums = 9c3b312492c8127ca5e766cc5d6a8f8abcc5212be0d012e9f91c0258db4e9970 + sha256sums = 4485913927e77c2edf46afcec9c2fbd6b1b6c8139d43d3b587b39ae2afdde398 + sha256sums = e77d2f6a6ada2761a987828e00c7725dee0c06bdb8793ae414d0df7fb1eb44a7 + sha256sums = 09bd2cda97f74033617fd31efce8eba68eac03b29ea6d0f55aba2cef18824a72 pkgname = opensnitch-git - diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..44e3ec946769 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +# Ignore everything +* + +# But not these files... +!.gitignore +!PKGBUILD +!.SRCINFO +!opensnitch.install @@ -1,62 +1,165 @@ -# Maintainer: lsf +# Maintainer: +# Contributor: Mark Wagie <mark dot wagie at tutanota dot com> +# Contributor: lsf # Contributor: Adam Hose <adis@blad.is> -pkgver=20181008.359_c10e7a3 -pkgrel=2 -_pkgname=opensnitch pkgname=opensnitch-git -arch=('i686' 'x86_64') -license=('GPL') -pkgdesc="A GNU/Linux port of the Little Snitch application firewall." -makedepends=('git' 'go-pie' 'dep' - 'python-setuptools' 'python-pip') -depends=('python-grpcio' 'python-grpcio-tools' 'python-pyinotify' - 'python-pyqt5' 'python-unicode-slugify' - 'libpcap' 'libnetfilter_queue' - 'desktop-file-utils') -provides=('opensnitch' 'opensnitch-ui') - -source=("git://github.com/evilsocket/opensnitch.git" - 'nosudo.patch') - -md5sums=('SKIP' - 'eb5a6c83c3816220799e678e32572705') +pkgver=1.6.0rc5.r84.e1afd24 +pkgrel=2 +pkgdesc="A GNU/Linux port of the Little Snitch application firewall" +arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64') +url="https://github.com/evilsocket/opensnitch" +license=('GPL3') +makedepends=( + 'git' + 'go' + 'python-grpcio-tools' + 'python-build' + 'python-installer' + 'python-wheel' + 'python-setuptools' + 'python-nspektr' + 'python-jaraco.text' + 'qt5-tools' +) +depends=( + 'hicolor-icon-theme' + 'libnetfilter_queue' + 'libpcap' # check: do we still need this? Arch upstream says no? + 'python-grpcio' + 'python-protobuf' + 'python-slugify' + 'python-pyqt5' + 'python-pyinotify' + 'python-notify2' +) +optdepends=( + 'logrotate: logfile rotation' + 'opensnitch-ebpf-module-git: eBPF process monitor method (non-hardened kernel only)' + 'python-pyasn: display network names of IP' + 'python-qt-material-git: extra ui themes') +provides=("${pkgname%-git}") +conflicts=("${pkgname%-git}") +backup=( + "etc/${pkgname%-git}d/default-config.json" + "etc/${pkgname%-git}d/system-fw.json" +) +install="${pkgname%-git}.install" +_arch_svntogit=https://raw.githubusercontent.com/archlinux/svntogit-community +_arch_commit=eebb5fb16ed15251d3ead163e8e4b4229c21a999 +_arch_git_url=${_arch_svntogit}/${_arch_commit}/trunk/ +source=( + 'git+https://github.com/evilsocket/opensnitch.git' + "fix-systemd-service.patch" + "${_arch_git_url}remove-debian-path.patch" + "${_arch_git_url}fix-setup.py.patch" + "${_arch_git_url}tmpfiles.conf" +) +sha256sums=('SKIP' + '9c3b312492c8127ca5e766cc5d6a8f8abcc5212be0d012e9f91c0258db4e9970' + '4485913927e77c2edf46afcec9c2fbd6b1b6c8139d43d3b587b39ae2afdde398' + 'e77d2f6a6ada2761a987828e00c7725dee0c06bdb8793ae414d0df7fb1eb44a7' + '09bd2cda97f74033617fd31efce8eba68eac03b29ea6d0f55aba2cef18824a72') pkgver() { - cd "$srcdir/$_pkgname" - local date=$(git log -1 --format="%cd" --date=short | sed s/-//g) - local count=$(git rev-list --count HEAD) - local commit=$(git rev-parse --short HEAD) - echo "$date.${count}_$commit" + cd "$srcdir/${pkgname%-git}" + git describe --long | sed 's/^v//;s/-rc./rc/;s/\([^-]*-\)g/r\1/;s/-/./g' +} + +prepare() { + export GOPATH="$srcdir/gopath" + go clean -modcache + + cd "$srcdir/${pkgname%-git}" + + # Arch upstream patches + + # TODO file an upstream bug + # * fix an issue with setup.py installing to python's site-packages instead + # of /usr + # * prefer scaled SVG instead of pixellated 48x48 PNG + patch -p1 -i "$srcdir/fix-setup.py.patch" + + # TODO file an upstream bug + # fix a couple of issues with the systemd services + # (slightly adapted Arch upstream patch) + patch -p1 -i "$srcdir/fix-systemd-service.patch" + + # TODO file an upstream bug + # remove Debian-specific path from sys.path + patch -p1 -i "$srcdir/remove-debian-path.patch" + + # other fixes + local site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + sed -i "s|/usr/lib/python3/dist-packages/data/|${site_packages}/pyasn/data/|g" ui/opensnitch/utils/__init__.py + sed -i "s|/usr/lib/python3/dist-packages/|${site_packages}/|g" ui/bin/opensnitch-ui } build() { - cd "$srcdir/$_pkgname" - - if [ -L "$srcdir/$_pkgname" ]; then - rm "$srcdir/$_pkgname" -rf - mv "$srcdir/.go/src/$_pkgname/" "$srcdir/$_pkgname" - fi - - rm -rf "$srcdir/.go/src" - mkdir -p "$srcdir/.go/src" - export GOPATH="$srcdir/.go" - mv "$srcdir/$_pkgname" "$srcdir/.go/src/" - - cd "$srcdir/.go/src/$_pkgname/" - ln -sf "$srcdir/.go/src/$_pkgname/" "$srcdir/$_pkgname" - - cd "$GOPATH/src/opensnitch/daemon" - dep ensure - cd "$GOPATH/src/opensnitch" - patch -Np1 -i "${srcdir}/nosudo.patch" - make + cd "$srcdir/${pkgname%-git}" + + export GOPATH="$srcdir/gopath" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=mod" + export PATH=${PATH}:${GOPATH}/bin + go install github.com/golang/protobuf/protoc-gen-go + go install google.golang.org/grpc/cmd/protoc-gen-go-grpc + pushd proto + make + popd + + pushd daemon + make + popd + + pushd ui + pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc + # NOTE: yes, we do need this. + # Arch upstream uses a patch, but _also_ includes pb files pre-generated + # so it fails for this PKGBUILD. + # not seeing the files to be fixed with this in the tree _before_ building + # made me assume they were just not there anymore (and thus no need for the fix). + # I was wrong. + sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* + python -m build --wheel --no-isolation + # python setup.py build + popd + go clean -modcache + + # do not use ebpf proc method by default as the module is provided as an optdepend + # NOTE: does not seem to be required, the default-config.json should use proc unless + # changed in the settings / in the file + # cp "daemon/${pkgname%-git}d.service" "daemon/${pkgname%-git}d-ebpf.service" + # sed -i 's/\(ExecStart=.*\)/\1 -process-monitor-method ebpf/' "daemon/${pkgname%-git}d-ebpf.service" + # sed -i 's/\(ExecStart=.*\)/\1 -process-monitor-method proc/' "daemon/${pkgname%-git}d.service" } -package(){ - cd "$srcdir/.go/src/$_pkgname/" - mkdir -p "${pkgdir}"/usr/lib/systemd/system - mkdir -p "${pkgdir}"/usr/bin - make DESTDIR="$pkgdir/" install - cd ui - pip install --isolated --root="$pkgdir" --ignore-installed --no-deps . +package() { + cd "$srcdir/${pkgname%-git}" + # pushd ui + # export PYTHONHASHSEED=0 # to hopefully avoid annoying keychain popups + # python setup.py install --root="$pkgdir/" --optimize=1 --skip-build + # popd + + install -d "$pkgdir/etc/${pkgname%-git}d/rules" + install -Dm755 "daemon/${pkgname%-git}d" -t "$pkgdir/usr/bin" + install -Dm644 "daemon/${pkgname%-git}d.service" -t \ + "$pkgdir/usr/lib/systemd/system" + install -vDm644 "$srcdir/tmpfiles.conf" \ + "$pkgdir/usr/lib/tmpfiles.d/${pkgname%-git}.conf" + # install -Dm644 "daemon/${pkgname%-git}d-ebpf.service" -t \ + # "$pkgdir/usr/lib/systemd/system" + install -Dm644 daemon/default-config.json -t "$pkgdir/etc/${pkgname%-git}d" + install -Dm644 daemon/system-fw.json -t "$pkgdir/etc/${pkgname%-git}d" + install -Dm644 "utils/packaging/daemon/deb/debian/${pkgname%-git}.logrotate" \ + "$pkgdir/etc/logrotate.d/${pkgname%-git}" + + # python ui + python -m installer --destdir="$pkgdir" ui/dist/*.whl + + # tests are in site-packages, big no-no + local site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + rm -rf "$pkgdir/$site_packages/tests" } diff --git a/fix-systemd-service.patch b/fix-systemd-service.patch new file mode 100644 index 000000000000..be16ae30e298 --- /dev/null +++ b/fix-systemd-service.patch @@ -0,0 +1,34 @@ +diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service +index 3f05fad..0aea7fc 100644 +--- a/daemon/opensnitchd.service ++++ b/daemon/opensnitchd.service +@@ -4,9 +4,7 @@ Documentation=https://github.com/evilsocket/opensnitch/wiki + + [Service] + Type=simple +-PermissionsStartOnly=true +-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules +-ExecStart=/usr/local/bin/opensnitchd -rules-path /etc/opensnitchd/rules ++ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules + Restart=always + RestartSec=30 + TimeoutStopSec=10 +diff --git a/utils/packaging/daemon/deb/debian/opensnitch.service b/utils/packaging/daemon/deb/debian/opensnitch.service +index b4301a5..6fc91f3 100644 +--- a/utils/packaging/daemon/deb/debian/opensnitch.service ++++ b/utils/packaging/daemon/deb/debian/opensnitch.service +@@ -1,13 +1,11 @@ + [Unit] + Description=Application firewall OpenSnitch +-Documentation=https://github.com/gustavo-iniguez-goya/opensnitch/wiki ++Documentation=https://github.com/evilsocket/opensnitch/wiki + Wants=network.target + After=network.target + + [Service] + Type=simple +-PermissionsStartOnly=true +-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules + ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules + Restart=always + RestartSec=30 diff --git a/nosudo.patch b/nosudo.patch deleted file mode 100644 index 14ccabd69dc7..000000000000 --- a/nosudo.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/daemon/Makefile b/daemon/Makefile -index ece2090..2d364f8 100644 ---- a/daemon/Makefile -+++ b/daemon/Makefile -@@ -1,10 +1,9 @@ - all: opensnitchd - - install: -- @mkdir -p /etc/opensnitchd/rules -- @cp opensnitchd /usr/local/bin/ -- @cp opensnitchd.service /etc/systemd/system/ -- @systemctl daemon-reload -+ @mkdir -p $(DESTDIR)/etc/opensnitchd/rules -+ @cp opensnitchd $(DESTDIR)/usr/bin/ -+ @cp opensnitchd.service $(DESTDIR)/usr/lib/systemd/system/ - - deps: - @dep ensure -diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service -index e504417..4dfa8fd 100644 ---- a/daemon/opensnitchd.service -+++ b/daemon/opensnitchd.service -@@ -8,7 +8,7 @@ After=network.target - Type=simple - PermissionsStartOnly=true - ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules --ExecStart=/usr/local/bin/opensnitchd -log-file /var/log/opensnitchd.log -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock -+ExecStart=/usr/bin/opensnitchd -log-file /var/log/opensnitchd.log -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock - Restart=always - RestartSec=30 - -diff --git a/ui/Makefile b/ui/Makefile -index 29c1d35..b7ef78b 100644 ---- a/ui/Makefile -+++ b/ui/Makefile -@@ -1,13 +1,13 @@ - all: opensnitch/resources_rc.py - - install: -- @pip3 install . -+ @echo 'nope' - - opensnitch/resources_rc.py: deps - @pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc - - deps: -- @sudo pip3 install -r requirements.txt -+ @echo 'nope' - - clean: - @rm -rf *.pyc diff --git a/opensnitch.install b/opensnitch.install new file mode 100644 index 000000000000..9cc39ffac720 --- /dev/null +++ b/opensnitch.install @@ -0,0 +1,21 @@ +post_install() { + echo "" + echo "Enable opensnitchd as a systemd service:" + echo "systemctl enable --now opensnitchd" + echo "" +} + +post_upgrade() { + echo "" + echo "Restart opensnitchd service:" + echo "systemctl daemon-reload" + echo "systemctl restart opensnitchd" + echo "" +} + +post_remove() { + echo "" + echo "Optionally remove log file:" + echo "sudo rm /var/log/opensnitchd.log" + echo "" +} |