summarylogtreecommitdiffstats
path: root/PKGBUILD
blob: d098b041f53283e2a5ead880aed3cb51d9aed495 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Maintainer: Rasmus Moorats <xx+aur@nns.ee>

pkgname=opensnitch-ebpf-module
_pkgname=opensnitch
pkgver=1.6.6
pkgrel=1
pkgdesc="eBPF process monitor module for opensnitch"
arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
url="https://github.com/evilsocket/opensnitch"
license=('GPL3')
makedepends=('bc' 'clang' 'libelf' 'linux-headers' 'llvm')
checkdepends=('llvm')
depends=('opensnitch')
source=("${_pkgname}-${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz")
sha256sums=('7e2a5dbf32418e6b59ff77ff159166984fc52114a2abda32ad9ce9dcdffd1350')
options=('!strip') # we're stripping with llvm-strip

build() {
	cd "${srcdir}/${_pkgname}-${pkgver}/ebpf_prog"
	KDIR="/usr/src/linux"

	# we set -fno-stack-protector here to work around a clang regression
	# this is fine - bpf programs do not use stack protectors
	CLANG="clang -fno-stack-protector" ARCH="$CARCH" KERNEL_DIR="$KDIR" KERNEL_HEADERS="$KDIR" make
	llvm-strip -g opensnitch*.o
}

check() {
	REQUIRED_SECTIONS=(
		kprobe/{tcp_v{4,6}_connect,udp{,v6}_sendmsg,iptunnel_xmit}
		maps/{{tcp,udp}{,v6}Map,tcp{,v6}sock,bytes,debug}
	)

	SECTIONS=$(llvm-readelf \
		"${srcdir}/${_pkgname}-${pkgver}/ebpf_prog/opensnitch.o" \
		--section-headers)

	for section in "${REQUIRED_SECTIONS[@]}"; do
		grep -q " ${section}" <<<"$SECTIONS" || {
			echo "Failed to build opensnitch.o properly, section ${section} missing!"
			return 1
		}
	done
}

package() {
	install -Dm644 "${srcdir}/${_pkgname}-${pkgver}/ebpf_prog/opensnitch"*".o" -t \
		"${pkgdir}/usr/lib/opensnitchd/ebpf"
}