blob: d098b041f53283e2a5ead880aed3cb51d9aed495 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# Maintainer: Rasmus Moorats <xx+aur@nns.ee>
pkgname=opensnitch-ebpf-module
_pkgname=opensnitch
pkgver=1.6.6
pkgrel=1
pkgdesc="eBPF process monitor module for opensnitch"
arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
url="https://github.com/evilsocket/opensnitch"
license=('GPL3')
makedepends=('bc' 'clang' 'libelf' 'linux-headers' 'llvm')
checkdepends=('llvm')
depends=('opensnitch')
source=("${_pkgname}-${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz")
sha256sums=('7e2a5dbf32418e6b59ff77ff159166984fc52114a2abda32ad9ce9dcdffd1350')
options=('!strip') # we're stripping with llvm-strip
build() {
cd "${srcdir}/${_pkgname}-${pkgver}/ebpf_prog"
KDIR="/usr/src/linux"
# we set -fno-stack-protector here to work around a clang regression
# this is fine - bpf programs do not use stack protectors
CLANG="clang -fno-stack-protector" ARCH="$CARCH" KERNEL_DIR="$KDIR" KERNEL_HEADERS="$KDIR" make
llvm-strip -g opensnitch*.o
}
check() {
REQUIRED_SECTIONS=(
kprobe/{tcp_v{4,6}_connect,udp{,v6}_sendmsg,iptunnel_xmit}
maps/{{tcp,udp}{,v6}Map,tcp{,v6}sock,bytes,debug}
)
SECTIONS=$(llvm-readelf \
"${srcdir}/${_pkgname}-${pkgver}/ebpf_prog/opensnitch.o" \
--section-headers)
for section in "${REQUIRED_SECTIONS[@]}"; do
grep -q " ${section}" <<<"$SECTIONS" || {
echo "Failed to build opensnitch.o properly, section ${section} missing!"
return 1
}
done
}
package() {
install -Dm644 "${srcdir}/${_pkgname}-${pkgver}/ebpf_prog/opensnitch"*".o" -t \
"${pkgdir}/usr/lib/opensnitchd/ebpf"
}
|