Arch Linux User Repository

looks fine to use, yep; I'll give that a try. thanks!

@Joomzie, that commit also removes -rules-path. Also, it looks like the debian version of the service might be a better option. Perhaps removing the patch in favor of this is a better strategy?

  install -Dm644 "utils/packaging/daemon/deb/debian/${pkgname%-git}.service" \
    "$pkgdir/usr/lib/systemd/system/${pkgname%-git}d.service"

Service file is causing problems again. Looks like it's been trimmed down a bit, which is causing the patch to fail. Specifically, it looks like PermissionsStartOnly and ExecStartPre have been removed from the upstream, so we should just need the change to ExecStart.

Indeed, as mentioned in the out-of-date flag message. However, it's no longer necessary to patch the debian package service because it's not added into the package. Take a look at https://gitlab.com/ryan-steed-usa/shared-files/-/tree/opensnitch-git/opensnitch-git

Upstream opensnitch have moved the opensnitchd.service file - so this AUR does not build anymore...

opensnitchd.service have moved from: daemon/opensnitchd.service to: daemon/data/init/opensnitchd.service

Hence the fix-systemd-service.patch should look like this

diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service
index 3f05fad..0aea7fc 100644
--- a/daemon/data/init/opensnitchd.service
+++ b/daemon/data/init/opensnitchd.service
@@ -4,9 +4,7 @@ Documentation=https://github.com/evilsocket/opensnitch/wiki

 [Service]
 Type=simple
-PermissionsStartOnly=true
-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
-ExecStart=/usr/local/bin/opensnitchd -rules-path /etc/opensnitchd/rules
+ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
 Restart=always
 RestartSec=30
 TimeoutStopSec=10
diff --git a/utils/packaging/daemon/deb/debian/opensnitch.service b/utils/packaging/daemon/deb/debian/opensnitch.service
index b4301a5..6fc91f3 100644
--- a/utils/packaging/daemon/deb/debian/opensnitch.service
+++ b/utils/packaging/daemon/deb/debian/opensnitch.service
@@ -1,13 +1,11 @@
 [Unit]
 Description=Application firewall OpenSnitch
-Documentation=https://github.com/gustavo-iniguez-goya/opensnitch/wiki
+Documentation=https://github.com/evilsocket/opensnitch/wiki
 Wants=network.target
 After=network.target

 [Service]
 Type=simple
-PermissionsStartOnly=true
-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
 ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
 Restart=always
 RestartSec=30

SHA256 and install commands related to daemon dir in PKGBUILD should be updated accordingly

With Qt6, there is no longer a pyrcc5. Accordingly, (in a chroot) the build fails.

The following seems to work:

@@ -121,7 +121,9 @@ build() {
   popd

   pushd ui
-  pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc
+  # https://stackoverflow.com/questions/66099225/how-can-resources-be-provided-in-pyqt6-which-has-no-pyrcc
+  /usr/lib/qt6/rcc -g python opensnitch/res/resources.qrc | \
+  sed '0,/PySide6/s//PyQt6/' > opensnitch/resources_rc.py
   # NOTE: yes, we do need this.
   # Arch upstream uses a patch, but _also_ includes pb files pre-generated
   # so it fails for this PKGBUILD.

It's also worth mentioning that python-pyqt6 should be installed as a runtime dependency. And I'm not sure if this is unique to myself since it doesn't seem anyone else has had this problem, but python-nspektr was causing my build to fail entirely, and I had to take it out of the PKGBUILD. Thankfully, it doesn't seem like this is actually a necessary dependency, and @uffe's workaround worked once I cut it out.

With the help of the opensnitch community I've now found a fix for the build error (https://github.com/evilsocket/opensnitch/issues/1429#issuecomment-3291090773)

To fix this issue please add the following to the bottom of the 'prepare' PKGBUILD function:

sed -i.orig 's/grpc_tools.protoc/grpc_tools.protoc --experimental_editions/' "${srcdir}/opensnitch/proto/Makefile";

Build error:

==> Starting pkgver()...
==> Updated version: opensnitch-git 1.7.2.r11.1e389399-1
==> Sources are ready.
==> Making package: opensnitch-git 1.7.2.r11.1e389399-1 (2025-09-02T11:27:02 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> WARNING: Using existing $srcdir/ tree
==> Starting pkgver()...
==> Starting build()...
go: finding module for package github.com/golang/protobuf/protoc-gen-go
go: downloading github.com/golang/protobuf v1.5.4
go: downloading google.golang.org/protobuf v1.33.0
go: downloading google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
go: downloading google.golang.org/grpc v1.3.0
go: downloading google.golang.org/protobuf v1.28.1
~/.cache/yay/opensnitch-git/src/opensnitch/proto ~/.cache/yay/opensnitch-git/src/opensnitch
protoc -I. ui.proto --go_out=../daemon/ui/protocol/ --go-grpc_out=../daemon/ui/protocol/ --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative
python3 -m grpc_tools.protoc -I. --python_out=../ui/opensnitch/proto/ --grpc_python_out=../ui/opensnitch/proto/ ui.proto
WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
E0000 00:00:1756805242.153656   30371 command_line_interface.cc:1557] Built-in generator --grpc_python_out specifies a maximum edition 2023 which is not the protoc maximum 2024.
make: *** [Makefile:7: ../ui/opensnitch/ui_pb2.py] Error 1
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: opensnitch-git-exit status 4

Edit: it works now, thanks for updating it

Patches don't seem to work with the latest changes:

==> Starting prepare()...
patching file ui/setup.py
patching file daemon/opensnitchd.service
patching file utils/packaging/daemon/deb/debian/opensnitch.service
patching file ui/bin/opensnitch-ui
Reversed (or previously applied) patch detected!  Assume -R? [n]