Arch Linux User Repository

Oh come on: Flagging this package and opensnitch-ebpf-module-git as out of date, because a dependency(!) of this package (python-grpcio-tools) is out of date?

Again: DO NOT FLAG THIS PACKAGE AS OUT OF DATE UNLESS IT IS ACTUALLY OUT OF DATE!

If you have issues building things or need help updating some other package on your own while it's out of date: I'll gladly help if you add a comment here. But do not flag things as out of date if they aren't – that is NOT what the function is for!

@rrt please don't flag this package out of date if it is not out of date.

=> build issues that are not version-related are not a reason for flagging it out of date => this is a -git package. mere version changes upstream (like 1.5.0-rc1) only merit flagging a -git package as out of date if the upstream changes related to the update made things break.

See: https://wiki.archlinux.org/title/Arch_User_Repository#Flagging_packages_out-of-date

As to your build issues: As mentioned a few times before (eg. https://aur.archlinux.org/packages/opensnitch-git#comment-848093), the build process is a bit messy, especially with https://aur.archlinux.org/packages/python-grpcio-tools lagging behind the upstream https://archlinux.org/packages/?q=python-grpcio version. Until python-grpcio-tools is updated by the maintainer (or disowned/picked up by someone else), a workaround might be to just build a more recent version of it yourself and use that to build opensnitch.

I've run a fresh build using this workaround just a few seconds ago just to make sure nothing has changed upstream, and it builds fine in a clean chroot.

Using pip to install python dependencies on an Arch system should never happen (unless, for example, in a virtualenv).

/edit

Just a quick note: @alexf91 updated the package (thanks! :) – so things should hopefully go a bit more smoothly again :)

Error:

==> Starting build()...
go: finding module for package github.com/golang/protobuf/protoc-gen-go
go: downloading github.com/golang/protobuf v1.5.2
go: downloading google.golang.org/protobuf v1.26.0
# github.com/golang/protobuf/protoc-gen-go
loadinternal: cannot find runtime/cgo
go: finding module for package google.golang.org/grpc/cmd/protoc-gen-go-grpc
go: downloading google.golang.org/grpc v1.44.0
go: downloading google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0
go: downloading google.golang.org/protobuf v1.27.1
# google.golang.org/grpc/cmd/protoc-gen-go-grpc
loadinternal: cannot find runtime/cgo
~/build/opensnitch-git/src/opensnitch/proto ~/build/opensnitch-git/src/opensnitch
python3 -m grpc_tools.protoc -I. --python_out=../ui/opensnitch/ --grpc_python_out=../ui/opensnitch/ ui.proto
/bin/python3: Error while finding module specification for 'grpc_tools.protoc' (ModuleNotFoundError: No module named 'grpc_tools')
make: *** [Makefile:7: ../ui/opensnitch/ui_pb2.py] Error 1
==> ERROR: A failure occurred in build().
    Aborting...

Solution:

pip3 install grpcio
pip3 install grpcio-tools

Outcome:

=> Creating package "opensnitch-git"...
  -> Generating .PKGINFO file...
  -> Generating .BUILDINFO file...
  -> Adding install file...
  -> Generating .MTREE file...
  -> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: opensnitch-git 1.5.0.r1.feaf8de-1 (Mon 07 Feb 2022 12:42:25 PM EST)

@diabonas: thanks – that seems to work great! :)

I would recommend removing the dash before the "rc" instead of deleting this part of the version number altogether:

git describe --long | sed 's/^v//;s/-rc./rc/;s/\([^-]*-\)g/r\1/;s/-/./g'

This produces version numbers like 1.5.0rc2.r1.53419fe which get sorted correctly between e.g. 1.4.9.r999.0123456 and 1.5.0.r0.1234567.

Looks like it's an issue caused by me trying to fix another pkgver issue whith rc names (https://aur.archlinux.org/cgit/aur.git/commit/?h=opensnitch-git&id=b87c666acdd1b4f6e7cd26f81da0927ca55e654c) – this now causes the .r123 part of the pkgver to start from 0 again every now and then, without having a bump in the main ver 1.5.0 to 1.5.1, for example. It's a bit messy – I'll have to think about how to properly handle this.

opensnitch-git is always being detected as upgradable by "/usr/bin/checkupdates+aur" command.

e.g. today I upgraded my OS. opensnitch-git is upgraded and still "/usr/bin/checkupdates+aur" command detects it as upgradable ?!? this only happened for me ever with this pkg.

what's the matter ??

It's mentioned in the post update message when updating the package (https://aur.archlinux.org/cgit/aur.git/tree/opensnitch.install?h=opensnitch-git#n8):

Restart opensnitchd service:

systemctl daemon-reload

systemctl restart opensnitchd

That should do the trick ^^

I got that when opening opensnitch-ui ??

You are running version 1.4.1 of the daemon, while the UI is at version 1.5.0rc2, they might not be fully compatible.

You could try to manually update the python-grpcio-tools package / PKGBUILD to 1.43.0 and then trying again.

Unfortunately, it's been marked out of date for a while now, with no change by the current maintainer, it seems.

I have the same problem but recompiling python-grpcio-tools didn't help. Still I get:

cannot find package "github.com/golang/protobuf/protoc-gen-go" in any of: /usr/lib/go/src/github.com/golang/protobuf/protoc-gen-go (from $GOROOT) /home/me/.cache/yay/opensnitch-git/src/gopath/src/github.com/golang/protobuf/protoc-gen-go (from $GOPATH) ==> ERROR: A failure occurred in build(). Aborting... -> error making: opensnitch-git

Would you care to elaborate, so one could actually do something with that comment? Thanks.

(sorry for sounding a bit miffed here, but the way it's phrased it's not really helpful at all – especially as it doesn't match my knowledge about what's done in the PKGBUILD and what isn't.)

Building as root? Seriously?

IIRC that happens when the python-grpcio-tools and python-grpcio versions don't match (it always seems to take a bit until the python-grpcio-tools package gets updated on the AUR).

You could try to either update that yourself (https://pypi.org/project/grpcio-tools/1.39.0/ seems to be recent) – shouldn't need much besides updating the version and the pkgsums, or to downgrade python-grpcio to 1.38.1 temporarily to build opensnitch.

@lsf I am still getting the same compile error unfortunately, loadinternal: cannot find runtime/cgo

Using your latest PKGBUILD Using latest python-grpcio-tools from AUR, upgraded beforehand Using Arch Linux 5.12/5.13

Any thoughts?

great! :)

@lsf that did the trick! thanks :)

That's odd (I always run my test builds in a clean chroot, and even there everything built smoothly).

If we'd want to keep the python build call in the build() function (instead of moving it to package() via the removal of --skip-build), it might be worth a try to just move sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* up one line. That way it would still explicitly be before the python build and should be always included during packaging.

I'll get a commit for it ready, maybe that'll do the trick :)

@lsf I tested it again, and as is, it's having the same error.

for whatever reason, this patch works though.

diff --git a/PKGBUILD b/PKGBUILD
index 63db77c..76460fc 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -56,7 +56,6 @@ build() {

   pushd ui
   pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc
-  python setup.py build
   sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2*
   popd
   go clean -modcache
@@ -73,7 +72,7 @@ package() {
   cd "$srcdir/${pkgname%-git}"
   pushd ui
   export PYTHONHASHSEED=0
-  python setup.py install --root="$pkgdir/" --optimize=1 --skip-build
+  python setup.py install --root="$pkgdir/" --optimize=1
   popd

   install -d "$pkgdir/etc/${pkgname%-git}d/rules"

Thanks, I've implemented your changes!

I've also added the eBPF module mentioned there as an optional dependency with a separate package as opensnitch-ebpf-module-git ^^

FYI, this patch should fix recent runtime issues.

Not sure how to make pull requests here.

https://github.com/evilsocket/opensnitch/issues/450#issuecomment-876146606

Hm. Are you on Manjaro? maybe some of the dependencies there are out of date (related to python-grpcio-tools); that could always get a bit messy.

I'm getting build issues now, I'm not sure if this is upstream related or not. I checked all my network settings, nothing is being blocked.

==> Starting prepare()...
==> Starting pkgver()...
==> Updated version: opensnitch-git 1.4.0.rc.2.r15.3d11134-1
==> Sources are ready.
==> Making package: opensnitch-git 1.4.0.rc.2.r15.3d11134-1 (Sun 06 Jun 2021 08:03:09 AM EDT)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> WARNING: Using existing $srcdir/ tree
==> Starting pkgver()...
==> Starting build()...
~/.cache/yay/opensnitch-git/src/opensnitch/proto ~/.cache/yay/opensnitch-git/src/opensnitch
go: downloading github.com/golang/protobuf v1.5.2
go: downloading google.golang.org/protobuf v1.26.0
# github.com/golang/protobuf/protoc-gen-go
loadinternal: cannot find runtime/cgo

protoc -I. ui.proto --go_out=plugins=grpc:../daemon/ui/protocol/ --go_opt=paths=source_relative
python3 -m grpc_tools.protoc -I. --python_out=../ui/opensnitch/ --grpc_python_out=../ui/opensnitch/ ui.proto
--go_out: protoc-gen-go: plugins are not supported; use 'protoc --go-grpc_out=...' to generate gRPC

See https://grpc.io/docs/languages/go/quickstart/#regenerate-grpc-code for more information.
make: *** [Makefile:4: ../daemon/ui/protocol/ui.pb.go] Error 1
make: *** Waiting for unfinished jobs....
==> ERROR: A failure occurred in build().
    Aborting...
error making: opensnitch-git

Thanks @tioguda – I've added the PR as a patch to the PKGBUILD until it gets merged upstream :)

I was only able to compile after using this commit.

Greetings.

Who have problems with the compilation like me...

file: PKGBUILD
...
build() {
## if you have a problem with go requirements
cd "$srcdir/opensnitch-$pkgver/daemon"
go get -a
## if you need the daemon creating a socket when start.
sed -i 's%ExecStart=.*%& -ui-socket \"unix:///tmp/osui.sock\"%' opensnitchd.service
...

@yochananmarqos: no problem, I haven't been around much, so that's quite understandable ^^

Thanks again for your work on maintaining it for so long! :)

@lsf: Oops, forgot you were still around when I adjusted the Maintainers / Contributors.

I'm not using this and it's been to much of a hassle to maintain.

Things should build (and run) again now.

I'm not certain if I can always properly maintain the package in a timely manner, so if anyone else feels up to the task, I'd be happy to pass it on.

Still, as long as I'll keep using it myself, I'll at least try to keep things running ^^

I'm also facing the same issue @malcolm mentioned.

Hi, the build() it's not working

==> Starting build()...
~/.cache/yay/opensnitch-git/src/opensnitch/daemon ~/.cache/yay/opensnitch-git/src/opensnitch
go: downloading github.com/golang/protobuf v1.4.3
go: downloading google.golang.org/protobuf v1.23.0
# github.com/golang/protobuf/protoc-gen-go
loadinternal: cannot find runtime/cgo
go get: upgraded github.com/golang/protobuf v1.0.0 => v1.4.3
procmon/watcher.go:8:2: missing go.sum entry for module providing package github.com/evilsocket/ftrace (imported by github.com/evilsocket/opensnitch/daemon/procmon); to add:
        go get github.com/evilsocket/opensnitch/daemon/procmon
conman/connection.go:16:2: no required module provides package github.com/evilsocket/opensnitch/daemon/ui/protocol; to add it:
        go get github.com/evilsocket/opensnitch/daemon/ui/protocol
firewall/config.go:10:2: missing go.sum entry for module providing package github.com/fsnotify/fsnotify (imported by github.com/evilsocket/opensnitch/daemon/firewall); to add:
        go get github.com/evilsocket/opensnitch/daemon/firewall
netfilter/packet.go:6:2: missing go.sum entry for module providing package github.com/google/gopacket (imported by github.com/evilsocket/opensnitch/daemon/dns); to add:
        go get github.com/evilsocket/opensnitch/daemon/dns
netfilter/queue.go:21:2: missing go.sum entry for module providing package github.com/google/gopacket/layers (imported by github.com/evilsocket/opensnitch/daemon/conman); to add:
        go get github.com/evilsocket/opensnitch/daemon/conman
netlink/socket_linux.go:11:2: missing go.sum entry for module providing package github.com/vishvananda/netlink/nl (imported by github.com/evilsocket/opensnitch/daemon/netlink); to add:
        go get github.com/evilsocket/opensnitch/daemon/netlink
ui/client.go:16:2: missing go.sum entry for module providing package golang.org/x/net/context (imported by github.com/evilsocket/opensnitch/daemon/ui); to add:
        go get github.com/evilsocket/opensnitch/daemon/ui
ui/client.go:17:2: missing go.sum entry for module providing package google.golang.org/grpc (imported by github.com/evilsocket/opensnitch/daemon/ui); to add:
        go get github.com/evilsocket/opensnitch/daemon/ui
ui/client.go:18:2: missing go.sum entry for module providing package google.golang.org/grpc/connectivity (imported by github.com/evilsocket/opensnitch/daemon/ui); to add:
        go get github.com/evilsocket/opensnitch/daemon/ui
make: *** [Makefile:15: opensnitchd] Erro 1

@yochananmarqos:Seems like the newest build requires an extra build dependency?

https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Compilation#installation-from-sources

Adding protoc-gen-go/protoc-gen-go-grpc to makedepends seems to resolve the issue.

thx !

btw, keep an eye on https://github.com/gustavo-iniguez-goya/opensnitch/issues/103 in case some other news happens regarding repos, things may still change in near future.

@squalou: Done.

@yochananmarqos: I'll do that. Thanks for all your your work on it! (and as I said: I'll stick around, maybe I can still help out every now and then ;)

Hi, as per request from gustavo-iniguez-goya, could you please switch back this package to original github repo : https://github.com/evilsocket/opensnitch

New developments will be done there.

(see this for details https://github.com/gustavo-iniguez-goya/opensnitch/issues/103 )

thanks!

BTY : @rtt, I faced the same issue, was related to a packaging issue in python-grpc. Fixed since. see thsi for details https://github.com/gustavo-iniguez-goya/opensnitch/issues/98

@rtt: Do not flag VCS packages out of date when you have a build issue, post a comment instead. You did so, but the error seems to be because you need to rebuild your Python packages for Python 3.9.

@lsf: You can orphan it if you don't want responsibility anymore, no worries.

@rrt

can't reproduce this – did you rebuild opensnitch-git and/or any aur python dependencies befor this occured?

@L0-FF: it should be noted that @yochananmarqos pretty much took over quite a while ago and does a much better job at maintaining than I ever did – if it's fine with them, I'd disown the package so they'll get their well-deserved creds ;)

(I'd still try to help out whenever I can, though, of course!)

mr tmp $ pacman -Si python-grpcio
Repository      : community
Name            : python-grpcio
Version         : 1.34.0-3
...
mr tmp $ cat test.py
#!/usr/bin/python3

import grpc

print("grpc")
mr tmp $ python /tmp/test.py
grpc
mr tmp $ python --version
Python 3.9.0
mr tmp $ pacman -Qi opensnitch-git
Name            : opensnitch-git
Version         : 1.3.0.rc.1.r0.cdea3b5-1
...
mr tmp $ opensnitch-ui 
Traceback (most recent call last):
  File "/bin/opensnitch-ui", line 22, in <module>
    from opensnitch.service import UIService
ModuleNotFoundError: No module named 'opensnitch'

My solution is to downgrade to opensnitch non git version:

==> Making package: opensnitch 1.3.0_rc2-1 (Tue 08 Dec 2020 02:11:50 PM EST)
...
Packages (2) opensnitch-git-1.3.0.rc.1.r0.cdea3b5-1 [removal]  opensnitch-1.3.0_rc2-1
....
$ pacman -Qi opensnitch
Name            : opensnitch
Version         : 1.3.0_rc2-1
...
$ opensnitch-ui
new node connected, listening for client responses... /tmp/osui.sock

Oops. Last time I checked there wasn't one... seems someone's already packaged up the 1.3.0rc version.

Here: https://aur.archlinux.org/packages/opensnitch/

@lsf,

I'm going to package the 1.3.0+(rc --ongoing) version. If you'd interesting in co-maintaining, let me know.

for some reason the python-grpcio-tools dependency was not picked up... is it a make or a runtime dependency? install worked after a manual install of https://aur.archlinux.org/packages/python-grpcio-tools/

@gvl
Hi. You may downgrade python-grpcio to 1.33.2 https://archive.archlinux.org/packages/p/python-grpcio/python-grpcio-1.33.2-3-x86_64.pkg.tar.zst

Traceback (most recent call last):
  File "/usr/bin/opensnitch-ui", line 16, in <module>
    import grpc
  File "/usr/lib/python3.9/site-packages/grpc/__init__.py", line 23, in <module>
    from grpc._cython import cygrpc as _cygrpc
ImportError: /usr/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-x86_64-linux-gnu.so: undefined symbol: RunningOnValgrind

Hello, read it https://github.com/gustavo-iniguez-goya/opensnitch/issues/92

Need your help.

This might've been caused by the python version update (3.8 => 3.9) – all python packages from the AUR need to be rebuilt if they weren't updated recently.

Something like pacman -Qoq /usr/lib/python3.8/ | paru -S --rebuild - should do the trick (use your prefered aur wrapper instead of paru, if you're using a different one).

hmmmm...

Weird.

• pythong-grpcio-tools was installed.
• python-protobuf-git was installed.
• python-grpcio was installed.

I'd checked the versions, all were up-to-date.

I did an uninstall of all. Rechecked versions. SAME (as prior to uninstall).

Rebuilt opensnitch-git with --editmenu to install 1.3.0rc2 version, and grpc_tools error is now gone.

Couple of notes:

If you want to install v1.3_0*; you can install with:

$ yay(*or your aur helper of choice*) -S opensnitch-git --editmenu;

• choose to edit the PKGBUILD and edit line 25 (in the pkgver function) to be: git describe --long --tags | sed 's/\([^-]*-\)g/r\1/;s/-/./g'

I'm also experiencing the:
- Error while finding module specification for 'grpc_tools.protoc' (ModuleNotFoundError: No module named 'grpc_tools' #212

Which seems to have a long-standing issue (new for me, as opensnitch-git has always compiled successfully).

Will keep looking into it.

And version 1.3.0.rc.2.r0.6619124-1 needs python-grpcio-tools too. (but it works again.)

Now with 1.3.0.rc.1.r4.0b85f6b-1, I get:

❯ opensnitch-ui     
Traceback (most recent call last):
  File "/usr/bin/opensnitch-ui", line 22, in <module>
    from opensnitch.service import UIService
ModuleNotFoundError: No module named 'opensnitch'

For me it broke after the last update using 1.2.0.r11.a517ebe-1. See log below:

opensnitch-ui
Traceback (most recent call last):
  File "/usr/bin/opensnitch-ui", line 22, in <module>
    from opensnitch.service import UIService
  File "/usr/lib/python3.8/site-packages/opensnitch/service.py", line 23, in <module>
    from dialogs.stats import StatsDialog
  File "/usr/lib/python3.8/site-packages/opensnitch/dialogs/stats.py", line 748
    self.nodeRuleLabel.setText("" if active)

SyntaxError: invalid syntax

With version 1.3.0.rc.1.r4.0b85f6b-1 it works again.

After Manjaro update and opensnitch re-install - it works!

After today's update it doesn't start.
Can't start GUI.
Can't start opensnitchd: 'There is no /home/username/rules'
After creating it: 'Starting opensnitch-daemon v1.3.0rc1 Loading rules from /home/username/rules ... ERROR: nfq_create_queue() queue not created Is opnensitchd already running? Error while creating queue #0: Error binding to queue: operation not permitted' As I can see, there's a new path for rules?
After clean installing the same result:
Service status is Active. Gui doesn't start

@Zame @L0-FF: When /etc/opensnitchd/default-config.json changes upstream, you'll have a pacnew: /etc/opensnitchd/default-config.json.pacnew. Make sure to merge any new changes.

@Zame,

You may need to update your /etc/opensnitchd/default-config.json Think I experienced the same issue as well.

From upstream:

WARNING:
The configuration file /etc/opensnitchd/default-config.json has new fields. .If you're upgrading opensnitch and you have modified it, you must replace the one you have installed with the one shipped with the packages (apt will ask you to do it).
Changes made to that file will be overwritten after installation.

Gui doesn't work with last update: Status not running.

In terminal: ● opensnitchd.service - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. Loaded: loaded (/usr/lib/systemd/system/opensnitchd.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-16 13:03:59 +04; 22min ago Docs: https://github.com/gustavo-iniguez-goya/opensnitch/wiki Main PID: 673 (opensnitchd) Tasks: 17 (limit: 9414) Memory: 52.6M CGroup: /system.slice/opensnitchd.service └─673 /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules

system-fw.json from https://github.com/gustavo-iniguez-goya/opensnitch/blob/main/daemon/system-fw.json exists

OS: Manjaro Linux x86_64 Kernel: 5.9.3-1-MANJARO Plasma 5.20.2

@xtc0r: Thanks, done.

@Package Maintainer:

I got an error: Opensnitch.d fails with code=exited, status=2 using the latest opensnitch package

Ticket to issue here: https://github.com/gustavo-iniguez-goya/opensnitch/issues/88

root cause: AUR package did not distribute the file system-fw.json

Solution: Add https://github.com/gustavo-iniguez-goya/opensnitch/blob/main/daemon/system-fw.json to package and place it to /etc/opensnitchd/system-fw.json

Can you please load required modules for opensnitchd?

nfnetlink, nfnetlink_queue and x_tables

@vyachkonovalov @lsf

Yeap, I also noticed that the installation page and the requirements.txt list different packages. Anyways, glad to see the issue has been resolved and with the blessings of the upstream developer.

Thank you both for the help.

That's interesting – way back then, when I took over the package here, I went by what the requirements.txt suggested.

This strongly points to python-slugify being fine, but we can probably wait and see what https://github.com/gustavo-iniguez-goya/opensnitch/issues/55 brings to light :)

Installation page suggests using python3-slugify which is from https://github.com/un33k/python-slugify.

@lsf

Thank you for the reply. Yes indeed, that makes perfect sense. I will go ahead and raise an issue with the upstream developers but I am not confident that they will be willing to change the library.

I just realized that python-slugify and unicode_slugify are two different libraries that happen to use the same name for their module as you mention. I originally thought that it was the same library with added unicode support. Python packaging will never cease to amaze me.

After a quick look at the libraries they do seem to be working in a similar fashion but not sure if the developers will change a perfectly working setup.

The reason I requested the change in the first place is because any package that requires python-slugify will fail to install due to a conflict.

I will reach out to upstream but is there a way to maybe set the dependency to either python-slugify or python-unicode-slugify?

Should be possible (the way the module is called from the code is always just with a string as an argument and no other options, and the module is called slugify with both packages, so it seems to not matter very much), although I'd probably first raise this as an issue / question on https://github.com/gustavo-iniguez-goya/opensnitch/issues – might make sense to have someone with more python knowledge look into this and/or see if an "upstream" switch to the other package would make sense.

It's a bit of an annoying situation caused (probably) by the identical naming of the python module by different packages.

Is it possible to replace the python-unicode-slugify dependency with the version in community? According to the description "A Python slugify application that handles unicode" so I am assuming there will be no issues.

I have removed the AUR one and replaced it with the community version and opensnitch still seems to work.

@yochananmarqos oh, you're absolutely right!... I actually didn't know that keeping stuff like these in cache in could bring these type of problems. Good thing I'm learning today. Double thanks!

@tuqueque: You have an old cached version of the PKGBUILD from whatever AUR helper you're using. Remove the cache and try again or use makepkg.

Hello, I see that somebody reported a dependency problem and you said you fixed it, but today I tried to install OpenSnitch and I get this error:

==> Making package: opensnitch-git 1.0.0.rc5.r16.db22e83-1 (lun 27 jul 2020 12:04:43)
==> Checking runtime dependencies...
==> Missing dependencies:
  -> python-libconfigparser
==> Checking buildtime dependencies...
==> ERROR: Could not resolve all dependencies.
error making: opensnitch-git

I tried manually installing python-configparser-5.0.0-1, but still won't compile. (I'm using Manjaro)

@yoandrisolis: Fixed.

5.6.15-1-MANJARO

Preparing... Cloning opensnitch-git build files... Checking opensnitch-git dependencies... Resolving dependencies... Checking inter-conflicts... Edit opensnitch-git build files

Cloning opensnitch-git build files... Checking opensnitch-git dependencies... Resolving dependencies... Checking inter-conflicts...

Building opensnitch-git... ==> Making package: opensnitch-git 1.0.0rc6.r4.0c68365-1 (mar 09 jun 2020 21:51:13) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Updating opensnitch git repo... Fetching origin ==> Validating source files with sha256sums... opensnitch ... Skipped ==> Removing existing $srcdir/ directory... ==> Extracting sources... -> Creating working copy of opensnitch git repo... Cloning into 'opensnitch'... done. ==> Starting prepare()... The following issues were found in Gopkg.toml:

✗ unable to deduce repository and source type for "google.golang.org/grpc": unable to read metadata: unable to parse go-import metadata: XML syntax error on line 9: expected /> in element

ProjectRoot name validation failed ==> ERROR: A failure occurred in prepare(). Aborting...

someone help

Yep, followed directions from the Github page and was successful.

@nifty404: Bauh, humbug. Use makepkg and build it properly.

I keep getting stuck here :( All the dependencies install fine, but can't seem to get past this point:

==> Starting pkgver()...
==> Starting build()...
build cache is required, but could not be located: GOCACHE is not defined and neither $XDG_CACHE_HOME nor $HOME are defined
==> ERROR: A failure occurred in build().
Aborting...
Could not find generated .tar.xz file. Aborting...
rm -rf /tmp/bauh/aur/build_1586572313

@diabonas: Done.

Please remove the dependency on python-configparser, it is not necessary for Python 3.8 since it already builtin and has been removed from the AUR.

I've made some changes to the dependencies, let me know if there are any issues I missed.

Seems to be an issue with pacaur: https://github.com/E5ten/pacaur/issues/14

dep is provided as a makedependency, which is correctly installed when using makepkg (or yay, for that matter).

It seems to be missing the "dep" dependency. I get build error:

==> Extracting sources...
  -> Creating working copy of opensnitch git repo...
Cloning into 'opensnitch'...
done.
==> Starting prepare()...
/home/xxx/.cache/pacaur/opensnitch-git/PKGBUILD: line 34: dep: command not found
==> ERROR: A failure occurred in prepare().
    Aborting...
:: failed to verify integrity or prepare opensnitch-git package

@lsf: Thanks!

@yochananmarqos

Thanks, already switched in my PKGBUILD as well (actually had done this some time ago but forgot to push the switch after testing).

Anyway, as you've been improving the quality of this package quite significantly with your suggestions before, I've just added you as a co-maintainer – so feel free to directly improve things where you see the need to :)

@lsf: I updated my PKGBUILD to use the fork and added an install file.

according this website: https://www.linuxuprising.com/2020/03/opensnitch-linux-application-firewall.html Opensnitch no longer developed. But forked by another person. Maybe need to update git links?

At that point it should pretty much just pull go dependencies, which always seems to hang for a moment without any output at that point, depending on your internet connection speed. Maybe changing dep ensure to dep ensure -v might get you more output on where it's stuck?

I just did a clean build of it and its AUR-dependencies in a clean chroot and everything seemed to build properly.

If you're using an AUR helper, you might want to give it a try without one or with another one (yay should work)?

Hi, I have a problem trying to install opensnitch-git... When it reaches the "Starting prepare()" message in the build process, it stays there forever and nothing happens. I know pretty much nothing about building from sources, but I know is not doing anything. No CPU usage, nothing:

==> Extracting sources...
  -> Creating working copy of opensnitch git repo...
Cloning into 'opensnitch'...
done.
==> Starting prepare()...

Hi, still having issues with daemon start : write /sys/kernel/debug/tracing/kprobe_events: no such file or directory

For those having a working opensnitch : which kernel do you use ?

@lsf: Please see VCS, Go and Python package guidelines.

Proper working PKGBUILD.

Hi,my daemon doesn't start. In daemons logs I get this weird error.

[2019-08-08 11:51:14] !!! Error while enabling probe descriptor for opensnitch_exec_probe: write /sys/kernel/debug/tracing/kprobe_events: no such file or directory

Some issues in upstream projects seem to state I'm not alone ... did anyone face this ? I'm running 4.19 LTS kernel. In /proc/config.gz I can see : CONFIG_KPROBE_EVENTS=y

debugfs is correctly mounted, files do exist. (-rw-r--r-- 1 root root 0 8 août 13:51 /sys/kernel/debug/tracing/kprobe_events)

That shouldn't be necessary. python-unicode-slugify-git uses provides=(python-unicode-slugify). Your AUR helper should understand this (yay does).

python-unicode-slugify is unavailable, it should be replaced with python-unicode-slugify-git in the pkgbuild

No. Or rather: only under very specific circumstances. I don't know how much you know about gnupg/pgp, so I'll just keep it short: What you did is import a key of some person who signs packages with it. Now you can additionally verify the integrity of packages/files signed with this key (in addition to the basic checksums). In some cases, the keys used are provided by the maintainer of the software that is packaged, in other cases it's by the person packaging it for the AUR, providing different amounts of extra "trust". This would only be an issue if you'd now blindly trust everything signed with this key, installed AUR packages without inspecting them and the key owner intentionally created a "bad" package (or someone got hold of his key and created one). So basically: no, everything's fine, as long as you follow basic "AUR hygiene", as stated in: https://wiki.archlinux.org/index.php/Arch_User_Repository#Build_and_install_the_package => "Warning: Carefully check the PKGBUILD, any .install files, and any other files in the package's git repository for malicious or dangerous commands. If in doubt, do not build the package, and seek advice on the forums or mailing list. Malicious code has been found in packages before."

@lsf Thank's a lot! By the way, could this compromise the security of the system somehow?

You need to import the public key in your personal gpg keyring (there are ways around cluttering your regular keyring, but let's just stick with using it for simplicity). See: https://wiki.archlinux.org/index.php/Makepkg#ERROR:_One_or_more_PGP_signatures_could_not_be_verified!

It boils down to gpg --recv-keys 8C004C2F93481F6B, but optimally you would also verify the fingerprint of the key as provided "upstream", to ensure it's the actual and correct key you've imported via the aforementioned command.

I had this issue when installing. I already installed the package "python-unicode-slugify-git". Any solution? I'm using Antergos linux. Thank you guys :D

==> Validating source files with sha512sums...

grpcio-tools-1.20.0.tar.gz ... Passed
grpcio-tools-1.20.0.tar.gz.sig ... Skipped

==> Verifying source file signatures with gpg...

grpcio-tools-1.20.0.tar.gz ... FAILED (unknown public key 8C004C2F93481F6B)

==> ERROR: One or more PGP signatures could not be verified!

Dependencies list all the python3 package. opensnitch-ui script use #!/sbin/python2. I have to install dependencies using pip2 install futures grpcio grpcio-tools pyinotify unicode_slugify pyqt5 configparser --user

@gvhoecke git packages don't need their pkgver bumped for every single little update. Use a sane AUR helper that can actually detect upstream changes. There's no reason to flag this.

From the wiki: "Note: VCS packages are not considered out of date when the pkgver changes, do not flag them as the maintainer will merely unflag the package and ignore you. AUR maintainers should not commit mere pkgver bumps."

ok:-) installed. thanks.

It's provided by https://aur.archlinux.org/packages/python-unicode-slugify-git/ – or do I misunderstand?

python-unicode-slugify seem missing...

ahhaah np, thanks to you for keeping this usable

That's easy to answer: because I totally forgot to add it :D

Thanks.

why no url in pkgbuild?

@lsf, thank you. Starting the daemon and enabling it did the the trick and everything is working fine now. Thank you once again :)

@mozo, it opensnitchd (or opensnitchd.service). Btw, you can check something like this using a pacman/yay/etc. query to list the files installed with a package: pacman -Ql opensnitch-git.

Unfortunately I have no idea why all the UI tabs are empty, sorry.

@Kunda: I've just gone through the build process once more and everything builds as it should. I don't know if you checked your python-grpcio* packages and/or rebuilt them, as I suggested before; if you did, then I can only assume it's an unknown manjaro/pamac issue. I can't reproduce it, so I'm sorry I can't help any further.

Opened an issue upstream but they deferred me back here: https://github.com/evilsocket/opensnitch/issues/212

Error while finding module specification for 'grpc_tools.protoc' (ModuleNotFoundError: No module named 'grpc_tools'

Thank you for your answer it's appreciated :)

What's the name of the service?

About the tray icon - I have to edit System tray's settings in Plasma 5 to "Shown" for opensnitch but all tabs/sections in the UI are empty o_O

Although probably not related to your issue: A systemd service is part of the package, so you can use that instead of manually starting opensnitchd (in your previous comment, before editing, it sounded like you started it directly. it shouldn't matter, so start whichever way you prefer).

opensnitch-ui should provide a tray icon which should be displayed in your notification/tray area – which depends on your window manager. I'm using xfce, and you can add the notification area to the xfce4-panel by editing it, but this should be more or less the same with other window managers.

lsf, is there some GUI or something? I started opensnitchd and opensnitch-ui and the firewall started to ask me for permissions for some processes but I can't find a GUI where to change them if I want later. Yes there is ~/rules/ but is this the only way to change the rules? Do i miss something? Thank you in advance :)

Yes it builds now, thank you :)

Thanks for notifying me of the upstream change @Fincer, I've updated the package. @mozo, your issue was caused by the .patch Fincer mentioned, so it should build again now.

Plese some good man provide us with precompiled package. Thank you in advance. I want to install opensnitch for months without success...

I can't build it with yay:

==> Starting pkgver()...

==> Updated version: opensnitch-git 20181008.359_c10e7a3-1

==> Sources are ready.

==> Making package: opensnitch-git 20181008.359_c10e7a3-1 (Wed 10 Oct 2018 08:21:37 PM EEST)

==> Checking runtime dependencies...

==> Checking buildtime dependencies...

==> WARNING: Using existing $srcdir/ tree

==> Starting pkgver()...

==> Starting build()...

patching file daemon/Makefile

patching file daemon/opensnitchd.service

patching file ui/Makefile/dialogs/stats.py

Reversed (or previously applied) patch detected! Skipping patch.

1 out of 1 hunk ignored -- saving rejects to file ui/opensnitch/dialogs/stats.py.rej

==> ERROR: A failure occurred in build().

Aborting...

Error making: opensnitch-git

Patch file 'pwuid.patch' has already been implemented, please remove it.

I also have same complaints about "jobserver unavailable". Found this topic, anyway: https://bbs.archlinux.org/viewtopic.php?id=43030

Might be an upstream issue.

I don't have such python3 issues, though.

That's odd, it works with yay and with makechrootpkg – might be a pamac issue?

You could also check if python-grpcio and -tools are already built for python 3.7; I'm not sure if the last update of the AUR packages was before or after the switch to 3.7, so if you had them installed before that might be a problem.

Still, I'll probably switch back to a non-split package again, which makes handling dependencies easier, anyway – maybe fixing your problem, too.

Sorry for the back and forth with this package, in it's current state opensnitch is not the nicest thing to package.

DISTRIB_ID=ManjaroLinux
DISTRIB_RELEASE=17.1.12
DISTRIB_CODENAME=Hakoila

==> Starting build()...
patching file daemon/Makefile
patching file daemon/opensnitchd.service
patching file ui/Makefile
patching file ui/opensnitch/dialogs/stats.py
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/proto'
python3 -m grpc_tools.protoc -I. --python_out=../ui/opensnitch/ --grpc_python_out=../ui/opensnitch/ ui.proto
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/daemon'
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/ui'
nope
/usr/bin/python3: Error while finding module specification for 'grpc_tools.protoc' (ModuleNotFoundError: No module named 'grpc_tools')
make[1]: *** [Makefile:7: ../ui/ui_pb2.py] Error 1
make[1]: Leaving directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/proto'
make: *** [Makefile:8: protocol] Error 2
make: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/ui'
make[1]: Leaving directory '/tmp/pamac-build-beast/opensnitch-git/src/.go/src/opensnitch/daemon'
==> ERROR: A failure occurred in build().
    Aborting...

-> Cloning opensnitch-git git repo...

Cloning into bare repository '/tmp/packerbuild-1000/opensnitch-git/opensnitch-git/opensnitch-git'...

remote: Counting objects: 4198, done.

remote: Compressing objects: 100% (9/9), done.

remote: Total 4198 (delta 2), reused 7 (delta 2), pack-reused 4187

Receiving objects: 100% (4198/4198), 13.17 MiB | 6.76 MiB/s, done.

Resolving deltas: 100% (1454/1454), done.

==> Extracting sources...

-> Creating working copy of opensnitch-git git repo...

Cloning into 'opensnitch-git'...

done.

==> Starting pkgver()...

==> Updated version: opensnitch-git r342.d325c85-1

==> Starting build()... python: can't open file 'setup.py': [Errno 2] No such file or directory

==> ERROR: A failure occurred in build().

Aborting... The build failed.

Unable to build:

looking for conflicting packages...

Packages (1) python-dpkt-1.9.1-4

Total Installed Size: 0.78 MiB

:: Proceed with installation? [Y/n] y

(1/1) checking keys in keyring

[##########################] 100%

(1/1) checking package integrity

[##########################] 100%

(1/1) loading package files

[##########################] 100%

(1/1) checking for file conflicts

[##########################] 100%

(1/1) checking available disk space

[##########################] 100%

:: Processing package changes...

(1/1) installing python-dpkt

[##########################] 100%

:: Running post-transaction hooks...

(1/1) Arming ConditionNeedsUpdate...

gzip: stdin: not in gzip format

tar: Child returned status 1

tar: Error is not recoverable: exiting now

No PKGBUILD found in directory.

Unable to build opensnitch with error: ==> Starting build()... python: can't open file 'setup.py': [Errno 2] No such file or directory

same issue as @asm0dey.

==> Starting build()...
python: can't open file 'setup.py': [Errno 2] No such file or directory

Tried tinkering with the PKGBUILD and couldn't get it to build

Unable to build opensnitch with error:

==> Starting build()...
python: can't open file 'setup.py': [Errno 2] No such file or directory

I try to install opensnitch in Manjaro and it occurs the error: [Errno 2] No such file or directory. The details as follows.

Environment

1. 4.14.34-1-MANJARO x86_64 GNU/Linux
2. go version: 1.10.1

Setup

$ sudo pacman -S protobuf libpcap libnetfilter_queue

$ yaourt --m-arg "--skippgpcheck" -S opensnitch-git

Result

==> WARNING: Skipping verification of source file PGP signatures.

==> Validating source files with sha256sums...

opensnitch-git ... Skipped

==> Extracting sources...

-> Creating working copy of opensnitch git repo...

Cloning into 'opensnitch-git'...

done.

==> Starting pkgver()...

==> Updated version: opensnitch-git r340.f71d8ce-1

==> Starting build()...

python: can't open file 'setup.py': [Errno 2] No such file or directory

==> ERROR: A failure occurred in build().

Aborting...

==> ERROR: Makepkg was unable to build opensnitch-git.

==> Restart building opensnitch-git ? [y/N]

==> ---------------------------------------

==>

@daneel now python-grpcio-toolsinstalls fine but your PKGBUILD gives the following error: /usr/lib/go/pkg/tool/linux_amd64/fix ../go/src/github.com/golang/protobuf/protoc-gen-go/descriptor

/descriptor.pb.go

/usr/lib/go/pkg/tool/linux_amd64/fix ../go/src/github.com/golang/protobuf/protoc-gen-go/plugin/plugin.pb.go

/usr/lib/go/pkg/tool/linux_amd64/fix ../go/src/github.com/golang/protobuf/protoc-gen-go/grpc/grpc.go

WORK=/tmp/go-build681793650

rm -r $WORK/b001/

Fetching dependencies for daemon...

==> Starting pkgver()...

fatal: not a git repository (or any parent up to mount point /)

Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

==> ERROR: pkgver is not allowed to be empty.

==> ERROR: pkgver() generated an invalid version

@WhyNotHugo what packages? I already have installed python-grpcio but daneel's package requires python-grpcio-tools which seeks for python2-grpcio-tools. Anyway it instals with removing python2-grpcio-tools from python-grpcio-tools's PKGBUILD.

You don't have to edit anything. The PKGBUILD builds both packages -- just install one of them and not the other.

Yep, AUR package python-grpcio-tools tries to install python-grpcio-tools AND python2-grpcio-tools. You have to edit PKGBUILD to disable install of python2-grpcio-tools (or edit PKGBUILD of python-grpcio to enable install of python2-grpcio).

I have python-grpcio but it isn't enough. I'm trying your PKGBUILD and it gives me the following error: [mozo@mozo Downloads]$ makepkg ==> Making package: opensnitch-git master.r0.g494cf1a-1 (Mon Apr 16 23:22:44 EEST 2018)

==> Checking runtime dependencies...

==> Missing dependencies:

-> python-grpcio-tools

==> Checking buildtime dependencies...

==> ERROR: Could not resolve all dependencies.

==> ERROR: An unknown error has occurred. Exiting...

It says that I'm missing python-grpcio-tools dependency. When I try to install it, it appears that it needs python2-grpcio:

[sudo] password for mozo: loading packages...

resolving dependencies...

warning: cannot resolve "python2-grpcio", a dependency of "python2-grpcio-tools"

:: The following package cannot be upgraded due to unresolvable dependencies: python2-grpcio-tools

:: Do you want to skip the above package for this upgrade? [y/N]

error: failed to prepare transaction (could not satisfy dependencies)

:: python2-grpcio-tools: requires python2-grpcio

==> WARNING: Your packages are saved in /tmp/yaourt-tmp-mozo

You need https://aur.archlinux.org/packages/python-grpcio/, not python2-grpcio.

It cannot be built because python2-grpcio is missing from AUR :(

I've done a (crappy) PKGBUILD. Feel free to reuse it if you want.

PKGBUILD: https://framabin.org/?7f715bdf1ff7c0de#bNx5HFhmsIUOMKLh18QkaEHF+FntjFNkQ27fopXJINg=

opensnitch.install: https://framabin.org/?1f32ef34ef64e4c4#MFOMj90JXQRT+M1J1CZCD4xDwFOTpgq9xNER3eMOEE0=

The installation process changed there was a huge update. I tried to do it manually but I can't get the python part to run.

I've the same error as you @evilmonkey314

I'm getting this error:

python: can't open file 'setup.py': [Errno 2] No such file or directory ==> ERROR: A failure occurred in build(). Aborting... ==> ERROR: Makepkg was unable to build opensnitch-git.

Anybody else having this issue?