-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Kai-Chun Ning <[email protected]>
- Loading branch information
Showing
2 changed files
with
178 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,167 @@ | ||
# Copyright 1999-2023 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=7 | ||
|
||
PYTHON_COMPAT=( python3_{10..11} ) | ||
inherit distutils-r1 linux-info systemd xdg-utils | ||
|
||
DESCRIPTION="Desktop application firewall" | ||
HOMEPAGE="https://github.com/evilsocket/opensnitch" | ||
|
||
EGO_PN="github.com/evilsocket/opensnitch" | ||
# modified from opensnitch/daemon/go.mod | ||
# NOTE: build fails with github.com/josharian/native after commit 5c7d0dd6ab | ||
EGO_VENDOR=( | ||
"github.com/fsnotify/fsnotify v1.4.7" | ||
"github.com/golang/protobuf v1.5.0" | ||
"github.com/google/gopacket v1.1.14" | ||
"github.com/google/nftables v0.1.0" | ||
"github.com/iovisor/gobpf 16120a1bf4" | ||
"github.com/vishvananda/netlink e1a867c6b452" | ||
"golang.org/x/net 491a49abca63 github.com/golang/net" | ||
"golang.org/x/sys v0.2.0 github.com/golang/sys" | ||
"google.golang.org/grpc v1.32.0 github.com/grpc/grpc-go" | ||
"google.golang.org/protobuf v1.26.0 github.com/protocolbuffers/protobuf-go" | ||
|
||
"golang.org/x/sync v0.1.0 github.com/golang/sync" | ||
"golang.org/x/text v0.7.0 github.com/golang/text" | ||
"google.golang.org/genproto 0dfe4f8abfcc github.com/googleapis/go-genproto" | ||
"github.com/mdlayher/netlink v1.7.1" | ||
"github.com/mdlayher/socket 41a913f399" | ||
"github.com/josharian/native v1.1.0" | ||
"github.com/vishvananda/netns 7a452d2d15" | ||
) | ||
|
||
inherit golang-vcs-snapshot | ||
|
||
SRC_URI=" | ||
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz | ||
${EGO_VENDOR_URI} | ||
amd64? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_amd64.o ) | ||
x86? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_i386.o ) | ||
" | ||
#arm64? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_arm64.o ) | ||
|
||
LICENSE="GPL-3" | ||
SLOT="0" | ||
IUSE="systemd" | ||
# NOTE: x86 untested | ||
KEYWORDS="~amd64 ~x86" | ||
|
||
DEPEND=">=dev-lang/go-1.19 | ||
net-libs/libnetfilter_queue | ||
dev-go/go-protobuf | ||
dev-go/protoc-gen-go-grpc | ||
" | ||
RDEPEND=" | ||
dev-python/grpcio-tools[${PYTHON_USEDEP}] | ||
dev-python/notify2[${PYTHON_USEDEP}] | ||
dev-python/python-slugify[${PYTHON_USEDEP}] | ||
dev-python/pyinotify[${PYTHON_USEDEP}] | ||
dev-python/PyQt5[sql,${PYTHON_USEDEP}] | ||
" | ||
|
||
RESTRICT+=" test" | ||
# https://github.com/evilsocket/opensnitch/issues/712 | ||
QA_PREBUILT="etc/opensnitchd/opensnitch.o" | ||
|
||
# see https://github.com/evilsocket/opensnitch/issues/774 | ||
# and https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog | ||
CONFIG_CHECK=" | ||
FTRACE | ||
CGROUP_BPF | ||
BPF | ||
BPF_SYSCALL | ||
BPF_EVENTS | ||
KPROBES | ||
KPROBES_ON_FTRACE | ||
HAVE_KPROBES | ||
HAVE_KPROBES_ON_FTRACE | ||
KPROBE_EVENTS | ||
HAVE_SYSCALL_TRACEPOINTS | ||
FTRACE_SYSCALLS | ||
UPROBE_EVENTS | ||
NETFILTER_XT_MATCH_CONNTRACK | ||
NETFILTER_XT_TARGET_NFQUEUE | ||
" | ||
|
||
pkg_pretend() { | ||
linux-info_pkg_setup | ||
} | ||
|
||
src_prepare() { | ||
rm -rf src/${EGO_PN}/ui/tests || die | ||
|
||
pushd src/${EGO_PN}/ui > /dev/null || die | ||
pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc} | ||
popd > /dev/null || die | ||
|
||
if use systemd; then | ||
pushd ${WORKDIR}/${P}/src/${EGO_PN} > /dev/null || die | ||
eapply "${FILESDIR}/systemd.patch" | ||
popd > /dev/null || die | ||
fi | ||
|
||
eapply_user | ||
} | ||
|
||
src_compile() { | ||
emake -C src/${EGO_PN} protocol | ||
|
||
# TODO: upstream bug report | ||
# opensnitch does not build without -fcf-protection when using go >= 1.19, | ||
# error message: | ||
# cgo: cannot load DWARF output from $WORK/..//_cgo_.o: zlib: invalid header | ||
|
||
GOPATH="${S}:$(get_golibdir_gopath)" \ | ||
GOCACHE="${T}/go-cache" \ | ||
CGO_CPPFLAGS="${CPPFLAGS} -fcf-protection" \ | ||
CGO_CFLAGS="${CFLAGS} -fcf-protection" \ | ||
CGO_CXXFLAGS="${CXXFLAGS} -fcf-protection" \ | ||
go build -v \ | ||
-buildmode=pie \ | ||
-ldflags "-compressdwarf=false -linkmode external" \ | ||
-o opensnitchd \ | ||
"${EGO_PN}/daemon" || die | ||
|
||
pushd src/${EGO_PN}/ui > /dev/null || die | ||
distutils-r1_src_compile | ||
popd > /dev/null || die | ||
} | ||
|
||
src_install(){ | ||
dobin opensnitchd | ||
|
||
pushd src/${EGO_PN}/ui > /dev/null || die | ||
distutils-r1_src_install | ||
popd > /dev/null || die | ||
|
||
pushd src/${EGO_PN}/daemon > /dev/null || die | ||
insinto /etc/opensnitchd/rules | ||
insinto /etc/opensnitchd/ | ||
doins default-config.json | ||
doins system-fw.json | ||
|
||
#elif use arm64; then | ||
# newins "${DISTDIR}"/opensnitch_arm64.o opensnitch.o | ||
if use amd64; then | ||
newins "${DISTDIR}"/opensnitch_amd64.o opensnitch.o | ||
elif use x86; then | ||
newins "${DISTDIR}"/opensnitch_i386.o opensnitch.o | ||
fi | ||
|
||
popd > /dev/null || die | ||
|
||
if use systemd; then | ||
pushd src/${EGO_PN}/daemon > /dev/null || die | ||
systemd_dounit opensnitchd.service | ||
popd > /dev/null || die | ||
else | ||
newinitd "${FILESDIR}"/opensnitch.initd ${PN} | ||
fi | ||
} | ||
|
||
pkg_postinst() { | ||
xdg_icon_cache_update | ||
} |