app-admin/opensnitch : version bump

author: V3n3RiX <venerix@koprulu.sector> 2023-10-21 13:27:11 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2023-10-21 13:27:11 +0100
commit: 6d418bd062b0a5ebe5b5139c71d7a94a7aa22077 (patch)
tree: 9bd62931b8624f29451667bfea1fa9663af7ffe4 /app-admin
parent: 29593225a7ace4b92617cf93e6e22ae43be4bb06 (diff)
6 files changed, 270 insertions, 145 deletions
diff --git a/app-admin/opensnitch-ebpf-module/Manifest b/app-admin/opensnitch-ebpf-module/Manifest
new file mode 100644
index 00000000..2bd412f2
--- /dev/null
+++ b/app-admin/opensnitch-ebpf-module/Manifest
@@ -0,0 +1 @@
+DIST opensnitch-1.6.2.tar.gz 1341337 BLAKE2B c71c89f758d9fdc0a7968c28c8b79791ddf0446392e243acf4db95302d1d109a68372b29bd5b068c41d0bd5ae426a68807d7045a448128fc8badc8ecb906952b SHA512 79e32520e9e370718f0096af8766867154e0e556c164f193816ba965e4d267146941e9849842f42cd2c9bcd00838df460c17570e5c34cf3c2a812491638b71ba
diff --git a/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.6.2.ebuild b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.6.2.ebuild
new file mode 100644
index 00000000..0a11cc3e
--- /dev/null
+++ b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.6.2.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info
+
+DESCRIPTION="eBPF process monitor module for opensnitch"
+HOMEPAGE="https://github.com/evilsocket/opensnitch"
+# NOTE: app-admin/opensnitch and this ebuild share the same source
+SRC_URI="
+	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.tar.gz
+"
+S="${WORKDIR}/opensnitch-${PV}"
+EBPF_DIR=ebpf_prog
+
+KEYWORDS="~amd64"
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="dist-kernel"
+
+MINKV=5.5 # only compatible with kernels >= 5.5
+
+RDEPEND="
+	dist-kernel? ( virtual/dist-kernel:= )
+	~app-admin/opensnitch-$PV
+"
+
+DEPEND="
+	virtual/linux-sources
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+BDEPEND="
+	sys-devel/bc
+	sys-devel/clang
+	sys-devel/llvm
+"
+
+RESTRICT="strip test"
+QA_PREBUILT="*"
+
+pkg_setup() {
+	# see https://github.com/evilsocket/opensnitch/discussions/978
+	local CONFIG_CHECK="
+		CGROUP_BPF
+		BPF_EVENTS
+		FTRACE_SYSCALLS
+		KPROBES_ON_FTRACE
+		KPROBE_EVENTS
+		UPROBE_EVENTS
+	"
+
+	linux-info_pkg_setup
+	kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required"
+}
+
+src_compile() {
+	MODULES_MAKEARGS+=(
+		ARCH="x86"
+		EXTRA_FLAGS="-fno-stack-protector -fcf-protection"
+		KERNEL_DIR="${KV_DIR}"
+		KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr
+	)
+	emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die
+	llvm-strip -g "$EBPF_DIR"/opensnitch*.o
+}
+
+src_install(){
+	insinto /usr/lib/opensnitchd/ebpf/
+	doins "$EBPF_DIR"/opensnitch.o
+	doins "$EBPF_DIR"/opensnitch-dns.o
+	doins "$EBPF_DIR"/opensnitch-procs.o
+}
diff --git a/app-admin/opensnitch/Manifest b/app-admin/opensnitch/Manifest
index 6be7b9b6..681c5da5 100644
--- a/app-admin/opensnitch/Manifest
+++ b/app-admin/opensnitch/Manifest
@@ -1,22 +1,20 @@
-DIST github.com-evilsocket-ftrace-v1.2.0.tar.gz 16895 BLAKE2B e17f90820eb6c2a5691477a1616753407f27ba509262ea57fffcf269f3e5e9ab8e87d86830796ef9cffeed78d36b4868a23746054cf26d82e0146a2462e8249d SHA512 e7787485a97ca0c1dc31dde2973d795439015d412a0588c813f601dc7eaf80912016675a2674748c4c3f49b50ec11a59274eeccf0fe4052e7249159d29a58909
-DIST github.com-fsnotify-fsnotify-v1.5.1.tar.gz 32691 BLAKE2B 9140e0a6e675b0beb2561805dbe251ad05151ce15b5fb6e1cec3974c71575f636788bac78ed0eb66775e03a165079f84154ea99b26636ea09518254df993f84a SHA512 8139cc581044f45905a3658955075d19dc02631d6b997ef0e264c46704303e01f7ac09f7fb48dd11b89cbf7d61f371c03f291e3b03db7b305c61bb15d1b4c503
-DIST github.com-golang-net-27dd8689420f.tar.gz 1230097 BLAKE2B f332557ddc39f607336374ae57dce7b60bdb441d97c2c8ff557cffcfccf5423fbd1db7d9387c22a3e919d737e831e77bb6fe6c86c56e0680098b3ed04cdd9478 SHA512 7ee1c0bca7d87b44697a96f02474d850517d4044b50260fe08cfa2eb6435a0e51aae51d93370ff31f21437355b4af1f27563f6b990083517108e2c7e7dff36cd
-DIST github.com-golang-protobuf-v1.5.2.tar.gz 171702 BLAKE2B 4b1b0936aed1919f3ec967648d15a0c533b57d9d19d3c80c8d4149345bf6bda096d6b5cfd5c49ef5e76eb7358e694fc159d16faedb096faf81e82e425377892d SHA512 5707936f2ea9493d2f3897a3ec04139afcc00b3dbfaa2142b56a492d356bc17e26237c74788b047592a0fa89c0078b7970dbf481f7c33a7a63c5f50557779590
-DIST github.com-golang-sync-036812b2e83c.tar.gz 18757 BLAKE2B bcacc4b7967712290c678018d206c24b71bf3057c862454bccdd497c792a7d9000ecbac329a19ad364387e18a5f1f368d5e177a78670eb631808c2d336c83af6 SHA512 5e9a75eabc254b496b39bfb33181999a2060188db17c6bcc31b3d0a31d32122eb078cac8a3359675f03078a456839541e43d169103b183484372bb74857160dd
-DIST github.com-golang-sys-4e6760a101f9.tar.gz 1260696 BLAKE2B 68144701163d4721523ac02125058cc5bc09e20571d37475b8a15c36cfc1dd54ff40d7ed0ceabb30ed4969c857b3fab8fd4141b17d8ce17a1052c5fe6f81897c SHA512 24df91664f83c548901f412820f8b3165617c1540e17759ac6f1361082debc4dcc320ad3cb2c595c2fe528c424849643ed87a212127dba7503a405983a91fcbe
-DIST github.com-golang-text-v0.3.7.tar.gz 8354718 BLAKE2B 77eb1d08ff420e0d1fff4e92641bd463a0a6e84625bc26f83a9edc467144448b513116f8b72954a30533eafe3454fb739dcdede169229a01df81c8b152c2ba57 SHA512 52899d4326ba4c9bb9a051ba52810d12e531a57bb85d48fa03dd9a9cbbf69a191eb35fbf8dfec8ec8ded706f5a67cd9cf39bc4f491676004e335a37878adb6f2
-DIST github.com-google-gopacket-v1.1.19.tar.gz 950745 BLAKE2B fae65da5b9611aace62d4b2565a197b9512223c05f4cfd95178b7cb307fe6bb522a31b9d4d9fbd8cfe86056ef1f90dbefccb183963a1040a6b56ea5a07eb019e SHA512 c9ca009770f84d29c30b5a6ae210f4b09051f4bbcb81c1118d3f8ab577b16fb617c89fb461ad4117ec7fe3b8bdc7efe778a2f56526276f984573d8293ae0ef62
-DIST github.com-google-nftables-950e408d48c671ccd9f4997a4b6eb95db21365d6.tar.gz 52437 BLAKE2B 6ea9115fc39c8833715c78792dc79dc682b83bcd85def563729f171988e66d491e2463247035a2102e45d0bce06a2376a3b77fe395e5a3e67241bb59cfdccc21 SHA512 7ad830a1761c42995643c0a66b635332fe9bb1c4eb3c47ec3e69cd39e4f63f1bc88187e9c262edc8d30ab39af281a5fa8de05f250c5f4c9b87c1278ccedf8cb3
-DIST github.com-googleapis-go-genproto-325a89244dc8.tar.gz 12862283 BLAKE2B 6ac945d3b3ee959bab4b8bf59c11976cc7a0fa11e8f5ef6fbbf2ed04c05cf3f2b3e572893c148bb57bbce4e134e3fd8f8e11403987b3293e55317348fb92468e SHA512 b9d91610c4b39447ac56d40a4e7ad57f1c29f6a228aea6931daa1dd680a171a13bfa1a4ebb66f2c423b0d5aedcd232a3d51d6f0c6c8790f977d249129a0879f8
+DIST github.com-fsnotify-fsnotify-v1.4.7.tar.gz 31139 BLAKE2B f2d0aaabfad525fb640beba78991a858ad23203a557a69fc15d2f017b2a693c64c244de435682b1cd9d59e89a97e4ba60c7f95fa99a6145a9dea73b0f334936e SHA512 840943043c49c837641f04b976f2ba610fc03bd31030ca6442744d51fa9241da1905730ea11466e249a5bd37437f1e2a433a012a64ce872a1562c941bd5bfcbf
+DIST github.com-golang-net-491a49abca63.tar.gz 1227713 BLAKE2B 68bb26d20dde540f881a7f0697343c35ab8abb2220ee59ac38f8bcf2ab63ff2b5d6e30ca2b8891e02afd463a978becd9f86f604bd35f54d04b26a87921472162 SHA512 343b69c5369fefc0e4deccb70affbced179d1687aeafb6d8173595bf281c4dcd1045e48a958ce4c779ff66a0b50257dce339e2cfa826f67a635a55cd5426edc4
+DIST github.com-golang-protobuf-v1.5.0.tar.gz 171512 BLAKE2B 49fa31ff98d923b0b1db8eb29008b3cbe634e2ab0b106deac1f0ffb69e7762a10e2cabf77e45e4f68a6dfc20f22631480c532b7b137e75ba607d64aa9c79e023 SHA512 1b2316f08bec4651dc196d487b1aebfdf875baa33a5256aad8ea21ee726cdf0835822a58920c5b1af501acbf0e5039e20d621a8247320727f4b1832eb2189110
+DIST github.com-golang-sync-v0.1.0.tar.gz 19356 BLAKE2B ad4f71ddcc1421accc6caf39b58234e9bd0137c32fd5bd834c02d27a51c7933ce97447c8e91860f8b1e478d5370d92d9e801b62ae5cd425baa52df3435e8baf7 SHA512 765dc0365332218b2c3e1a04d63c86a1ab12508a5e9b115dfb73b1d436c592d67d0540f39958546a868772614f255ac92601d5c0263b36884e5a0f9bc9054d40
+DIST github.com-golang-sys-v0.2.0.tar.gz 1410639 BLAKE2B db1c7c6a8a3ddf22459fe3301ae0e641cde5b357d7c537cd14ebd554d6b68c3f823e844d2b0869d20d25b5f030da5b67e03767fcd3f6e63f20f653d5797d612f SHA512 8d13f6fdc6c7f589a7a60caccfd3fa4d784ee3c2fe33ece21b51a8c72b3b27d4ae5df88afacaa231955599471cc780b406e0e0c85359e0e5314ee66990d5ce3e
+DIST github.com-golang-text-v0.7.0.tar.gz 8361947 BLAKE2B 210702fc9b6cef7a66abc167705cd753aef285eeb679fcd221493d6a64053f33c9042f8156973419a760ca46b9f8abb55740a11ffb38b1fa7cad18dc9e99e9a8 SHA512 f22006d42a0e18ed7f2dcb6566f8ded8cacbd8cea7a475eff7ce581af07266eabc0b7577b3a34c8ea5cb2299d8bcfe78e41b631e4df1a6cff0f4b953b85294f9
+DIST github.com-google-gopacket-v1.1.14.tar.gz 748336 BLAKE2B f1fe54954b229fafe9cf18e6337f4222cdeb6d71cba0c5c3d0b04eae63952a039cc283eff580db3e79db49b827d64ee54e8d5e64a24546037400faf92c97f086 SHA512 fda58ad503e2547b0e09e511a2ffe5b2e6fa7ba1df3cbf26ae6e08075420586f0f1f553914ee969fcfbdd0a344e240a0d11ae85266c926f138d3efe6afa250b2
+DIST github.com-google-nftables-v0.1.0.tar.gz 76163 BLAKE2B fefdc09c55ffb817f74d2143815d56cbd306e04280fd1cdb9e7f936bf1cbe431fbebc6b36dd08428a48f7fe3e08d9db3356c47404f657509da7895cf65132d2a SHA512 8706ab05a3dd83f7188bc3f03b6e107bfd2ae89b6b1335e60184a1b7cf7a537c96cfffeaf89b4948b8f0c7071af63425c16cf1f352b086ee058aa65f282b4308
+DIST github.com-google-uuid-v1.3.0.tar.gz 16210 BLAKE2B 623277ba46440e058a989281b80b8aa6125b692c5cfbd3abe492adaef1e0c78fed5c6116e6944be6d83dc9f650bcdbb76a711ceeada273e626d3a1faaa76ca08 SHA512 5e79d3ca99dc5b94ec97481d9f440a64060f180482adcbbf5debd4e71e585db28dc8561f27d2d16db71a389126539a1950e5aca5ffcd9d702eccbdc0a5094a83
+DIST github.com-googleapis-go-genproto-0dfe4f8abfcc.tar.gz 6431647 BLAKE2B f23604cd72adfd820dec0aaf16ca3895049554767643a402f7dd65f564b747cfb65723aefd9a5e47a6cceba6cf2eaa24f66b5abe1b568e3456cd1fb29c91bd3a SHA512 5f0496378a2e32e13b1325f8d3a8a0ce6de3e716e1faea3387423f40be9042287541d1479b8bbbd9f0322ca4ce27903ba9ec6077de57fd9683d616889232556d
 DIST github.com-grpc-grpc-go-v1.32.0.tar.gz 1053458 BLAKE2B 34fdd17ef7edecc84df8fbcfaee653192fd370e98929e33ba7bff7ef0e6fa04e3befb3153ab23d4bd98eeecb3c714e77aac2c56d448eb99b1d2e03bfc1a39798 SHA512 004f6ba02a53c67051cfe595ab5ce2692a6ef878d55a48165bd601cdbd5fa3a8e4944ba1ca7f5dc4aafac76f85c23714f8f2cfce8d14ea705ef4897c70cfce29
 DIST github.com-iovisor-gobpf-v0.2.0.tar.gz 115750 BLAKE2B 72d08e28d3453b0f2fd5acc3b16586fb4802b9faaad46e219f2465a48cadcb2ecc63c306f0e2a6d64e7c3308d2c55dc083bde6642678c8ce2acfefb63def7275 SHA512 00f28329b89a2fd7e76339b49e30b1bef31eab62854a77c77ccf29ac891f3c12b52f6feb3203d78b8ae2c5fe2f5529db5280686f752cd5b4577e5312dcc67ead
-DIST github.com-josharian-native-v1.0.0.tar.gz 1803 BLAKE2B 312ccaa66a0300f8008c43694afc487713424002aac44f181df67ebc850cf31a755cc3b7bd541ad7283d8f8cc05b09c751fac962f2166321dbd2a39c2a336739 SHA512 ec1c4a1abf5cf39221de87d50443b7e7f48ca5b9dbfa0662a43cf7e54c0912ebad4209ee909423104ac2b236b9f781ed08673cef6194d23239aa3f6ca3030bba
-DIST github.com-mdlayher-netlink-v1.6.0.tar.gz 58884 BLAKE2B 42461a6d1abf984cb1d38ba92e49d600fbab94bc3a961423bbc09da6f6a992a43daebd9112a27539869effae9165d685de87ebdce87f4242acefa8f348b03e31 SHA512 d74221db8de9d59a43622838bd58eb1af87ec36413a3147e9d724edf536cdc901cc27cf4bd7b0adf4d44eb0dfb2ae4fc4ab966437cbceac941b2834f95cded95
-DIST github.com-mdlayher-socket-v0.2.2.tar.gz 16879 BLAKE2B e764cd906400c24bf3b19befe654d7144e147116788fbceeb8d262de2f0c352c1da3ea6c797063c8aa93841be4f9cdb5f7f64c93db93aebf1061f5554a174ca2 SHA512 68312b06d20347960fee198857c23cb984d7a6a1bae48ca23c86e58e519cb3d4fe0a8b9b218b829a8dc40d7167af5f9a040d8e6c9f96cdd7f9d15c8499387d73
+DIST github.com-josharian-native-v1.1.0.tar.gz 2061 BLAKE2B 8660695fa46e037e3a105973f3361c9b9d9fb157376508ec41786f17a09eee0280184aadb4ada7283d449fdc53663e0df74d42b109a82587c80308ca6dc238ca SHA512 7ba7457276c89a11637c2718bf2c0040e9da20149e0a0de89c8fe882cfca468b89f9816203a4979d7169b64f637358463d248b33db11af91cc931aeeb945b5a0
+DIST github.com-mdlayher-netlink-v1.7.1.tar.gz 50495 BLAKE2B 09898c82a8026f646439ded340095ee3147cc48c2e55d66f528b3fe88622d9ea9b4c19364a5f28539e2234b0583fc29cd1c9a08bfea944400974b79d689ba8c8 SHA512 75b21719f5fc8f276e6f396d50974739297682b781342f37f3dc2926c38f5b7988ccbc8bcef1a13fb3e3c90d0357118418754811bb43395b98764d6a6aeea142
+DIST github.com-mdlayher-socket-41a913f399.tar.gz 20712 BLAKE2B 7a5eacf3f607450c280320db80e4e3ac83cd0468d81f90e7091fc2b0b1a93ebb388af4753d28f2c7b79183b3fc910283a07f9e42a700154ebf653b9eb2d91b5c SHA512 ab3dd9f3fec2510043bc4c6094e01f6a527ea98815ba723c9545bf6e3c1fbf5aa8036ee6835d4c87f09fce76e8709a888ffdbaf95f927ae78358bb469290676d
 DIST github.com-protocolbuffers-protobuf-go-v1.27.1.tar.gz 1278521 BLAKE2B 1591dbfc5aae2360d69ca3e5e9247c4287114699f732d85011fb1c6b5daa3532d2218ce4ddf0390ffb23a3fd097ffa1b6bc418ba968dab98112a4522cc5fe93b SHA512 a0236bc88b963df0acc2a2c7c247334614b2d555f341e103fd06759665802069a320ced4ab51be658283cc816ec9f2d53ed98728895c5b8ce18954a17663264b
-DIST github.com-vishvananda-netlink-v1.1.0.tar.gz 147026 BLAKE2B 146936d2a959f1a9509e94a50dfd36a1bee9599d158d41a29ac65d305520f85def91df78b6c7b5475915e7aef11b150de6aefd7e2fd8856550624281555ef8b0 SHA512 55f184870a9ce85314d278722f49e0c2f51939841f37aee8f50bb150afa545fd18a9a43556d428fb8e960eb063a14c50c920de20f2a375bd780432cb26155918
-DIST github.com-vishvananda-netns-50045581ed74.tar.gz 8714 BLAKE2B f52368ec96295eb22491fc361ea5571e49a7e7a2eac1638863e680070968612d5abbbef9c7f7bcb6c18aca13972289bc352b93913c299f4f6f6d64a2ab1e917e SHA512 8a7943b0c6ebb606a8af534c78a87a47be6204f490b569296e375c841d321f470f1c006b95d09e843ac50763c0496fd0a60f73a4a8eb5c55bc68f1f36fd1296a
-DIST opensnitch-1.5.2.tar.gz 995296 BLAKE2B aab54c00de55c42aebbae23fd0cb7befdc87c633153c9ae4a4b6535587e2ccd3436343cdd121e76118d3c17ec23778fb80e5d973dcd8b296b2f1986cc2dc1e6f SHA512 77ad266dd3531f576e2b10aff5bcfa724c4e7b90d8b9deb01d7bdf24c728f32c9a7d16eaa91954177a3717fbebc8b1524cf975ae899c2d703ccaba4ac4b86c19
-DIST opensnitch_amd64.o 10728 BLAKE2B 398f97a9136c8909955dc0ee2f258d2940b915fbd9142e97540813c977bb67cceb2cfc80df248512bc974960d0936c18c55496c1fd17e3176681560a52518047 SHA512 167b1913c0da8597079bee71063a084724b8326b3587ca91b7b72116ae8e998dae8871976fcb7b98135868ffe274d5d332dbacd53a0e47fb5510122b875674af
-DIST opensnitch_arm64.o 10384 BLAKE2B 6439a1d29af9e44794aeb5a6a07ed0556f3cfd5afb6e1bdf8002b058acaae0909b362697bf32f60553ce42853e573d24f272712e215c08af2b677d513cbfff37 SHA512 298ee7aea9b70c206b5d12ada016b21a05fb0ee65001e24bf3bf949dcb9308fde83fff8e281df761354ebdcfc3ff9672ec0000a19e1f285b61228cb4eeba0700
-DIST opensnitch_i386.o 10368 BLAKE2B 15b4abd5da8c2ab29f91b2fdefe6ee095dde09d1dcb3180339ba8ab567e29400e77598f1f969c7a4e9b23140564807c237d52b5601d84e2733b658fa9ccd1aaa SHA512 a8e493f4f62e706d0499fa92777ebd8339c925b1622a75595971ee53a3d73b653749a053c3c43bb4a0dc7b6baaed45442d458626c3731bcbc97af069e2b7b160
+DIST github.com-varlink-go-v0.4.0.tar.gz 28064 BLAKE2B ba9fa9b230878abde99b59841a67a04a26b5119a0e473273f83663f0a110206b36c39e8185da47689b6a2e61bf0c5232dd7954b152a8bc42882702dddfc92409 SHA512 a659f364e1d89a09c337902b46c25146495e83bf46cb877a125ed758c7b1c71206e5bc3067843f1f19929df8cdba3ba327f92d53ce24970dfa7017f7ff4207a6
+DIST github.com-vishvananda-netlink-e1a867c6b452.tar.gz 176331 BLAKE2B fa2eca75c1e66a035cfcbf6040382bc492960b5338762af93119646691303aff7a15481166a1040f0a0ad49a6048fd280ee3de4ee311065f10e5e4498e95044c SHA512 2db2037017f5db53dd820f234373516d319d20621c43445fb6aff4208bfb38912bbc64700ae6d9feff3048a3e959273fff00f02458a7973c49b177deecf0bf6f
+DIST github.com-vishvananda-netns-7a452d2d15.tar.gz 9748 BLAKE2B 2476dd583f84ee622f4ad00b495e5602348aeb8c7aef86ea6d88ef88d9483d836b1be49cf4e607fdbc50599c8b4dab13782f734900bc94a97f9db1bdc9ccd8a0 SHA512 b81c24996fbd6c1787d4cf629e7d8a04257d50ed9956a6fd8848c22c155bfc322370a3bed0b8d7681c52a72b9a9d7e86161620e090a7685a61b24fa0597f1e64
+DIST opensnitch-1.6.2.tar.gz 1341337 BLAKE2B c71c89f758d9fdc0a7968c28c8b79791ddf0446392e243acf4db95302d1d109a68372b29bd5b068c41d0bd5ae426a68807d7045a448128fc8badc8ecb906952b SHA512 79e32520e9e370718f0096af8766867154e0e556c164f193816ba965e4d267146941e9849842f42cd2c9bcd00838df460c17570e5c34cf3c2a812491638b71ba
diff --git a/app-admin/opensnitch/files/systemd.patch b/app-admin/opensnitch/files/opensnitch-1.6.2-systemd.patch
index aa7a1324..0006a4ab 100644
--- a/app-admin/opensnitch/files/systemd.patch
+++ b/app-admin/opensnitch/files/opensnitch-1.6.2-systemd.patch
@@ -1,13 +1,15 @@
 diff --git a/daemon/opensnitchd.service b/daemon/opensnitchd.service
-index 014e79e..8a81d0e 100644
+index 3f05fad..bf29739 100644
 --- a/daemon/opensnitchd.service
 +++ b/daemon/opensnitchd.service
-@@ -8,7 +8,7 @@ After=network.target
+@@ -4,9 +4,7 @@ Documentation=https://github.com/evilsocket/opensnitch/wiki
+ 
+ [Service]
  Type=simple
- PermissionsStartOnly=true
- ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
+-PermissionsStartOnly=true
+-ExecStartPre=/bin/mkdir -p /etc/opensnitchd/rules
 -ExecStart=/usr/local/bin/opensnitchd -rules-path /etc/opensnitchd/rules
 +ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock -cpu-profile /tmp/cpu.profile -mem-profile /tmp/mem.profile
  Restart=always
  RestartSec=30
- 
+ TimeoutStopSec=10
diff --git a/app-admin/opensnitch/opensnitch-1.5.2-r1.ebuild b/app-admin/opensnitch/opensnitch-1.5.2-r1.ebuild
deleted file mode 100644
index 48f7c9ad..00000000
--- a/app-admin/opensnitch/opensnitch-1.5.2-r1.ebuild
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{10..11} )
-inherit distutils-r1 linux-info systemd
-
-EGO_PN="github.com/evilsocket/opensnitch"
-EGO_VENDOR=(
-	"github.com/evilsocket/ftrace v1.2.0"
-	"github.com/fsnotify/fsnotify v1.5.1"
-	"github.com/golang/protobuf v1.5.2"
-	"github.com/google/gopacket v1.1.19"
-	"github.com/google/nftables 950e408d48c671ccd9f4997a4b6eb95db21365d6"
-	"github.com/iovisor/gobpf v0.2.0"
-	"github.com/vishvananda/netlink v1.1.0"
-	"github.com/vishvananda/netns 50045581ed74"
-	"golang.org/x/net 27dd8689420f github.com/golang/net"
-	"golang.org/x/sync 036812b2e83c github.com/golang/sync"
-	"golang.org/x/sys 4e6760a101f9 github.com/golang/sys"
-	"golang.org/x/text v0.3.7 github.com/golang/text"
-	"google.golang.org/grpc v1.32.0 github.com/grpc/grpc-go"
-
-	"google.golang.org/protobuf v1.27.1 github.com/protocolbuffers/protobuf-go"
-	"google.golang.org/genproto 325a89244dc8 github.com/googleapis/go-genproto"
-	"github.com/mdlayher/netlink v1.6.0"
-	"github.com/josharian/native v1.0.0"
-	"github.com/mdlayher/socket v0.2.2"
-)
-
-inherit golang-vcs-snapshot
-
-DESCRIPTION="Desktop application firewall"
-HOMEPAGE="https://github.com/evilsocket/opensnitch"
-
-SRC_URI="https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
-	${EGO_VENDOR_URI}
-	amd64? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_amd64.o )
-	x86? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_i386.o )
-	arm64? ( https://dev.pentoo.ch/~blshkv/distfiles/opensnitch_arm64.o )
-	"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-IUSE="systemd"
-KEYWORDS="~amd64"
-
-DEPEND=">=dev-lang/go-1.13
-	net-libs/libnetfilter_queue
-	dev-go/go-protobuf
-	dev-go/protoc-gen-go-grpc
-	"
-RDEPEND="
-	dev-python/grpcio-tools[${PYTHON_USEDEP}]
-	dev-python/python-slugify[${PYTHON_USEDEP}]
-	dev-python/pyinotify[${PYTHON_USEDEP}]
-	dev-python/PyQt5[sql,${PYTHON_USEDEP}]
-"
-
-RESTRICT="test"
-#https://github.com/evilsocket/opensnitch/issues/712
-QA_PREBUILT="etc/opensnitchd/opensnitch.o"
-
-#KPROBES* required by ebpf
-CONFIG_CHECK="NETFILTER_XT_MATCH_CONNTRACK CGROUP_BPF BPF BPF_SYSCALL BPF_EVENTS KPROBES KPROBE_EVENTS"
-
-pkg_pretend() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	rm -r src/${EGO_PN}/ui/tests
-	emake -C src/${EGO_PN} protocol
-	cd src/${EGO_PN}/ui
-	pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc
-	sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2*
-	use systemd && cd "${WORKDIR}/${P}/src/${EGO_PN}" && eapply "${FILESDIR}/systemd.patch"
-	eapply_user
-}
-
-src_compile() {
-	GOPATH="${S}:$(get_golibdir_gopath)" \
-		GOCACHE="${T}/go-cache" \
-		go build -v -work -x -ldflags="-s -w" "${EGO_PN}/daemon" || die
-
-	pushd src/${EGO_PN}/ui >/dev/null || die
-	distutils-r1_src_compile
-	popd >/dev/null || die
-}
-
-src_install(){
-	newbin daemon opensnitchd
-
-	pushd src/${EGO_PN}/ui >/dev/null || die
-	distutils-r1_src_install
-	popd >/dev/null || die
-
-	pushd src/${EGO_PN}/daemon >/dev/null || die
-	insinto /etc/opensnitchd/rules
-	insinto /etc/opensnitchd/
-	doins default-config.json
-	doins system-fw.json
-
-	if use amd64; then
-		newins "${DISTDIR}"/opensnitch_amd64.o opensnitch.o
-	elif use arm64; then
-		newins "${DISTDIR}"/opensnitch_arm64.o opensnitch.o
-	elif use x86; then
-		newins "${DISTDIR}"/opensnitch_i386.o opensnitch.o
-	fi
-	popd >/dev/null || die
-
-	if use systemd; then
-		pushd src/${EGO_PN}/daemon >/dev/null || die
-		systemd_dounit opensnitchd.service
-		popd >/dev/null || die
-	else
-		newinitd "${FILESDIR}"/opensnitch.initd ${PN}
-	fi
-}
diff --git a/app-admin/opensnitch/opensnitch-1.6.2.ebuild b/app-admin/opensnitch/opensnitch-1.6.2.ebuild
new file mode 100644
index 00000000..f1036d9a
--- /dev/null
+++ b/app-admin/opensnitch/opensnitch-1.6.2.ebuild
@@ -0,0 +1,171 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit distutils-r1 linux-info systemd xdg-utils
+
+DESCRIPTION="Desktop application firewall"
+HOMEPAGE="https://github.com/evilsocket/opensnitch"
+
+EGO_PN="github.com/evilsocket/opensnitch"
+# modified from opensnitch/daemon/go.mod
+# NOTE: build fails with github.com/josharian/native after commit 5c7d0dd6ab
+EGO_VENDOR=(
+	"github.com/fsnotify/fsnotify v1.4.7"
+	"github.com/golang/protobuf v1.5.0"
+	"github.com/google/gopacket v1.1.14"
+	"github.com/google/nftables v0.1.0"
+	"github.com/google/uuid v1.3.0"
+	"github.com/iovisor/gobpf v0.2.0"
+	"github.com/varlink/go v0.4.0"
+	"github.com/vishvananda/netlink e1a867c6b452"
+	"golang.org/x/net 491a49abca63 github.com/golang/net"
+	"golang.org/x/sys v0.2.0 github.com/golang/sys"
+	"google.golang.org/grpc v1.32.0 github.com/grpc/grpc-go"
+	"google.golang.org/protobuf v1.27.1 github.com/protocolbuffers/protobuf-go"
+
+	"golang.org/x/sync v0.1.0 github.com/golang/sync"
+	"golang.org/x/text v0.7.0 github.com/golang/text"
+	"google.golang.org/genproto 0dfe4f8abfcc github.com/googleapis/go-genproto"
+	"github.com/mdlayher/netlink v1.7.1"
+	"github.com/mdlayher/socket 41a913f399"
+	"github.com/josharian/native v1.1.0"
+	"github.com/vishvananda/netns 7a452d2d15"
+)
+
+inherit golang-vcs-snapshot
+
+SRC_URI="
+	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
+	${EGO_VENDOR_URI}
+"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="+audit bpf +iptables +nftables systemd"
+REQUIRED_USE="|| ( iptables nftables )"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND=">=dev-lang/go-1.19
+	net-libs/libnetfilter_queue
+	dev-go/go-protobuf
+	dev-go/protoc-gen-go-grpc
+"
+RDEPEND="
+	dev-python/grpcio-tools[${PYTHON_USEDEP}]
+	dev-python/notify2[${PYTHON_USEDEP}]
+	dev-python/python-slugify[${PYTHON_USEDEP}]
+	dev-python/pyinotify[${PYTHON_USEDEP}]
+	dev-python/PyQt5[network,sql,${PYTHON_USEDEP}]
+	bpf? ( ~app-admin/opensnitch-ebpf-module-$PV )
+"
+
+RESTRICT+=" test"
+
+pkg_setup() {
+	# see https://github.com/evilsocket/opensnitch/discussions/978
+	local CONFIG_CHECK="
+		INET_TCP_DIAG
+		INET_UDP_DIAG
+		INET_RAW_DIAG
+		INET_DIAG_DESTROY
+		NETFILTER_NETLINK_ACCT
+		NETFILTER_NETLINK_QUEUE
+		NF_CONNTRACK
+		NF_CT_NETLINK
+		PROC_FS
+	"
+
+	# config needed for the audit monitoring method
+	use audit && CONFIG_CHECK+="
+		AUDIT
+	"
+
+	# config needed for using iptables as firewall
+	use iptables && CONFIG_CHECK+="
+		NETFILTER_XT_MATCH_CONNTRACK
+		NETFILTER_XT_TARGET_NFQUEUE
+	"
+
+	# config needed for using nftables as firewall
+	use nftables && CONFIG_CHECK+="
+		NFT_CT
+		NFT_QUEUE
+	"
+
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	rm -rf src/${EGO_PN}/ui/tests || die
+
+	if use systemd; then
+		pushd ${WORKDIR}/${P}/src/${EGO_PN} > /dev/null || die
+		eapply "${FILESDIR}/${P}-systemd.patch"
+		popd > /dev/null || die
+	fi
+
+	pushd src/${EGO_PN} > /dev/null || die
+	eapply_user
+	popd > /dev/null || die
+}
+
+src_compile() {
+	emake -C src/${EGO_PN} protocol
+
+	pushd src/${EGO_PN}/ui > /dev/null || die
+	pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc}
+	# workaround for namespace conflict
+	# see https://github.com/evilsocket/opensnitch/issues/496
+	# and https://github.com/evilsocket/opensnitch/pull/442
+	sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die
+	popd > /dev/null || die
+
+	# see https://github.com/evilsocket/opensnitch/issues/851
+	# opensnitch does not build without -fcf-protection when using go >= 1.19,
+	# error message:
+	# cgo: cannot load DWARF output from $WORK/..//_cgo_.o: zlib: invalid header
+	GOPATH="${S}:$(get_golibdir_gopath)" \
+	GOCACHE="${T}/go-cache" \
+	CGO_CPPFLAGS="${CPPFLAGS} -fcf-protection" \
+	CGO_CFLAGS="${CFLAGS} -fcf-protection" \
+	CGO_CXXFLAGS="${CXXFLAGS} -fcf-protection" \
+	go build -v \
+		-buildmode=pie \
+		-ldflags "-compressdwarf=false -linkmode external" \
+		-o opensnitchd \
+		"${EGO_PN}/daemon" || die
+
+	pushd src/${EGO_PN}/ui > /dev/null || die
+	distutils-r1_src_compile
+	popd > /dev/null || die
+}
+
+src_install(){
+	dobin opensnitchd
+
+	pushd src/${EGO_PN}/ui > /dev/null || die
+	distutils-r1_src_install
+	popd > /dev/null || die
+
+	pushd src/${EGO_PN}/daemon > /dev/null || die
+	insinto /etc/opensnitchd/rules
+	insinto /etc/opensnitchd/
+	doins default-config.json
+	doins system-fw.json
+	popd > /dev/null || die
+
+	if use systemd; then
+		pushd src/${EGO_PN}/daemon > /dev/null || die
+		systemd_dounit opensnitchd.service
+		popd > /dev/null || die
+	else
+		newinitd "${FILESDIR}"/opensnitch.initd ${PN}
+	fi
+}
+
+pkg_postinst() {
+	xdg_icon_cache_update
+}
author	V3n3RiX <venerix@koprulu.sector>	2023-10-21 13:27:11 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2023-10-21 13:27:11 +0100
commit	6d418bd062b0a5ebe5b5139c71d7a94a7aa22077 (patch)
tree	9bd62931b8624f29451667bfea1fa9663af7ffe4 /app-admin
parent	29593225a7ace4b92617cf93e6e22ae43be4bb06 (diff)